U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

The Defense Contract Audit Agency (DCAA) Audit Report Number 3311-2019W10100001

Report Information

Date Issued
Report Number
OIG-21-A-06
Report Type
Audit
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0

Recommendations

Develop and implement a process to periodically communicate a consistently understood agency risk appetite.

Revise agency policies and guidance to:
a. Designate the official agency risk profile document and remove references to it as a U.S. Office of Management and Budget (OMB) deliverable in Management Directive 4.4, Enterprise Risk Management and Internal Control and Office of the Executive Director for Operations Procedure 0960, Enterprise Risk Management Reporting Instructions.

b. Fully address the risk profile components and elements in accordance with OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control.

Implement an enterprise risk management maturity model approach by selecting an appropriate model, assessing current practices per the model, and making progress in advancing the model.

Establish and monitor implementation of procedures to ensure that Quarterly Performance Review (QPR) practices are fully performed, such as completion of the QPR Dashboard entries, and recordation of all management decisions of risk in the QPR meeting summaries and the Executive Committee on Enterprise Risk Management meeting minutes.

Reconcile the business lines structure with the Office of the Chief Financial Officer to have a common business lines structure list. (Deviations from the common business lines structure list for either the Quarterly Performance Review or reasonable assurance processes may be clarified with applicable justification noted).