Open Recommendations

We recommend that the USAID/Bureau for Humanitarian Assistance, USAID/Bangladesh, USAID/Burma, and USAID Bureau for Asia take the following actions:_x000D_4. USAID/Bureau for Asia, as the geographic bureau responsible for the missions in Bangladesh and Burma, coordinate with USAID/Bangladesh, USAID/Burma, and the USAID/Bureau for Humanitarian Assistance and assess the need to develop and communicate an overall Agency strategy for the Rohingya crisis response with clearly defined end goals, specific and measurable outcomes, clear roles and responsibilities, and a roadmap for achieving those goals.

We recommend that the Office of Acquisition and Assistance take the following actions: Review the approval process of administrative guidance to implementers and make appropriate changes to streamline it for use in crisis scenarios, for example, by clarifying the role of each reviewer.

Determine the allowability of the questioned costs of $34,805 ($34,368 ineligible and $437 unsupported), on pages 10-12 of the audit report and recover any amount that is unallowable.

Correct the six material weaknesses in internal control disclosed on page 17 of the audit report.

We recommend that IAF’s chief information officer develop and implement a plan, including tools and other resources, to remediate critical and high vulnerabilities within the timeframes specified in the agency’s “Information System Security Program Standard Operating Procedures” (February 2022).

We recommend that IAF’s chief information officer update the agency’s system security plan to include controls in National Institute of Standards and Technology Special Publication 800-53, Revision 5, “Security and Privacy Controls for Information Systems and Organizations.”

We recommend that MCC’s Chief Information Officer take the following action:_x000D_Recommendation 1. Implement level 3 event logging requirements in accordance with Office of Management and Budget Memorandum M-21-31.

Develop and implement standard operating procedures to identify and calculate reliable drug control-related obligations.

Develop and implement a methodology that can be applied to data in NHTSA’s financial system to track drug control-related obligations, by budget decision unit and drug control function.

Develop a budget formulation methodology that provides a reasonable basis for consistent estimation of NHTSA’s drug control budget that fairly quantifies its financial commitment to drug control activities and provides the methodology to the Office of National Drug Control Policy for approval.

We recommend that USAID's Chief Information Officer request its_x000D_cognizant Management Council on Risk and Internal Control to report and track as a significant deficiency to the Agency the risk of not timely disabling network accounts for separated employees and contractors, as identified in Office of Inspector General Report No. A-000-21-004-C, Recommendation 2.

We recommend that USAID's Chief Human Capital Officer request its_x000D_cognizant Management Council on Risk and Internal Control to report and track as a significant deficiency to the Agency the risk of not maintaining records evidencing that staff have been offboarded in accordance with Agency policy, as identified in Office of Inspector General Report_x000D_No. A-000-21-004-C, Recommendation 3.

Embassy Bucharest should implement a coordination process for the oversight of foreign assistance programming in Romania in accordance with Department guidelines.

Embassy Bucharest should comply with Department standards for the use of public diplomacy-funded resources.

Embassy Bucharest should create a fraud prevention strategy in accordance with Department standards.

Embassy Bucharest should maintain and destroy immigrant visa files in accordance with Department standards.

Embassy Bucharest should implement a process to regularly review and update its management policies.

Embassy Bucharest should comply with all Department Motor Vehicle Safety Management Program standards for all chauffeurs and incidental drivers under chief of mission authority.

Embassy Bucharest should prohibit locally employed staff mechanics from servicing privately owned vehicles on U.S. government property and with U.S. government equipment, in accordance with federal regulations.

Embassy Bucharest should close out procurement files in accordance with Department standards.

Embassy Bucharest should bring its contracting officer’s representative program into compliance with Department standards.

Embassy Bucharest should bring its property management program into compliance with Department standards.

Embassy Bucharest should bring its cashier operations into compliance with Department standards.

Embassy Bucharest should implement standard procedures to accurately record, track, and process employee accounts receivables in accordance with Department requirements.

Embassy Bucharest should adhere to Department standards on time and attendance reporting, including overtime.

Embassy Bucharest, in coordination with the Bureau of Administration, should require the Bucharest Employees Recreation Association to request authorization to update the association charter to include processing for official residence expenses payroll and expenses as an approved service.

Embassy Bucharest should implement a knowledge management process for capturing, sharing, transferring, and retaining information for managing OpenNet and non-enterprise network operations.

Embassy Bucharest should implement an application lifecycle management plan.

Embassy Bucharest should obtain approval for its OpenNet extensions or implement the use of Department enterprise laptops to access OpenNet from the official residences.

Embassy Bucharest should implement procedures for issuing non-enterprise mobile devices that comply with Department standards.

Status of Recommendations: OIG-21-A-02-Results of the Audit of the NRC’s Financial Statements for the FY 2020 dated May 3rd, 2022.

We recommend that the USAID Bureau for Europe and Eurasia, in coordination with USAID/Ukraine:_x000D_Implement an action plan to verify the accuracy of Government of Ukraine-submitted expenditure reports for healthcare worker salaries and remediate any identified deficiencies, as appropriate.

We recommend that IAF’s President and Chief Executive Officer: Develop and implement an enterprise risk management framework.

We recommend that IAF’s President and Chief Executive Officer: Incorporate the enterprise risk management framework into IAF’s pre-award risk management procedures.

We recommend that the Office of Policy work with the Bureau for Africa and missions in sub-Saharan Africa to establish performance goals and measurable targets that missions can use to help the Agency assess its progress toward meeting goals in its efforts to respond to Chinese influence.

Develop and implement a quality control review process over user access reviews, to include procedures to ensure the completeness and accuracy of the access request forms and access listings reviewed.

Enforce oversight policies and procedures relating to the separations process to ensure timely completion of personnel actions.

Ensure the appropriate individuals are trained through a structured ERM program training to increase knowledge and understanding throughout the organization and share key takeaways and materials with employees at all levels to effectively contribute to the organization’s program success.

Assess and update the Commission’s existing policies and procedures to ensure compliance with federal requirements and that the policies and procedures reflect the processes that it wants to adopt.

Research and adopt an appropriate ERM maturity model.

Develop and implement effective key controls that identify risks and assign theCommission’s risk tolerances by aligning each control objective with the appropriatecontrol activity and completing an updated entity-level control and results assessment.

Include a process in the ERM program to include documenting management’s determination of key process decisions for its other process considerations.

Develop and implement a process for tracking the consolidation of risks.

Establish a process to track the amount HUD owes to PHAs to cover prepayment shortages and provide the information to OCFO so that it can be properly recognized as accounts payable.

Contact all other HUD program offices to determine whether any other programs authorize or are aware of grantees holding funds in advance of their immediate disbursement needs and determine financial statement impact on and compliance with Treasury cash management requirements of any found.

We recommend that the Director, Office of Disaster Recovery, perform monitoring of or otherwise review grantees' detailed procedures for preventing duplication of benefits for each grant activity within the first year after HUD signs the grant agreement or before grantees process applications for assistance, whichever occurs first.

We recommend that the Director, Office of Disaster Recovery, develop and implement a process to review grantees' detailed procedures for preventing duplication of benefits and require grantees to correct any deficiencies identified in the review before grantees process applications for assistance.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.