USAID OIG issued a management advisory to USAID regarding concerns with the Agency’s End-to-End Travel system (known as E2). Our evaluation found that USAID did not disable E2 accounts for 76 percent of users (137 of 178) within 24 hours following their separation from the Agency, as required. As a result, USAID faces the risk that unauthorized users will access sensitive travel plans, personally identifiable information, and credit card numbers of current or former employees.
This advisory made five recommendations to strengthen USAID’s controls around its sensitive travel data. We consider Recommendations 1 and 2 open and resolved pending further actions; Recommendations 3 and 4 open and unresolved; and Recommendation 5 closed.
Read the full management advisory.