Open Recommendations

Embassy Bucharest should implement a knowledge management process for capturing, sharing, transferring, and retaining information for managing OpenNet and non-enterprise network operations.

Embassy Bucharest should implement an application lifecycle management plan.

Embassy Bucharest should obtain approval for its OpenNet extensions or implement the use of Department enterprise laptops to access OpenNet from the official residences.

Embassy Bucharest should implement procedures for issuing non-enterprise mobile devices that comply with Department standards.

Status of Recommendations: OIG-21-A-02-Results of the Audit of the NRC’s Financial Statements for the FY 2020 dated May 3rd, 2022.

We recommend that the USAID Bureau for Europe and Eurasia, in coordination with USAID/Ukraine:_x000D_Implement an action plan to verify the accuracy of Government of Ukraine-submitted expenditure reports for healthcare worker salaries and remediate any identified deficiencies, as appropriate.

We recommend that IAF’s President and Chief Executive Officer: Develop and implement an enterprise risk management framework.

We recommend that IAF’s President and Chief Executive Officer: Incorporate the enterprise risk management framework into IAF’s pre-award risk management procedures.

We recommend that the Office of Policy work with the Bureau for Africa and missions in sub-Saharan Africa to establish performance goals and measurable targets that missions can use to help the Agency assess its progress toward meeting goals in its efforts to respond to Chinese influence.

Develop and implement a quality control review process over user access reviews, to include procedures to ensure the completeness and accuracy of the access request forms and access listings reviewed.

Enforce oversight policies and procedures relating to the separations process to ensure timely completion of personnel actions.

Ensure the appropriate individuals are trained through a structured ERM program training to increase knowledge and understanding throughout the organization and share key takeaways and materials with employees at all levels to effectively contribute to the organization’s program success.

Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt.

Research and adopt an appropriate ERM maturity model.

Develop and implement effective key controls that identify risks and assign theCommission’s risk tolerances by aligning each control objective with the appropriatecontrol activity and completing an updated entity-level control and results assessment.

Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.

Develop and implement a process for tracking the consolidation of risks.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes:

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.