Recommendation Dashboard

Verify that MCA Lesotho II Authority corrects the one material weakness in internal control detailed on pages 42 and 46 of the audit report.

Verify that MCA Lesotho II Authority corrects the one instance of material noncompliance detailed on pages 42 and 47 of the audit report.

We recommend that USAID verify that Amref Health Africa corrects the one instance of material noncompliance detailed on pages 59 to 61 of the audit report.

Conduct a comprehensive review of IAF's software and hardware inventories and update them to ensure that they are accurate and complete.

IAF's Chief Information Security Officer update IAF's procedures to include all elements for tracking the Agency's software and hardware assets. At a minimum these elements should include device type, location, and software license information.

IAF's Chief Information Security Officer conduct a security controls assessment for the two systems identified.

IAF's Chief Information Security Officer develop and implement procedures to hold system owners accountable for conducting security controls assessments and completing system security plans, and document which security controls are assessed and when.

IAF's Chief Information Security Officer update security plans for the two systems identified to include all required components as outlined in NIST Special Publication 800-53.

IAF's Chief Information Security Officer document the controls IAF is responsible for implementing for the external system identified and develop and implement a security plan for the system.

Determine the allowability of $68,272 in unsupported questioned costs on pages 20 to 24 of the audit report and recover any amount that is unallowable.

Verify that The Association Network for Building Peace corrects the instance of material noncompliance detailed on pages 37 to 38 of the audit report.

Finalize and implement a policy outlining responsibilities and procedures for using administrative funds for purchases, including procedures for documenting justifications and approvals of requests.

Determine the allowability of approximately $26,900 in questioned costs.

We recommend that USAID verify that Baylor College of Medicine Children's Foundation Uganda corrects the one instance of material noncompliance detailed on page 31 of the audit report.

Identify key balances, such as high-risk balances or high dollar value items and ensure that supporting schedules agree with stated balances

For material transactions that sample support cannot be located, obtain alternative evidence such as confirmations from vendors, grantees or banks

Develop and document retention controls that take into consideration USADF's current structure

Establish and implement a financial reporting process to ensure timely preparation of quarterly and annual financial statements in compliance with OMB Circular A-136 that is appropriate for its current size, staffing levels, and mission

Determine personnel gaps in its financial reporting function and determine whether these roles can be filled by existing USADF personnel

Implement monitoring mechanisms to ensure adherence to federal financial management requirements and timely corrective action for deficiencies

Consider implementing alternative solutions, to provide internal control support, including FMFIA/A-123 testing and documentation updates

Develop and implement a streamlined internal control and risk assessment plan focused on the drawdown of operations, prioritizing high-risk areas such as disbursements, funds held outside of treasury (FHOT), grants, and closeout procedures to maintain compliance and financial integrity

Strengthen communication and accountability by issuing clear written guidance on roles and responsibilities for remaining personnel and establishing a simple escalation process for unresolved control issues

Develop a plan for completing the FY 2026 internal controls assessment and resulting assurance statements, including the timing and who is responsible for completing the assessment

Perform the FY 2026 internal controls assessment and prepare the resulting assurance statements in accordance with Federal requirements and within the required due date

Establish and implement a financial reporting process to ensure timely preparation of an OMB Circular A-136-compliant AMR that is appropriate for its current size, staffing levels, and mission

Develop procedures to analyze systems, controls, and legal compliance to the extent necessary to prepare management's assurances related to FMFIA

Identify key balances, such as high-risk balances or high dollar value items and ensure that supporting schedules in Phoenix agree with stated balances. Where balances and supporting schedules don't agree, research and resolve differences.

For material transactions that sample support cannot be located, obtain alternative evidence such as confirmations from vendors, grantees, or banks

Develop and document retention controls that take into consideration USAID's current structure

Develop a document that identifies critical processes, assigns responsibilities, and references existing policies where applicable. The document should also document what interim procedures are in place, and any compensating controls, focusing on high-risk areas.

Apply scaled internal control principles from OMB Circular A-123 and GAO Green Book, documenting exceptions and compensating controls where segregation of duties is not feasible.

Create an Agency Closeout Checklist, or similar document, covering reconciliations, financial statement certification, record transfer, and communication of residual risks.

Communicate simplified procedures to remaining staff and confirm understanding through briefings or written guidance.

Establish and implement a financial reporting process to ensure timely preparation of quarterly and annual financial statements in compliance with OMB Circular A136 that is appropriate for its current size, staffing levels, and mission

Address personnel gaps in its financial reporting function especially as it related to preparation of an Annual Financial Report (AFR) or a Performance and Accountability Report as required by OMB implementation guidance.

Implement monitoring mechanisms to ensure adherence to federal financial management requirements and timely corrective action for deficiencies.

Implement alternative solutions to provide internal control support, including FMFIA/OMB Circular A-123 testing, documentation updates, and corrective action tracking, to compensate for limited staff capacity and ensure continuity during the wind-down period.

Develop and implement a streamlined internal control plan focused on the drawdown of operations, prioritizing high-risk areas such as disbursements, grants, and closeout procedures to maintain compliance and financial integrity

Strengthen communication and accountability by issuing clear written guidance on roles and responsibilities for remaining personnel and establishing a simple escalation process for unresolved control issues.

Establish and implement procedures to consistently document and retain the design, implementation, and operating effectiveness of general information technology controls supporting Phoenix.

Develop a plan for completing the fiscal year 2026 internal controls assessment, Enterprise Risk Management process, and resulting assurance statements, including the timing and who is responsible for completing the assessment.

Perform the fiscal year 2026 internal controls assessment and prepare the resulting assurance statements in accordance with Federal requirements and within the required due date.

Establish and implement a financial reporting process to ensure timely preparation of an OMB Circular A-136-compliant AFR that is appropriate for its current size, staffing levels, and mission.

Address personnel gaps in its financial reporting function

Develop performance goals that align with its current mission and measure performance against those goals.

Develop procedures to analyze systems, controls, and legal compliance to the extent necessary to prepare management's assurances related to FMFIA.

MCC's Chief Information Officer develop a schedule for completing the overdue security assessment of the internal system and conduct the assessment accordingly.

MCC's Chief Information Officer develop and implement procedures requiring contracts for external systems to include assessments of security controls at a frequency MCC defines

We recommend that USADF's Chief Information Officer remediate the 122 high-risk and 23 critical vulnerabilities identified by USADF's December 2, 2024, scans.

We recommend that USADF's Chief Information Officer evaluate its vulnerability remediation process to determine why high and critical vulnerabilities were not addressed within required time frames and implement corrective actions as appropriate.

We recommend that USADF's Chief Information Officer finalize the enterprise risk management plan to define roles, responsibilities, and authority for cybersecurity risk management.

We recommend that USADF's Chief Information Officer determine why the enterprise risk management plan was not finalized and implement corrective action as appropriate.

We recommend that USADF's Chief Information Officer determine whether USADF updated its cybersecurity training strategy and plans to incorporate the results of the workforce assessments and, if not, update and implement the strategy and plan.