U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Home

Top 10 Recommendations

These are the CPSC’s Top 10 unimplemented recommendations and are a subset of the significant recommendations identified by the Office of Inspector General.  These recommendations were made by the OIG to the CPSC and concurred with by agency management.  They were selected for this list because the OIG considers their implementation to have the greatest positive impact on agency operations.  Each recommendation is tied to a Top Management Challenge.  

In determining the ranking of recommendations, the OIG used a weighted risk assessment methodology that assigned ratings for:  impact on the rule of law, systemic impact on the agency, financial impact on the agency, if the recommendation relates to an issue that would have a strategic impact on the agency, and finally the overall meta impact of the recommendation on the agency or government as a whole.

TOP TEN


  1. Develop and implement an internal control system covering the operations of its programs. (FMFIA)
  2. Develop effective written policies and procedures to govern agency operations. (DIRECTIVES)
  3. Develop and implement an Enterprise Risk Management program to allow agency officials to utilize risk management principles in the operations of the agency. (FISMA)
  4. Ensure that management officials are aware of OIG recommendations that impact their areas of responsibility and actively work toward implementing said recommendations. (BREACH)
  5. Improve data management by developing a data governance framework. (NEISS)
  6. Improve the effectiveness of agency communication and other outreach efforts by implementing a risk assessment process. (OCM)
  7. Develop and implement an effective cost accounting system.  (NEISS)
  8. Develop and implement written guidance governing the CPSC’s use of statements of assurance to meet its requirements under the FMFIA. (BREACH)  
  9. Develop and implement supply chain risk management policies and procedures.  (FISMA)
  10. Assess the IT security risks previously identified and develop a corrective action plan that prioritizes addressing the most critical risks and establishes a timeline for taking corrective action.  (FISMA)

This list was last updated March 31, 2022.