Skip to main content

Office of Management and Budget

Jump To:

Recent Reports

View More Reports

Open Recommendations (156 total)

Information Security: Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions

GAO-19-105
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB should submit the intrusion assessment plan to the appropriate congressional committees. (Recommendation 3)
Open
As of October 2023, the Office of Management and Budget has not provided sufficient evidence to close this recommendation. We will continue to follow-up with OMB.

Hurricane Sandy Relief: Improved Guidance on Designing Internal Control Plans Could Enhance Oversight of Disaster Funding

GAO-14-58
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Office of Management and Budget
Priority Rec.
To proactively prepare for oversight of future disaster relief funding, the Director of OMB should develop standard guidance for federal agencies to use in designing internal control plans for disaster relief funding. Such guidance could leverage existing internal control review processes and should include, at a minimum, the following elements: (1) robust criteria for identifying and documenting incremental risks and mitigating controls related to the funding and (2) requirements for documenting the linkage between the incremental risks related to disaster funding and efforts to address known internal control risks.
Open
The Office of Management and Budget (OMB) stated that they generally agreed with our recommendation and requested additional information on the findings to inform future guidance. In July 2016, OMB issued the revised Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control. The Circular requires agencies to implement enterprise risk management, which includes the development of a risk profile that analyzes the risks faced in achieving strategic objectives and identifies options for addressing them. In April 2017, OMB staff stated that they believe that the implementation of enterprise risk management through Circular A-123 satisfies the intent our recommendation. Because the responsibility for implementing enterprise risk management lies with agency management, Circular A-123 does not include specific guidance for identifying risks related to disaster funding. Additionally, the Bipartisan Budget Act of 2018, Sec. 21208(c) requires OMB to issue standard guidance for federal agencies to use in designing internal control plans for disaster relief funding to proactively prepare for oversight of future disaster relief funds. The Act states this guidance shall leverage existing internal control review processes and shall include, at a minimum, (1) robust criteria for identifying and documenting incremental risks and mitigating controls related to the funding, and (2) guidance for documenting the linkage between the incremental risks related to disaster funding and efforts to address known internal control risks. GAO reviewed OMB's actions to implement the law. In June 2019, we reported in GAO-19-479 that this 2013 recommendation remains open. Further, we reported that OMB did not have an effective strategy to ensure that agencies timely submitted internal control plans; and OMB's Memorandum M-18-14, Implementation of Internal Controls and Grant Expenditures for the Disaster-Related Appropriations lacked specific instructions to agencies on what to include in their internal control plans. As such, a new recommendation was warranted. As of March 2024, OMB did not indicate any change in its position. To address this recommendation, OMB should issue guidance on internal control for disaster relief funding, including criteria for identifying additional risks and mitigating controls related to the funding and a requirement to link these incremental risks to ongoing efforts to address known internal control risks. We will continue to monitor OMB's actions to address this priority recommendation.

Chief Information Officers: Private Sector Practices Can Inform Government Roles

GAO-22-104603
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB should direct the Federal CIO to take steps to ensure that managerial skills, such as communication and program management skills, have an appropriate role in the hiring criteria for agency CIOs. (Recommendation 2)
Open
OMB did not agree or disagree with our recommendation. In a March 2024 update, OMB stated that it has actions planned to address this recommendation. We will continue to monitor the implementation of this recommendation.

Artificial Intelligence: Agencies Have Begun Implementation but Need to Complete Key Requirements

GAO-24-105980
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB should ensure that the agency issues guidance to federal agencies in accordance with federal law, that is to (a) inform the agencies' policy development related to the acquisition and use of technologies enabled by AI, (b) include identifying responsible AI officials (RAIO), (c) recommend approaches to remove barriers for AI use, (d) identify best practices for addressing discriminatory impact on the basis of any classification protected under federal nondiscrimination laws, and (e) provide a template for agency plans that includes the required contents. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Information Security: Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions

GAO-19-105
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB should direct the Federal CIO to update her report to Congress to include required information, such as detecting advanced persistent threats, a comparison of the costs and benefits of the capabilities versus commercial technologies and tools, and the capability of agencies to protect sensitive cyber threat indicators and defense measures. (Recommendation 6)
Open
As of October 2023, the Office of Management and Budget has not provided sufficient evidence to close this recommendation. We will continue to follow-up with OMB.

DATA Act: OMB, Treasury, and Agencies Need to Improve Completeness and Accuracy of Spending Data and Disclose Limitations

GAO-18-138
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB should clarify and align existing guidance regarding the appropriate definitions agencies should use to collect and report on Primary Place of Performance and establish monitoring mechanisms to foster consistent application and compliance. (Recommendation 2)
Open
OMB told us in March 2022 that, as part of the implementation of the Infrastructure Investment and Jobs Act, it is working with agencies to identify lessons learned about the places work is performed for financial assistance awards. However, in December 2022 OMB told us that they consider this recommendation closed because they believe they have met the intent of the recommendation. We continue to believe that providing specific examples of how agencies should approach challenging situations when reporting on this data element for financial assistance awards would provide further clarity and improve the quality of this data element.

Data Center Optimization: Agencies Report Progress, but Oversight and Cybersecurity Risks Need to Be Addressed

GAO-20-279
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of the Office of Management and Budget should (1) require that agencies explicitly document annual data center closure goals in their DCOI strategic plans and (2) track those goals on the IT Dashboard. (Recommendation 1)
Open
The Office of Management and Budget (OMB) has not yet taken action to address this recommendation. As of June 2021, the Data Center Optimization Initiative (DCOI) page of the IT Dashboard continues to show cumulative closure goals for the DCOI agencies. In addition, OMB officials have not provided an update on the agency's plans to implement this recommendation. We will continue to monitor the agency's efforts to implement this recommendation.

Government Performance Management: Actions Needed to Improve Transparency of Cross-Agency Priority Goals

GAO-23-106354
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB should designate a CAP goal addressing IT management, which is responsive to ongoing government-wide challenges. (Recommendation 2)
Open
In July 2023, OMB stated that it does not plan to take further action on this recommendation, and considers the recommendation to be closed. We consider this recommendation to be valid for the reasons stated in our report, and we will continue to monitor its implementation status.

Justice40: Use of Leading Practices Would Strengthen Efforts to Guide Environmental Justice Initiative

GAO-24-105869
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of OMB, jointly with the Chair of CEQ and the Assistant to the President and National Climate Advisor of CPO, should establish and document a formal approach for systematically gathering feedback from agencies and their covered programs about the adequacy of EOP's guidance and tools for implementing the Justice40 Initiative. (Recommendation 11)
Open
In written comments reproduced in our report, CEQ stated that it anticipates taking steps in the coming months to implement our recommendations on leading practices. We will update the status of this recommendation when we receive additional information from the agencies.

Managing For Results: Agencies Should More Fully Develop Priority Goals under the GPRA Modernization Act

GAO-13-174
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget In addition, as OMB works with agencies to enhance Performance.gov to include additional information about APGs, the Director of OMB should ensure that agencies adhere to OMB's guidance for website updates by providing a description of how input from congressional consultations was incorporated into each APG.
Open
As of July 2023, OMB has taken limited actions to address this recommendation. In July 2017, OMB staff said that they planned on highlighting the requirement for congressional consultation as they updated the 2018-2019 agency priority goals (APG). However, the reporting templates for individual APGs at that time did not contain space to provide this information. In its July 2020 guidance, OMB directed agencies to highlight congressional input, if such input was relevant to setting a specific goal, in the APG overview section of the template. Our periodic analysis of APG updates, including those from June 2022, continue to find mixed implementation of this requirement. In July 2023, we reached out to OMB about any additional actions. We will update the status of this recommendation once we hear from OMB.
View More Recommendations

Related Pages