Skip to main content

Department of the Treasury

Jump To:

Recent Reports

View More Reports

Open Recommendations (100 total)

Critical Infrastructure Protection: Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts

GAO-20-631
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of the Treasury
Priority Rec.
Regarding financial sector cyber risk mitigation efforts, we recommend that the Secretary of the Treasury, in coordination with the Department of Homeland Security and other federal and nonfederal sector partners, track the content and progress of sectorwide cyber risk mitigation efforts, and prioritize their completion according to sector goals and priorities in the sector-specific plan. (Recommendation 1)
Open
Treasury generally agreed with this recommendation, but had concerns with its authority to implement it, due to its limited authority to require regulators to supply data on cyber risk mitigation efforts, and legal and trust concerns with getting information from firms voluntarily. We responded to these concerns in our report, stating that Treasury is ideally positioned to secure voluntary agreement from these groups to provide focused information on their cyber risk mitigation efforts, which would help Treasury track and prioritize progress toward sector goals. In January 2023, Treasury reported that it plans to discuss with the financial services sector the development of metrics on sector risk mitigation efforts and on the sector's adoption of the National Institute of Standards and Technology cybersecurity framework. Treasury also stated it plans to develop metrics on the sector's sharing of cyber threat information and measures regarding their effectiveness. In May 2023, Treasury said it is planning implementation of a tool that may enable it to track and record risks and resulting efforts, but that the tool's capabilities and uses were still in development. As of April 2024, Treasury had completed mapping of sector information flows, which it plans to use to inform further understanding of sector risks and risk mitigation efforts. However, it has not yet completed these latter steps. Without tracking and prioritizing efforts based on sector goals and priorities, Treasury and the financial sector will remain unable to determine the effectiveness of their efforts.

Financial Literacy: Better Outcome Reporting Could Facilitate Oversight of Programs for Older Adults and People with Disabilities

GAO-24-106381
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury, as chair of the Financial Literacy and Education Commission, should coordinate with the vice chair and agencies represented on the Commission to encourage the ongoing collection of data on financial literacy program outcomes and include these data in the Commission's annual report to Congress. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Tax Equity: Lack of Data Limits Ability to Analyze Effects of Tax Policies on Households by Demographic Characteristics

GAO-22-104553
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury, as part of the department's work on equity analysis of tax policy, should evaluate the feasibility of alternative methods, such as interagency data sharing or surveys, for producing secure, linked taxpayer and demographic data. (Recommendation 1)
Open
Treasury neither agreed nor disagreed with the recommendation and said it is focusing its current efforts on developing an imputation method. Treasury agreed with GAO on the importance of understanding the effects of tax policies by demographic characteristics and in May 2023 released a report on how the disbursement of the First Round Economic Impact Payments varied by race/ethnicity, age, sex, income, and household composition using interagency data sharing. Previously, in January 2023, Treasury had also released a report examining tax expenditures by race and ethnicity using imputation methods. However, as of March 2024 Treasury had not indicated how it plans to evaluate the feasibility of alternative methods or if it plans to rely on interagency data sharing or imputation methods to evaluate the effects of other tax policies by demographics. We continue to monitor what actions the agency has taken in response to this recommendation.

State Small Business Credit Initiative: Improved Planning Could Help Treasury Limit Additional Delays

GAO-23-105293
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury Treasury's Chief Recovery Officer should fully incorporate best practices for project scheduling related to sequencing and establishing the duration of activities, assigning resources to activities, and updating the schedule using actual progress into its planning processes for the SSBCI program. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Private Pensions: Participants Need Better Information When Offered Lump Sums That Replace Their Lifetime Benefits

GAO-15-74
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury To provide participants with useful information and to provide for lump sums that are based on up-to-date assumptions, Treasury should review its regulations governing the information contained in relative value statements to ensure these statements provide a meaningful comparison of all benefit options, especially in instances where the loss of certain additional plan benefits may not be disclosed.
Open
Treasury generally agreed with this recommendation but did not provide specific comments on plans to address it. As of July 2023, Treasury has not implemented this recommendation.

Artificial Intelligence: Agencies Have Begun Implementation but Need to Complete Key Requirements

GAO-24-105980
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should ensure that the department develops a plan to either achieve consistency with EO 13960 section 5 for each AI application or retires AI applications found to be developed or used in a manner that is not consistent with the order. (Recommendation 26)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Critical Infrastructure Protection: Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts

GAO-20-631
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of the Treasury
Priority Rec.
Regarding the financial sector-specific plan, we recommend that the Secretary of the Treasury, in coordination with the Department of Homeland Security and other federal and nonfederal sector partners, update the financial services sector-specific plan to include specific metrics for measuring the progress of risk mitigation efforts and information on how the sector's ongoing and planned risk mitigation efforts will meet sector goals and requirements, such as requirements for the financial services sector in the National Cyber Strategy Implementation Plan. (Recommendation 2)
Open
Treasury generally agreed with the recommendation, but believed it should not be implemented until the Department of Homeland Security updates the National Infrastructure Protection Plan, now called the National Plan, to establish cross-sector priorities and provide guidance on sector-specific plans. However, we reported in February 2023 that there was no deadline for the National Plan to be updated. In April 2024, Treasury clarified that it plans to update the financial services sector-specific plan once a directive currently under revision, and a related memorandum, have been updated. Treasury also stated that it was continuing to work on development of sector-specific cyber performance goals. We continue to believe it would be feasible and beneficial for Treasury to develop an interim update to the current sector-specific plan on how ongoing efforts meet sector goals and priorities. Without sufficiently creating and documenting appropriate metrics, it will be difficult for Treasury to determine whether the financial sector's risk mitigation efforts will improve its cyber resilience.

Information Technology: Departments Need to Improve Chief Information Officers' Review and Approval of IT Budgets

GAO-19-49
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should ensure that the Office of the CIO and other offices, as appropriate, address gaps in the department's FITARA plans by developing and implementing policies and procedures that include the CIO in the planning and budgeting stages for all programs that are fully or partially supported with IT resources. (Recommendation 36)
Open – Partially Addressed
Treasury established an Annual IT Review process that outlines the procedures for the CIO's review of each bureau's planned IT resources for a given budget year proposal. Among other things, it includes a review of significant changes in the bureau's IT budget, an IT portfolio review that is to be broken out by program/activities at the bureau's discretion as long as it sums up to 100% of the IT spending, and a more detailed review of several IT acquisitions to be selected by the CIO based on a list of all bureau acquisitions. Treasury drafted an update to its Treasury Directive 81-01 Publication to formalize the implementation of its Annual IT Review process by requiring that the Treasury CIO be invited to participate in Bureau IT governance discussions at their discretion and be notified of annual planning decisions in time to provide feedback as part of the annual planning process. In addition, the draft publication notes that the CIO is responsible for participating in an annual review of each Bureau IT portfolio to provide feedback and/or concurrence. However, as of December 2023 these requirements were not yet in place since the publication is still in draft. We will continue to monitor the department's efforts to implement our recommendation.

International Development Association: Additional Information Sharing Could Enhance U.S. Treasury Oversight of Key Risks

GAO-22-104657
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should direct the U.S. Executive Director of IDA to work with the other Executive Directors to request additional information underlying IDA's loan loss model—including key assumptions of the model and sensitivity analyses of model results—necessary to conduct oversight of IDA's financial sustainability. (Recommendation 1)
Open
Treasury concurred with this recommendation in its official comment letter included as an appendix in GAO-22-104657, published in June 2022. As of January 2023, Treasury has sent a letter to congressional committees reiterating the agency's concurrence with this recommendation and indicating that Treasury has started taking actions to implement the recommendation. Treasury stated that it has engaged with the U.S. Executive Director's Office to request that IDA provide its Board of Directors more information on the model IDA uses to estimate the total risk it faces from borrower country defaults. Additionally, the agency indicated that it continues to discuss, with IDA management, IDA's financial sustainability. We will review information that IDA has shared with Treasury and update the recommendation implementation status as appropriate.

Cloud Security: Selected Agencies Need to Fully Implement Key Practices

GAO-23-105482
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should commit to a date for completing efforts to define the delineation of security responsibilities between the agency and the CSP for its selected SaaS system 2. (Recommendation 26)
Open
In January 2024, we requested an update from the agency on its efforts to address our recommendation. However, as of February 2024, the agency has not provided an update. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
View More Recommendations

Related Pages