These are the CPSC’s top unimplemented recommendations and are a subset of the significant recommendations identified by the Office of Inspector General. These recommendations were made by the OIG to the CPSC and concurred with by agency management. They were selected for this list because the OIG considers their implementation to have the greatest positive impact on agency operations. Each recommendation is tied to a Top Management Challenge.
In determining the ranking of recommendations, the OIG used a weighted risk assessment methodology that assigned ratings for: impact on the rule of law, systemic impact on the agency, financial impact on the agency, if the recommendation relates to an issue that would have a strategic impact on the agency, and finally the overall meta impact of the recommendation on the agency or government as a whole.
Internal controls are policies and procedures implemented by an agency to provide stakeholders with reasonable assurance that operations are effective and efficient, reports contain reliable data, and the agency is compliant with applicable laws and regulations. The CPSC has historically lacked adequate internal controls over program operations, hindering its ability to ensure the integrity of financial information, comply with applicable laws, regulations, and reporting requirements, and improve operational efficiency.
Enterprise Risk Management (ERM) is an agency-wide process for identifying, assessing, and managing risks that could impact an agency’s ability to achieve its objectives. A fundamental challenge facing the CPSC is its failure to implement an effective ERM program. An effective ERM approach will help the agency identify, prioritize, and mitigate the impact of uncertainty on the agency’s overall strategic goals and objectives by striking a balance between the potential benefits of innovation and the threats that change can bring. Historically, perhaps nowhere was the CPSC’s deficits in integrating ERM into its operations clearer than in its decision to remove inspectors from the nation’s ports for a prolonged period at the beginning of the pandemic. A mature ERM process would have allowed for a more nuanced approach which would have better balanced the risks to inspectors against the safety of American consumers. Given the importance of this principle, the OIG has included ERM in its Top Management Challenges for the past eight fiscal years.
Federal agencies have long struggled to determine how much office space they needed to efficiently fulfill their missions. The retention of excess and underutilized space by federal agencies is one of the main reasons that federal real property management has remained on GAO’s High-Risk List since 2003. The retention of underutilized leased office space directly contradicts the CPSC’s stated strategic objective of “ensur[ing] strong stewardship and effective use of agency resources” as financial resources that could be used to reduce the unreasonable risk of injuries and deaths associated with consumer products are instead being utilized for empty office spaces, conference rooms, and duplicative gyms.
The CPSC lacks adequate communication across offices. Effective communication will improve productivity and efficiency, ensure timely and accurate dissemination of information, and prevent unproductive silos of information from continuing. This recommendation was given as a material weakness in the fiscal year 2024 financial statements, reaffirming its importance in agency operations.
The CPSC employs a plethora of positions with specialized skill sets, including engineers, mathematicians, and toxicologists to satisfy the mission of the agency. Weaknesses in this area complicate both agency efforts to manage current operations as well as to reorganize and plan for the future. The lack of a skills gap analysis, combined with the related issue of inadequate succession planning, coupled with significant turnover, has created a large competency gap in the area of financial management. This competency gap has led to material weaknesses being found in the agency’s last two financial statement audits.
Human Capital policies are created to provide clear strategic direction and enhance organizational efficiency. As it stands, the CPSC’s approach to strategic planning does not align with federal regulations, lacking metrics, and does not facilitate effective human capital management practices, business outcomes, and organizational goals. Inadequate and out-of-date policies and procedures continue to be a problem across the agency hindering effective agency management.
To comply with the Office of Management and Budget’s 2018 “Federal Cloud Computing Strategy,” the CPSC must develop an IT modernization plan. This process should include inventorying legacy systems and calculating the cost of upgrading these systems versus obtaining new technology, among other steps. IT modernization is part of a larger goal across the federal government, to improve operational efficiency and ensure safeguarding of its systems in an ever-evolving technological landscape.
Maintaining a software inventory is the essential first step in tracking software usage, compliance, and performance, as well as managing the confidentiality, integrity, and availability of agency data and systems. Before the CPSC can effectively plan to safeguard its IT assets it needs to understand the scope of its software inventory.
This recommendation is the foundational first step for remediating all other FISMA IT security recommendations. Despite having been aware of this recommendation for the past four years, a step the agency has not yet taken. Similar to Recommendation 2 above, developing a risk management strategy that includes processes and methodologies for framing, assessing, categorizing, responding to, addressing, and monitoring risks should be a key focus for CPSC management. Identifying potential threats to the agency’s mission, especially in the technological realm, will help management prevent potential threats and mitigate those which do arise.