Skip to main content

Office of Personnel Management

Jump To:

Recent Reports

View More Reports

Open Recommendations (65 total)

Information Technology: Agencies Need to Fully Implement Key Workforce Planning Activities

GAO-20-129
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Office of Personnel Management
Priority Rec.
The Director of the Office of Personnel Management should ensure that the agency fully implements each of the eight key IT workforce planning activities it did not fully implement. (Recommendation 15)
Open – Partially Addressed
OPM agreed with this recommendation. As of February 2023, OPM had implemented six of the eight recommended IT workforce planning activities-developing competency and staffing requirements; assessing gaps in competencies and staffing; developing strategies and plans to address gaps in competencies and staffing; implementing activities that address gaps; monitoring progress in addressing gaps; and reporting to agency leadership on progress in addressing gaps. In March 2024, OPM stated that it expects to finalize a workforce plan by the end of fiscal year 2024, and assess competency needs by the end of fiscal year 2025. Completing these activities would provide OPM greater assurance that it has the IT staff with the necessary knowledge, skills, and abilities to support its mission and goals.

Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges

GAO-19-384
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Personnel Management The Director of the Office of Personnel Management (OPM) should update the agency's policies to require (1) an organization-wide cybersecurity risk assessment and (2) the use of risk assessments to inform control tailoring. (Recommendation 53)
Open
OPM concurred with this recommendation and stated that it planned to update its policies to address the missing elements. As of March 2024, the agency had not provided evidence of its updated policies or an estimated completion date. Once OPM has provided evidence of these actions, we plan to verify whether implementation has occurred.

Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges

GAO-19-384
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Office of Personnel Management
Priority Rec.
The Director of OPM should establish a process for conducting an organization-wide cybersecurity risk assessment. (Recommendation 54)
Open
OPM concurred with this recommendation. As of March 2024, OPM stated that it is finalizing an organizational risk assessment plan to outline the agency's approach to planning and conducting an organization-wide cyber risk assessment. Once the agency has provided evidence of these actions, we plan to verify whether implementation has occurred.

Improper Payments: Actions and Guidance Could Help Address Issues and Inconsistencies in Estimation Processes

GAO-18-377
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Personnel Management The Director of OPM should assess the processes to estimate Retirement improper payments to determine whether they effectively address key risks of improper payments--including eligibility and whether older claims face different risks of improper payments than new claims--and take steps to update the processes to incorporate key risks that are not currently addressed. (Recommendation 4)
Open
The Office of Personnel Management (OPM) partially concurred with this recommendation. Specifically, OPM did not agree with the part of the recommendation to assess the risk of improper payments related to eligibility in the estimation process. OPM stated that eligibility is determined before annuity or survivor benefits are fully adjudicated. However, as part of its corrective action plan and in response to our recommendation, OPM conducted an audit of older claims to determine if there are different risks associated with new claims. In April 2021, OPM provided documentation of its audit of older claims and concluded that there was no difference in the improper payment risks related to older claims versus newer claims. Based on our review of OPM's supporting documentation, it was unclear how OPM concluded that there was not a difference in the percentage of improper payments for older claims verses newer claims. We requested OPM to provide us clear and detailed documentation showing the actual calculation and comparison of improper payment percentages for older retirement cases to newer cases. Instead, in fiscal year 2023, OPM provided us a more recent report prepared in October 2022 by a contractor on behalf of OPM to document and determine what effect improper payments for older claims may have on the overall error rate. The report indicated that if this effect is major, then it may warrant a change in the sampling strategy for future audit analyses. However, the report indicated that if the effect is minor, then this would demonstrate that the best strategy would be to continue sampling newer claims only, as this is where most errors will be found or employ a system that assesses each payment and identify improper payment if and when it exists. After reviewing this documentation, we did not see where OPM had made any conclusions based on the results of the contractor's report on whether OPM believes that its current process of estimating Retirement improper payments are sufficient to address key risks of improper payments or need to be updated. In June 2023, we sent a request to OPM to get documentation on conclusions reached by OPM based on the contractor's report. We will continue to monitor agency's actions to address this recommendation.

Information Technology Reform: Agencies Need to Improve Certification of Incremental Development

GAO-18-148
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Personnel Management The Director of the Office of Personnel Management (OPM) should ensure that the CIO of OPM updates the agency's policy and process for the CIO's certification of major IT investments' adequate use of incremental development, in accordance with OMB's guidance on the implementation of FITARA, and confirm that it includes a description of the CIO's role in the certification process and a description of how CIO certification will be documented. (Recommendation 16)
Open
The Office of Personnel Management (OPM) concurred with our recommendation and stated that the agency would update its guidance to address our recommendation. In February 2024, an OPM official reported that the agency was working to incorporate incremental development guidance into its revised IT Portfolio Management policy, which is expected to be finalized by July 2024. In addition, OPM is drafting an IT Portfolio Management Guide that will provide more detailed information regarding these processes and is expected by October 2024. We will continue to monitor OPM's progress on these efforts.

Small Business Contracting: Actions Needed to Demonstrate and Better Review Compliance with Select Requirements for Small Business Advocates

GAO-17-675
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Personnel Management To address demonstrated noncompliance with section 15(k) of the Small Business Act, as amended, the Director of the Office of Personnel Management should comply with sections 15(k)(2), (k)(8), and (k)(17) or report to Congress on why the agency has not complied, including seeking any statutory flexibilities or exceptions believed appropriate.
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Data Center Optimization: Agencies Need to Address Challenges and Improve Progress to Achieve Cost Savings Goal

GAO-17-448
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Personnel Management The Secretaries of Agriculture, Commerce, Defense, Homeland Security, Energy, HHS, Interior, Labor, State, Transportation, Treasury, and VA; the Attorney General of the United States; the Administrators of EPA, GSA, and SBA; the Director of OPM; and the Chairman of NRC should take action to, within existing OMB reporting mechanisms, complete plans describing how the agency will achieve OMB's requirement to implement automated monitoring tools at all agency-owned data centers by the end of fiscal year 2018.
Open
The Office of Personnel Management (OPM) stated that it partially concurred with our recommendation and described plans to address it. Specifically, the agency stated that it plans to consolidate its remaining data centers into two main locations by the end of fiscal year 2018. OPM further stated that this consolidation will obviate the need to implement automated monitoring tools at the data centers that are closing. Finally, the agency noted that it is implementing automated monitoring tools at the designated core data centers. In November 2019, OPM reported that it had two agency-owned data centers that the agency planned to keep open. However, of those two data centers, only one had implemented the advanced monitoring tools. As of January 2020, we have not received a more recent update from the agency about how it will meet the Data Center Optimization Initiative requirement to implement monitoring tools at the remaining agency-owned data center. We will continue to monitor the status of this recommendation.

Information Technology: Agencies Need to Improve Their Application Inventories to Achieve Additional Savings

GAO-16-511
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Personnel Management To improve federal agencies' efforts to rationalize their portfolio of applications, the heads of the Departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Housing and Urban Development, the Interior, Labor, State, Transportation, the Treasury, and Veterans Affairs; and heads of the Environmental Protection Agency; National Aeronautics and Space Administration; National Science Foundation; Nuclear Regulatory Commission; Office of Personnel Management; Small Business Administration; Social Security Administration; and U.S. Agency for International Development should direct their Chief Information Officers (CIOs) and other responsible officials to improve their inventories by taking steps to fully address the practices we identified as being partially met or not met.
Open – Partially Addressed
We reported that the Office of Personnel Management (OPM) partially met the software application inventory practice to regularly update the inventory with quality controls to ensure reliability. Specifically, although the agency described its process for updating the inventory, it did not provide evidence of actual updates to the inventory. In addition, the agency stated that it relies on manual reviews of the data in the application to ensure that it is complete and current. In January 2023, the agency stated, among other things, that it had implemented a new software asset management policy. The policy, issued in April 2022, specifically identifies that software assets include applications. It also describes steps to regularly review and update the software inventory. We requested evidence of updates to the inventory using the policy. In response, in February 2024, OPM stated that it was in the process of implementing two applications for automated software application discovery. They stated that the applications were expected to be fully implemented by April 2024 and software management processes including inventory quality controls would be applied to the automated software inventory data. We will continue to follow up with OPM as it implements the automated software application discovery tools and uses automated tools to ensure the quality of its application inventory.

Federal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide

GAO-14-413
Show
1 Open Recommendations
Agency Affected Recommendation Status
Office of Personnel Management To ensure the effective management of software licenses, the Director of the Office of Personnel Management should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.
Open
The Office of Personnel Management concurred with our recommendations and noted actions the agency plans to take. Agency officials noted that an initial list of required and optional software management training will be in the software asset management procedures. However, as of January 2024, the agency had not provided supporting evidence to demonstrate that it had addressed this recommendation. In July 2016, the MEGABYTE Act of 2016 was enacted, which codified this recommendation for all executive agencies (Pub. L. No. 114-210, 130 Stat. 824). We will continue to monitor its progress in implementing this recommendation.

Federal Employee Misconduct: Actions Needed to Ensure Agencies Have Tools to Effectively Address Misconduct

GAO-18-48
Show
1 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Office of Personnel Management
Priority Rec.
The Director of OPM, after consultation with the CHCO Council, should provide guidance to agencies to enhance the training received by managers/supervisors and human capital staff to ensure that they have the guidance and technical assistance they need to effectively address misconduct and maximize the productivity of their workforces. (Recommendation 3)
Open
OPM partially agreed with this recommendation. In March 2024, OPM reported that it had taken several steps toward implementing this recommendation. In December 2023, OPM issued guidance to agencies on effectively using probationary periods. According to OPM, it is also updating an online supervisory training course and written guidance for supervisors and human resources staff on handling employee misconduct. OPM plans to finalize this guidance in Fall 2024. To fully implement this recommendation, OPM needs to complete its update of guidance on training supervisors and human capital staff on addressing federal employee misconduct and make this information available to agencies. Implementing this recommendation would enhance the guidance and technical assistance needed to effectively address misconduct and maximize the productivity of the workforce. We will continue to monitor OPM's progress.
View More Recommendations

Related Pages