GAO-25-108541 Treasury CIO Recommendations
441 G St. NW
Washington, DC 20548
August 21, 2025
Sam Corcos
Chief Information Officer
U.S. Department of the Treasury
1500 Pennsylvania Avenue, NW
Washington, DC 20220
Chief Information Officer Open Recommendations: Department of the Treasury
Dear Mr. Corcos:
I am writing to you with respect to your role as the Chief Information Officer (CIO) for the
Department of the Treasury. As an independent, non-partisan agency that works for Congress,
GAO’s mission is to support Congress in meeting its constitutional responsibilities and help
improve the performance and ensure the accountability of the federal government. Our
work includes investigating matters related to the use of public funds and evaluating programs
and activities of the U.S. Government at the request of congressional committees and
subcommittees, on the initiative of the Comptroller General, and as required by public laws or
committee reports. Our duties include reporting our findings and recommending ways to
increase economy and efficiency in government spending. The purpose of this letter is to
provide an overview of the open, publicly available GAO recommendations to Treasury that call
for the attention of the CIO.
We identified recommendations that relate to the CIO’s roles and responsibilities in effectively
managing IT. They include strategic planning, investment management, and information
security. We have previously reported on the significance of the CIO’s role in improving the
government’s performance in IT and related information management functions.
1
Your attention
to these recommendations will help ensure the secure and effective use of IT at the department.
Currently, Treasury has 21 open recommendations that call for the attention of the CIO,
including one that is relevant to a component-level CIO. These do not include recommendations
made to the Internal Revenue Service, which are addressed in a separate letter. We will send a
copy of that letter to your office.
Each of these 21 recommendations relates to a GAO High-Risk area: (1) Ensuring the
Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management.
2
In addition,
1
See for example, GAO, Federal Chief Information Officers: Critical Actions Needed to Address Shortcomings and
Challenges in Implementing Responsibilities, GAO-18-93 (Washington, D.C.: Aug. 2, 2018).
2
GAO, High-Risk Series: Heightened Attention Could Save Billions More and Improve Government Efficiency and
Effectiveness, GAO-25-107743 (Washington, D.C.: Feb. 25, 2025).
