Open Recommendations

We recommend that the USAID Bureau for Europe and Eurasia, in coordination with USAID/Ukraine:_x000D_Implement an action plan to verify the accuracy of Government of Ukraine-submitted expenditure reports for healthcare worker salaries and remediate any identified deficiencies, as appropriate.

We recommend that IAF’s President and Chief Executive Officer: Develop and implement an enterprise risk management framework.

We recommend that IAF’s President and Chief Executive Officer: Incorporate the enterprise risk management framework into IAF’s pre-award risk management procedures.

We recommend that the Office of Policy work with the Bureau for Africa and missions in sub-Saharan Africa to establish performance goals and measurable targets that missions can use to help the Agency assess its progress toward meeting goals in its efforts to respond to Chinese influence.

Develop and implement a quality control review process over user access reviews, to include procedures to ensure the completeness and accuracy of the access request forms and access listings reviewed.

Enforce oversight policies and procedures relating to the separations process to ensure timely completion of personnel actions.

Ensure the appropriate individuals are trained through a structured ERM program training to increase knowledge and understanding throughout the organization and share key takeaways and materials with employees at all levels to effectively contribute to the organization’s program success.

Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt.

Research and adopt an appropriate ERM maturity model.

Develop and implement effective key controls that identify risks and assign theCommission’s risk tolerances by aligning each control objective with the appropriatecontrol activity and completing an updated entity-level control and results assessment.

Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.

Develop and implement a process for tracking the consolidation of risks.

Establish a process to track the amount HUD owes to PHAs to cover prepayment shortages and provide the information to OCFO so that it can be properly recognized as accounts payable.

Contact all other HUD program offices to determine whether any other programs authorize or are aware of grantees holding funds in advance of their immediate disbursement needs and determine financial statement impact on and compliance with Treasury cash management requirements of any found.

We recommend that the Director, Office of Disaster Recovery, perform monitoring of or otherwise review grantees' detailed procedures for preventing duplication of benefits for each grant activity within the first year after HUD signs the grant agreement or before grantees process applications for assistance, whichever occurs first.

We recommend that the Director, Office of Disaster Recovery, develop and implement a process to review grantees' detailed procedures for preventing duplication of benefits and require grantees to correct any deficiencies identified in the review before grantees process applications for assistance.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes:

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.