This gives list of machines where the group policy database file not updated .Before creating the SCCM web report,software inventory has to be enabled for GPO file secedit.sdb file which will is available in %windir%\security\database.
collection(WQL):
select SMS_R_SYSTEM.ResourceID
,SMS_R_SYSTEM.ResourceType
,SMS_R_SYSTEM.Name
,SMS_R_SYSTEM.SMSUniqueIdentifier
,SMS_R_SYSTEM.ResourceDomainORWorkgroup
,SMS_R_SYSTEM.Client
from
SMS_R_System inner join SMS_G_System_SoftwareFile
on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId
where
SMS_G_System_SoftwareFile.FileName = “secedit.sdb”
and DATEDIFF(dd,SMS_G_System_SoftwareFile.ModifiedDate,GetDate()) > 15
Now you have to figure out why it is not updating 
SCCM Report(SQL):
select a.Name0 ,cs.UserName0 [Last loggedin],os.Caption0 [OS]
, CONVERT(VARCHAR(12),b.ModifiedDate,107)As "GPO Date Last Applied"
from v_R_System a
join v_GS_SoftwareFile b on b.ResourceID=a.ResourceID
join v_GS_OPERATING_SYSTEM OS on Os.ResourceID=a.ResourceID
join v_GS_COMPUTER_SYSTEM CS on cs.ResourceID=a.ResourceID
where b.FileName='secedit.sdb'
and DATEDIFF(dd,b.ModifiedDate,GetDate()) >15
order by b.ModifiedDate