Audit of USAID’s Financial Statements for Fiscal Years 2020 and 2019
Recommendations
USAID's Chief Financial Officer Implement plans to create a separate role description document and access forms for back end Financial System Staff Roles and document any potential segregation of duties conflicts, specially conflicts with financial processing roles.
USAID's Chief Financial Officer Implement a process to review System user access on an annual basis via the System Bureau Transaction Coordinator Roles and User ID Report and supporting evidence/acknowledgements to ensure that reviews occurred. Such
evidence/acknowledgements should be retained for an appropriate period.
USAID's Chief Financial Officer Ensure that annual System user access recertification includes all users and ensure that any access permission not explicitly requested and approved during the recertification are disabled/removed.
USAID's Chief Financial Officer Modify the Funds Control Accountant and Financial Management Analyst roles to mitigate the segregation of duties conflict and update the roles description. If the roles cannot be modified, then compensating controls should be implemented to mitigate the risk of users having these controls (i.e. monitoring and review, etc.).
USAID's Chief Financial Officer Modify the Procurement Order Requestor and Procurement Obligation Processor roles to mitigate the segregation of duties conflict and update the roles descriptions. If the roles cannot be modified, then compensating controls should be implemented to mitigate the risk of users having these controls (i.e. monitoring and review, etc.).
USAID's Chief Financial Officer Implement a written process to obtain system owner approval of shared database accounts. Documented approvals for shared database accounts in the system security plan (SSP). Controls for monitoring the activities and use of the shared accounts should also be documented in the SSP.