OFFICE OF INSPECTOR GENERALQuick Links
Filters
Status
Agency
Year
Recommendation Dashboard
The Office of Inspector General (OIG) makes recommendations to the U.S. Department of Labor (DOL) to promote effectiveness, efficiency, economy, and integrity of all DOL programs and operations, including those performed by its contractors and grantees. Recommendations are considered resolved when agency management and the OIG agree on the required corrective actions. After the agreed-upon corrective actions have been completed, the recommendations are considered closed. This Recommendation Dashboard provides the status of OIG recommendations going back to FY 2011.
Keys for Recommendations
- Open - Closed Updated as of November 22, 2022
- Open - Closed Updated as of November 22, 2022
Recommendations by Agency
Filters ☰
Status
Agency
FY Year
Reset
Number ofRecommendations
Monetary Value of Recommendations
Expand / Collapse All Reports 
COVID-19: OSHA’S Enforcement Activities Did Not Sufficiently Protect Workers from Pandemic Health Hazards
Audit Report to OSHA, 19-23-001-10-105 issued on 10/31/2022
5 recommendations, of which 0 are closed
5 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: provide additional training to CSHOs to enforce the recording and reporting standard for fatalities. | ||
| 002 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: update guidance or policy to include supervisory review of inspection files to ensure they contain adequate support for the reasons regarding citation issuance decisions before closing inspections. | ||
| 003 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: develop a plan for a future pandemic or epidemic to collaborate with external agencies on worksite case data and to use this data to maximize rapid response and enforcement actions in worksites. | ||
| 004 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: as part of OSHA’s rulemaking on infectious diseases, require employers to notify all employees of all known positive cases at the worksite | ||
| 005 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health: develop and implement a tracking tool to ensure OSHA receives and reviews all items CSHOs request during inspections to ensure alleged hazards have been mitigated. |
COVID-19: ETA and States Did Not Protect Pandemic-Related UI Funds from Improper Payments Including Fraud or From Payment Delays
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Use data collected from monitoring and BAM reports to identify the areas of highest improper payments including fraud and create a plan to prevent similar issues in future temporary UI benefit programs. | ||
| 002 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training:Require states to have written policies and procedures, which apply lessons learned during the COVID-19 pandemic, to continue eligibility testing and BPC procedures during emergencies or other times of increased claims volume. These policies and procedures should include strategies to pay claimants timely. | ||
| 003 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Work with NASWA to update the IDH Participant Agreement to require state to submit the results of their UI fraud investigations. | ||
| 004 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Work with NASWA to ensure the IDH cross matches are effective at preventing the types of fraud that were detected during the pandemic and regularly update using the results of state fraud investigations. | ||
| 005 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training: Work with the OIG and states to recover the greatest practicable amount of the $7,092,604 paid to claimants connected to likely fraudulent claims. |
FY 2022 DOL Made Progress In Implementing Geospatial Data Act Requirements, But More Needs To Be Done
Audit Report to OSEC, 23-22-003-01-001 issued on 09/30/2022
3 recommendations, of which 0 are closed
3 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSEC | $0 | We recommend the Chief Data Officer document how DOL is collecting and managing all agency-specific geospatial data. | ||
| 002 | OSEC | $0 | We recommend the Chief Data Officer update policy and procedures to cover other types of geospatial data in completing their 13 responsibilities. | ||
| 003 | OSEC | $0 | We recommend the Chief Data Officer develop a plan to properly fund the implementation and oversight of data quality standards throughout DOL and for its contracts. |
Alert Memorandum: The Office of Workers’ Compensation Programs’ Workers’ Compensation Medical Bill Process System Data Were of Undetermined Reliability
Audit Report to OWCP, 23-22-002-04-001 issued on 09/26/2022
1 recommendations, of which 0 are closed
1 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OWCP | $0 | We recommend the Director of Workers’ Compensation Programs implement internal controls that ensure the quality of OWCP’s medical bill processing data when it is collected, processed, and shared with OWCP’s other systems, program management and staff, and other stakeholders. |
Alert Memo: Potentially Fraudulent Unemployment Insurance Payments in High-Risk Areas Increased to $45.6 Billion
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Assistant Secretary of Employment and Training: Implement immediate measures to ensure SWAs are required to provide ongoing access to the OIG by amending its current guidance to require disclosures to the OIG for audits and investigations as necessary, mandatory, and without time limitation for the proper oversight of the UI program. | ||
| 002 | ETA | $29,581,490,253 | We recommend the Assistant Secretary of Employment and Training: Expedite OIG-related amendments to 20 C.F.R. § 603.6(a) to make ongoing disclosures of UI information to DOL OIG mandatory by expressly adding the U.S. Department of Labor, Office of Inspector General (including its agents and contractors) to the list of required disclosures that are necessary for the proper oversight of the UI program without distinction as to purpose (e.g., audits versus investigations). | ||
| 003 | ETA | $0 | We recommend the Assistant Secretary of Employment and Training: Expedite 603.5(i) to expressly make disclosures of UI information to federal officials for oversight, audits, and investigations of federal programs mandatory. |
The ETA Needs to Ensure SWAs Report Activities Related to CARES Act UI Programs
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Acting Assistant Secretary of Employment and Training: Continue to identify states that have not complied with ETA’s reporting requirements for CARES Act UI programs and work with them to ensure missing reports and information are submitted before commencement of the Department’s FY 2022 financial statement audit. | ||
| 002 | ETA | $0 | We recommend the Acting Assistant Secretary of Employment and Training: Verify the accuracy of reports that cite no activity and ensure corrections are made where warranted. |
The U.S. Department of Labor Did Not Meet Requirements for Compliance with Payment Integrity Information Act for FY 2021
Audit Report to OCFO, 22-22-007-13-001 issued on 07/01/2022
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OCFO | ETA | $0 | We recommend the Principal Assistant Secretary of ETA maintain the current focus on increasing technical assistance and funding to states to improve the improper payment reduction strategies in order to reduce the improper payments estimate rate below the 10 percent threshold, and demonstrate improvement on the rate. | |
| 002 | OCFO | ETA | $0 | We recommend the Principal Assistant Secretary of ETA revise the methodology used to calculate the improper payment information for the FPUC program. |
COVID-19: To Protect Mission Critical Workers, OSHA Could Leverage Inspection Collaboration Opportunities With External Federal Agencies
Audit Report to OSHA, 19-22-003-10-105 issued on 03/31/2022
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health develop an OSHA outreach plan to be activated during a large-scale safety and health crises such as the COVID-19 pandemic that (a) identifies external federal agencies with enforcement or oversight personnel who are active on worksites and (b) defines how OSHA will collaborate with those agencies. OSHA should consider incorporating into the plan: a process to identify and document highly visible, safety and health hazards for large-scale safety and health crises; a plan for how OSHA will conduct related outreach and training on those hazards and how to refer them to OSHA; and a tracking system for agency referrals and outcomes of those referrals, using that information to periodically inform the outreach plan on areas and types of guidance and training the agencies’ oversight and enforcement personnel need. | ||
| 002 | OSHA | $0 | We recommend the Assistant Secretary for Occupational Safety and Health explore mechanisms to enhance collaboration, such as MOUs or other written agreements using GAO’s seven key features for collaboration, and incorporate a process to utilize those mechanisms into the outreach plan. |
Longshore and Harbor Workers’ Compensation Act Special Fund Financial Statements and Independent Auditors’ Report
September 30, 2020 And 2019
Audit Report to OWCP, 22-22-005-04-432 issued on 03/31/2022
1 recommendations, of which 0 are closed
1 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OWCP | $0 | We recommend that the Director of Division of Federal Employees’, Longshore and Harbor Workers Compensation develop and implement monitoring controls to ensure Claim Examiners are promptly following up with beneficiaries when the LS-200 and/or LS-267 forms are not provided or are inaccurate. |
District of Columbia Workmen’s Compensation Act Special Fund Financial Statements and Independent Auditors’ Report
September 30, 2020 And 2019
Audit Report to OWCP, 22-22-006-04-432 issued on 03/31/2022
1 recommendations, of which 0 are closed
1 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OWCP | $0 | We recommend that the Director of Division of Federal Employees’, Longshore and Harbor Workers Compensation develop and implement monitoring controls to ensure Claim Examiners are promptly following up with beneficiaries when the LS 200/267 forms are not provided or are inaccurate. |
COVID-19: Delays in Providing Grant Relief Assistance Jeopardizes Goals Of A $366 Million Employment And Training Program
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training: Provide dedicated technical assistance to the states of Florida, New York, Nevada, and Louisiana to assist them in attaining planned goals. If no specific plan of action is provided or is not being met by grantees, ETA should recoup any DWG funding where the states cannot demonstrate their ability to achieve their planned goals by the end of the grant period. | ||
| 002 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training: Continue to closely monitor the remaining COVID-19 DWG awards to ensure attainment of performance goals and objectives and provide technical assistance as needed throughout the grant lifecycle. To the extent permitted by law, any of the remaining funds (determined as not needed) should be returned to the Department of Treasury or recouped as soon as practicable so that these funds would become available for other allowable purposes. |
FY 2021 FISMA DOL Information Security Report: Information Security Continuous Monitoring Controls Remain Deficient
Audit Report to OASAM, 23-22-001-07-725 issued on 01/28/2022
18 recommendations, of which 0 are closed
18 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OASAM | $0 | We recommend the CIO: Enforce DOL requirements for authorizing connections and effective implementation of Interconnection Service Agreements. | ||
| 002 | OASAM | $0 | We recommend the CIO: Implement changes in oversight that enforce DOL requirements for the performance of the monthly continuous monitoring checklist for CSPs in accordance with the DOL CSH. | ||
| 003 | OASAM | $0 | We recommend the CIO: Develop and implement a centralized process or mechanism for tracking monthly reviews of CSPs. | ||
| 004 | OASAM | $0 | We recommend the CIO: Enforce DOL requirements for implementing, auditing, testing and documenting exceptions to baseline configurations. | ||
| 005 | OASAM | $0 | We recommend the CIO: Ensure DOL maintains a complete and accurate inventory of its hardware and software assets. | ||
| 006 | OASAM | $0 | We recommend the CIO: Enhance the management oversight by OCIO to enforce DOL requirements for the performance of annual reviews of unsecure functions, ports, protocols, and services. | ||
| 007 | OASAM | $0 | We recommend the CIO: Execute the OCIO and AO oversight process to ensure compliance with DOL requirements for the performance of Security Impact Analysis (SIA)s prior to the implementation of system changes. | ||
| 008 | OASAM | $0 | We recommend the CIO: Implement a centralized process to monitor vulnerabilities for information systems to ensure that each vulnerability is remediated within the Computer Security Handbook (CSH) defined timeframe. | ||
| 009 | OASAM | $0 | We recommend the CIO: Implement a centralized process for OCIO to ensure a proper background investigation has been completed prior to activating any information system accounts associated with the individual. | ||
| 010 | OASAM | $0 | We recommend the CIO: Implement a control to retain rules of behavior acknowledgements, access authorizations, other required documentation for authorized system access, and periodic user access reviews. OCIO should monitor this control to ensure each FISMA-reportable system is compliant with the DOL CSH account management policies. | ||
| 011 | OASAM | $0 | We recommend the CIO: Strengthen the OCIO controls to monitor system owners to ensure they implement appropriate audit logging controls in accordance with the Computer Security Handbook (CSH). | ||
| 012 | OASAM | $0 | We recommend the CIO: Implement a process to enforce DOL’s requirement for, when a change in Authorizing Official (AO) occurs, that the system authorization is reviewed, and a new authorization decision document is signed. | ||
| 013 | OASAM | $0 | We recommend the CIO: Develop clear standards for the documentation of information security controls and enforce the adherence to these standards through OCIO monitoring processes for developing, reviewing and maintaining system security plans and documentation. | ||
| 014 | OASAM | $0 | We recommend the CIO: Enhance the OCIO oversight of the DOL ISCM strategy at the enterprise and system level and ensure DOL systems have an implemented system-level continuous monitoring strategy. | ||
| 015 | OASAM | $0 | We recommend the CIO: Implement changes in operations, management and oversight that enforces DOL requirements for the timely completion of security control assessments. | ||
| 016 | OASAM | $0 | We recommend the CIO: Implement changes in operations, management and oversight that enforces DOL requirements for the timely completion of contingency plan tests. | ||
| 017 | OASAM | $0 | We recommend the CIO: Enhance the OCIO monitoring of the completion of the required annual training by individuals with CP responsibilities. | ||
| 018 | OASAM | $0 | We recommend the CIO: Enhance the OCIO monitoring and oversight of system owners to complete BIAs. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2021
Audit Report to OCFO, 22-22-004-13-001 issued on 12/20/2021
9 recommendations, of which 0 are closed
9 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OCFO | $0 | We recommend the Director of OWCP reinforce existing policies and procedures requiring the completion of the review and approval of the Transaction Balancing sign-off sheet timely. | ||
| 002 | OCFO | $0 | We recommend the Director of OWCP provide additional training to the reviewers regarding responsibilities and expectations when reviewing changes to claimant information to ensure reviews are completed timely and consistently. | ||
| 003 | OCFO | $0 | We recommend the Chief Financial Officer update the policies and procedures to ensure that when adjustments are made to the financial statements any revised variances that exceed the acceptable threshold are properly investigated and documented, and the flux analysis is reviewed again. | ||
| 004 | OCFO | ETA | $0 | We recommend the Principal Deputy Assistant Secretary for ETA provide reinforcement to reviewers to ensure reviews are performed at the appropriate level of precision. | |
| 005 | OCFO | ETA | $0 | We recommend that the Principal Deputy Assistant Secretary for ETA implement monitoring controls to periodically verify that management controls for estimates are operating effectively. | |
| 006 | OCFO | VETS | $0 | We recommend the Assistant Secretary for VETS monitor indirect cost schedule expiration dates and work with grantees to establish new cost allocation plans prior to grant closeout. | |
| 007 | OCFO | $0 | We recommend the Chief Financial Officer continue their efforts to fully implement the revised ERM process and ensure that all necessary risk assessments are completed at both the individual agency level and at the agency-wide level. | ||
| 008 | OCFO | $0 | We recommend the Chief Information Officer enhance vulnerability scanning monitoring controls and procedures to track and remediate outstanding vulnerabilities in a timely manner. | ||
| 009 | OCFO | $0 | We recommend the Chief Information Officer formally document decisions in a memorandum when accepting the risks of not remediating findings and obtain the necessary approvals from management. |
Independent Auditors' Report on DOL's FY 2021 CFS
Audit Report to OCFO, 22-22-003-13-001 issued on 11/19/2021
5 recommendations, of which 0 are closed
5 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for Employment and Training develop policies and procedures to coordinate with State Workforce Agencies to obtain the necessary information needed to support related balances and assumptions, and to perform benchmarking and/or other analyses to validate new assumptions. | |
| 002 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for Employment and Training amend policies and procedures to provide specific steps to be performed during the reviews and the documentation requirements, which should include the specific items reviewed, analyses performed, and conclusions reached. | |
| 003 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for Employment and Training maintain documentation of the reviews performed to assess the reasonableness of the underlying data, assumptions, and formulas used in the models that is sufficiently detailed to evidence the specific items reviewed, analysis performed, and conclusions reached. | |
| 004 | OCFO | $0 | We recommend the Acting Chief Financial Officer develop policies and procedures to ensure that the accounting treatment for significant transactions are appropriately researched and documented prior to recording the transaction to the general ledger. | ||
| 005 | OCFO | $0 | We recommend the Acting Chief Financial Officer enhance management review controls over the amounts that are presented in the notes to the financial statements. |
COVID-19: Safety and Remote Learning Challenges Continue for Job Corps
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Implement continuous monitoring to ensure centers adhere to Job Corps COVID-19 safety protocols (e.g., use of social distancing markers, installation of barriers, and reconfiguration of furniture to accommodate social distancing). | ||
| 003 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Identify learning gaps that occurred during campus closures and procedures Job Corps needs to take to help students fill in those gaps. | ||
| 004 | ETA | $0 | We recommend the Acting Assistant Secretary for Employment and Training require Job Corps: Increase oversight of remote instructional programs to ensure students receive the training and resources to complete their programs in a timely way. |
ETA did not Sufficiently Plan and Execute the American Apprenticeship Initiative Grant Program
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $155,582,864 | We recommend the Assistant Secretary for Employment and Training Administration improve funding opportunity announcements for discretionary grant programs by: a. Evaluating program goals using the SMART concept or a similar approach, and including required metrics that directly measure the success of each program goal, are clear, and are easily verifiable; b. Having a scoring element covering completeness of applicant proposals for items requested in the announcement that reduces in points when the proposal is missing an element(s), significantly changes the wording of an element(s), or incorrectly addresses an element(s); and c. Identifying targeted occupations in the FOA language and/or scoring elements, or requiring submission of the career pathway to an H-1B occupation as support during apprenticeship program registrations or apprentice registrations. | ||
| 002 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training Administration develop standard operating procedures for discretionary grant programs, which include internal controls resulting in ETA: a. Identifying information needed from grantees for participant level data, quarterly reporting, or program evaluation, prior to submitting the information collection request to OMB; b. Having a complete system and supporting documentation (e.g., user guide, data dictionary, business rules) ready by day one of the grant program with appropriate system controls; c. Obtaining OMB approval numbers for any new information collections prior to collecting information from grantees, verifying the reporting system fields correlate to the approved OMB information collection request, and submitting violations timely to OMB; and d. Conducting compliance reviews prior to awarding grants; using the review results to change applicant scoring or include a condition of award in applicable grants; awarding each grant prior to or on the start of each grantee’s period of performance; and accurately reporting to the public on the grant program. | ||
| 005 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training Administration submit ETA’s violation of the Paperwork Reduction Act to OMB in the annual information collection budget for OMB control number 1205-0528. | ||
| 006 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training Administration develop a process to perform data analysis and other sufficient checks to verify completeness and accuracy of data in ETA systems and achievement of desired outcomes during grant programs. | ||
| 007 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training Administration establish internal controls to verify participant eligibility, verify submitted ETA Forms 671 (Program Registration and Apprenticeship Agreement) are the current OMB approved version and completed correctly, and encourage use of interim credentials when the form indicates a competency or hybrid model apprenticeship. |
COVID-19: The Pandemic Highlighted the Need to Strengthen Wage and Hour Division's Enforcement Controls
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | WHD | $0 | We recommend the Acting Administrator for the Wage and Hour Division implement a control to perform periodic reviews to determine if staff properly handled potential complaints in accordance with WHD's complaint requirements. | ||
| 002 | WHD | $0 | We recommend the Acting Administrator for the Wage and Hour Division develop a mechanism to enable the agency to determine how effective conciliations are at getting back wage payments to workers, and address any weaknesses identified in ensuring complainants received owed back wages prior to closing conciliations. | ||
| 003 | WHD | $0 | We recommend the Acting Administrator for the Wage and Hour Division update its policy for selecting a conclude reason in its database to require staff to use a reason that would allow WHD to determine the outcome of the conciliation. | ||
| 004 | WHD | $0 | We recommend the Acting Administrator for the Wage and Hour Division assess the effectiveness of remote investigations and incorporate best practices into its operating procedures. |
DOL’s IT Governance Lacked the Framework Necessary to Support the Overall Mission
Audit Report to OSEC, 23-21-002-01-001 issued on 09/30/2021
5 recommendations, of which 0 are closed
5 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSEC | $0 | We recommend the Deputy Secretary reorganize the CIO position to have a direct reporting relationship to the Deputy Secretary and independent of ASAM. | ||
| 002 | OSEC | $0 | We recommend the Deputy Secretary Ensure the CIO is a lead member with voting rights of DOL’s executive strategy and management boards and committees including but not limited to the MRB, ESS Governance Board, COVID-19 Coordination team, and ERMC. | ||
| 003 | OSEC | $0 | We recommend the Deputy Secretary reassess the incorporation of BLS and OCFO as part of IT Shared Services within 2021, and document the reasoning for the decision reached. | ||
| 004 | OSEC | $0 | We recommend the Deputy Secretary establish an MOU or other agreement between the OCIO and all departmental agencies to establish and state the roles and responsibilities of IT between each set of respective agencies. | ||
| 005 | OSEC | $0 | We recommend the Deputy Secretary codify the policies and procedures that define IT governance and key supporting IT elements. |
OSHA’s Diminished Enforcement Left More Workers At Risk For Exposure To Silica
Audit Report to OSHA, 02-21-003-10-105 issued on 09/29/2021
3 recommendations, of which 1 are closed
3 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health implement a policy for future emphasis programs, that minimizes the lapse in enforcement between canceled, revised or new programs. | ||
| 003 | OSHA | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health establish meaningful goals and processes to assess whether OSHA’s outreach events are achieving the desired results, in reaching a targeted number of workers at risk of exposure to silica. |
Unemployment Insurance Overpayments Related to Work Search Underscore the Need for More Consistent State Requirements
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Examine the effectiveness of Benefit Accuracy Measurement’s contact verification process to ensure it reflects the current methods claimants use to seek work. | ||
| 003 | ETA | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Provide guidance to states notifying them that formal and informal warnings are not permissible under Federal work search law. | ||
| 004 | ETA | $0 | We recommend the following to the Principal Deputy Assistant Secretary of Employment and Training: Include in the UI improper payment estimate: (1) overpayments related to work search formal and informal warnings; and (2) payments to claimants who provide no or insufficient documentation to support eligibility with respect to work search, consistent with the Middle Class Tax Relief and Job Creation Act and OMB guidance that defines improper payments. |
Alert Memorandum: The Employment and Training Administration Does Not Require the National Association of State Workforce Agencies to Report Suspected Unemployment Insurance Fraud Data to the Office of Inspector General or DOL’s Employment and Training Administration.
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training take immediate action to require NASWA to refer information to ETA and the OIG on suspected fraud, waste, abuse, mismanagement, or misconduct, per DLMS 8-106(D)(3). Such actions could include modification of ETA’s grant award or issuance of unemployment insurance program policy guidance to ensure ETA complies with the notice requirement and its grantees comply with the reporting requirements of the DLMS. | ||
| 002 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training continue to work with the OIG and, within 30 days of this memorandum, meet with the OIG to develop a permanent approach to OIG access to IDH data. |
Alert Memorandum: The Employment and Training Administration Needs to Issue Guidance to Ensure State Workforce Agencies Provide Requested Unemployment Insurance Data to the Office of Inspector General
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Amend 20 CFR 603.5 and 603.6(a) through the rulemaking process to reinforce that UI information must be provided to DOL OIG for all IG engagements authorized under the IG Act, including audits, evaluations, and investigations. | ||
| 002 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Issue a new UIPL within 15 days of this memorandum to instruct SWAs that disclosure of information to the OIG for audits, evaluations, and investigations is mandatory without need for a subpoena, and that the OIG will notify SWAs directly of current and future information disclosure requirements, to include data elements. | ||
| 003 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training: Ensure the new UIPL guidance advises SWAs that they may not require the OIG to enter into data sharing agreements as a prerequisite to disclosure of information to the OIG for audits, consistent with the IG Act and federal law. |
Covid-19: States Struggled To Implement Cares Act Unemployment Insurance Programs
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $0 | We recommend the following to the Principal Deputy Assistant Secretary for Employment and Training conduct a study to assess the technological needs of the UI programs to determine the capabilities that need to be upgraded or replaced; the features necessary to effectively respond to rapid changes in the volume of claims in times of emergency or high unemployment; the capabilities needed to ensure effective and equitable delivery of benefits; and the capabilities to minimize fraudulent activities. | ||
| 002 | ETA | $33,745,677,576 | Continue to work with states to develop, operate, and maintain a modular set of technological capabilities to modernize the delivery of UI benefits that is sufficient to manage and process sudden spikes in claims volume during emergencies or high unemployment. | ||
| 003 | ETA | $0 | Assist states with claims, overpayment, and fraud reporting to create clear and accurate information. Then use the overpayment and fraud reporting to prioritize and assist states with fraud detection and recovery. | ||
| 004 | ETA | $0 | Develop standards for providing clear and reasonable timeframes to implement temporary programs to establish expectations for prompt benefit payments to claimants. |
MSHA Can Improve How Violations Are Issued, Terminated, Modified, and Vacated
Audit Report to MSHA, 05-21-002-06-001 issued on 03/31/2021
10 recommendations, of which 0 are closed
10 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide refresher training to inspectors and supervisors on complying with MSHA guidance for each violation type. | ||
| 002 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide training on how to determine the subsequent inspection when multiple inspections overlap, enter violations into the system in the same chronological order identified, be specific when writing the “Area or Equipment” entry, and when it is appropriate to list “No area affected” for an order. | ||
| 003 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Update system controls to improve compliance of MSHA violations with the Mine Act and MSHA guidance in the following instances: a. Verify only authorized violation types used; b. Include all required phrases automatically in the “Condition or Practice” entry when the inspector selects 103(a) citations, 104(g)(1) orders, 104(e)(1)/104(e)(2) orders, or 107(a) orders; c. Ensure 104(d) orders and 104(g)(1) orders cite eligible CFR sections; d. Verify the correlations between the CFR or Mine Act sections of 104(b) orders and the original violation; e. Verify 104(d)(1) orders, 104(d)(2) orders, 104(e)(1) orders, and 104(e)(2) orders reference the correct “initial action” by including additional crucial attributes in the system controls, such as issue date, event number, and event start date; f. Verify orders have the “Area or Equipment” entry populated when initially issuing the violation; g. Apply system controls to modifications done directly in MCAS, such as modifications due to court decisions or settlements; h. Identify modifications needed to other violations when vacating or modifying a violation; i. Verify the reasonableness of the due dates and provide warnings to inspectors when due dates appear longer than necessary; and j. Provide a warning message to inspectors when trying to issue a safeguard at a mine that would lead to multiple safeguards citing the same regulation issued for a single mine. | ||
| 004 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Update the Citation and Order Writing Handbook to clarify situations when multiple safeguards can be issued for a single mine and to correct any examples that do not comply with the instructions listed in the Handbook. | ||
| 005 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Improve the violations termination process by decreasing the percentage of future untimely terminations, improving the use of 104(b) orders, and not allowing due dates to be extended unless for specific, justified reasons listed on the violation form. | ||
| 006 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Provide training on how to write specific supporting reasons on the violation forms or other documentation (e.g., vacate memos) when extending, modifying, or vacating violations. | ||
| 007 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Develop a metric to measure performance and an internal control to verify timely uploading of violations from the inspector’s laptop/tablet into MCAS. | ||
| 008 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Complete periodic reviews to determine whether MSHA personnel are meeting the timely upload and recording of violations in MCAS, terminating violations by the due date, and effectively using 104(b) orders. | ||
| 009 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Simplify the design of the supervisory checklists by revising compound questions into simple questions answerable by a single response (yes, no, or not applicable) and provide refresher training on the quantity completion requirements, how to properly complete and review the checklist, and the importance of providing feedback using the checklist. | ||
| 010 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health: Work with the Solicitor’s Office and the Federal Mine Safety and Health Review Commission to implement a process to ensure violations listed in settlement agreements or court decisions still comply with the Mine Act and Mathies test. |
COVID-19: Increased Worksite Complaints and Reduced OSHA Inspections Leave U.S. Workers’ Safety at Increased Risk
Audit Report to OSHA, 19-21-003-10-105 issued on 02/25/2021
4 recommendations, of which 3 are closed
4 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 003 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health. Compare remote inspections to onsite inspections, and at a minimum provide analysis that addresses their frequency and timeliness for identifying and abating worksite hazards. |
Alert Memorandum: The Employment and Training Administration (ETA) Needs to Ensure State Workforce Agencies (SWA) Implement Effective Unemployment Insurance Program Fraud Controls for High Risk Areas
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | ETA | $5,409,966,198 | We recommend the Principal Deputy Assistant Secretary of Employment and Training establish effective controls, in collaboration with SWAs, to mitigate fraud and other improper payments to ineligible claimants, including the areas identified in the memorandum: UI benefits paid to multi-state claimants, claimants who used the social security numbers of deceased individuals, potentially ineligible federal inmates, and claimants with suspicious email accounts. Effective controls will help prevent similar or greater amounts of fraud and allow those funds to be put to better use. | ||
| 002 | ETA | $0 | We recommend the Principal Deputy Assistant Secretary of Employment and Training work with Congress to establish legislation requiring SWAs to cross match high-risk areas, including the four areas identified in the memo. |
FY 2020 FISMA DOL Information Security Report: Progress Needed to Improve Risk Management and Continuous Monitoring Information Security Controls
Audit Report to OASAM, 23-21-001-07-725 issued on 12/22/2020
25 recommendations, of which 7 are closed
25 recommendations, of which 7 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OASAM | $0 | Complete, approve, and implement its Enterprise Architecture and related artifacts. | ||
| 006 | OASAM | $0 | Provide training to responsible personnel over the third-party continuous monitoring review checklist. | ||
| 007 | OASAM | $0 | Validate that the classification of DOL systems is in accordance with policy, and that system interconnections are appropriately documented within its inventory. | ||
| 008 | OASAM | $0 | Develop, define, implement, and monitor change management key performance indicators that align DOL’s goals and objectives. | ||
| 009 | OASAM | $0 | Enforce DOL policies and procedures regarding separation of duties so developers do not possess the ability to migrate changes to production. | ||
| 010 | OASAM | $0 | Enforce DOL security baseline polices with DOL’s CSPs and develop a security configuration checklist for the CSPs. | ||
| 011 | OASAM | $0 | Implement a process for approving deviations from established configuration settings. | ||
| 012 | OASAM | $0 | Provide training to responsible personnel addressing the new guidance for operational activities, including the patch management process. | ||
| 013 | OASAM | $0 | Provide additional resources to support operational activities during unforeseen circumstances. | ||
| 015 | OASAM | $0 | Reinforce the PIV Exemption approval process through training. | ||
| 016 | OASAM | $0 | Implement a process for periodic review or monitoring of PIV Exemptions to ensure the process is operating effectively. | ||
| 017 | OASAM | $0 | Implement policies and procedures regarding user access reviews for tenants that reside on the platform as a service in accordance with requirements outlined in the DOL CSH. | ||
| 018 | OASAM | $0 | Provide additional resources to support the security requirements and a training over the application user access review process, as documented in the DOL CSH. | ||
| 020 | OASAM | $0 | Document the responsibilities of control activities for tenants that reside on the PaaS through policies and procedures that include user activity reviews in accordance with requirements outlined in the DOL policy. | ||
| 021 | OASAM | $0 | Provide training over the application user activity review process. | ||
| 023 | OASAM | $0 | Develop sufficiently defined quantitative and qualitative metrics that provide meaningful indications of security status and trend analysis at all risk management tiers. | ||
| 024 | OASAM | $0 | Monitor contingency plan testing and exercises through examination of after-action reviews. | ||
| 025 | OASAM | $0 | Validate that systems have received either the appropriate classification or risk waiver that would exempt the system from specific security requirements. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2020
Audit Report to OCFO, 22-21-005-13-001 issued on 12/18/2020
20 recommendations, of which 12 are closed
20 recommendations, of which 12 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OCFO | $0 | We recommend that the Director of the OWCP reinforce with the service provider the requirements to obtain DEEOIC’s approval for medical bills exceeding the applicable review thresholds prior to payment. | ||
| 003 | OCFO | $0 | We recommend that the Director of the OWCP implement a monitoring control to periodically verify that the service provider has sent all medical bills over the applicable thresholds to DEEOIC management for approval prior to payment. | ||
| 009 | OCFO | MULTI | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS enforce accountability of grant officers and closeout specialists to incentivize timely execution and process improvement. | |
| 010 | OCFO | OASAM | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS continue to fully implement monitoring controls to track the status of grants during their closeout processes to ensure proper follow-up and timely execution. | |
| 011 | OCFO | MULTI | $0 | We recommend that the Assistant Secretary for Policy and the Assistant Secretary for VETS administer grant closeout continuous improvement trainings for all agencies to address inconsistent grant closeout implementation concerns. | |
| 012 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for ETA provide continued training to FPOs, emphasizing the revised expectations of the corrective action plan. | |
| 013 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for ETA enforce accountability of the FPOs to facilitate timely and successful remediation of delinquent grant cost reports. | |
| 014 | OCFO | ETA | $0 | We recommend that the Assistant Secretary for ETA enhance monitoring controls to track the status of delinquent cost reports to ensure timely acceptance by the FPOs. |
DOL Did Not Demonstrate It Followed A Sound Process in Promulgating the 2017 Tip Rule Notice of Proposed Rulemaking
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 01 | WHD | MULTI | $0 | Develop policies and procedures to document its rationale and supporting evidence for key decisions in the development of economic regulatory analysis. | |
| 02 | WHD | MULTI | $0 | Develop policies and procedures to document its rationale and supporting evidence when DOL determines the prescribed regulatory guidance does not apply | |
| 03 | WHD | $0 | Enforce policies and procedures that require employees to maintain records that document government business. Employees should not be discouraged from maintaining such records. |
Region IX Whistleblower Protection Program Complaints Were Not Complete or Timely
Audit Report to OSHA, 02-21-001-10-105 issued on 11/23/2020
4 recommendations, of which 0 are closed
4 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | Explore solutions to improve case management, including tracking completion of the essential elements and alerting the investigator and supervisor when there are periods of inactivity on an investigation. | ||
| 002 | OSHA | $0 | Develop and implement a system to track and monitor the work performed by FTEs to better allocate personnel costs by program and ensure resources are used as intended. | ||
| 003 | OSHA | $0 | Continue efforts to find solutions to developing a reasonable balance between the quality and timeliness of investigations. | ||
| 004 | OSHA | $0 | Ensure OSHA issues an updated WIM by the end of FY 2021 and complete desk guides for all applicable statutes. |
MSHA Needs to Improve Efforts to Protect Coal Miners From Respirable Crystalline Silica
Audit Report to MSHA, 05-21-001-06-001 issued on 11/12/2020
3 recommendations, of which 0 are closed
3 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | Adopt a lower legal exposure limit for silica in coal mines based on current scientific evidence. | ||
| 002 | MSHA | $0 | Establish a separate standard for silica that allows MSHA to issue citations and monetary penalties when violations of its silica exposure limit occur. | ||
| 003 | MSHA | $0 | Enhance its sampling program to increase the frequency of inspector samples where needed (e.g., by implementing a risk-based approach). |
ETA Should Do More to Assist Vulnerable States Prepare for Disaster Unemployment Assistance Program Implementation
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | Create a rapid response team consisting of Federal and state officials capable of providing technical and other assistance to states impacted by major disasters. |
DOL Needs To Do More To Secure Employees' Personally Identifiable Information in the Travel Management System
Audit Report to OCFO, 23-20-003-13-001 issued on 09/10/2020
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OCFO | $0 | Establish and implement procedures to ensure E2 account management practices enforce DOL’s security policies. | ||
| 002 | OCFO | $0 | Establish and implement procedures to ensure E2 is managed in compliance with contractual security requirements and DOL computer security policies for contracted information systems. |
COVID-19: OSHA Needs to Improve Its Handling of Whistleblower Complaints During the Pandemic
Audit Report to OSHA, 19-20-010-10-105 issued on 08/14/2020
3 recommendations, of which 1 are closed
3 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OSHA | $0 | Continue to monitor and evaluate the Region II triage pilot and consider extending the triage process to all regions to expedite screening whistleblower complaints. | ||
| 003 | OSHA | $0 | Develop a caseload management plan to more equitably distribute whistleblower complaints received amongst investigators. |
COVID-19: More Can Be Done to Mitigate Risk to Unemployment Compensation Under The CARES Act
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | Include CARES Act UI transactions in the BAM or develop an alternative methodology to reliably estimate improper payments for those programs. | ||
| 004 | ETA | $0 | Issue guidance directing states to provide routine access to state UI claimant data, in order to prevent and detect fraud. |
COVID-19: MSHA Faces Multiple Challenges in Responding to the Pandemic
Audit Report to MSHA, 19-20-006-06-001 issued on 07/24/2020
2 recommendations, of which 1 are closed
2 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health monitor the: Potential backlog of suspended and reduced enforcement activities and develop a plan to manage the backlog once full operations resume. |
Alert Memorandum: Vulnerability in OWCP FECA Bill Pay Processing System
Audit Report to OWCP, 50-20-001-04-430 issued on 05/07/2020
1 recommendations, of which 0 are closed
1 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 01 | OWCP | $0 | This recommendation contains sensitive information and will not be posted. |
OFCCP Did Not Show It Adequately Enforced EEO Requirements on Federal Construction Contracts.
Audit Report to OFCCP, 04-20-001-14-001 issued on 03/27/2020
2 recommendations, of which 1 are closed
2 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OFCCP | $0 | Update participation goals for minorities and females, and implement processes to keep all participation goals current. |
Review of the Occupational Safety and Health Administration's Referral to and Reclamation of Debt from the U.S. Department of the Treasury.
Audit Report to OSHA, 22-20-006-10-001 issued on 03/16/2020
4 recommendations, of which 3 are closed
4 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 003 | OSHA | $0 | We recommend the Assistant Secretary for OSHA revise OSHA’s Debt Collection Procedures to comply with OMB Circular A-129. |
FY 2019 FISMA DOL Information Security Report Implementation of Security Tools Hindered by Insufficient Planning
Audit Report to OASAM, 23-20-002-07-725 issued on 12/23/2019
20 recommendations, of which 8 are closed
20 recommendations, of which 8 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | OASAM | $0 | Implement technologies for both DOL and the Bureau of Labor Statistics to detect and prevent unauthorized hardware and software from connecting to the local DOL network. | ||
| 003 | OASAM | $0 | Verify that annual assessments of third-party providers, including cloud service providers, are formally documented, reviewed, and signed by appropriate levels of management. | ||
| 005 | OASAM | $0 | Develop and implement performance metrics for configuration management. | ||
| 006 | OASAM | $0 | Design and implement controls and policies to formally perform and document the periodic review of baseline configuration scans across DOL servers and databases. | ||
| 007 | OASAM | $0 | Design and implement controls to monitor DOL assets for missing patches, service packs, hot fixes, and other software updates that are not associated with a CVE. | ||
| 008 | OASAM | $0 | Enhance vulnerability scanning monitoring controls and procedures to track and remediate outstanding vulnerabilities in a timely manner. | ||
| 011 | OASAM | $0 | Finalize the implementation of the access control technologies. | ||
| 012 | OASAM | $0 | Develop and implement access control performance metrics. | ||
| 013 | OASAM | $0 | Design and implement controls to perform and document a periodic review of audit logs that report privileged user activity. | ||
| 015 | OASAM | $0 | Implement data encryption configurations/solutions at the server level for data at rest for sensitive information (PII). | ||
| 016 | OASAM | $0 | Update the ISCM strategy guide with current ISCM performance metrics. | ||
| 019 | OASAM | $0 | Develop and implement contingency planning performance metrics. |
Management Advisory Comments Identified in an Audit of the Consolidated Financial Statements, For the Year Ended September 30, 2019
Audit Report to OCFO, 22-20-005-13-001 issued on 12/19/2019
20 recommendations, of which 18 are closed
20 recommendations, of which 18 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 009 | OCFO | OASAM | $0 | The Chief Information Officer coordinate efforts among the DOL agencies to design and implement procedures and controls to address account management, in key financial feeder systems. | |
| 010 | OCFO | OASAM | $0 | The Chief Information Officer monitor the agencies’ progress to ensure that established procedures and controls are operating effectively and maintained. |
Job Corps Should do More to Prevent Cheating in High School Programs
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps ensure centers partner only with those school providers with established cheating or academic integrity policies that include basic preventative controls. | ||
| 003 | ETA | $0 | We recommend the Assistant Secretary for Employment and Training require Job Corps ensure reviews of high school programs are ongoing, consistent, and routine and, at a minimum, cover key controls to detect cheating. |
MSHA Can Improve Its Pre-Assessment Conferencing Program
Audit Report to MSHA, 05-19-001-06-001 issued on 09/23/2019
9 recommendations, of which 0 are closed
9 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training to Conference Litigation Representatives and district management on how to write specific supporting reasons for conference decisions in conference files and violation forms. | ||
| 002 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training to district management on how provide effective oversight over the pre-assessment conference program. The training should focus on reviewing the conference file and the system data for completeness and accuracy. Note: This recommendation applies to issues 1 (conference files) and 3 (system data). | ||
| 003 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health review each district’s process to ensure Conference Litigation Representatives consistently, in a way that does not create embarrassment or conflict, communicate the reasons they modify or vacate violations with supervisors and issuing inspectors and participate in staff meetings and at district training sessions for inspection personnel. | ||
| 004 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health develop MSHA Standardized Information System reports showing a summary of conference decisions that Conference Litigation Representatives can use as their monthly report and changes made to violation form attributes through conferencing decisions that MSHA can use to identify high-risk attributes and research the root causes for trends. | ||
| 005 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health revise the Alternative Case Resolution Handbook to require districts to document reasons supporting conference decisions to uphold a violation. The reason for an uphold decision should explain why any new evidence presented by the operator at the conference did not persuade MSHA to change the violation. | ||
| 006 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health revise the Alternative Case Resolution Handbook to clarify requirements for CLR monthly reporting. For example, the guidance should address the method(s) allowed and the minimum level of detail that CLRs should describe in the report. | ||
| 007 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health provide training on how to populate MSHA’s Standardized Information System from the conference files and the importance of the importance of filling in all data fields. The training should focus on defining the required conferencing fields in MSIS to populate, identifying what documentation in the conference file to use when populating each field, and defining appropriate times to cancel a conference. | ||
| 008 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health update MSHA’s Standardized Information System with two system controls that require users to populate all required fields and prevent personnel from entering dates in the wrong order. | ||
| 009 | MSHA | $0 | We recommend the Assistant Secretary for Mine Safety and Health perform periodic reviews of MSHA’s Standardized Information System data to ensure that districts are accurately populating it and marking conferences as completed in a timely manner. |
MSHA Did Not Evaluate Whether Civil Monetary Penalties Effectively Deterred Unsafe Mine Operations
Audit Report to MSHA, 23-19-002-06-001 issued on 08/16/2019
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | MSHA | $0 | Develop metrics for the CMP program that will allow review and measurement of its effect on changing operator behavior to deter unsafe mine operations. | ||
| 002 | MSHA | $0 | Implement controls to ensure good standing of operators with regard to safety record and delinquency status prior to assigning a legal mine identification number or changing the legal ownership structure of a mine. |
Report Title Contains Sensitive Information
Audit Report to OASAM, 50-19-002-07-725 issued on 06/17/2019
2 recommendations, of which 0 are closed
2 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 01 | OASAM | $0 | This recommendation contains sensitive information and will not be posted. | ||
| 02 | OASAM | $0 | This recommendation contains sensitive information and will not be posted. |
OSHA Procedures for Issuing Guidance Were Not Adequate and Mostly Not Followed
Audit Report to OSHA, 02-19-001-10-105 issued on 03/28/2019
4 recommendations, of which 0 are closed
4 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Establish procedures to require staff to demonstrate that issuing a document as guidance is appropriate under APA and OSH Act requirements. | ||
| 002 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Maintain complete records to demonstrate compliance with OSHA criteria for issuance. | ||
| 003 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Establish and enforce a monitoring function to ensure its staff fully comply with written procedures and maintain complete records that demonstrate guidance meets criteria for issuance. | ||
| 004 | OSHA | $0 | We recommend the Principal Deputy Assistant Secretary for Occupational Safety and Health: Train officials and staff as needed on their roles and responsibilities for internal controls related to the issuance of guidance and the potential risks of disregarding or circumventing controls. |
FY 2018 FISMA DOL Information Security Report
Audit Report to OASAM, 23-19-001-07-725 issued on 03/13/2019
5 recommendations, of which 0 are closed
5 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OASAM | $0 | Conduct a risk assessment to identify the root causes of the identified deficiencies; | ||
| 002 | OASAM | $0 | Document, track, and implement milestones and corrective actions to timely remediate all identified deficiencies that have been communicated to DOL management. | ||
| 003 | OASAM | $0 | Coordinate efforts among the DOL agencies to design and implement procedures and controls to address account management, system access settings, configuration management, system audit log configuration and reviews, and patching and vulnerability management control deficiencies in key financial feeder systems. | ||
| 004 | OASAM | $0 | Monitor the agencies’ ongoing progress to ensure that established procedures and controls are operating effectively; | ||
| 005 | OASAM | $0 | Develop and implement performance metrics that will be used to manage and measure the effectiveness of the DOL information security program. |
Experience Works, Inc. Misused more than $4 million in SCSEP Funds
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 006 | ETA | $0 | Principal Deputy Assistant Secretary for Employment and Training require ETA to improve its monitoring of SCSEP grant funds to ensure grantee operations are consistent with the agency mission, in compliance with laws and regulations, and with minimal potential for waste, fraud, and mismanagement. This includes providing monitoring staff guidance and training to perform effective risk assessments and monitoring reviews. |
OSHA Needs to Improve the Guidance for its Fatality and Severe Injury Reporting Program to Better Protect Workers
Audit Report to OSHA, 02-18-203-10-105 issued on 09/13/2018
4 recommendations, of which 3 are closed
4 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OSHA | $0 | We recommend that the Acting Assistant Secretary for Occupational Safety and Health develop formal guidance and train staff on how to detect and prevent underreporting of fatalities and severe injuries. |
ETA Violated the Bona Fide Needs Rule and the Antideficiency Act
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 004 | ETA | $0 | We recommended the Deputy Assistant Secretary for Employment and Training require ETA to report, in accordance with 31 USC, §1351, §1517(b), the Antideficiency Act violations caused by the bona fide needs rule violations identified in this report. |
MSHA Needs to Provide Better Oversight of Emergency Response Plans
Audit Report to MSHA, 05-17-002-06-001 issued on 03/31/2017
9 recommendations, of which 3 are closed
9 recommendations, of which 3 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001a | MSHA | $0 | We recommend the Deputy Assistant Secretary for Mine Safety and Health reissue PPL P16-V-01 to clarify the mine operators’ responsibility for local coordination under the MINER Act. The revision should inform mine operators to insert language in their ERP referencing the call lists posted at the mine if the ERP does not include them. | ||
| 001b | MSHA | $0 | We recommend the Deputy Assistant Secretary for Mine Safety and Health reissue PPL P16-V-01 to clarify the mine operators’ responsibility for local coordination under the MINER Act. The revision should clarify how a mine operator establishes procedures for coordination and communication between the operator, mine rescue teams, and local emergency response personnel and makes provisions for familiarizing local rescue personnel with surface functions that may be required in the course of mine rescue work. | ||
| 002 | MSHA | $0 | Maintain an ERP review checklist on MSHA’s website that is updated when requirements change. | ||
| 003 | MSHA | $0 | Standardize the ERP review and approval processes and tools across MSHA districts. At minimum, the procedures should specify the a. type of reviews (specialist and/or inspector) the districts should be completing and the frequency for each type of review, b. steps the reviewer should take for a specialist review versus an inspector review and the tools (e.g., standardized review checklist) to use during each review, and c. dates (e.g., Date Received and Decision Date) to enter into the tracking system and instructions on where to obtain each date. | ||
| 004 | MSHA | $0 | Issue additional guidance and provide refresher training on how to enter ERP data into the tracking system and use the tracking system to provide oversight. | ||
| 005 | MSHA | $0 | Implement a process for headquarters and district personnel to manage the ERP program more effectively by periodically (e.g., quarterly or semi-annually) reviewing reports from the tracking system. | ||
| 009 | MSHA | $0 | Issue regulations or guidance to make mine operators aware of tools currently available on MSHA’s website they can use when developing their ERPs and clarify when mine operators should submit an ERP and whether mine operators can exclude certain information from the ERP. |
EBSA Did Not Have the Ability to Protect the Estimated 79 Million Plan Participants in Self-Insured Health Plans from Improper Denials of Health Claims
Audit Report to EBSA, 05-17-001-12-121 issued on 11/18/2016
5 recommendations, of which 4 are closed
5 recommendations, of which 4 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | EBSA | $0 | We recommend the Assistant Secretary for Employee Benefits Security reduce or eliminate exemption thresholds for small plans. |
FISMA FISCAL YEAR 2015: Ongoing Security Deficiencies Exist
Audit Report to OASAM, 23-16-002-07-725 issued on 09/30/2016
2 recommendations, of which 1 are closed
2 recommendations, of which 1 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 01 | OASAM | $0 | This recommendation contains sensitive information and will not be posted. |
Investigative Advisory Report Weaknesses Contributing to Fraud in the Unemployment Insurance Program
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | ETA | $0 | ETA should recommend that SWAs develop a plan to identify multiple claims that originate from the same IP addresses, or from IP addresses from outside the United States, to minimize threats and fraud. In addition, consideration should be given to development of a database where all 53 SWAs will begin recording and sharing incoming IP addresses using a central data collection and exchange point, where common IP addresses can be researched using data analytics to identify and share information concerning potential fraud rings. | ||
| 002a | ETA | $0 | In order to reduce claimant anonymity, ETA should recommend that SWAs consider additional verification within 30 days of initial filing if the claim was filed from an identified anonymous IP address or with other fraud indicators. Current regulations permit the SWAs to request photo IDs to validate identity. States should suspend payment of benefits and conduct further investigation if requested information is not provided or the information provided does not resolve identity concerns. | ||
| 003 | ETA | $0 | ETA should recommend that SWAs provide all identified fraudulent claimant information into a shared database that can be queried to identify the filing of fraudulent claims against multiple states. One possibility would be to use the existing ETA Fraud Portal, which would make the portal a powerful tool in UI Fraud detection for the SWAs. |
Limited-Scope Audits Provide Inadequate Protections to Retirement Plan Participants
Audit Report to EBSA, 05-14-005-12-121 issued on 09/30/2014
5 recommendations, of which 4 are closed
5 recommendations, of which 4 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 002 | EBSA | $0 | We recommend the Assistant Secretary for Employee Benefits Security provide additional formal guidance to plan administrators to identify and adequately support the fair value of plan assets. |
OWCP's Efforts to Detect and Prevent FECA Improper Payments Have Not Addressed Known Weaknesses
Audit Report to OWCP, 03-12-001-04-431 issued on 02/15/2012
5 recommendations, of which 4 are closed
5 recommendations, of which 4 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 004 | OWCP | $0 | OWCP Acting Diretor develop effective procedures, including seeking legislative authority to conduct matches with SSA retirement records, to ensure that claimants who receive SSA retirement benefits are identified timely and their FECA benefits are adjusted accordingly. |
Ineffective Accounting for Sensitive Information Technology Hardware and Software Assets Places DOL at Significant Risk
Audit Report to OASAM, 23-11-001-07-001 issued on 03/31/2011
6 recommendations, of which 0 are closed
6 recommendations, of which 0 are closed
| Status | Rec. | Primary Agency Responsible | Implementing Agency (if different) | Monetary Findings | Recommendation |
|---|---|---|---|---|---|
| 001 | OASAM | $0 | Assess and take appropriate measures to ensure reports of lost, missing or stolen sensitive IT assets have not resulted. | ||
| 002 | OASAM | $0 | Perform a full inventory of the Department’s IT assets that is accurate and complete including an update of the information into a viable inventory management system. | ||
| 003 | OASAM | $0 | Consolidate all inventory systems though out DOL to eliminate duplication, realize cost savings, and strengthen inventory. | ||
| 004 | OASAM | $0 | Perform required reviews of program agencies’ inventory practices and procedures to ensure full participation in the inventory process across the Department and compliance with Federal information system requirements. | ||
| 005 | OASAM | $0 | Develop policies for disposal of sensitive IT assets that presently lack coherent policy. | ||
| 006 | OASAM | $0 | Integrate a reliable electronic procurement system with a viable inventory system along with the financial systems to ensure seamless interoperability. |
