Open Recommendations

OIG recommends that the Bureau of Near Eastern Affairs discontinue the practice of nominating Contracting Officer’s Representatives and Government Technical Monitors who do not meet Level III Federal Acquisition Certification for Contracting Officer’s Representatives and technical expertise requirements for its contracts or obtain a temporary waiver from the Bureau of Administration, Office of the Procurement Executive, as required by Procurement Information Bulletin No. 2012-15.

OIG recommends that the Bureau of Overseas Buildings Operations (1) identify industry best practices for automating commissioning documentation, (2) develop an electronic commissioning platform, and (3) conduct a pilot program using the electronic platform that would allow commissioning tests to be created digitally and test results saved to an online repository.

Review the SCRM NIST guidance and update the SCRM plan, policies, and procedures to fully address supply chain risk management controls and practices.

Upon issuance of the CUI policies, design and implement media marking to designate protection standards for safeguarding and/ordisseminating agency information.

Develop and implement a process to include compensating controls to_x000D_mitigate risk when accepting the risk of known vulnerabilities.

Document and implement a process to verify that laptops are encrypted and remediate instances of nonencrypted laptops.

Document and implement a strategy, policy, and procedures to manage supply chain risks with suppliers, contractors, and systems.

Determine the allowability of the questioned costs of $34,805 ($34,368 ineligible and $437 unsupported), on pages 10-12 of the audit report and recover any amount that is unallowable.

Correct the six material weaknesses in internal control disclosed on page 17 of the audit report.

Develop and implement standard operating procedures to identify and calculate reliable drug control-related obligations.

Develop and implement a methodology that can be applied to data in NHTSA’s financial system to track drug control-related obligations, by budget decision unit and drug control function.

Develop a budget formulation methodology that provides a reasonable basis for consistent estimation of NHTSA’s drug control budget that fairly quantifies its financial commitment to drug control activities and provides the methodology to the Office of National Drug Control Policy for approval.

Embassy Bucharest should implement a coordination process for the oversight of foreign assistance programming in Romania in accordance with Department guidelines.

Embassy Bucharest should comply with Department standards for the use of public diplomacy-funded resources.

Embassy Bucharest should create a fraud prevention strategy in accordance with Department standards.

Embassy Bucharest should maintain and destroy immigrant visa files in accordance with Department standards.

Embassy Bucharest should implement a process to regularly review and update its management policies.

Embassy Bucharest should comply with all Department Motor Vehicle Safety Management Program standards for all chauffeurs and incidental drivers under chief of mission authority.

Embassy Bucharest should prohibit locally employed staff mechanics from servicing privately owned vehicles on U.S. government property and with U.S. government equipment, in accordance with federal regulations.

Embassy Bucharest should close out procurement files in accordance with Department standards.

Embassy Bucharest should bring its contracting officer’s representative program into compliance with Department standards.

Embassy Bucharest should bring its property management program into compliance with Department standards.

Embassy Bucharest should bring its cashier operations into compliance with Department standards.

Embassy Bucharest should implement standard procedures to accurately record, track, and process employee accounts receivables in accordance with Department requirements.

Embassy Bucharest should adhere to Department standards on time and attendance reporting, including overtime.

Embassy Bucharest, in coordination with the Bureau of Administration, should require the Bucharest Employees Recreation Association to request authorization to update the association charter to include processing for official residence expenses payroll and expenses as an approved service.

Embassy Bucharest should implement a knowledge management process for capturing, sharing, transferring, and retaining information for managing OpenNet and non-enterprise network operations.

Embassy Bucharest should implement an application lifecycle management plan.

Embassy Bucharest should obtain approval for its OpenNet extensions or implement the use of Department enterprise laptops to access OpenNet from the official residences.

Embassy Bucharest should implement procedures for issuing non-enterprise mobile devices that comply with Department standards.

Status of Recommendations: OIG-21-A-02-Results of the Audit of the NRC’s Financial Statements for the FY 2020 dated May 3rd, 2022.

We recommend that IAF’s President and Chief Executive Officer: Develop and implement an enterprise risk management framework.

We recommend that IAF’s President and Chief Executive Officer: Incorporate the enterprise risk management framework into IAF’s pre-award risk management procedures.

Develop and implement a quality control review process over user access reviews, to include procedures to ensure the completeness and accuracy of the access request forms and access listings reviewed.

Enforce oversight policies and procedures relating to the separations process to ensure timely completion of personnel actions.

Ensure the appropriate individuals are trained through a structured ERM program training to increase knowledge and understanding throughout the organization and share key takeaways and materials with employees at all levels to effectively contribute to the organization’s program success.

Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt.

Research and adopt an appropriate ERM maturity model.

Develop and implement effective key controls that identify risks and assign theCommission’s risk tolerances by aligning each control objective with the appropriatecontrol activity and completing an updated entity-level control and results assessment.

Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.

Develop and implement a process for tracking the consolidation of risks.

Establish a process to track the amount HUD owes to PHAs to cover prepayment shortages and provide the information to OCFO so that it can be properly recognized as accounts payable.

Contact all other HUD program offices to determine whether any other programs authorize or are aware of grantees holding funds in advance of their immediate disbursement needs and determine financial statement impact on and compliance with Treasury cash management requirements of any found.

We recommend that the Director, Office of Disaster Recovery, perform monitoring of or otherwise review grantees' detailed procedures for preventing duplication of benefits for each grant activity within the first year after HUD signs the grant agreement or before grantees process applications for assistance, whichever occurs first.

We recommend that the Director, Office of Disaster Recovery, develop and implement a process to review grantees' detailed procedures for preventing duplication of benefits and require grantees to correct any deficiencies identified in the review before grantees process applications for assistance.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.