Open Recommendations

We recommend that the Office of Acquisition and Assistance take the following actions: Review the approval process of administrative guidance to implementers and make appropriate changes to streamline it for use in crisis scenarios, for example, by clarifying the role of each reviewer.

Determine the allowability of the questioned costs of $34,805 ($34,368 ineligible and $437 unsupported), on pages 10-12 of the audit report and recover any amount that is unallowable.

Correct the six material weaknesses in internal control disclosed on page 17 of the audit report.

We recommend that IAF’s chief information officer develop and implement a plan, including tools and other resources, to remediate critical and high vulnerabilities within the timeframes specified in the agency’s “Information System Security Program Standard Operating Procedures” (February 2022).

We recommend that IAF’s chief information officer update the agency’s system security plan to include controls in National Institute of Standards and Technology Special Publication 800-53, Revision 5, “Security and Privacy Controls for Information Systems and Organizations.”

We recommend that MCC’s Chief Information Officer take the following action:_x000D_Recommendation 1. Implement level 3 event logging requirements in accordance with Office of Management and Budget Memorandum M-21-31.

Develop and implement standard operating procedures to identify and calculate reliable drug control-related obligations.

Develop and implement a methodology that can be applied to data in NHTSA’s financial system to track drug control-related obligations, by budget decision unit and drug control function.

Develop a budget formulation methodology that provides a reasonable basis for consistent estimation of NHTSA’s drug control budget that fairly quantifies its financial commitment to drug control activities and provides the methodology to the Office of National Drug Control Policy for approval.

We recommend that USAID's Chief Information Officer request its_x000D_cognizant Management Council on Risk and Internal Control to report and track as a significant deficiency to the Agency the risk of not timely disabling network accounts for separated employees and contractors, as identified in Office of Inspector General Report No. A-000-21-004-C, Recommendation 2.

We recommend that USAID's Chief Human Capital Officer request its_x000D_cognizant Management Council on Risk and Internal Control to report and track as a significant deficiency to the Agency the risk of not maintaining records evidencing that staff have been offboarded in accordance with Agency policy, as identified in Office of Inspector General Report_x000D_No. A-000-21-004-C, Recommendation 3.

Embassy Bucharest should implement a coordination process for the oversight of foreign assistance programming in Romania in accordance with Department guidelines.

Embassy Bucharest should comply with Department standards for the use of public diplomacy-funded resources.

Embassy Bucharest should create a fraud prevention strategy in accordance with Department standards.

Embassy Bucharest should maintain and destroy immigrant visa files in accordance with Department standards.

Embassy Bucharest should implement a process to regularly review and update its management policies.

Embassy Bucharest should comply with all Department Motor Vehicle Safety Management Program standards for all chauffeurs and incidental drivers under chief of mission authority.

Embassy Bucharest should prohibit locally employed staff mechanics from servicing privately owned vehicles on U.S. government property and with U.S. government equipment, in accordance with federal regulations.

Embassy Bucharest should close out procurement files in accordance with Department standards.

Embassy Bucharest should bring its contracting officer’s representative program into compliance with Department standards.

Embassy Bucharest should bring its property management program into compliance with Department standards.

Embassy Bucharest should bring its cashier operations into compliance with Department standards.

Embassy Bucharest should implement standard procedures to accurately record, track, and process employee accounts receivables in accordance with Department requirements.

Embassy Bucharest should adhere to Department standards on time and attendance reporting, including overtime.

Embassy Bucharest, in coordination with the Bureau of Administration, should require the Bucharest Employees Recreation Association to request authorization to update the association charter to include processing for official residence expenses payroll and expenses as an approved service.