Skip to main content

Department of Justice

Jump To:

Recent Reports

View More Reports

Open Recommendations (31 total)

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

GAO-22-105065
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of Justice
Priority Rec.
The Attorney General should incorporate privacy into an organizationwide risk management strategy that includes a determination of risk tolerance. (Recommendation 25)
Open
The Department of Justice did not concur with this recommendation, stating that its existing strategy documents address how it manages privacy risk, including a determination of risk tolerance. As of March 2024, DOJ had provided documents outlining its approach to managing privacy risks. However, they did not include key details such as a discussion of the department's approach to determining privacy risk tolerance, including, for example, factors to be considered and acceptable amounts of risk. According to DOJ officials, while discussions regarding risk thresholds, or the acceptable level of risk for a given activity, have occurred in a number of areas, the department is still working toward developing a department-wide risk tolerance statement. Once the department states that it has taken additional actions, we intend to verify whether implementation has occurred.

Freedom of Information Act: Additional Guidance and Reliable Data Can Help Address Agency Backlogs

GAO-24-106535
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Justice The Attorney General should direct the Director of the Office of Information Policy to issue guidance advising agencies to include elements of effective action plans in their backlog reduction plans. Such elements include identifying and analyzing root causes of their backlog; identifying actions the agency will take to address those root causes; and establishing specific backlog reduction goals, performance measures, and milestones for tracking progress. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

GAO-22-105065
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Justice The Attorney General should establish a time frame and fully develop and document a privacy continuous monitoring strategy. (Recommendation 26)
Open
The Department of Justice did not concur with this recommendation, stating that DOJ components must assess all security and privacy controls employed by an information system during initial authorization and assess a subset of controls during continuous monitoring on an ongoing basis. However, documentation provided by DOJ did not specify the frequency with which the department plans to assess each privacy control at the various risk management tiers. Accordingly, we continue to believe our recommendation is warranted. As of March 2024, the department had not provided further updates on actions taken to address this recommendation. Once the department states that it has taken action, we plan to verify whether implementation has occurred.

Freedom of Information Act: Additional Guidance and Reliable Data Can Help Address Agency Backlogs

GAO-24-106535
Show
3 Open Recommendations
Agency Affected Recommendation Status
Department of Justice The Attorney General should direct the Director of the Office of Information Policy to issue guidance advising agencies to identify actions in their backlog reduction plans to help ensure staff with the necessary skills are available to support reduction efforts. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Justice The Attorney General should direct the Director of the Office of Information Policy (OIP) to develop a process for OIP to more closely examine the data agencies report on component-level FOIA requests and average request processing times to help agencies ensure they report accurate average processing times. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Justice The Attorney General should direct the Director of the Office of Information Policy (OIP) to update the materials for OIP's training on annual FOIA reporting to highlight that agencies are required to report weighted average processing times for FOIA requests, and include instructions on how agencies should calculate their weighted average processing times. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Justice: Actions Needed to Better Track and Monitor Responses to Congressional Correspondence

GAO-23-105231
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Justice The Attorney General should ensure that ExecSec and OLA maintain readily available, accurate, and complete congressional correspondence data to track responses in DOJ's department-wide correspondence management system. (Recommendation 1)
Open
DOJ reported in June 2023 that ExecSec and OLA launched a new system for tracking congressional correspondence starting with the 118th Congress. According to DOJ, the new system allows the Department to better track its congressional response process by showing the steps in the process-from initial drafting to finalization and transmittal. The system also tracks where draft responses are in that process, according to DOJ. DOJ officials noted that the new system also shows the employee with responsibility for ensuring that a particular response is finalized and transmitted, and it allows the department to generate regular reports for managers and supervisors to monitor progress as needed. In October 2023, OLA officials stated that they have held meetings with key stakeholders (including ExecSec) to assess internal correspondence processes, standardized the data entry process, and have established goals. OLA officials also stated that they have developed checklists for accuracy, formatting, and context that attorneys are to use as part of their tracking process and have begun to offer trainings to OLA attorneys. According to these officials, OLA is on step three of eight in their problem solving process.

Department of Justice: Actions Needed to Better Track and Monitor Responses to Congressional Correspondence

GAO-23-105231
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Justice The Attorney General should ensure that ExecSec and OLA develop guidance on correspondence management system data quality. (Recommendation 2)
Open
DOJ reported in June 2023 that ExecSec and OLA have developed standard operating procedures for congressional correspondence as part of the new system for tracking and monitoring correspondence. DOJ also provided a copy of the Standard Operating Procedures Manual for Priority Correspondence. In October 2023, OLA officials told us that they were in the beginning stages of conducting outreach to DOJ components on standardizing guidance.

Information Management: Agencies Need to Streamline Electronic Services

GAO-23-105562
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Justice The Attorney General should establish a reasonable time frame for when the Department of Justice will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 5)
Open
As of March 2024, Justice noted that any solution to implement remote identity proofing with authentication consistent with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04) must meet NIST's technical standard known as "Identity Assurance Level 2" (IAL2). In addition, the Department stated that they had been exploring acquiring the remote identity proofing services known as Login.gov offered by the General Services Administration (GSA), as a means of complying with the requirements of the CASES Act and M-21-04. Further, Justice stated the concerns identified in the GSA Inspector General report have contributed to challenges that the Department has faced in finding a solution to facilitate CASES Act compliance.

Information Technology: Selected Federal Agencies Need to Take Additional Actions to Reduce Contract Duplication

GAO-20-567
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Justice The Attorney General should ensure that the Department of Justice develops and implements strategies to address duplication identified through the use of spend analyses. (Recommendation 13)
Open – Partially Addressed
In January 2024, the department provided evidence that it had used a spend analysis to identify opportunities to reduce IT contract duplication. In addition, the department identified strategies for addressing the duplication. In addition, the department developed strategies to address the duplication. However, it did not provide evidence that it had implemented the strategies. We will continue to monitor the agency's efforts to address our recommendation.
View More Recommendations

Related Pages