# Railroad Retirement Board Did Not Implement Sufficient Internal Controls in the Mobile Phones Deployed as a Result of the Pandemic > **Audit** by Railroad Retirement Board OIG · 2022-03-17 > *About: Railroad Retirement Board* ## Report - **Title:** Railroad Retirement Board Did Not Implement Sufficient Internal Controls in the Mobile Phones Deployed as a Result of the Pandemic - **Submitting OIG:** Railroad Retirement Board OIG - **Component agency:** Railroad Retirement Board - **Type:** Audit - **Publication date:** 2022-03-17 ## Recommendations - **Rec 1** (Open): The Bureau of Information Services should update their mobile phone policies to include and implement a National Archives and Records Administration-approved records schedule and transfer procedures for electronic records associated with mobile phones… - **Rec 10** (Open): The Bureau of Information Services should develop and implement a records management and retention system for electronic records. - **Rec 11** (Open): The Bureau of Information Services should research the capabilities of Railroad Retirement Board's Microsoft Azure Cloud's functionality to determine feasibility of incorporating the automated records management and retention capabilities to… - **Rec 2** (Open): The Bureau of Information Services should submit a yearly affidavit to confirm electronic records associated with mobile phones have been identified and retained until the full transition into Microsoft Azure Cloud. - **Rec 3** (Closed): The Railroad Retirement Board's Director of Administration should define and communicate 'personal usage' establishing Railroad Retirement Board's core hours of 5:00 am to 7:00 pm. Any usage outside of core hours would be… - **Rec 4** (Closed): The Railroad Retirement Board's Bureau of Information Services should 1) continue efforts to update the Telecommuting and Mobile Security Computing Policy with current laws and regulations and 2) develop a periodic monitoring control to assess… - **Rec 5** (Open): The Bureau of Information Services should incorporate the mobile phones in an existing assessable unit and update their mobile phone policies to include documentation regarding the specific roles and responsibilities of each office overseeing the… - **Rec 6** (Open): The Bureau of Information Services should enforce and execute a review and approval process for application and software download and restrict access to specified applications found in their Railroad Retirement Board G-6 Rules of Behavior. - **Rec 7** (Open): The Bureau of Information Services should implement procedures to periodically track, log, and monitor iPhone usage and the completion of the G-6 Acknowledgement Statement. - **Rec 8** (Open): The Bureau of Information Services should periodically review the mobile phone inventory for completeness and accuracy to include a comparison with Railroad Retirement Board's personnel position index. - **Rec 9** (Open): The Bureau of Information Services should implement the use of unique identifiers between disparate data sets (e.g., mobile phone inventory, personnel position index) to facilitate comparisons and reconcile inconsistent information. ## Source - [oversight.gov report page](https://www.oversight.gov/reports/audit/railroad-retirement-board-did-not-implement-sufficient-internal-controls-mobile) --- *AI Analytics · CC0 1.0*