Open Recommendations

Research and adopt an appropriate ERM maturity model.

Develop and implement effective key controls that identify risks and assign the Commission’s risk tolerances by aligning each control objective with the appropriate control activity and completing an updated entity-level control and results assessment.

Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.

Develop and implement a process for tracking the consolidation of risks.

Meet with Commission members and stakeholders to determine whether incorporating evidence-building into its next strategic planning process would assist the Commission in identifying key areas for improvement and improve outcomes to ensure a comprehensive and evidence-based approach for measuring the progress toward goals and objectives in the AbilityOne program. This determination should include, but not be limited to, meetings, information sessions, determinations of key learning areas, and how the information will be used in its next strategic planning process.

Meet with Commission members and stakeholders to determine whether incorporating internal program evaluations into its next strategic planning process would assist the Commission in better informing stakeholders about the program's impact and contributions. This determination should include, but not be limited to, meetings, information sessions, determinations of potential program evaluations, and how information from those potential evaluations will be used in its next strategic planning process.

Enhance its ability to track and monitor progress and the successful implementation of agency goals by establishing and incorporating quantitative measures into its 2026-2030 strategic plan.

Establish a process to track the amount HUD owes to PHAs to cover prepayment shortages and provide the information to OCFO so that it can be properly recognized as accounts payable.

Contact all other HUD program offices to determine whether any other programs authorize or are aware of grantees holding funds in advance of their immediate disbursement needs and determine financial statement impact on and compliance with Treasury cash management requirements of any found.

We recommend that the Director, Office of Disaster Recovery, perform monitoring of or otherwise review grantees' detailed procedures for preventing duplication of benefits for each grant activity within the first year after HUD signs the grant agreement or before grantees process applications for assistance, whichever occurs first.

We recommend that the Director, Office of Disaster Recovery, develop and implement a process to review grantees' detailed procedures for preventing duplication of benefits and require grantees to correct any deficiencies identified in the review before grantees process applications for assistance.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes:

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

This is a recoupment.

Add a warning or disclaimer to the fiscal years 2020 to 2023 Annual Enforcement Report files as a header or footer and to the FRA website where the Annual Enforcement Reports are housed stating that the number of violations associated with cases and the violation totals published in Appendix A may be incorrect.

Update review procedures to ensure accurate responses to Office of
Management and Budget (OMB) payment integrity data call prompts,
compliance with the Payment Integrity Information Act of 2019, and that
information is complete, accurate, and consistent before the final
submission of the OMB payment integrity data call; and further refine
reviews of published information on PaymentAccuracy.gov

The Associate Director for Health Services recognizes and shares Peace Corps/The Gambia’s promising practices with other posts to help guide their medical inventory practices and needed improvements.

The Country Director of Peace Corps/Namibia instructs the Peace Corps Medical Officer and other medical staff to perform a full medical inventory count of controlled substances under the supervision of Director of Management and Operations and witness the inventory count.

The Country Director of Peace Corps/Namibia ensures all controlled substances are securely locked in a cabinet inside a secure room and monitors access to the storage unit.

The Country Director and Director of Management and Operations of Peace Corps/Namibia conduct staff training on the medical inventory process and educate staff on agency requirements, roles and responsibilities, procedures for implementing the inventory system, and special standards for controlled substances in accordance with agency requirements.

The Country Director and Director of Management and Operations of Peace Corps/Namibia and develop a plan to provide additional oversight through at least calendar year 2026 to ensure that the processes required to manage controlled substances are being followed and that the personnel are adequately managing medical inventories.

The Country Director of Peace Corps/Namibia ensures controls over dispensing records, including signed receipts from the volunteers (form Peace Corps-734D), are monitored, the dispensing book is secured properly, and copies are distributed to designated staff and filed in a timely manner.

The Country Director and Director of Management and Operations of Peace Corps/Namibia review the Health Unit Assessment and recommendations completed in August 2024 and create a plan for addressing the recommendations fully with target dates for implementation.

The Associate Director for Health Services and the Regional Director of the Africa Region follow up with the Country Director and Peace Corps Medical Officer in Peace Corps/Namibia to ensure appropriate action is taken to implement these recommendations to improve management of controlled substances.

Develop and finalize policies and procedures that address cyber threat information sharing.

Formally establish and clarify operational roles and responsibilities across offices for cyber threat information sharing and any delegation of authorities to determine when issues must be escalated.

Ensure timely finalization and implementation of recommendations identified in the after-action and lessons learned reports for cyberrelated incidents, including the draft ongoing operations after-action report and the draft pre-victim notification lessons learned report.

Document and implement internal data management protocols that ensure the appropriate sharing, assessment, and response of available cyber threat information.

Develop a process to assess credit unions’ and other stakeholders’ feedback on NCUA’s cyber threat information sharing and update information sharing processes to reflect any necessary changes.

Ensure the Office of Examination and Insurance provides timely updates to examination and supervisory guidance to address cyber risks.