Recommendation Dashboard

We recommend that the Inter-American Foundation's chief information officer remediate unsupported software and configuration related vulnerabilities in the network identified by the Office of Inspector General, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities.

We recommend that the Inter-American Foundation's Chief Information Officer document and implement a process to test system changes and document the results of testing.

We recommend that the Inter-American Foundation's Chief Information Officer document and implement a process to test the Foundation's incident response capabilities.

Document and implement written procedures for account management that include: Completing, approving, and maintaining access request forms. Periodically recertifying users' access rights.

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement procedures for approving access for global administrator accounts.

We recommend that the Millennium Challenge Corporation's Chief Information Officer perform a documented review of current procedures to identify any missing controls required by National Institute of Standards and Technology Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal
Information Systems and Organizations. Based on that review, update the documented
procedures to address any missing controls.

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement mobile device policies and procedures that address all applicable mobile device controls as required by the MCC Information System Security Policy.

We recommend that the Millennium Challenge Corporation's Chief Information Officer implement written procedures to conduct and maintain security impact analyses before approving change requests.

OPIC's chief information officer remediate network vulnerabilities identified by the Office of Inspector General's contractor, as appropriate, or document acceptance of the risks of those vulnerabilities.

OPIC's chief information officer prepare a written authorization to operate each application or service, or decommission them and document the results.

OPIC's chief information officer document and implement an automated process to track the annual reviews of the Information Security Program Plan and update it, if needed.

To help maximize the program's potential to achieve results, we recommend that USAID/Pakistan conduct an assessment of progress made on achieving the Strengthening Citizen Voice and Accountability Program's goals; determine if adjustments to program activities, work plans, or the contract are necessary; and if so implement any actions that can be done before the program ends.

To help maximize the program's potential to achieve results, we recommend that USAID/Pakistan implement a final review process by technical offices before awards are made to verify that they agree with the program's design.

To implement key components, we recommend that USAID/Pakistan implement a plan to increase its monitoring of the Strengthening Citizen Voice and Accountability Program, including making visits to grantee activities as security conditions permit and using the mission's monitoring contractor.

To implement key components, we recommend that USAID/Pakistan require the Trust for Democratic Education and Accountability to implement a plan to add more training in how to be effective civil society organizations, as well as a process to evaluate the impact of the training for ongoing and future grant cycles.

To implement key components, we recommend that USAID/Pakistan review the budget for the Strengthening Citizen Voice and Accountability Program to determine if the award should be amended to reflect a reduction in scope for the public accountability component of the program (component 3), and if so, make the amendment accordingly.

USAID/Zambia determine the allowability of the $463,327 in unsupported questioned costs identified on pages 14 to 15 of Deloitte & Touche's audit report and recover from Agribusiness in Sustainable Natural African Plant Product the amounts determined to be unallowable.

USAID/Zambia verify that Agribusiness in Sustainable Natural African Plant Product corrects the one material weakness in internal control detailed on page 20 of Deloitte & Touche's audit report.

USAID/Zambia verify that Agribusiness in Sustainable Natural African Plant Product corrects the two instances of material noncompliance detailed on pages 23 to 24 of Deloitte & Touche's audit report.

USAID/Zambia verify that all closeout requirements with Agribusiness in Sustainable Natural African Plant Product are finalized - that there are no outstanding advances or reimbursements and that a disposition plan is in place.

USAID/Zambia determine the allowability of the $156,500 in questioned costs ($1,697 ineligible and $154,803 unsupported) identified on pages 14 and 17 of Deloitte & Touche's audit report and recover from Agribusiness in Sustainable Natural African Plant Product the amounts determined to be unallowable.

USAID/Zambia verify that Agribusiness in Sustainable Natural African Plant Product corrects the three material weaknesses in internal control detailed on pages 21 to 24 of Deloitte & Touche's audit report.

USAID/Zambia verify that Agribusiness in Sustainable Natural African Plant Product corrects the eight instances of material noncompliance detailed on pages 27 to 35 of Deloitte & Touche's audit report.

USAID/Zambia determine the allowability of the $8,522 in questioned costs ($3,275 ineligible and $5,247 unsupported) identified on pages 14 to 15 of Deloitte & Touche's audit report and recover from Agribusiness in Sustainable Natural African Plant Product the amounts determined to be unallowable.

USAID/Zambia verify that Agribusiness in Sustainable Natural African Plant Product corrects the one material weakness and two significant deficiencies in internal control detailed on pages 21 to 24 of Deloitte & Touche's audit report.

USAID/Zambia verify that Agribusiness in Sustainable Natural African Plant Product corrects the six instances of material noncompliance detailed on pages 27 to 34 of Deloitte & Touche's audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support determine the allowability of $2,484,887 in unsupported direct questioned costs and collect any disallowed amounts from AMEX International, Inc. (see pages 2, 10 and 11 of the report).

USAID's Office of Acquisition and Assistance, Cost, Audit and Support ensure that AMEX International, Inc. has implemented the auditor's recommendations for Finding #1 (see pages 10 and 11 of the report).

USAID/Tanzania determine the allowability of the $354,929 in questioned costs ($323,066 ineligible and $31,863 unsupported) identified on pages 8 to 10 of RSM Eastern Africa's audit report and recover from the National Audit Office Tanzania the amounts determined to be unallowable.

USAID/Tanzania verify that National Audit Office Tanzania corrects the five significant deficiencies in internal control detailed on pages 15 to 21of RSM Eastern Africa's audit report.

USAID/Tanzania verify that National Audit Office Tanzania corrects the eleven instances of material noncompliance detailed on pages 23 to 42 of RSM Eastern Africa's audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support determine the allowability of $88,285 in unsupported direct questioned costs and $33,597 in ineligible direct questioned costs and collect any disallowed amounts from JTJ Resources, Inc. (see pages 12 through 20 of the report).

USAID's Office of Acquisition and Assistance, Cost, Audit and Support ensure that JTJ Resources, Inc. has implemented the auditor's recommendations for Findings #1 and #2 (see pages 12 through 20 of the report).