What GAO Found During its audit of the Internal Revenue Service's (IRS) fiscal years 2023 and 2022 financial statements, GAO identified three new deficiencies in internal control over financial reporting. These deficiencies, which are sensitive in nature, related to information systems and contributed to GAO's reported continuing significant deficiency in IRS's information system controls. Specifically, GAO identified one security management control deficiency, one access control deficiency, and one configuration management control deficiency. The separately issued LIMITED OFFICIAL USE ONLY report presents detailed information on the new control deficiencies and six recommendations to address them. In addition, GAO determined that IRS had completed corrective actions on 15 of 51 recommendations from GAO's prior reports related to internal control over financial reporting that were open as of September 30, 2022. IRS's actions addressed one transaction cycle recommendation, two safeguarding assets recommendations, and 12 information system recommendations. This report provides the status of 10 previously reported recommendations that are not sensitive in nature and IRS's corrective actions as of September 30, 2023. The LIMITED OFFICIAL USE ONLY report contains the status of the 51 previously reported sensitive and nonsensitive recommendations and IRS's corrective actions as of September 30, 2023. As of September 30, 2023, IRS has 42 open GAO recommendations related to internal control over financial reporting to address: six transaction cycle recommendations, two safeguarding assets recommendations, and 34 information system recommendations (including six that are new). The new and continuing control deficiencies related to information systems and safeguarding assets increase the risk of unauthorized access to, modification of, and disclosure of sensitive data and programs, as well as the disruption of critical operations. The continuing control deficiencies related to transaction cycles increase the risk of financial statement misstatements. IRS mitigated the potential effect of these control deficiencies primarily through compensating controls that management designed to help detect potential financial statement misstatements. Why GAO Did This Study GAO audits IRS's financial statements annually. As part of these audits, GAO assesses IRS's internal control over financial reporting, including information system controls. This report presents the new deficiencies in internal control over financial reporting identified during GAO's audit of IRS's fiscal years 2023 and 2022 financial statements. This report also includes the results of GAO's fiscal year 2023 follow-up on the status of IRS's corrective actions to address recommendations contained in GAO's prior reports related to internal control over financial reporting that were open as of September 30, 2022.

What GAO Found Older adults and people with disabilities face financial decisions that can have lasting consequences for their financial well-being. They often must navigate government benefits, such as Social Security and Medicare; make housing decisions; manage retirement savings; and avoid fraudulent schemes. GAO found 24 examples of federal financial literacy programs and resources designed to help older adults and people with disabilities with financial decision-making. Examples include a curriculum for preventing elder financial exploitation, a website with information on employment for people with disabilities, and a hotline that provides information on retirement, disability, and other benefits. Federal Financial Literacy Programs for Older Adults and People with Disabilities The Financial Literacy and Education Improvement Act established the Financial Literacy and Education Commission—which comprises the heads of 24 federal agencies and entities—to improve financial literacy and education through coordinated federal efforts. It does so through working groups, public meetings, and coordination on financial literacy programs and resources. The Department of the Treasury and Consumer Financial Protection Bureau serve as the chair and vice chair, respectively, of the Commission, which primarily communicates information on its efforts through its annual reports to Congress. Of the 24 financial literacy programs GAO identified that serve older adults and people with disabilities, the Commission's five annual reports from fiscal years 2015 to 2022 included program outcome data for one. The reports contain similarly limited outcome information for other financial literacy programs. The Commission's national strategy highlights the importance of collecting data on the outcomes of financial education activities to assess their impacts and inform data-driven improvements. Further, GAO's prior work has shown that evidence-based policymaking is important for effective program management. Enhanced focus on outcome reporting for federal financial literacy efforts could provide the Commission and Congress with more robust information to facilitate oversight of federal financial literacy efforts. More information could also help member agencies assess program effectiveness and help Congress determine how agencies' efforts are meeting the needs of specific groups, such as older adults and people with disabilities. Why GAO Did This Study Financial literacy—the ability to make informed decisions and take effective actions regarding money—is essential to helping ensure the financial health and stability of individuals and families. Financial literacy is particularly important for older adults and people with disabilities. Many federal agencies promote financial literacy through programs and resources such as print and online materials. GAO was asked to report on federal financial literacy programs for older adults and people with disabilities. This report addresses (1) financial decisions older adults and people with disabilities face and federal resources available to help improve their financial literacy, and (2) how the Financial Literacy and Education Commission coordinates financial literacy efforts and reports program outcomes to Congress and the public. GAO reviewed agency strategic plans, annual reports, websites, and other materials, and interviewed representatives of federal agencies and relevant organizations, such as the AARP and National Disability Institute.

What GAO Found The COVID-19 pandemic disrupted the maritime shipping industry, causing congested ports, high demand for cargo space on ships, and volatile shipping rates. Selected shippers of hazardous materials (hazmat), which include chemicals and other types of cargo critical to the U.S. economy, told GAO they were particularly affected during the peak of the pandemic (2020 through 2022). All six hazmat shippers GAO interviewed said they had difficulty securing space on ships, and five said they experienced long delays. Shippers attributed these challenges to safety risks and additional requirements associated with hazmat, which made it less desirable for carriers to accommodate on their ships. GAO found that while hazmat imports and exports increased from 2018 through 2020, hazmat imports stagnated and exports decreased from 2020 through 2022. Hazmat imports increased almost 32 percent from 2018 through 2020, but grew less than 1 percent afterward. Hazmat exports increased 19 percent from 2018 through 2020 and declined by 7 percent afterward. Conversely, non-hazmat imports and exports grew at a higher rate during the pandemic, which carriers attributed to non-hazmat shippers paying higher shipping rates. Hazardous Materials Imports and Exports Transported on Cargo Ships in Twenty-Foot Equivalent Units, 2018–2022 The Federal Maritime Commission (FMC) is responsible for ensuring a competitive and reliable ocean transportation system for all U.S. shippers. Its oversight efforts include receiving complaints from shippers about carriers. FMC can use this information to respond to shippers' concerns and initiate investigations of carriers. However, GAO found several shortcomings in how FMC collects, manages, and uses complaint data: (1) FMC does not consistently capture certain details—such as type of cargo, whether cargo is hazmat, and incident location—which limits FMC's ability to analyze complaint trends; and (2) key FMC procedures for managing the data are out of date and incomplete. GAO also found that while FMC plans to modernize how it collects, manages, and uses information from complaints, it lacks a strategy to guide these efforts. Such a strategy could include key information on planned updates, such as goals, required investments, and expected outcomes. Taking steps to address these shortcomings and developing a data strategy could help FMC more effectively use data to oversee the maritime shipping industry. Why GAO Did This Study The maritime shipping industry is vital to the global economy and accounted for $2.3 trillion in U.S. trade in 2022. FMC is responsible for overseeing this industry, including protecting U.S. shippers from unfair or unjustly discriminatory practices related to securing vessel space. The Ocean Shipping Reform Act of 2022 includes a provision for GAO to examine whether carriers disadvantaged shippers of hazmat during the pandemic through the systemic and unreasonable denial of vessel space or other means. This report examines, among other things: (1) shippers' experiences transporting hazmat during the pandemic; (2) how the amount of hazmat imports and exports changed from 2018 through 2022 (the most recent data available at the time of GAO's review); and (3) actions FMC has taken to collect, manage, and use its complaint data. For these objectives, GAO reviewed pertinent FMC regulations and policies; analyzed trade data; visited two ports; and interviewed FMC officials as well as representatives of six shippers and five carriers. GAO selected these shippers and carriers based on a review of recent FMC rulemakings and on stakeholders' recommendations.

What GAO Found The accuracy of biometric identification technologies has improved according to the body of research conducted in a laboratory setting, particularly for facial recognition, but gaps remain in understanding real-world performance. Various factors, such as a lack of demographic diversity in the datasets on which biometric algorithms are trained, can lead to differences in accuracy across demographic groups according to literature GAO reviewed and researchers GAO interviewed. While differences in technologies' performance have been studied in laboratory testing, performance in real-world settings has been much less extensively studied because, for example, of challenges acquiring meaningful samples across demographic groups. Selected stakeholders provided examples of positive and negative effects associated with the use of biometric identification in communities facing historical patterns of disadvantage. Positive examples included convenience and increased access to public benefits and services, while negative examples included false arrests and subjecting communities to surveillance. The selected stakeholders identified concerns about the use of biometric identification technologies, which GAO grouped into six areas: biased outcomes, limitations understanding technology performance and effects, data and privacy, systemic inequity, lack of transparency, and technical expertise of users. GAO identified five key considerations that could help policymakers address one or more areas of stakeholder concern through a review of relevant literature and stakeholder interviews. These key considerations include: (1) conducting comprehensive evaluations to provide a fuller picture of the effects of biometric identification technologies, (2) encouraging more widespread sharing of information about the use of the technologies, (3) applying a risk-based approach in developing regulation and guidance, (4) enacting comprehensive privacy laws or guidance, and (5) providing technology users with additional training and guidance on how to select and use relevant technologies appropriately. Six Stakeholder Concerns About the Use of Biometric Identification Technologies and Five Considerations for Addressing Concerns Why GAO Did This Study Biometric identification is the recognition of individuals based on their biological characteristics. These technologies include facial recognition, iris scanning, and fingerprinting, among others. Advocates for the use of biometric identification point to potential for the technologies to increase convenience, security, and efficiency. At the same time, several organizations have raised concerns about the accuracy of the technologies and their effect on privacy and civil liberties. The Research and Development, Competition, and Innovation Act includes a provision for GAO to examine “the impact of biometric identification technologies on historically marginalized communities, including low-income communities and minority religious, racial, and ethnic groups.” This report (1) describes literature and researcher views on the accuracy of biometric identification technologies across populations; (2) describes selected stakeholders' perspectives on how, if at all, use of biometric identification technologies affects access to resources or levels of inequality for communities that have faced historical patterns of disadvantage; and (3) identifies key considerations that could help address stakeholder concerns about the use of biometric identification technologies. GAO reviewed academic literature, government reports, and industry documents. GAO also interviewed researchers and a range of stakeholders, including community advocates; technology vendors; and local, state, and federal governments. For more information, contact Candice N. Wright at (202) 512-6888 or WrightC@gao.gov.

What GAO Found The Single Audit Act requires nonfederal entities that spend $750,000 or more in federal awards in a year to undergo a single audit, which is an audit of an entity's financial statements and federal awards, or in select cases a program-specific audit, and submit the results to the Federal Audit Clearinghouse (FAC). The U.S. Census Bureau maintained the FAC until October 2023, when the Office of Management and Budget (OMB) designated the General Services Administration (GSA) to assume responsibilities. GAO identified some issues with FAC processes that affect the reliability and usefulness of single audit information. For example, the FAC currently cannot identify recipients that should have submitted a single audit but did not. As a result, federal agencies may not have all the data they need to conduct oversight. In addition, OMB has not designated an entity to conduct a government-wide single audit quality review since 2007. Given the trillions of dollars of COVID-19-related financial assistance provided in recent years, a government-wide review is increasingly important to help identify issues in the quality of single audits that can lead to unreliable FAC information. GAO also found that $1.17 trillion of the reported $6.97 trillion of direct federal award funds spent by recipients from 2017 through 2021 were linked to single audit findings that were both severe (contributed to an auditor's modified opinion or material weakness) and persistent (repeated over multiple years). Severity and Persistence of Single Audit Findings by Direct Expenditure of Federal Awards, 2017-2021 Note: Numbers may not sum due to rounding. For more details, see fig. 4 in GAO-24-106173. These findings were also related to $69 billion of COVID-19 relief funds spent from 2020 to 2021. GAO identified 213 findings reported in 2015 or earlier that remained unresolved in 2021. Why GAO Did This Study Federal award amounts distributed to recipients have increased substantially since the onset of the COVID-19 pandemic. For fiscal year 2023, $1.1 trillion of awards were distributed and about 40,000 single audits were submitted to the FAC. Single audits are an important tool to help ensure that award recipients are complying with the requirements of their awards. The CARES Act includes a provision for GAO to conduct oversight of funds made available to respond to the COVID-19 pandemic. This report examines (1) FAC data reliability for oversight purposes, including oversight of COVID-19 relief funding; (2) processes involved in using and overseeing the FAC; and (3) the extent to which federal award expenditures were linked to severe and persistent single audit findings reported in the FAC. GAO analyzed FAC data from 2015 through 2021 (the most recent complete data available at the time of review). GAO interviewed selected federal agencies and audit community members about their use of the FAC.

What GAO Found The Dodd-Frank Wall Street Reform and Consumer Protection Act created the Consumer Financial Protection Bureau (CFPB) to regulate the offering and provision of consumer financial products or services under federal consumer financial laws. The act also provided CFPB authorities related to supervising and enforcing federal consumer financial laws, handling consumer complaints, promoting financial education, and monitoring financial markets for risks to consumers. CFPB is an independent bureau within the Federal Reserve System and is funded primarily through transfers from the combined earnings of the Federal Reserve System. CFPB operates within six divisions, including divisions focused on consumer response and education; research, monitoring, and regulations; and supervision, enforcement, and fair lending. GAO audits CFPB's annual financial statements, in accordance with statutory requirements. Since 2011, GAO has found that CFPB's financial statements are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles. In addition, GAO has not identified any reportable noncompliance with provisions of applicable laws, regulations, contracts, or grant agreements it tested. In all but one annual audit, GAO found that CFPB maintained, in all material respects, effective internal control over financial reporting. In November 2014, GAO reported that CFPB's internal control over financial reporting was not effective for fiscal year 2014 because of a material weakness in internal control over the reporting of accounts payable. GAO found that CFPB took significant actions in fiscal year 2015 that sufficiently addressed the deficiencies related to the material weakness. GAO also identified deficiencies that collectively constituted significant deficiencies in CFPB's internal control over financial reporting in fiscal years 2013 through 2016. CFPB addressed these issues. GAO conducts performance audits of CFPB that cover a variety of the bureau's operations in response to congressional mandates or requests. In recent years, performance audits have addressed topics including CFPB's analysis of certain mortgage data, its personnel management, and its oversight and enforcement of fair lending laws. GAO's audits have also reviewed CFPB's workforce expertise related to financial technology and its efforts to address consumer risks from financial technology and blockchain products and services. For example: In September 2023, GAO recommended that CFPB conduct strategic workforce planning that addresses financial technology; develop performance goals and measures for its Office of Competition and Innovation that are clear, targeted, and measurable; and develop performance measures that are specific to its strategic objectives related to supervisory technologies. In June 2023, GAO recommended that CFPB work with the other financial regulators to establish or adapt an existing formal coordination mechanism to collectively identify risks posed by blockchain-related products and services and formulate a timely regulatory response. CFPB neither agreed nor disagreed with these recommendations. GAO will track CFPB's progress on these recommendations over time. Why GAO Did This Study Since CFPB began operating in 2011, GAO has conducted oversight of various aspects of the bureau's operations. This statement discusses (1) CFPB's mission and structure, (2) GAO's financial audits of CFPB's annual financial statements, and (3) GAO's performance audits of CFPB's operations. This statement is based on information from GAO's prior financial and performance audits as well as publicly available CFPB information, including its most recent strategic plan.