Open Recommendations

Develop and implement a remediation plan to address incomplete data migration and ensure all IT assets are captured accurately.

Configure the system to generate standardized inventory reports for audit, compliance, and management review.

Establish a process to perform regular reconciliations between procurement records, physical assets, and system data.

Provide user training to staff responsible for entering, maintaining, and reviewing asset records.

Develop and issue formal policies and procedures governing the use of the new IT inventory system, including asset entries, updates, retirements, and reconciliation.

Update and implement the Accountable Property Handbook to address returning IT assets that requires a secure chain of custody process, including IT assets subject to litigation holds.

Update the offboarding procedures to include instructions to employees to ensure exiting employees return their IT assets in accordance with the updated Accountable Property Handbook.

Improve the IT asset accountability process going forward to include historical IT asset tracking by employee and by addressing and implementing data access procedures for returned cell phones on litigation holds.

Develop and document implementation of a methodology to verify that CIG applicants that are subject to the TAM performance target progress requirement have made progress on established TAM performance targets before awarding CIG grants.

In coordination with OCFO and the OCIO, develop and implement a plan with defined milestones and timelines to resolve data discrepancies between Maximo and Odyssey and ensure property data are complete, accurate, and properly reconciled with the F/A module. As part of this plan, clarify roles, responsibilities, and coordination mechanisms between offices to ensure sustained accountability for property management and reconciliation activities.

Assess and, where feasible, enhance Maximo’s configuration to automate key property management controls. This assessment should include a cost–benefit analysis to determine viable improvements and identify compensating controls if system enhancements are not practical, to ensure consistent and accurate property data entry and reconciliation.

Finalize and issue updates to property management policies and procedures, including the DFMH, MS 511, and related guidance, to reflect the implementation of Maximo as the agency’s property management system and ensure alignment with current processes and controls.

Ensure all Posts receive and acknowledge updated property management guidance and expectations for the use of Maximo. This could include providing refresher training or written instructions on key processes, such as asset capitalization, status updates, and disposals, and obtaining confirmation from Posts that the information was reviewed and understood.

Reinforce the Annual Inventory Certification process as a data-quality control by providing targeted guidance and verification procedures to ensure that certifications accurately reflect property records in Maximo.

Continue performing monthly reconciliations between Maximo and Odyssey and enhance the reconciliation process, as appropriate, based on the results of the Maximo configuration assessment in Recommendation 2. Coordinate with the Compliance and Risk Office to ensure the reconciliation process is properly designed, consistently executed, and effective in identifying and resolving differences in a timely manner.

Confer with the Office of General Counsel regarding the potential recovery of the $3.6 million in manufacturer credits that were issued by manufacturers and retained by Pharma Logistics before the associated jobs were closed.

Confer with the Office of General Counsel regarding the potential recovery of unsupported discrepancies between the total credits received and the amounts disbursed.

Design and implement policies and procedures to identify changes in operational activities that necessitate a change in accounting treatment.

Design and implement policies and procedures to identify risks related to presentation matters that are pertinent to the users of the financial statements.

Design and implement a formal revenue recognition review process for significant judgments and elections.

Design and implement control activities to review the Accounting Standards Codification No. 2014-09, Revenue from Contracts with Customers (Topic 606) adjustment with sufficient precision to ensure the revenue adjustment is complete and accurate.

Automate their accounting system to recognize revenue under Topic 606 throughout the year.

Office of Programs should Add reference to the Management Control Procedures Guide in the
Railroad Retirement Board’s Division of Programs Operating Manuals, Article 11.

Office of Programs should provide evidence that Policy and Systems staff have completed training
regarding management control review requirements, and roles and responsibilities.

Office of Programs should Inform staff of the 20 CFR §345.305(a) regulation requiring the RRB to send quarterly
notices to all railroad employers with their own experience rating.

Office of Programs should issue quarterly notices containing the railroad employer’s cumulative benefit balance
and net cumulative contribution balance to all employers with their own experience rating, in alignment with
requirements of 20 CFR §345.305(a).

Office of Programs should work with the Railroad Retirement Board developers to implement a system change for
Agency Enterprise General Information Support System-Z (IBM Mainframe environment) to maintain records
for at least three calendar years, or longer, if necessary, to align with other financial management practices and
information needed for the experience rating calculation for employers.

Office of Programs should update the Division of Programs Operating Manuals, Article 11
to reflect the implementation of recommendation 5.

Office of Programs should Update the Division of Programs Operating Manuals, Article 11
to reflect the requirements of 20 Code of Federal Regulations §345.305.

Office of Programs should Update Division of Programs Operating Manuals, Article 11
to reflect the required annual notification process.

OIG recommends that the Peace Corps develops and implements formal policies and procedures for establishing and maintaining its target cybersecurity profile(s). (Metric 1)

OIG recommends that the Peace Corps implements formal processes to ensure externally sourced products, systems, components, and services comply with its cybersecurity and supply chain risk management requirements, including integration into procurement and vendor management activities. (Metric 5)

OIG recommends that the Peace Corps develops and implements formal policies and procedures for maintaining a comprehensive inventory of data and corresponding metadata. (Metric 10)

OIG recommends that the Peace Corps allocates the necessary resources to ensure that baseline configurations and associated deviations are reviewed and updated at least annually. (Metric 14)

OIG recommends that the Peace Corps prioritize the procurement and implementation of a Data Loss Prevention solution to enhance its ability to detect and prevent unauthorized data exfiltration. (Metric 22)

Assess where the company and its partners’ expectations of the company’s role differ. Based on this assessment, take steps to clarify the company’s role, as appropriate.

Work with GDC to ensure that the company has adequate, ongoing visibility into project risks on the construction packages it is not leading.

Identify and document all relevant internal stakeholders and their related HTP support activities, and assign accountable departments and individuals for each activity identified.

Finalize the HTP internal document management system and related guidance consistent with Capital Delivery procedures.

Executive leaders ensure staff post safety risk assessment permits for all construction projects.

Executive leaders ensure staff install privacy curtains in all exam rooms.

Executive leaders ensure staff install handrails on both sides of the hallway in the Community Living Center.

Executive leaders ensure staff follow the facility’s policy for communication of abnormal test results to patients.

The Associate Director for Operations ensures staff keep patient care areas clean and clean storage areas free of dirty items and equipment.

The Chief of Staff ensures the facility has workflows for all services to identify team members roles in the test result communication process.

Facility leaders assess how staff monitor video laryngoscope supplies to ensure theyare readily available, and staff remove supplies when they expire.

Facility leaders ensure staff develop service-level workflows for the communicationof test results per the VHA directive.

Document and fully implement the Departmentwide process for monthly monitoring of compliance with in-person work requirements.

Ensure medical facilities establish and implement clear written Homeless Screening Clinical Reminder policies that define the roles and responsibilities of staff involved in the referral, follow-up, and monitoring processes.

Ensure medical facility staff involved in the Homeless Screening Clinical Reminder process are aware of and trained on written local policies and procedures for making referrals, conducting follow-up, and monitoring.