Open Recommendations

Chief Information Officer develop and implement procedures to assess whether reinvestigations are performed timely for individuals who possess critical-sensitive/high-risk roles that require system access.

Chief Information Officer develop and implement policies and procedures to obtain feedback on the agency's specialized security training, update the training program, and request that third-party providers update their training content, as appropriate, to keep current with security practices.

To address these shortcomings, we recommend that USADF:
Update its training within 30 days of USAID OIG publishing this advisory to incorporate information on USAID OIG oversight authorities and procedures for disclosing allegations of fraud, waste, abuse, or mismanagement, and develop and implement a plan to provide the updated training to all USADF staff.

To address these shortcomings, we recommend that USADF:
Develop and implement a plan within 90 days of USAID OIG publishing this advisory to schedule fraud awareness briefings with USAID OIG's Office of Investigations for all USADF staff.

This recommendation contains sensitive information that should not be made public. Therefore, we are not including the wording for this recommendation.

This recommendation contains sensitive information that should not be made public. Therefore, we are not including the wording for this recommendation.

This recommendation contains sensitive information that should not be made public. Therefore, we are not including the wording for this recommendation.

This recommendation contains sensitive information that should not be made public. Therefore, we are not including the wording for this recommendation.

We recommend that the Director of FSEM update OPM's Personal Property Management Policies and Procedures manual. The updated manual should meet all GSA standards and document a formal governance structure for OPM's Personal Property Management Process that clearly assigns responsibilities and delegates authority to all involved in the process.

We recommend that the Director of FSEM conduct an agency-wide inventory.

We recommend that OPM implement an agency-wide personal property system of record.

The VA North Florida/South Georgia Health System Director ensures that providers document their rationales for initiating involuntary examinations under the Baker Act within a patients electronic health record and monitors compliance.

We recommend that the South Carolina Department of Health and Human Services ensure that all physician-administered drugs eligible for rebates after our audit period are processed for rebates.

We recommend that DOT determine the allowability of the questioned transactions and recover $919,266, if applicable.

We recommend that DOT work with FTA to determine the allowability of the questioned tribal transactions and recover $116,487, if applicable.

We recommend that the New Mexico Human Services Department work with the MCOs todevelop procedures to monitor PCS provider compliance with attendant qualifications, including those related to criminal background checks, abuse registry checks, TB tests, initial written competency tests, annual training, and CPR and first aid certifications; educate providers more frequently through methods such as guidance letters or webinars to increase PCS providers' understanding of attendant qualification requirements; and take corrective action against providers that do not ensure that attendants comply with qualification requirements, which could include removing providers that repeatedly fail to comply with the State's PCS program.

We recommend that the New Mexico Human Services Department share the results of our audit report with PCS providers statewide to emphasize the importance of attendants meeting qualification requirements and clarify the oversight provisions in its contracts with MCOs to require MCOs to monitor PCS providers' compliance with attendant qualification requirements and report monitoring results to the State agency.

We recommend that the Utah Department of Health and Human Services coordinate with DWS to provide periodic training to caseworkers that focuses on verifying and documenting information used and steps performed during the eligibility renewal process, including: (1) verifying income and assets, (2) verifying residency/contact information, and (3) correctly executing case review and reporting.

Ensure lessons learned from the ML-2’s acquisition, contract, and project management are codified to inform future development efforts

Conduct a thorough analysis of the feasibility of utilizing the fixed-price option, and if NASA determines that it will not be exercised, remove the option from the ML-2 contract

EXIM’s Office of Policy Analysis and International Relations should consider conducting a study with existing EEP exporters, to identify the key factors resulting in the decision to utilize EXIM for financing the EEP export. These key factors should then be assessed for potential inclusion into future outreach efforts with potential U.S. exporters to expand EEP transaction opportunities.

EXIM’s Chief Banking Officer should consider establishing periodic internal reporting of specific EEP outreach efforts by their office such that those efforts can be assessed for effectiveness in identifying and securing EEP authorizations. The reporting should include the type of outreach held, the attendees and any follow up meetings resulting from the outreach.

Establish procedures and controls to ensure that the appropriate field in AIMS is updated to include the taxpayer’s reported TPI plus unreported income identified during the examination in order to develop a measure of post-audit TPI.

Subsequently remind agencies with late-filed SSRs or CAPs of best practices at least 60 days prior to their next scheduled filing due date, and that they may request a filing extension at least 30 days before their scheduled due date if extenuating circumstances exist.

Offer standardized training to any new HOA on the safeguard review process and best practices for submitting agency documentation.

Provide documentation to support that HAP was appropriately paid to the owners for the 66 units that had more than one stop payment. If additional HAP was inappropriately paid, the Authority should pursue collection from the applicable owners or reimburse its HCV Program from non-Federal funds.

Review its records to confirm whether it had cases of children with EBLLs during our audit period and work with the owner(s) of the HCV Program units to provide required documentation to HUD.

Work with HUD's OLHCHH to provide technical assistance to the Authority's staff to develop and implement procedures and controls for monitoring owners for compliance with HUD's EBLL requirements and attempting to collaborate with local health departments to identify cases of EBLL in children under 6 years of age under its HCV Program.

We recommend that IAF's chief information officer develop and implement a plan, including tools and other resources, to remediate critical and high vulnerabilities within the timeframes specified in the agency's "Information System Security Program Standard Operating Procedures" (February 2022).

Revise its procedures to ensure all electronic storage media containing sensitive or classified information, including hard drives that are extracted from computers slated for destruction, are appropriately accounted for, tracked, timely sanitized, and destroyed.

Implement controls to ensure its electronic storage media are marked with the appropriate National Security Information (NSI) classification level markings, in accordance with applicable policies and guidelines.

USAID West Bank and Gaza verify that Tech2Peace corrects the 3 instances of material noncompliance detailed on pages 25 to 27 of the audit report.

We recommend that MCC's Chief Information Officer take the following action: Recommendation 1. Implement level 3 event logging requirements in accordance with Office of Management and Budget Memorandum M-21-31.

Develop and communicate guidance on post-award spot checks to include a more detailed definition of spot checks, illustrative procedures and opportunities for their use, and procedures for appropriately communicating their results, when warranted.

USAID/West Bank and Gaza verify that the auditee corrects the two material weaknesses in internal control detailed on pages 16 to 19 of the audit report.

USAID/ West Bank and Gaza verify that the auditee corrects the 3 instances of material noncompliance detailed on pages 22 to 24 of the audit report.

Develop and implement a formal cost-estimating process that incorporates, as applicable, the best practices in the Government Accountability Office Cost Guide to better ensure that SIP project estimates are reliable.

Establish controls to ensure independent Government cost estimates are performed in accordance with Federal regulations.

Develop and implement policies and procedures to document and retain copies of all independent Government estimates for SIP projects in contract files.

Develop and implement a formal written process for capturing total costs and associated support for completed SIP projects to ensure accurate and timely reporting.

We recommend the Under Secretary for S&T clearly identify the appropriate entity with the authority and responsibility for updating critical infrastructure research and development strategic plans and annual homeland threat assessments and ensure that entity publishes each document in accordance with each of the prescribed timeframes.

We recommend the Under Secretary for S&T develop and implement improved controls to ensure all S&T offices adhere to program and project management principles per the Operating Model Blueprint, including, but not limited to, policies, procedures, and training. These controls should ensure that tailored project approaches are documented and approved, standardized project management language is used, project and program plans are appropriately integrated, and roles and responsibilities are clearly defined.

We recommend the Under Secretary for S&T develop and implement data validation controls to ensure accurate and consistent financial and project information in S&T’s centralized project tracking system, including, but not limited to, implementation policies, procedures, and training.

We recommend CBP’s Office of Information Technology implement a mechanism to routinely assess CBP applications and supporting infrastructure operating systems for configuration and patch management vulnerabilities and timely implement corrective actions.

Implement procedures and controls to ensure that visual assessments for lead-based paint are completed at least every 12 months.

Implement procedures and controls to ensure that risk assessments and reevaluations are conducted in accordance with HUD's requirements.

Obtain lead-based paint risk assessments for the five developments for which hazard reduction work was completed and perform the required reevaluations.

Determine whether the remaining five developments (Imperial Courts, Mar Vista Gardens, Nickerson Gardens, Ramona Gardens, and Rancho San Pedro) have deteriorated paint and if so, obtain lead-based paint risk assessments and reevaluations when applicable.

Coordinate with HUD's Office of Lead Hazard Control and Healthy Homes to obtain training for the Authority's employees responsible for managing lead-based paint on the management of lead-based paint, including the requirements for visual assessments, risk assessments, reevaluations, and hazard reduction.

We recommend that the Kansas Department of Health and Education improve its electronic visit verification system by developing and implementing procedures to verify that in-home PCS claims are recorded and verified in its EVV system, and implementing edits to verify that tasks recorded on in-home PCS claims match allowable tasks approved in the PCSP.