While NIST is not obligated to accept all audit report recommendations, NIST is required to (a) review thoroughly each audit report issued concerning their operations and activities; (b) consider carefully each finding and recommendation; (c) determine whether the corrective actions recommended can and should be taken; and (d) ascertain whether any of the corrective actions have in fact been taken.
 
 

Comments on the GAO and the OIG audit reports should be as concise and relevant as possible. All recommendations must be answered. Other material in the report need not be addressed unless pertinent to consideration of final recommendations.
 
 

The following points should be considered in preparing comments:
 
 

1. Replies must be timely and established deadlines must be met. If the established deadline is not met, the final audit report is prepared by the GAO or the OIG without consideration of NIST comments.
 
 

2. Comments should be temperate, factual, concise, objective, and responsive to the points outlined in the audit. NIST must agree or disagree with all recommendations in the report and state the reasons for the position taken. The written response should contain only essential information. Extraneous material, supporting data, and weighty statistical tables should be avoided.
 
 

3. NIST is responsible for ascertaining the facts. If there are substantial areas of disagreement between NIST and the GAO or the OIG, a meeting with the GAO or the OIG auditors should be arranged to resolve any misunderstandings before the response is prepared. While NIST need not necessarily agree with all of the GAO or the OIG conclusions, the facts from which the conclusions are drawn must be well understood by all parties.
 
 

4. Any corrective action that NIST has taken or plans to take to rectify any shortcomings outlined in the GAO or the OIG report, should be clearly and specifically stated in the response.
 
 

GAO Draft Audit Reports
 
 

A written response to a draft GAO audit report is prepared in letter format by the designated Audit Action Official and addressed to the sender or to the person designated in the cover letter. Responses to draft GAO audit reports are prepared for the signature of the NIST Director. The NIST Audit Liaison Officer submits and coordinates the signed response to the Management Control Division, DoC, for review and coordination of DoC clearance. Responses may not be sent directly to GAO.

OIG Draft Audit Reports
 
 

A written response to a draft OIG audit report is prepared in memorandum format by the Audit Action Official (designated by the NIST Audit Liaison Officer) and addressed to the sender or to the person designated in the cover letter. Responses to draft OIG audit reports are prepared for the signature of the designated NIST official.