Recommendation Dashboard

The Chief Information Officer finalize and implement the Standard Operating Procedure for the Use of ePolicy Orchestrator Policy Auditor For Baselines Monitoring and Reporting.

The Chief Information Officer document and implement a process to ensure that all baselines are appropriately implemented and periodically checked for compliance in accordance with Agency policy.

The Chief Information Officer develop and implement a process to remediate vulnerabilities within an Agency-defined time frame, as appropriate, or document acceptance of the risks of those vulnerabilities.

The Chief Information Officer document and implement a process for monitoring Agency devices for unauthorized application software, preventing the installation of such software, and removing it if found.

USAID/Afghanistan implement written standards for what constitutes effective, sufficient oversight, including the amount of monitoring deemed necessary for an activity to continue, the relative contributions of the five tiers, and potential events that warrant a decision on the status of the activity.

USAID/Afghanistan implement written procedures for having mission managers decide whether to continue an activity if standards are not met or if such future events occur.

USAID/Afghanistan prepare a written determination to add a module to capture and analyze monitoring data in Afghan Info, or establish a different system to store centralized monitoring data for analysis and set a deadline for making any design changes.

USAID/Afghanistan implement procedures to periodically reconcile awards listed in Afghan Info with records held by the Office Acquisition and Assistance, the Office of Program and Project Development, and technical offices, including those based in Washington, D.C., and update Afghan Info as necessary.

USAID/Afghanistan adopt a policy of reviewing Mission Order 203.02 or any subsequent order on monitoring at its quarterly monitoring review meetings to make sure all staff are aware of the requirement to promptly verify and approve reports submitted in Afghan Info.

USAID/Afghanistan implement a strategy to analyze project performance information and make recommendations to mission leaders in light of anticipated staffing reductions and travel restrictions.

USAID/Afghanistan develop procedures to verify that annual monitoring plans required under Mission Order 203.02 or any subsequent order on monitoring are prepared and used to structure the activities of its third-party monitors.

USAID/Afghanistan implement procedures to help ensure that all evaluations, assessment reports, and recommendations are recorded and tracked in Afghan Info.

USAID/Afghanistan implement procedures to follow up on the status of open evaluation recommendations periodically.

USAID's Office of U.S. Foreign Disaster Assistance implement procedures to identify, include in its standard set, and monitor performance indicators that measure effectiveness in responding to a pandemic.

USAID's Office of U.S. Foreign Disaster Assistance, in coordination with Global Communities, implement procedures to identify
and monitor performance indicators that measure program effectiveness.

USAID's Office of U.S. Foreign Disaster Assistance, in coordination with Global Communities, implement procedures to improve
controls over payments to burial and disinfection team members by depositing salaries directly in bank accounts when possible or confirming team members' identities with identification cards.

USAID's Office of U.S. Foreign Disaster Assistance implement standard operating procedures for rotating Disaster Assistance Response Team members to transfer program information. These procedures should include documenting site visits and all other efforts to verify program activity.

USAID's Office of U.S. Foreign Disaster Assistance, in coordination with Global Communities, implement procedures to verify that reported results are accurate.

USAID's Office of U.S. Foreign Disaster Assistance, in coordination with Global Communities, document a disposition plan for the transfer of vehicles purchased by the program.

USAID's Office of U.S. Foreign Disaster Assistance, in coordination with Global Communities and the Government of Liberia, document a transition plan for the transfer and management of the Disco Hill burial site prior to program completion.

The U.S. African Development Foundation's Chief Financial Officer develop and fully implement a documented process to confirm that the foundation's security assessment and authorization activities for systems transitioned to cloud service providers are compliant with National Institute of Standards
and Technology requirements. At a minimum, this should include a review of the security
authorization package for the cloud service provider and a determination of risk to the
foundation documented in an authorization-to-operate memo based on a completed security controls assessment and updated system security plan, risk assessment, and plan of action and milestones.

The U.S. African Development Foundation's Chief Financial Officer update the General Support System security plan to reflect National Institute of Standards and Technology Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.

The U.S. African Development Foundation's
Chief Financial Officer develop and implement a documented process to review and update the General Support System's system security plan annually. At a minimum, this should include a determination whether the security requirements and controls for the system are documented adequately and reflect the current information system environment.

The U.S. African Development Foundation's Chief Financial Officer develop and implement a documented process to confirm that security assessment plans are documented for the General Support System that describe the scope of the assessment. At a minimum, this should include the security controls and control enhancements under assessment, and the assessment procedures to be used to determine security control effectiveness as required by the National Institute of Standards and Technology.

The U.S. African Development Foundation's Chief Financial Officer develop and fully implement a documented process to confirm that a security assessment is conducted annually for the General Support System, as required by foundation policy.

The U.S. African Development Foundation's Chief Financial Officer develop and fully implement a documented process to enforce the required review of user accounts by system owners to confirm that they are aligned with the individual's job function.

The U.S. African Development Foundation's President appoint a Senior Agency Official for Privacy/Chief Privacy Officer who has the authority within the foundation to consider information privacy policy issues at a national and agency-wide level.

The U.S. African Development Foundation's President develop and fully implement a documented process to confirm that the Senior Agency Official for Privacy/Chief Privacy Officer meets privacy reporting requirements as stipulated by National Institute of Standards and Technology and foundation policy.

The U.S. African Development Foundation's President develop and fully implement a documented process to confirm that privacy impact assessments are updated when a system change creates a new privacy risk, and the Senior Agency Official for Privacy/Chief Privacy Officer reviews and approves them.

The U.S. African Development Foundation's Chief Financial Officer update the contingency plan for the General Support System and Program Support System to reflect the transition to cloud-based service providers.

The U.S. African Development Foundation's Chief Financial Officer develop and fully implement a documented process to confirm that the contingency plan for the General Support System and Program Support System are tested to make sure foundation personnel are trained on how to respond in the event of a disruption of cloud-based services.

The U.S. African Development Foundation's Chief Financial Officer develop and fully implement a documented process to confirm that contracts for service providers include requirements for security and privacy controls in compliance with the foundation's information technology security policies, associated standards, and any applicable federal laws, directives, regulations, and guidance.

We recommend that MCC's Department of Administration and Finance perform a more comprehensive review of advances by comparing MCA advances reported to MCC to the source data maintained by the fiscal agent.

We recommend that MCC's Department of Administration and Finance employ substantive fluctuation and trend analyses of the advances account and promptly investigate unusual fluctuation and trends.

We recommend that MCC enhance its Expense Accruals Financial Management Division Procedure Manual to:
a. Define the criteria for when the assumption that MCC's maximum liability being equivalent to unused spending authority at the end of the quarter is not valid and why.
b. Fully address the MCA confirmation process and how it is carried out and documented.
c. Incorporate the desk procedures so that the procedures are formally reviewed and approved
d. Address how a grant accrual estimate provided by an MCA should be evaluated
to determine if it is reasonable.
e. Establish a procedure to ensure that MCC provides an MCA with sufficient time to address MCC's request to assess the reasonableness of the MCC calculated grant accrual for an MCA.
f Formalize the guidance provided to an MCA on what supporting documentation should be provided to address the reasonableness of the MCC calculated grant accrual for an MCA or providing an accrual estimate for an MCA to MCC.

We repeat the prior years' recommendation that MCC's Department of Administration and Finance continue to investigate and correct the root
causes for the system limitations or problems that prevent or delay the recording,
processing, and summarizing of accounting transactions.

The Inter-American Foundation assess and document how selected grantees in El Salvador could contribute greater resources to their grants to maximize chances for sustainability.

The Inter-American Foundation develop a plan to train selected grantees on their responsibilities for properly reporting and retaining supporting documentation for reported results.

The Inter-American Foundation assess the Office of Management and Budget requirements and incorporate all those that are cost-effective for its grantees.

The Inter-American Foundation train selected
grantees in Brazil and El Salvador on compliance requirements.

The Inter-American Foundation modify its internal policies to require appropriate reporting of crimes (including fraud), waste, and abuse to the USAID Office of Inspector General.

USAID/West Africa determine the allowability of $278,525 in ineligible questioned costs and recover from Conseil Ouest et Centre Africain pour la Recherche et le Developpement Agricoles the amount determined to be unallowable.

USAID/West Africa acknowledge in writing the unauthorized commitment that occurred under these programs and include language to ratify any payments determined to be allowable.

USAID/West Africa implement procedures to verify that agreement officers approve modifications to extend awards before their end dates.

USAID/West Africa determine the allowability of $77,749 in unsupported questioned costs related to the outstanding funds from the Global Food Security Response projects and $40,074 in funds that Conseil Ouest et Centre Africain pour la Recherche et le Developpement Agricoles reimbursed into its own account, and recover from Conseil Ouest et Centre Africain pour la Recherche et le Developpement Agricoles the amount determined to be unallowable.

USAID/West Africa identify and determine the allowability of ineligible questioned costs related to the salaries paid for Conseil Ouest et Centre Africain pour la Recherche et le Developpement Agricoles employees who worked on other donors' projects and recover from Conseil Ouest et Centre Africain pour la Recherche et le Developpement Agricoles the amount determined to be unallowable.

USAID/Pakistan integrate gender sensitivity (women equality and empowerment) into project training to provide awareness to all dairy farmers, artificial insemination workers, and women livestock extension workers to improve women's access to economic opportunities.

USAID/Pakistan work with Dairy and Rural Development Foundation to provide additional support to the women livestock extension workers by extending the follow-up timeframe.

USAID/Pakistan, with the National Democratic Institute, reassess and document whether program activities remain viable given the security and political realities in Pakistan, and modify the agreement and work plans to update program activities, deliverables, and funding accordingly.

USAID/Pakistan, with the National Democratic Institute, implement a recruitment plan to fill vacant positions and maintain a staffing level commensurate with the program's planned results.

USAID/Pakistan, with the National Democratic Institute and Strengthening Participatory Organization, set written criteria for selecting subject matter experts and briefing them on issues of concern to the parties before holding discussion forums, and develop a written strategy to facilitate follow-up meetings between subject matter experts and members of policy working groups to discuss policy interventions as needed.

USAID/Pakistan, with the National Democratic Institute, identify and document the skills and experience necessary for members of research units and policy working groups; the relevant selection standards; and the procedures political parties will use to identify, select, and recruit qualified participants.

USAID/Pakistan, with the National Democratic Institute, implement a written plan to facilitate coordination between research units and policy working groups and share event schedules with them well in advance.

USAID/Pakistan, with the National Democratic Institute, implement a plan to obtain leadership commitment from each participating political party, clarify expectations and responsibilities, and focus the program on parties that are fully committed.

USAID/Pakistan, with the National Democratic Institute and the International Republican Institute, determine and document whether to continue program support and activities for the Institute for Public Opinion Research or to put the remaining funds to better use.

USAID/Pakistan, if it decides to continue supporting the Institute for Public Opinion Research, work with the National Democratic Institute and the International Republican Institute to implement a corrective action plan to address the slow progress in providing capacity building to the Institute for Public Opinion Research.

USAID/Pakistan require the National Democratic Institute to reassess and document the capabilities of Strengthening Participatory Organization and determine how to effectively involve it in the program.

USAID/Pakistan determine the allowability of, and recover from the National Democratic Institute as appropriate, ineligible questioned costs of $138,375.

USAID/Pakistan develop a plan to conduct regular site visits or devise alternatives to provide adequate oversight of the program if site visits are not possible, and document the results.

USAID/Pakistan work with the National Democratic Institute to develop an action plan to strengthen controls over performance data collection and reporting, including supervisory review of the data before submission to USAID/Pakistan.

USAID/Pakistan require the National Democratic Institute to have the Institute for Public Opinion Research undergo an audit of fiscal year 2013 expenditures in compliance with the Office of Inspector General's Guidelines for Financial Audits Contracted by Foreign Recipients.

USAID/Pakistan require the National Democratic Institute to modify agreements with the International Republican Institute and the Institute for Public Opinion Research to include the standard audit provisions.

We recommend that the Millennium challenge Corporation's Chief Information Officer implement automated controls to disable inactive MCCNet accounts when they reach the Corporations inactivity threshold. If management determines that using such controls is not feasible, document that decision in writing and implement mitigating manual controls.

We recommend that the Millennium Challenge Corporation's Vice President of Administration and Finance document and implement a process to perform periodic, as defined by the Corporation, reviews of the exit clearance process to determine whether personnel are maintaining exit forms as required.

We recommend that the Millennium Challenge Corporation's Chief Information Office develop and implement a written process to validate whether the plans of action and milestones are completed and updated on time.

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement a process to verify whether mobile devices are encrypted prior to use for Corporation business.

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement a process to verify on a periodic basis, as defined by the corporation, the status of encryption on all mobile devices containing corporation data and take corrective action, if necessary.

We recommend that the Millennium Challenge Corporation's Chief Information Officer implement multifactor authentication for all network accounts and document the results.

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement a written process to confirm that system risk assessments are completed in compliance with the corporation's risk assessment policy and procedures.

We recommend that the Millennium Challenge Corporation's Chief Information Officer complete and implement automated system controls to support the detection and protection of information related to privacy.