Open Recommendations

Embassy Bucharest should implement an application lifecycle management plan.

Embassy Bucharest should obtain approval for its OpenNet extensions or implement the use of Department enterprise laptops to access OpenNet from the official residences.

Embassy Bucharest should implement procedures for issuing non-enterprise mobile devices that comply with Department standards.

Status of Recommendations: OIG-21-A-02-Results of the Audit of the NRC’s Financial Statements for the FY 2020 dated May 3rd, 2022.

We recommend that IAF’s President and Chief Executive Officer: Develop and implement an enterprise risk management framework.

We recommend that IAF’s President and Chief Executive Officer: Incorporate the enterprise risk management framework into IAF’s pre-award risk management procedures.

Create detailed criteria in the cooperative agreements on the data validation controls they expect the CNAs to apply.

Research data elements needed to achieve Program objectives and revise the corresponding cooperative agreements with CNAs

Revisit/review controls related to updating website contents to ensure current and accurate information is published.

Implement internal controls to oversee the reporting and data validation process.

Create a standard operating procedure to collect and handle data and define roles and responsibilities for enhanced operational efficiency

Develop a unified information system for use by the Commission, CNAs, and NPAs participating in the Program.

Develop and implement a quality control review process over user access reviews, to include procedures to ensure the completeness and accuracy of the access request forms and access listings reviewed.

Enforce oversight policies and procedures relating to the separations process to ensure timely completion of personnel actions.

Ensure the appropriate individuals are trained through a structured ERM program training to increase knowledge and understanding throughout the organization and share key takeaways and materials with employees at all levels to effectively contribute to the organization’s program success.

Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt.

Research and adopt an appropriate ERM maturity model.

Develop and implement effective key controls that identify risks and assign theCommission’s risk tolerances by aligning each control objective with the appropriatecontrol activity and completing an updated entity-level control and results assessment.

Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.

Develop and implement a process for tracking the consolidation of risks.

Ensure the appropriate individuals are trained through a structured ERM program training to increase knowledge and understanding throughout the organization and share key takeaways and materials with employees at all levels to effectively contribute to the organization’s program success.

Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt.

Research and adopt an appropriate ERM maturity model.

Develop and implement effective key controls that identify risks and assign the Commission’s risk tolerances by aligning each control objective with the appropriate control activity and completing an updated entity-level control and results assessment.

Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.