Recommendation Dashboard

We recommend that USAID/Nigeria verify that Heartland Alliance LTD/GTE corrects the one instance of material noncompliance detailed on page 33 of the audit report.

We recommend that USAID/Kenya and East Africa verify that East African Community corrects the one instance of material noncompliance detailed on pages 48 to 50 of the audit report.

We recommend that USAID/Southern Africa determine the allowability of $46,526 in unsupported questioned costs on pages 18 and 29 of the
audit report and recover any amount that is unallowable.

We recommend that USAID/Southern Africa verify that Right to Care NPC corrects the one material weakness in internal control detailed on page 32 of the audit report.

We recommend that USAID/Tanzania verify that T-MARC Tanzania corrects
the six instances of material noncompliance detailed on pages 39 to 46 of the audit report.

Develop and implement a process that clearly defines performance indicators with targets for the overall threshold program objectives, as well as a method to track and assess performance indicators to demonstrate the extent to which the Threshold Program is meeting its targets and achieving its overall objectives.

Assess the Board Representatives Interagency Advisory's information needs-including the types and frequency of communication-and develop a plan to address any identified information gaps.

Define "substantial implementation" for Threshold Programs and develop and implement a process for informing the MCC Board of Directors on the progress made toward substantial implementation by countries implementing a Threshold Program, when such a country is recommended for compact eligibility.

Determine whether steps can be taken to mitigate risks associated with the ongoing contribution to Gavi for COVID-19 vaccination efforts.

Determine whether future contributions to Gavi for COVID-19 vaccines should include additional oversight clauses to mitigate the higher risk for fraud, waste, and abuse.

We recommend that USAID Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Prague Civil Society Centre, nada?ni fond corrects the four instances of material noncompliance detailed on pages 21 to 26 of the audit report.

We recommend that USAID/Zimbabwe determine the allowability of $27,154 in ineligible questioned costs on pages 9 and 11 of the audit report and recover any amount that is unallowable.

We recommend that USAID/Zimbabwe verify that The Union Zimbabwe Trust corrects the seven instances of material noncompliance detailed on page 14 of the audit report and pages 7 to 16 of the management letter.

We recommend that USAID/Tanzania verify that Deloitte Consulting Limited corrects the five material weaknesses in internal control detailed on pages 33 to 36, and 40 to 45 of the audit report.

We recommend that USAID/Tanzania verify that Deloitte Consulting Limited corrects the two instances of material noncompliance detailed on pages 48, 49, and 52 of the audit report.

Develop and implement written procedures to:
- Periodically test the effectiveness of the rules for its data loss prevention tool and revise those rules when needed.
- Configure the Agency's data loss prevention tool to prevent the loss of other types of personally identifiable information (such as home addresses and dates of birth), in addition to Social Security numbers.
- Manage data loss prevention activities, including when staff should be notified of their violations.

Revise "Information Technology (IT) Security Training-Policy, Standards, Guidelines, and Plan" to document and implement a process for:
-Providing role-based privacy training to staff that are responsible for processing personally identifiable information.
-Providing role-based privacy training to staff at least annually.
- Training staff on how to identify new privacy risks and retention schedules for personally identifiable information as required in the role-based privacy training materials.

Update and implement the Agency's Social Security number reduction plan.

Update and implement the Agency's "System of Records Notices Standard Operating Procedure" to:
- Align with current requirements for reviewing and updating Agency system of record notices.
- Document decisions that system changes were not significant and, thus, related system of record notices do not need to be updated.
In addition, update the following system of record notices with the missing or incomplete elements identified in Appendix B of this document, as required by Office of Management and Budget Circular A-108:
- Personnel Security and Suitability investigations records;
- Google Apps;
- Personal Services Contract records;
- Congressional relations, inquiries, and travel records; and
- Litigation records.

Develop and implement a plan to maintain a complete, accurate inventory of the Agency's third-party websites-including periodic reminders to staff that implementing partners should notify the Agency when creating or deactivating public-facing, third-party websites-and take action, where needed, to post privacy notices on websites that collect personally identifiable information.