Open Recommendations

We recommend that IAF’s chief information officer update the agency’s system security plan to include controls in National Institute of Standards and Technology Special Publication 800-53, Revision 5, “Security and Privacy Controls for Information Systems and Organizations.”

We recommend that MCC’s Chief Information Officer take the following action:_x000D_Recommendation 1. Implement level 3 event logging requirements in accordance with Office of Management and Budget Memorandum M-21-31.

Develop and implement standard operating procedures to identify and calculate reliable drug control-related obligations.

Develop and implement a methodology that can be applied to data in NHTSA’s financial system to track drug control-related obligations, by budget decision unit and drug control function.

Develop a budget formulation methodology that provides a reasonable basis for consistent estimation of NHTSA’s drug control budget that fairly quantifies its financial commitment to drug control activities and provides the methodology to the Office of National Drug Control Policy for approval.

We recommend that USAID's Chief Information Officer request its_x000D_cognizant Management Council on Risk and Internal Control to report and track as a significant deficiency to the Agency the risk of not timely disabling network accounts for separated employees and contractors, as identified in Office of Inspector General Report No. A-000-21-004-C, Recommendation 2.

We recommend that USAID's Chief Human Capital Officer request its_x000D_cognizant Management Council on Risk and Internal Control to report and track as a significant deficiency to the Agency the risk of not maintaining records evidencing that staff have been offboarded in accordance with Agency policy, as identified in Office of Inspector General Report_x000D_No. A-000-21-004-C, Recommendation 3.

Embassy Bucharest should implement a coordination process for the oversight of foreign assistance programming in Romania in accordance with Department guidelines.

Embassy Bucharest should comply with Department standards for the use of public diplomacy-funded resources.

Embassy Bucharest should create a fraud prevention strategy in accordance with Department standards.

Embassy Bucharest should maintain and destroy immigrant visa files in accordance with Department standards.

Embassy Bucharest should implement a process to regularly review and update its management policies.

Embassy Bucharest should comply with all Department Motor Vehicle Safety Management Program standards for all chauffeurs and incidental drivers under chief of mission authority.

Embassy Bucharest should prohibit locally employed staff mechanics from servicing privately owned vehicles on U.S. government property and with U.S. government equipment, in accordance with federal regulations.

Embassy Bucharest should close out procurement files in accordance with Department standards.

Embassy Bucharest should bring its contracting officer’s representative program into compliance with Department standards.

Embassy Bucharest should bring its property management program into compliance with Department standards.

Embassy Bucharest should bring its cashier operations into compliance with Department standards.

Embassy Bucharest should implement standard procedures to accurately record, track, and process employee accounts receivables in accordance with Department requirements.

Embassy Bucharest should adhere to Department standards on time and attendance reporting, including overtime.

Embassy Bucharest, in coordination with the Bureau of Administration, should require the Bucharest Employees Recreation Association to request authorization to update the association charter to include processing for official residence expenses payroll and expenses as an approved service.

Embassy Bucharest should implement a knowledge management process for capturing, sharing, transferring, and retaining information for managing OpenNet and non-enterprise network operations.

Embassy Bucharest should implement an application lifecycle management plan.

Embassy Bucharest should obtain approval for its OpenNet extensions or implement the use of Department enterprise laptops to access OpenNet from the official residences.

Embassy Bucharest should implement procedures for issuing non-enterprise mobile devices that comply with Department standards.