Below is a list of our open audit recommendations. When a report is issued, the Postal Service responds to each recommendation, and if there is agreement, it provides a corrective action plan with a date of planned implementation. We request written confirmation from the Postal Service when those corrective actions are completed and evaluate this information and provide concurrence when the recommendation can be closed.
If the Postal Service disagrees with a recommendation, we work towards agreement by elevating discussions between USPS and OIG management. Any recommendations that the Postal Service does not act on remain open and are reported to Congress until a resolution is achieved.
Design and implement risk management and general support system policies, procedures, and processes that address National Institute of Standards and Technology Special Publication 800-53, Rev. 5.1, Rel. 5.1.1 control requirements.
$0
Closed
Agree
2
Design and implement Supply Chain Risk Management policies, procedures, and processes that address National Institute of Standards and Technology Special Publication 800-53, Rev. 5.1, Rel. 5.1.1 control requirements.
$0
Open
Agree
3
Develop and implement agency-wide Configuration Management policies, procedures, and processes, that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5.1, Rel. 5.1.1, control requirements.
$0
Closed
Agree
4
Develop and implement agency-wide identity access management policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev 5, Rel. 5.1.1, controls requirements.
$0
Closed
Agree
5
Develop and implement agency-wide data protection and privacy policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5, Rel. 5.1.1 control requirements.
$0
Open
Agree
6
Develop and implement agency-wide Security Training policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5.1, Rel. 5.1.1, control requirements.
$0
Closed
Agree
7
Finalize and implement its Information Security Continuous Monitoring plan and update the plan and any additional procedures and processes to address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5, Rel. 5.1.1, control requirements.
$0
Closed
Agree
8
Develop and implement agency-wide incident response policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5, Rel 5.1.1, control requirements.
$0
Closed
Agree
9
Develop and implement agency-wide contingency planning policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5, Rel 5.1.1, control requirements.
Reiterate arrow key security policies and responsibilities to managers and supervisors in Chicago, IL.
$0
Closed
Agree
2
Confirm all arrow keys are accurately recorded in the Retail and Delivery Analytics and Reports system and, when necessary, reported to the Postal Inspection Service.
$0
Closed
Agree
3
Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.
$0
Closed
Agree
4
Reiterate registry cage security policies and responsibilities to managers and supervisors at the Mount Greenwood Station.
$0
Closed
Agree
5
Establish procedures to complete annual safety inspections, remediate deficiencies, and document the results for the blue collection boxes.
Apply captured but previously unused weights and dimensions on shortpaid merchants' packages to identify and collect past shortpaid revenue.
$ -
Closed
Agree
2
Establish procedures to conduct periodic reviews for compliance with merchant information requirements and address noncompliance within a reasonable timeframe.
$0
Open
Agree
3
Establish procedures to ensure it provides a clear indication of when and where the Postal Service takes custody of all ePostage packages, monitor compliance with its procedures, and notify merchants of noncompliance.
$0
Closed
Agree
4
Conduct a Stand-Up Talk to promote use of the ePostage scanning procedures, including scan forms or alternative.
$0
Closed
Agree
5
1) Establish automated processes to identify merchants that shortpay,
2) Create and issue automated noncompliance notifications to merchants when applicable, and notify label providers of merchant noncompliance.
$0
Closed
Agree
6
Establish automated processes to identify merchants that shortpay, and create and issue automated noncompliance notifications to merchants and label providers, when applicable.
$0
Open
Agree
7
Establish guidelines outlining quantifiable conditions for issuing noncompliance notifications to merchants and related timelines, notifying the label provider of mailer noncompliance, and suspending mailers' accounts.
Establish informed baselines for future sites that align with schedule management best practices.
$0
Closed
Disagree
Agree
2
Improve schedule management for charging station construction by using a project management system and related analytics to record dynamic updates, centralize information, and analyze performance to inform future construction baselines.
$0
Open
Agree
3
Evaluate whether contractual assistance is needed for its deployment effort, including aligning the Postal Service's schedule management with best practices.
Conduct route reviews for all routes in the Puerto Rico District, create a prioritized list of routes needing adjustments based on the reviews, and coordinate with Headquarters Delivery Operations to create a plan to perform the necessary adjustments.
$0
Open
Agree
2
Train management at all delivery units in the district on the proper procedures for identifying, quantifying, and reporting delayed mail.
$0
Closed
Agree
3
Train all employees on standard operating procedures for package scanning and handling at the Bayamon, Toa Baja, and the Guaynabo Post Offices and monitor for compliance.
$0
Closed
Agree
4
Verify all employee barcode information is securely stored at the Guaynabo Post Office.
$0
Closed
Agree
5
Train management at the Bayamon, Toa Baja, and Guaynabo Post Offices on the proper procedures for arrow key management.
$0
Closed
Agree
6
Verify arrow keys are properly managed and confirm missing keys are reported to the U.S. Postal Inspection Service for the Bayamon, Toa Baja, and Guaynabo Post offices.
$0
Closed
Agree
7
Develop a plan to monitor and enforce compliance with timekeeping record requirements at the Bayamon, Toa Baja, and Guaynabo Post Offices.
$0
Closed
Agree
8
Verify unit management completes the process for removing the employee from the rolls that was identified as not reporting to work at the Toa Baja Post Office.
$0
Closed
Agree
9
Address all remaining building safety, security, and maintenance issues identified at the Bayamon, Toa Baja, and Guaynabo Post Offices.
$0
Closed
Agree
10
Verify that all Contract Delivery Service route carriers and their assistants at the Toa Baja and Guaynabo Post Offices possess a valid Postal Service photo identification badge.
Create a comprehensive plan to manage legacy systems to include defining legacy systems according to best practices, identifying all legacy systems, and developing a plan of action and milestones to enforce timely mitigation of identified risks related to legacy systems.
$0
Closed
Disagree
Agree
2
Mitigate identified risks for all legacy systems, develop a plan of action and milestones to enforce timely mitigation of identified risks related to legacy systems and report the status of mitigations as defined in the Corporate Information Security Office's plan of action and milestones to the Corporate Information Security Office.
Develop and implement a plan, including communication strategy and available staff, for the timely deployment and installation of mail theft initiatives nationwide.
$0
Open
Agree
2
Add the functionality to the Collection Point Management System to differentiate between blue collection and high security collection boxes.
$0
Closed
Agree
3
Direct the Vice President, Delivery Operations to update the Collection Point Management System to differentiate between blue collection and high security collection boxes in the New York 2 district.
$0
Closed
Agree
4
Reiterate arrow key security policies and responsibilities to managers and supervisors in Queens, NY.
$0
Closed
Agree
5
Require the New York 2 District Manager to confirm all arrow keys are added to the inventory in the Retail and Delivery Analytics and Reports system.
$0
Closed
Agree
6
Require the New York 2 District Manager to establish procedures to complete annual safety inspections, remediate deficiencies, and document the results for blue collection and green relay boxes.
$0
Open
Agree
7
Develop a process to define roles, responsibilities, and frequency for inspecting green relay boxes, and to record and track the location and condition of green relay boxes.
Reiterate policy and coordinate with Vice President, Engineering Systems to identify opportunities for automated controls to verify that employees are clocking into the correct operation number and supervisors are regularly monitoring timekeeping reports.
$0
Closed
Agree
2
Update procedures to include an annual review of software code to verify Management Operating Data System operation numbers used in productivity calculations reflect current Time and Attendance Collection System base default operation numbers.
$0
Closed
Agree
3
Establish a process to assess and analyze Management Operating Data system review results.
$0
Open
Agree
4
Update Handbook M-32, Management Operating Data System (MODS) policy and coordinate with Vice President, Engineering Systems, to update the MODS Coordinator Guidebook to identify current roles and responsibilities and clarify the frequency of Management Operation Data system reviews to ensure consistency.
Continue to document the issues identified and actions taken to address issues in post implementation reviews of Regional Processing and Distribution Center (RP&DC) conversions, and use the cumulative lessons learned when activating future RP&DCs.
$0
Closed
Agree
2
Develop procedures to identify and mitigate challenges at facilities scheduled to become a Regional Processing and Distribution Center before launch.
$0
Closed
Agree
3
Coordinate the training of Richmond Regional Processing and Distribution Center (RP&DC) management on how to engage and lead team members and provide adequate supervision of operations, and deploy management training at future RP&DC sites prior to launch.
$5,021,051
Closed
Agree
4
Develop a scorecard to track service performance and include it as a measure of success at both the Richmond Regional Processing and Distribution Center (RP&DC) and when implementing future RP&DCs.
$0
Closed
Agree
5
Align transportation schedules to operations and validate with local management before launching Regional Processing and Distribution Centers.
$2,948,034
Closed
Agree
6
Direct personnel to record omitted trips in the data systems and pursue recovery of payments for cancelled trips at the Richmond Regional Processing and Distribution Center.
$115,690
Closed
Agree
7
Train all management personnel in the Richmond region to understand and perform their roles and responsibilities as stated in the Richmond Regional Processing and Distribution Center integrated operating plan.
$0
Closed
Agree
8
Implement a process to communicate with and solicit feedback from affected managers when developing plans for and implementing future Regional Processing and Distribution Centers.
$0
Closed
Agree
9
Update Handbook PO-408 to include the definition of service area, and clearly define when Mail Processing Facility Reviews are required.
$0
Open
Agree
10
Communicate any impacts to customers when permanently moving processing operations of a three-digit ZIP Code to another processing facility.
