U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


  1. Home

Top 10 Recommendations

These are the CPSC’s Top 10 unimplemented recommendations and are a subset of the significant recommendations identified by the Office of Inspector General.  These recommendations were made by the OIG to the CPSC and concurred with by agency management.  They were selected for this list because the OIG considers their implementation to have the greatest positive impact on agency operations.  Each recommendation is tied to a Top Management Challenge.  

In determining the ranking of recommendations, the OIG used a weighted risk assessment methodology that assigned ratings for:  impact on the rule of law, systemic impact on the agency, financial impact on the agency, if the recommendation relates to an issue that would have a strategic impact on the agency, and finally the overall meta impact of the recommendation on the agency or government as a whole.


  1. Develop and implement an internal control system covering the operations of its programs. (FMFIA)
  2. Develop effective written policies and procedures to govern agency operations. (DIRECTIVES)
  3. Develop and implement an Enterprise Risk Management program to allow agency officials to utilize risk management principles in the operations of the agency. (FISMA21)
  4. Ensure that management officials are aware of OIG recommendations that impact their areas of responsibility and actively work toward implementing said recommendations. (BREACH)
  5. Develop and implement a data-driven methodology to measure the Human Capital Program’s effectiveness and report results to agency management.  (HCPA)
  6. Improve the effectiveness of agency communication and other outreach efforts by implementing a risk assessment process. (OCM)
  7. Use all available tools to assist in the recruitment and retention of staff, particularly in hard to fill positions.  (HCPA)
  8. Develop and implement written guidance governing the CPSC’s use of statements of assurance to meet its requirements under the FMFIA. (BREACH)  
  9. Develop, document, and maintain a software inventory. (CYBER)
  10. Assess the IT security risks previously identified and develop a corrective action plan that prioritizes addressing the most critical risks and establishes a timeline for taking corrective action.  (FISMA21)

This list was last updated May 2, 2023.

Last updated on May 2, 2023 12:21pm