Skip to main content

Department of the Treasury

Jump To:

Recent Reports

View More Reports

Open Recommendations (97 total)

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

GAO-22-105065
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should fully define and document a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests. (Recommendation 35)
Open
The Department of the Treasury did not state whether it concurred with our recommendation. As of March 2024, Treasury provided an updated privacy directive stating that that the head of each bureau is to ensure the review of bureau capital investment plans, budgetary requests, and acquisitions involving Information Technology to confirm that privacy compliance issues, required controls, and associated costs are identified and explicitly addressed in all plans, requests, and acquisitions with respect to any IT resources that will be used to create, collect, use, process, store, maintain, disseminate, disclose, or dispose of personally identifiable information. However, the directive did not specify which privacy staff are involved in these reviews. We are continuing to follow up with Treasury to ascertain these details.

Information Technology: Departments Need to Improve Chief Information Officers' Review and Approval of IT Budgets

GAO-19-49
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should direct the department CIO to establish, for any OMB common baseline requirements that are related to IT budgeting that have been delegated, a plan that specifies the requirement being delegated, demonstrates how the CIO intends to retain accountability for the requirement, and ensures through quality assurance processes that the delegated official will execute such responsibilities with the appropriate level of rigor. (Recommendation 40)
Open
In its FITARA delegation plan, Treasury delegated four responsibilities to bureau CIOs: (1) Include the CIO in the planning and budgeting stages for programs that are fully or partially supported with IT resources, (2) Include the CIO as a member of governance boards that inform decisions regarding all IT resources, including component-level governance boards, (3) Ensure the CIO has reviewed and approved the major IT investments portion of the budget request, and (4) Ensure the CIO has reviewed whether the IT portfolio includes appropriate estimates of all IT resources included in the budget request. As of December 2023, Treasury's CIO has not yet established a plan that specifies how the CIO intends to retain accountability for these delegated responsibilities and quality assurance processes that ensure the delegated official will execute such responsibilities with the appropriate level of rigor. We will continue to monitor the department's progress in implementing our recommendation.

Cloud Security: Selected Agencies Need to Fully Implement Key Practices

GAO-23-105482
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should ensure that the agency fully implements the FedRAMP requirements, to include performing a review and risk analysis of the CSPs' FedRAMP security packages for its selected SaaS system 1. (Recommendation 32)
Open
In January 2024, we requested an update from the agency on its efforts to address our recommendation. However, as of February 2024, the agency has not provided an update. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Management Report: Improvements Needed in Controls over the Processes Used to Prepare the U.S. Consolidated Financial Statements

GAO-14-543
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of the Treasury
Priority Rec.
The Secretary of the Treasury should direct the Fiscal Assistant Secretary, working in coordination with the Controller of OMB, to establish and implement policies and procedures for accounting for and reporting all significant General Fund activity and balances, obtaining assurance on the reliability of the amounts, and reconciling the activity and balances between the General Fund and federal entities.
Open
As of the completion of our fiscal year 2023 audit of the consolidated financial statements of the U.S. government, this recommendation remained open. Treasury continued to implement corrective actions to (1) obtain and review support for material accrual balances provided by federal entities for inclusion in the General Fund's general ledger and (2) review federal entity audited financial statements and conduct data calls for unrecorded activity to include in the General Fund's general ledger. In addition, Treasury continued to work with federal entities to ensure proper usage of newly established transaction codes. However, intragovernmental differences remain and further improvements are needed to account for and report all significant General Fund activity and balances, including obtaining audit assurance and reconciling with federal entity trading partners.

Anti-Money Laundering: Better Information Needed on Effectiveness of Federal Efforts

GAO-24-106301
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should ensure that the Director of FinCEN develop and implement a communications plan to regularly inform Congress and the public in full about its progress implementing the Anti-Money Laundering Act of 2020. (Recommendation 1)
Open
We will update the status of this recommendation when Treasury provides its 180-day letter, which is due in September 2024.

Federal Spending Transparency: Opportunities Exist to Further Improve the Information Available on USAspending.gov

GAO-22-104702
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should design and implement a process to periodically inform agencies about unlinked data to help agencies reconcile and resolve data linkage differences between transaction and submission data on USAspending.gov. (Recommendation 2)
Open
In December 2023, Treasury told us they have no updates on their progress to implement our recommendation. In July 2022, they told us they are working on a process to address this recommendation, including sending a quarterly report to agencies on the status of their unlinked awards and updating the functionality of the USASpending.gov Agency Submission Statistics Page (ASSP) so that it will allow agencies to quickly download a list of all unlinked awards. Fully implementing these new procedures will be responsive to our recommendation. We will continue to monitor Treasury's progress toward implementing this recommendation.

Cloud Security: Selected Agencies Need to Fully Implement Key Practices

GAO-23-105482
Show
2 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should ensure that the agency's contracts with CSPs include requirements for the service providers to comply with FedRAMP security authorization requirements. (Recommendation 33)
Open – Partially Addressed
We reported that the agency had not required CSPs to comply with FedRAMP requirements for its SaaS system 1, and SaaS system 2. In January 2024, the agency provided evidence that it had updated the contract for its SaaS system 2, to include the requirements. However, the agency did not provide evidence that it had updated its contract for SaaS system 1, or that it had ensured that the agency's contracts with CSPs include the requirements. We will continue to monitor the agency's efforts to address our recommendation.
Department of the Treasury The Secretary of the Treasury should ensure that the agency fully documents its procedures for responding to and recovering from security and privacy incidents for its SaaS system 1. (Recommendation 34)
Open
In January 2024, we requested an update from the agency on its efforts to address our recommendation. However, as of February 2024, the agency has not provided an update. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

GAO-22-105065
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 36)
Open
The Department of the Treasury did not state whether it concurred with our recommendation. As of March 2024, Treasury had provided an updated privacy directive stating that the head of each bureau is to ensure bureau privacy planning, budgeting, governance, acquisition, and management of personally identifiable information, personnel, equipment, funds, IT resources, and supporting infrastructure and services, including hiring, training, and professional development needs of privacy personnel. However, the directive did not specify the privacy staff to be involved in these activities. We are following up with Treasury to ascertain these details.

Federal Chief Information Officers: Critical Actions Needed to Address Shortcomings and Challenges in Implementing Responsibilities

GAO-18-93
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of the Treasury The Secretary of the Treasury should ensure that the department's IT management policies address the role of the CIO for key responsibilities in the six areas we identified. (Recommendation 17)
Open
The agency did not comment on the report and in March 2024 provided an update on efforts made to implement the recommendation. Specifically, of the 28 Chief Information Officer (CIO) responsibility gaps, two responsibilities have been fully addressed, five have been partially addressed, and 19 have not yet been addressed. Two of the responsibilities are no longer applicable due to a sunset provision in the law. We will continue to monitor the steps the agency takes to address these requirements.
View More Recommendations

Related Pages