U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audit of the U.S. AbilityOne Commission’s Enterprise Risk Management (ERM) program

Report Information

Date Issued
Report Number
OA-2024-01
Report Type
Audit
Description
The audit objective was to determine whether the U.S. AbilityOne Commission’s (Commission) enterprise risk management (ERM) process is effective and used to make risk-based decisions.
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Develop and implement a process for tracking the consolidation of risks.

Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.

Develop and implement effective key controls that identify risks and assign the Commission’s risk tolerances by aligning each control objective with the appropriate control activity and completing an updated entity-level control and results assessment.

Research and adopt an appropriate ERM maturity model.

Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt.