Recommendation Dashboard

USAID/Madagascar determine the allowability of $24,246 in questioned costs ($10,808 ineligible and $13,438 unsupported) identified on page 11 of the audit report and pages 20 to 22 of the separate management letter.

USAID/Madagascar verify that Institut Pasteur de Madagascar corrects the two instances of material noncompliance detailed on pages 20 to 21 of the separate management letter.

USAID/Kenya and East Africa verify that Ananda Marga Universal Relief Team corrects the one significant deficiency in internal control pertaining to the Inuka Community Based Orphans and Vulnerable Children Project detailed on pages 29 and 30 of the audit report.

USAID/Kenya and East Africa determine the allowability of $20,710 in ineligible questioned costs identified on pages 15, 17 and 20 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Act Change Transform corrects the one instance of material noncompliance detailed on page 31 of the audit report.

USAID/Tanzania determine the allowability of $243,662 in questioned costs ($7,415 ineligible and $236,247 unsupported) on pages 11, 14, and 17 of the audit report and recover any amount that is unallowable.

USAID/Tanzania verify that Tanzania Council for Social Development corrects the four significant deficiencies in internal control detailed on pages 20 to 23 of the audit report.

USAID/Tanzania verify that Tanzania Council for Social Development corrects the five instances of material noncompliance detailed on pages 26, 27, 32, 34, and 37 of the audit report.

USAID/Kenya and East Africa determine the allowability of $96,768 in ineligible questioned costs on pages 16 and 20 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that State University of New York  corrects the two instances of material noncompliance detailed on pages 26 to 28 of the audit report.

USAID/Zambia determine the allowability of $1,634 in ineligible questioned costs identified on page 17 of the audit report and recover any amount that is unallowable.

USAID/Zambia verify that Indaba Agricultural Policy Research Institute corrects the one significant deficiency in internal control detailed on page 26 of the audit report.

USAID/Zambia verify that Indaba Agricultural Policy Research Institute corrects the four instances of material noncompliance detailed on pages 24, 25, 27, and 28 of the audit report.

USAID/Liberia determine the allowability of $1,788,608 in questioned costs ($13,263 ineligible and $1,775,345 unsupported) on pages 9, 11, and 16 of the audit report and recover any amount that is unallowable.

USAID/Liberia verify that Management Sciences for Health corrects the six material weaknesses and one significant deficiency in internal control detailed on pages 34 to 45 of the audit report.

USAID/Kenya and East Africa determine the allowability of $8,385 in ineligible questioned costs identified on pages 8 and 13 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Children of God Relief Institute corrects the two instances of material noncompliance detailed on pages 13 and 14 of the audit report.

USAID/Southern Africa determine the allowability of $4,251 in ineligible questioned costs pertaining to award number A-674-A-12-00031 identified on pages 17 and 22 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Stellenbosch University provide Mothers2Mothers South Africa NPC with a copy of the finding raised in BDO's management report for their  review and any appropriate action regarding the $571 in ineligible questioned costs pertaining to subaward 16/0001 identified on pages 17, 18 and 22 of the audit report.

USAID/Southern Africa take appropriate action under ADS 303.3.10 regarding the $18,528 shortfall in cost sharing contributions pertaining to award number A-674-A-12-00031 identified on pages 27 and 28 of the audit report.

USAID/M/OAA/CAS/CAM determine the allowability of $710 in ineligible questioned costs pertaining to award number AID-OFDA-G-16-00115 identified on pages 17, 18 and 22 of the audit report and recover any amount that is unallowable.

USAID/Nigeria verify that Health Initiative for Safety and Stability in Africa corrects the four significant deficiencies in internal control detailed on pages 25 to 28 of the audit report.

Management decision reached upon report issuance: The agency agreed with our one recommendation and is proactively  implementing broader activities to further improve construction data and oversight. USAID also provided technical comments, which we incorporated where appropriate. USAID noted that while our audit's scope was limited to grants and cooperative agreements, the findings apply to USAID's broader portfolio. The Agency therefore decided to implement corrective actions that go beyond our recommendations, USAID will implement activities to improve compliance with data collection and construction oversight requirements for both assistance and acquisition awards. Activities include expanding training, including the Office of Energy and Infrastructure on the contract review board, and updating policies and procedures. We acknowledge the management decision and consider the recommendation resolved but open pending completion of planned activities, which USAID anticipates by November 30, 2019.

USAID/Rwanda determine the allowability of $33,606 in ineligible questioned costs on pages 11 and 25 of the audit report and recover any amount that is unallowable.

USAID/Rwanda verify that African Evangelistic Enterprise corrects the one significant deficiency in internal control detailed on page 10 of the management letter.

USAID/Rwanda verify that African Evangelistic Enterprise corrects the one instance of material noncompliance detailed on pages 35 to 36 of the audit report.

USAID/Rwanda verify that African Evangelistic Enterprise provides Global Communities, Catholic Relief Services, and Education Development Center, Inc. with a copy of the findings raised in RUMA's audit report  for their review and appropriate action regarding (a) any ineligible questioned costs identified on pages 11 and 25 of the audit report pertaining to their particular subawards and (b) the two  instances of material noncompliance related to the subawards detailed on pages 35 and 37 of the report.

USAID/Mozambique determine the allowability of $591,945 in questioned costs ($406,238 ineligible, $185,707 unsupported) on pages 25 and 27 of the audit report and recover any amount that is unallowable.

USAID/Mozambique verify that Procuradoria Geral da Republica corrects the six instances of material noncompliance detailed on pages 48 to 60 of the audit report

USAID/Mozambique implements the unresolved prior audit recommendations detailed on page 68 of the audit report.

USAID/Southern Africa verify that Foundation for Professional Development corrects the one significant deficiency in internal control identified on page 29 of the audit report.

USAID/Indonesia determine (1) if there was unremitted interest income, or costs incurred and reimbursed by USAID that have not been paid by IIEF to vendors as discussed on page 2 of this memorandum; and (2) the allowability of unremitted income and unpaid costs charged to USAID, and recover any amount determined to be unallowable.

USAID/Southern Africa determine the allowability of $2,762 in ineligible questioned costs on pages 29 and 35 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that University of South Africa corrects the two instances of material noncompliance identified on page 64 of the audit report.

USAID/Kenya and East Africa determine the allowability of $46,333 in ineligible questioned costs detailed on pages 11 and 19 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Amref Health Africa corrects the one significant deficiency in internal control detailed on page 23 of the audit report.

USAID/Kenya and East Africa verify that Amref Health Africa corrects the one instance of material noncompliance detailed on pages 24 and 25 of the audit report.

USAID/West Bank and Gaza determine the allowability, and collect as appropriate, $2,821 of questioned unsupported cost share expenses, as detailed on page 18 of PricewaterhouseCooper report. 

USAID/West Bank and Gaza require Appleseeds Academy to implement policies and procedures ensuring that it checks suppliers' names against the Excluded Parties List System, as detailed on page 19 of PricewaterhouseCooper report. 

Verify that National University of Sciences and Technology corrects the four material instances of noncompliance discussed on page 2 of this memorandum and detailed on section 7.2 on pages 29–31 and on Issue 4 in the management letter on page 39 of the report.

Determine the allowability of $16,056 in questioned costs (ineligible) identified in the fund accountability statement on page 15, and further detailed on pages 11–12 of the audit report, and recover any amount that is unallowable.

Verify that the A.A. Associates corrects the two material instances of noncompliance identified in the report on compliance on pages 26–27 and detailed on pages 11–12 of the audit report (and also presented as Finding 3.1 on pages 47–48), and as discussed on page 2 of this memorandum and detailed in Finding 4.2 on page 53 of the audit report.

Verify that the A.A. Associates corrects the significant deficiency in internal control discussed on page 2 of this memorandum and detailed in Finding 3.2 on page 49 of the audit report.

Verify that Al-Kasib Group of Engineering Services (AGES) Consultants corrects the three material weaknesses in internal control identified in the report on internal control on pages 39–40 and detailed in Findings1–3 on pages 47–50 of the audit report; and the one significant deficiency in internal control discussed on page 2 of this memorandum and detailed in Observation 3 of the management letter on page 58 of the audit report.

Implement a process and related guidance for verifying and documenting that OPIC is not competing with the private market in a given country.

Revamp the development impact profile process to sufficiently capture and assess projects’ projected and actual effects, and report reliable data to Congress. This should include establishing clear criteria, requiring evidence, aligning application questions to obtain data needed, and documenting the process for determining actual effects.

Implement a formal process for consulting with USAID on its development impact profile criteria that includes the documentation of the consultations.

Implement a process and related guidance to verify and document how projects seeking approval complement U.S. development assistance objectives. It should include considerations for connecting to the Department of State’s integrated country strategies and for complementing the work of other U.S. Government agencies and other donors.

Implement a performance management framework that is in compliance with the act and enables OPIC to fully capture its goals and report on progress in achieving its mission.

Implement a process with a sound methodology for validating data provided by borrowers in the self-monitoring questionnaire, and strengthen procedures for timely submissions.

Update the Office of Investment Policy’s process for identifying and selecting projects for site visits, and for tracking and documenting planned and actual visits, so that it is streamlined and based on reliable data.

Modify Office of Investment Policy’s guidance to include relevant staff members’ roles and responsibilities for providing input into independent engineers’ scopes of work and documenting reviews of materials related to environmental and social protection.

Implement a formal process with defined roles for handling environmental and social concerns that various stakeholders refer to OPIC.

Conduct and document a baseline assessment of all policies and procedures to identify and update outdated material, and implement controls to ensure periodic reviews and updates.

Conduct and document a review of the Office of Investment Policy’s guidance to identify any gaps and check for consistency among other offices’ related guidance, and update as necessary.

Consistent with addressing National Archives and Records Administration’s recommendations, develop policies and corresponding training for complying with Federal Government records management requirements that define roles and responsibilities and require supervisory compliance reviews, periodic testing of the official records management system, and documentation of these review and testing results.

Conduct a baseline assessment to determine the information access needs of each office to accomplish their respective work, and develop protocols to ensure each office has access to needed information.

Implement a system to track the receipt, review, and certification of all project deliverables, including third-party reports.

Develop and implement a borrower evaluation system that contains information on performance, including violations, repayment history, compliance, and development impact. Develop a policy requiring this information to be used in the review process for future deals with reoccurring borrowers.

Formalize a process for capturing and disseminating lessons learned agencywide that acknowledges strengths and weaknesses associated with business practices, and modify relevant policies and procedures accordingly.

USAID/Bangladesh verify that the WildTeam Limited corrects the seven significant deficiencies in internal control identified in the report on internal control on pages 30–31 and further detailed in Findings 4.2.1–4.2.7 on pages 32–40 of the audit report.

USAID/Bangladesh verify that the WildTeam Limited corrects the two material instances of noncompliance identified in the report on compliance on pages 42 –43 and further detailed in Findings 5.2.1–5.2.2 on pages 44–48 of the audit report.

Esure that UNIBE conducts the required audit of World Vision Dominican Republic.

Verify that UNIBE corrects the one significant deficiency in internal control identified on pages 48 and 49 of the audit report pertaining to the shortfall in the annual cost-sharing contribution.

Verify that UNIBE corrects the one material instance of noncompliance identified on pages 52 and 53 of the audit report pertaining to the shortfall in the annual costsharing contribution.

Document and implement a process to update its privacy impact assessments for the Corporation’s information systems.

Remediate patch and configuration vulnerabilities in the network identified by the Office of Inspector General, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities.

Document and implement a process to verify that patches are applied in a timely manner.

Document and implement a process to verify that (1) the account management system is updated promptly to support the management of information system accounts and (2) inactive accounts are promptly disabled after 30 days in accordance with the Corporation’s access control procedures

Document and implement procedures to record the date that system user accounts are disabled or deleted.

Document and implement a process to verify that interconnection security agreements and memorandums of understanding are annually reviewed and, if needed, updated.

Conduct (1) contingency training and (2) a test of the information system contingency plan in accordance with OPIC’s policy.

USAID/Kenya and East Africa determine the allowability of $78,225 in ineligible questioned costs on page 9 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Uraia Trust corrects the three instances of material noncompliance detailed on pages 15 to 17 of the audit report.

USAID/Pakistan determine the allowability of $12,762,403 in questioned costs ($12,731,657 ineligible and $30,746 unsupported) as detailed in Table 1 on page 3 of this memorandum, and recover any amount that is unallowable.

USAID/Pakistan verify that the Local Government & Rural Development Department, Government of Khyber Pakhtunkhwa corrects the 13 material instances of noncompliance detailed in Table 1 on page 3 of this memorandum and the associated internal control weaknesses identified in the management letter and discussed on page 4 of this memorandum.

USAID/El Salvador determine the allowability of $2,355 in ineligible questioned costs on page 12 of the audit report and recover any amount that is unallowable.

USAID/El Salvador verify that Fundacion Crisalida Internacional corrects the one instance of material noncompliance detailed on page 29 of the audit report. 

USAID/Colombia determine the allowability of $1,220 in unsupported questioned costs on pages 5 through 7 of the management letter and recover any amount that is unallowable.

USAID/West Bank and Gaza require AMIDEAST to establish and implement policies and procedures ensuring proper submittal of Value Added Taxes refund sheets by its sub-awardees, as detailed on page 19 of Talal Abu – Ghazaleh & Co. audit report.

USAID/Southern Africa verify that Right to Care NPC corrects the four significant deficiencies in internal control detailed on pages 35 to 39 of the audit report.

USAID/M/OAA/CAS/CAM determine the allowability of $3,040 in ineligible questioned costs on pages 22 and 24 of the audit report and recover any amount that is unallowable.

USAID/M/OAA/CAS/CAM verify that Right to Care NPC corrects the two significant deficiencies in internal control detailed on pages 42 and 43 of the audit report.

USAID/M/OAA/CAS/CAM verify that Right to Care NPC corrects the four instances of material noncompliance detailed on pages 48, 49, 53 and 55 of the audit report.

USAID/Nigeria verify that Association for Reproductive and Family Health corrects the two significant deficiencies in internal control detailed on pages 27 and 28 of the audit report.

USAID/Nigeria verify that Association for Reproductive and Family Health provide Family Health International with a copy of the findings in Ijewere  & Co.'s audit report for its review to take any appropriate action regarding the two significant deficiencies in internal control related to Strengthening Integrated Delivery of HIV/AIDS Services project as detailed on pages 30 and 31 of the report. 

USAID/Tanzania verify that SAGCOT Centre Limited provide Alliance for a Green Revolution in Africa with a copy of PricewaterhouseCoopers' audit report for its review to a) determine the allowability of the $1,082 in ineligible questioned costs on pages 17 and 23 of the audit report and recover any amount that is unallowable and b) take any appropriate action regarding the three material weaknesses in internal control as detailed on pages 28 to 32 of the report.

USAID/Tanzania verify that T-MARC Tanzania corrects the one significant deficiency in internal control detailed on pages 23 to 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $35,022 in ineligible direct questioned costs and $109,000 in unsupported direct questioned costs detailed on pages 38 through 40 of the audit report and recover any amount that is unallowable. 

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that DKT International, Inc. and Affiliates has corrected the five material weaknesses in internal control over financial reporting, and two significant deficiencies in internal control over compliance  detailed on pages 24, 27, 32 through 37, 39, and 40 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that DKT International, Inc. and Affiliates has corrected the three instances of noncompliance or other matters and the instance of noncompliance with requirements that could have a direct and material effect on each major program detailed on pages 24, 25, 27, and 37 through 40 of the audit report.

USAID/Colombia determine the allowability of $1,754 in ineligible questioned costs on page 20 of the audit report and recover any amount that is unallowable.

USAID/Colombia verify that MOE corrects the one instance of noncompliance detailed on pages 37 and 38 of the audit report. 

USAID/Nicaragua determine the allowability of $2,880 in ineligible questioned costs on pages 3 and 11 of the management letter and recover any amount that is unallowable.

USAID/Nicaragua verify that FADCANIC corrects the three deficiencies in internal control detailed on pages 1 and 2 of the management letter.

USAID/Nicaragua verify that FADCANIC corrects the one instance of material noncompliance detailed on page 28 of the audit report and the one instance of noncompliance detailed on pages 11 and 12 of the management letter.

USAID/Colombia verify that Patrimonio Natural corrects the one significant deficiency in internal control detailed on pages 3 to 4 of the management letter and make a management decision with regards to the allowability of related costs and recover the amounts determined to be unallowable.

Office of the Chief Financial Officer establish an Agency working group comprising personnel of the Office of the Chief Financial Officer and the bureaus to research and address the $455 million differences between USAID and its trading partners that were reported in the fiscal year 2018 Agency Financial Report.

Chief Financial Officer review and revise, if necessary, the business process to account for reimbursable agreements so that all transactions are recorded in accordance with U.S. generally accepted accounting principles and the U.S. Standard General Ledger.

USAID/Kenya and East Africa determine the allowability of $177,514 in questioned costs ($81,638 ineligible and $95,876 unsupported) on page18 of the audit report and the accompanying calculation of imputed interest and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that East African Community corrects the seven material weaknesses and three significant deficiencies in internal control detailed on pages 28 to 32, 34 and 35, 39 to 44, and 46 to 48 of the audit report.

USAID/Kenya and East Africa verify that East African Community corrects the eight instances of material noncompliance detailed on pages 29 and 30, 32 and 33, 36 to 40, and 45 to 47 of the audit report.

USAID/Rwanda verify that Society for Family Health Rwanda corrects the material weakness in internal control identified on page 7 of the management letter.

USAID/M/OAA/CAS/CAM determine the allowability of $18,155 in questioned costs ($12,871 ineligible, $5,284 unsupported) on pages 10 and 12 of the audit report and recover any amount that is unallowable.

USAID/M/OAA/CAS/CAM verify that Nonviolent Peaceforce corrects the three instances of material noncompliance detailed on pages 23 to 25 of the audit report.

USAID/M/OAA/CAS/CAM determine the allowability of $11,144 in questioned costs pertaining to indirect costs and recover any amount that is unallowable.

USAID/Zimbabwe determine the allowability of $53,100 in ineligible questioned costs on pages 6,8, and 12 of the audit report and recover any amount that is unallowable.

USAID/Zimbabwe verify that Africaid corrects the three significant deficiencies in internal control detailed on pages 14 and 19-20 of the audit report.

USAID/Zimbabwe verify that Africaid corrects the three instances of material noncompliance detailed on pages 15-18 of the audit report.

USAID/Zimbabwe determine the allowabililty of $4,592 in foregone interest due to USAID funds not held in an interest bearing account as detailed on page 17 of the audit report and recover any amount that is unallowable.

USAID/Mozambique verify that OPHAVELA - Associacao Para o Desenvolvimento Socio-Economico corrects the one significant deficiency in internal control detailed on page 2 of the management letter.

USAID/Rwanda determine the allowability of $35,572 in ineligible questioned costs  on pages 11 and 23 of the audit report and recover any amount that is unallowable.

USAID/Rwanda verify that Caritas Rwanda corrects the one significant deficiency in internal control detailed on pages 36 and 37 of the audit report.

USAID/Rwanda verify that Caritas Rwanda corrects the one instances of material noncompliance detailed on pages 34 to 36 of the audit report.

USAID/Rwanda verify that Caritas Rwanda provide Global Communities and Catholic Relief Services with a copy of the finding raised in RUMA’s audit report for their review to (a) determine the allowability of $8,449 and $907, respectively, in ineligible questioned costs identified on pages 10 and 23 and recover the amounts determined to be unallowable and (b) take any appropriate action regarding the one instance of material noncompliance related to the subawards ISVP-PC-16-03; RW.16.SUBAGR.8349.P0077676.01.00; and RW.16.SUBAGR.8349.P0077676.02.00 as detailed on page 33 of the report.

USAID's Office of Acquisition and Assistance, Cost Audit and Support Division, determine  the allowability of 4,818 in reimbursements from The Louis Berger Group, Inc. Integrated Development Segment on pages 1, 2 and 6 of the audit report.

USAID Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $533,844 in unsupported direct questioned costs detailed on pages 2 and 14 through 16, of the audit report and recover any amount that is unallowable.

USAID Office of Acquisition and Assistance Cost, Audit and Support Division verify that Abt Associates, Inc. corrects Findings #1 and #2 on pages 11 through 16, of the audit report.

USAID/Bangladesh establish the total amount of the excess of expenditures over the approved budget for the life of the project as discussed on page 2 of this memorandum and presented in Finding 2 on pages 33-34, and 23-28 of the audit report, determine allowability, and recover any amount that is unallowable.

USAID/Bangladesh determine the allowability of $7,551 in excess cash not refunded to USAID (ineligible) as discussed on page 3 of this memorandum and presented on page 16 of the audit report, and recover any amount that is unallowable.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $5,700 in  ineligible direct questioned costs on page 11 of the audit report and recover any amount that is unallowable.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Innovations for Poverty Action has corrected the significant deficiency in internal control over financial reporting and  the two significant deficiencies in internal control over compliance detailed on pages 3 and 7 and pages 9 through 11 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Innovations for Poverty Action has corrected the instance of noncompliance that is the basis for the qualified opinion on one major program and the instance of noncompliance on other matters for each major federal program  detailed on pages 1, 2, 10 and 11 of the audit report.

USAID/Peru determine the allowability of $184,318 in ineligible questioned costs on pages 16 and 18 of the audit report and recover any amount that is unallowable.

USAID/Peru veify that DEVIDA corrects the two significant deficiencies in internal control detailed on pages 27 and 28 of the audit report. 

USAID Peru verify that DEVIDA corrects the one instance of material noncompliance detailed on page 42 of the audit report.

USAID/Pakistan determine the allowability of $5,738,008 in questioned costs ($5,698,756 ineligible and $39,252 unsupported) as detailed in Table 1 on pages 3–4 of this memorandum, and recover any amount that is unallowable.

USAID/Pakistan determine (1) whether disposal was made for the dismantled materials; (2) the amount of sales of the dismantled materials not reported to USAID; and (3) the allowability and recovery, if appropriate, of these questioned revenues, as detailed in Finding 4.1.4 on pages 29-30 of the audit report.

USAID/Pakistan verify that the Provincial Reconstruction Rehabilitation & Settlement Authority, Government of Khyber Pakhtunkhwa corrects the 30 material instances of noncompliance detailed in Table 1 on pages 3–4 of this memorandum. 

USAID/Cyprus determine the allowability and collect as appropriate, $34,112 in ineligible questioned costs as detailed in appendix A of PricewaterhouseCoopers report.

USAID/West Bank and Gaza require Development Alternatives, Inc. to establish and implement policies and procedures ensuring competitive contracting, as detailed on pages 19-21 of PricewaterhouseCoopers audit report.

USAID/West Bank and Gaza require Development Alternatives, Inc. to establish and implement policies and procedures ensuring proper incorporation of the required provisions in its sub-awards, as detailed on pages 22-24 of PricewaterhouseCoopers audit report.

USAID/Pakistan verify that Trust for Democratic Education and Accountability corrects the one material weakness in internal control identified in the report on internal control on page 21 and further detailed in Finding 7.1 on page 25 of the audit report.

USAID/Pakistan verify that Trust for Democratic Education and Accountability corrects the two issues which we considered as material instances of noncompliance as discussed on page 2 of this memorandum and further detailed in Issues 1 and 2 of the management letter.

USAID's chief information officer update the Agency's Vulnerability Management Standard Operating Procedure to (1) define the timeframe for applying system patches and (2) document and implement a process to validate that system patches are applied according to the timeframe
specified in the procedure.

USAID's chief information officer document and implement a process to validate that unsupported software is either upgraded or removed within 48 hours of identification, as specified in the Agency's Unauthorized/Unsupported Software Standard Operating Procedures, or document acceptance of the risk for allowing the unsupported software on the network.

USAID's chief information officer document and implement a process to fully automate the disabling of accounts after 90 days of inactivity and document the results.

USAID's chief information officer document and implement a process to validate that Agency account management policies are enforced for all USAID information systems, or formally document acceptance of the risk when implementing the account management policies is not feasible.

USAID's chief information officer document and implement a process to validate that USAID procedures are followed for testing, conducting security impact analysis of, and approving system changes.

USAID's chief information officer document and implement a process to validate that security assessment plans are documented and uploaded into the Cyber Security Assessment and Management tool.

USAID's chief information officer document and implement a process for reviewing plans of action and milestones on a regular basis to validate that scheduled completion dates, milestone updates, and quarterly updates are documented.

USAID's chief information officer document and implement a process to validate that USAID's privacy plan, policies, and procedures define personally identifiable information in accordance with National Institute of Standards and Technology (NIST) Special Publication 800-122, and are reviewed and kept up-to-date at least on a biannual basis as recommended by NIST Special Publication 800-53 (revision 4).

USAID's chief information officer document and implement a process to complete the rollout of the role-based security training to all required individuals.

USAID/Guinea determine the allowability of $2,371 ineligible questioned costs on pages 14 and 17 of the audit report and recover any amount that is unallowable.

USAID/Guinea verify that Organisation Catholique pour la Promotion Humaine Caritas Guinea corrects the one material weaknesses and two significant deficiencies in internal control detailed on pages 24 to 26 of the audit report.

USAID/Guinea verify that Organisation Catholique pour la Promotion Humaine Caritas Guinea corrects the two instances of material noncompliance detailed on pages 29 and 30 of the audit report.

USAID/Southern Africa verify that Africa Health Placements NPC corrects the two instances of material noncompliance detailed on pages 22 and 23 of the audit report.

USAID/M/OAA/CAS/CAM determine the allowability of $123,749 in ineligible questioned costs on page 11 of the audit report and recover any amount that is unallowable.

USAID/M/OAA/CAS/CAM verify that KPMG East Africa Limited corrects the two instances of material noncompliance detailed on pages 17 to 19 of the audit report.

USAID/M/OAA/CAS/CAM verify that KPMG East Africa Limited corrects the one instance of material noncompliance emanating from prior periods and detailed on page 20 of the audit report.

USAID/Kenya and East Africa determine the allowability of $38,715 in questioned costs ($37,521 ineligible, $1,194 unsupported) on pages 12 and 17 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that African Union-Interafrican Bureau for Animal Resources corrects the one significant deficiency in internal control detailed on page 25 of the audit report.

USAID/Kenya and East Africa verify that African Union-Interafrican Bureau for Animal Resources corrects the three instances of material noncompliance detailed on pages 29 to 32 of the audit report.

USAID/Nigeria determine the allowability of $98,820 in ineligible questioned costs on pages 19, 20, 25, and 26 of the audit report and recover any amount that is unallowable.

USAID/Nigeria verify that Interfaith Mediation Centre corrects the two material weaknesses in internal control identified on page 25 of the audit report.

MCC's Department of Administration and Finance and the Chief Financial Officer update the "Expense Accruals Financial Management Division Procedure Manual" to reflect the current grant accrual methodology.

MCC's Department of Administration and Finance and the Chief Financial Officer provide Millennium Challenge Accounts with written guidance on developing grant accrual estimates to ensure validity of the grant accruals estimate. The guidance should include, but not be limited to, the following: 1) Take into consideration the impact of contract advances and retentions for large works contracts in the accrual estimate. 2) Ensure that accrual estimates do not include costs that will not be paid with compact funds. 3) Consider historical questioned costs for contracts and grants that are significant in developing the accrual estimate.

MCC's Department of Administration and Finance and the Chief Financial Officer update the "Compact Grant Accrual Validation Data Call Desktop Manual" to include a time requirement for MCC to perform followup with Millennium Challenge Accounts so that errors in accrual estimates or validations are promptly identified and addressed.

MCC's Department of Administration and Finance and the Chief Financial Officer provide Millennium Challenge Accounts with written guidance to ensure that the Millennium Challenge Accounts perform grant accrual validation correctly to include, but not be limited to, validation of consultant contract costs.

MCC's Department of Administration and Finance and the Chief Financial Officer develop clear and complete written guidance for the Millennium Challenge Accounts' internal control over the data call process, provide effective training, and monitor the effectiveness of the internal control.

MCC's Department of Administration and Finance and the Chief Financial Officer develop, document, and implement a process to oversee and verify that the accountable Government entities conduct pre-Millennium Challenge Accounts compact procurements in accordance with the compact agreement and the Program Procurement Guidelines.

MCC's Department of Administration and Finance and the Chief Financial Officer update MCC's Program Procurement Guidelines to require the Millennium Challenge Accounts to document alternative procurement procedures so that all parties are aware of what is required, who is accountable for what, and how the procurement will be documented.

MCC's Department of Administration and Finance and the Chief Financial Officer develop, document, and implement policies and procedures for MCC's management oversight of transfer and retention of pre-Millennium Challenge Accounts compact procurement and related documents to the Millennium Challenge Accounts.

MCC's Department of Administration and Finance and the Chief Financial Officer inform the Millennium Challenge Accounts that the U.S. State Department’s Terrorist Exclusion List should be documented separately, for all currently active awards and future awards, and update MCC’s vendor eligibility verification guidance provided to the Millennium Challenge Accounts for completeness and accuracy.

MCC's Department of Administration and Finance and the Chief Financial Officer Identify the Millennium Challenge Accounts who are late with the vendor invoice payments, determine the reasons/causes for late payments, implement corrective actions, and monitor effectiveness of the corrective actions.

USAID/Haiti document and implement a detailed plan to conclude the Pilot Project for Sustainable Electricity Distribution that includes deliberate benchmarks and timelines for modernization and expansion to best position the utility for the private sector transfer strategy at the end of the project, and a formal contingency plan in case a private sector operator is not on track to take over the utility by the specified time.

USAID/Haiti implement a plan to address the longstanding staffing challenges at USAID/Haiti, reported repeatedly in the mission’s Federal Manager’s Financial Integrity Act of 1982 certifications, to enable the mission to better address the project oversight deficiencies identified in this report.

USAID develop and implement a governance structure so that the chief information officer position reports directly to the Administrator as required by the Federal Information Technology Acquisition Reform Act and the Clinger-Cohen Act.

USAID revise Automated Directives System 101 to give the chief information officer the roles, responsibilities, and authorities to oversee all annual and multiyear planning, programming, and budget execution decisions, and reports related to information technology resources, as required by the Federal Information Technology Acquisition Reform Act.

USAID develop and implement policies that give the chief information officer authority for formulating and executing the information technology budget and overseeing information technology resources, as required by the Federal Information Technology Acquisition Reform Act.

USAID revise Agency policies and procedures to provide the chief information officer with information needed for overseeing all information technology investments and acquisitions to prevent, detect, and correct shadow and hidden information technology.

USAID issue a written decision on whether to authorize DTRAMS, and take appropriate actions to comply with security assessment and authorization controls in National Institute of Standards and Technology Special Publication 800-53 Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations."

USAID document and implement an inventory validation process to accurately and completely document information technology investments, the information technology systems inventory, and the Federal Information Security Modernization Act reportable systems inventory.

USAID document and implement processes for maintaining accurate records for, and managing the consolidation and streamlining of, its information technology resources, systems, data centers, and other shared information technology services in compliance with Office of Management and Budget Memorandum M-15-14.

USAID revise Agency policies, procedures, and directives to adopt the definitions of terms and requirements presented in Office of Management and Budget Memorandum M-15-14, including (1) information technology budgetary resources, personnel, and facilities and (2) acquisitions and interagency agreements that include information technology and the services or equipment provided by such acquisitions or interagency agreements.

USAID document and implement a process to enforce the competency requirements for information technology staff, including those in information technology leadership positions, and complete the assessment of competency requirements for information technology staff.

USAID/Pakistan determine the allowability of $1,301,519 in questioned costs ($1,195,033 ineligible and $106,486 unsupported) as detailed in Table 1 on pages 3–4 of this memorandum, and recover any amount that is unallowable.

USAID/Pakistan determine (1) whether disposal was made for old pipes extracted from sites; (2) the amount of sales of the old pipes not reported to USAID; and (3) the allowability and recovery, if appropriate, of these questioned revenues, as detailed in Finding 4.3.16 on page 46 of the audit report.

USAID/Pakistan verify that the Local Government & Rural Development Department, Government of Khyber Pakhtunkhwa corrects the 17 material instances of noncompliance detailed in Table 1 on pages 3–4 of this memorandum.

USAID/Haiti determine the allowability of $110,064 in unsupported questioned costs on pages 10 and 11 of the audit report and recover any amount that is unallowable.

USAID/Haiti verify that FONKOZE corrects the one significant deficiency in internal control detailed on pages 24 to 27 of the audit report. 

USAID/Haiti verify that FONKOZE corrects the one instance of material noncompliance detailed on pages 33 and 36 of the audit report.

USAID/Haiti verify that FONKOZE corrects the one significant deficiency in internal control related to tax withholding on transportation allowance for employees totaling $4,513 detailed on page 35 of the management letter. 

USAID's Office of Acquisition and Assistance, Cost Audit and Support Division determine the allowability of $3,237 in unsupported direct questioned costs  detailed on page 2, of the audit  report and recovers any amount that is unallowable.

USAID's Office of Acquisition and Assistance, Cost Audit and Support Division determine the allowability of $1,503 in reimbursements from Advanced Engineering Associates International, Inc. as detailed  on page 2, of the audit report.

IAF develop and implement an enterprise risk management policy that fully defines the Foundation's risk management policies, procedures, and strategy, including (a) the organization's processes and methodologies for categorizing risk; (b) developing a risk profile; (c) assessing risk and risk appetite/tolerance levels and responding to risk; and (d) monitoring risk.

IAF (a) create a change control board or related oversight body, composed of knowledgeable individuals from across functional departments that reviews, approves, and manages changes to configuration items; and (b) ensure that the oversight body formed in "a" above develops a configuration management plan that documents roles and responsibilities and configuration management processes, including identifying and managing configuration items at the appropriate point in an organization's software development life cycle; performing configuration monitoring; and applying configuration management requirements to contracted systems. The plan should also ensure that the originator and approver of changes are not the same person.

IAF test and exercise the Foundation's continuity of operations plan and document the specific test and exercise activities conducted, along with their results.

IAF remediate configuration-related vulnerabilities in the network identified by the Office of Inspector General, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities. 

United States African Development Foundation's chief information security officer fully develop and document a risk management strategy for information technology operations that requires the Foundation to identify: (i) risk assumptions; (ii) risk constraints (iii) risk tolerance; and (iv) priorities and trade-offs. 

United States African Development Foundation's chief information security officer update the Foundation’s access control policies and procedures to include the use of personal identity verification credentials and how the credentials are enforced for logical access to USADF’s information technology resources.

United States African Development Foundation's chief information security officer update the Foundation’s continuous monitoring policies and procedures to include how its chief Information officer, information technology systems administrator, and security analyst gather, document, assess, and remediate information system vulnerabilities, threats, and risks in a timely manner and then implement the procedures.

USAID/Eastern and Southern Caribbean determine the allowability of $2,630 in ineligible questioned costs on page 20 of the audit report related to the outstanding balance and recover any amount that is unallowable. 

USAID/El Salvador verify that FEPADE corrects the indirect cost rate schedule detailed on page 53 of the audit report and confirm if the cumulative indirect costs charged to the program on page 18 of the audit report are correct.

USAID/India determine the allowability of $146,204 in questioned costs (ineligible) identified in the fund accountability statement on page 28, and further detailed in Findings 1 and 2 in the Annexure to Questioned Costs on pages 40–41 of the audit report, and recover any amount that is unallowable.

USAID/India verify that the IPE Global Limited corrects the two material instances of noncompliance discussed on page 2 of this memorandum and further discussed in Findings 1 and 2 in the Annexure to Questioned Costs on pages 40–41 of the audit report.

USAID/India verify that the IPE Global Limited corrects the material weakness in internal control identified in the report on internal control on page 46 and further discussed in Finding 1 in the Annexure on page 47 of the audit report.

USAID/India verify that the IPE Global Limited corrects the material instance of noncompliance identified in the report on compliance on page 50 and further discussed in the Annexure on pages 51–52; and the finding in the report on internal control on page 46 that we considered as a material instance of noncompliance discussed on page 2 of this memorandum and further discussed in Finding 2 in the Annexure on pages 47–48 of the audit report.

USAID/Brazil ensure that IEB corrects internal control deficiency number 1 identified in the letter to management on page 22 that resulted in questioned costs and make a management decision with regards to the allowability of related costs and recover the amounts determined to be unallowable.

USAID/Southern Africa determine the allowability of $269,232 in ineligible questioned costs on page 13 of the audit report and recover any amount that is unallowable.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $3,168 in unsupported direct costs from Tetra Teck ES, Inc. detailed on page 2 of the audit report and recover any amount that is unallowable.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Tetra Teck ES, Inc. corrects Finding #1 detailed on pages 13 and 14 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $7,620 in reimbursements from Associates in Rural Development, Inc. detailed on pages 1 and 2 of the report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $6,798 in unsupported direct questioned costs from Associates in Rural Development, Inc. detailed on pages 1 and 2 of the report and recover any amount that is unallowable.

USAID/Zambia verify that Luapula Foundation corrects the three instances of noncompliance detailed on pages 30, 31, 33 and 34 of the audit report.

MCC's chief risk officer develop and implement its enterprise risk management program to include a strategy to manage risks associated with the operations and use of information systems.

MCC's chief information officer update the privacy threshold analysis for the MCC management information system with the revised template to determine whether a privacy impact assessment is required.

MCC's Domestic and International Security Office update MCC's "Background Investigation and Clearances for Federal
Employment, Contract Service and/or Volunteer Service at the Millennium Challenge Corporation" policy to reflect the current personnel security controls.

MCC's Domestic and International Security Office document and implement a process to review the data within the Background Investigation Access Database to validate whether the data are complete, accurate, and kept up-to-date.

MCC's Domestic and International Security Office document and implement a process to track reinvestigations of employees and contractors and initiate reinvestigations in a timely manner.

USAID/West Africa Regional determine the allowability of $52,418 in questioned cost ($2,096 in ineligible and $50,322 in unsupported questioned cost) identified on pages 15, 16, and 18 of the audit report and recover any amount that is unallowable.

USAID/West Africa Regional verify that West and Central African Council for Agricultural Research and Development corrects the two significant deficiencies in internal control detailed on pages 23 to 24 of the audit report.

USAID/West Africa Regional verify that West and Central African Council for Agricultural Research and Development corrects the two instances of material noncompliance detailed on pages 28 and 29 of the audit report.

USAID/Malawi determine the allowability of $2,095,324 in questioned costs ($254,693 ineligible, $1,840,631 unsupported) on pages 16, 22, 23 and 27 of the agreed-upon procedures report and recover any amount that is unallowable.

USAID/Malawi verify that Dignitas International corrects the 18 factual findings detailed on pages 28 to 46 of the agreed-upon procedures report.

MCC verify thatt MCA-Zambia corrects the one instance of material noncompliance detailed on page 20 of the audit report.

USAID/Zambia verify that Expanded Church Response corrects the five significant deficiencies in internal control detailed on pages 27 to 32 of the audit report.

USAID/Zambia verify that Expanded Church Response corrects the three instances of material noncompliance detailed on pages 35 to 37 of the audit report.

USAID/Zambia verify that Expanded Church Response provide World Vision Zambia with a copy of the findings raised in Deloitte & Touche's audit report for their review and any appropriate action regarding the two significant deficiencies in internal control and three instances of material noncompliance related to the subagreement Gender Based Violence Survivor Support Project, cooperative agreement AID-611-A-12-00004 as detailed on pages 26 to 27, and 35 to 37 of the report.

USAID/Uganda verify that RECO Industries Limited corrects the two significant deficiencies in internal control detailed on pages 25 and 27 of the audit report.

USAID/Tanzania determine the allowability of $53,137 in questioned costs ($50,542 ineligible, $2,595 unsupported) on pages 10, 12, and 13 of the audit report and page 7 of the management letter and recover any amount that is unallowable.

USAID/Tanzania verify that Selian Lutheran Hospital corrects the four instances of material noncompliance detailed on pages 16 to 19 of the audit report.

USAID/Southern Africa determine the allowability of $58,124 in ineligible questioned costs on pages 9, 10, 14, and 15 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Society for Family Health Trust corrects the one material weakness in internal control detailed on page 5 of the audit report.

We recommend that USAID/Southern Africa verify that Society for Family Health Trust corrects the one instance of material noncompliance detailed on page 7 of the audit report.

USAID/Southern Africa determine the allowability of $1,250 in ineligible questioned costs for excess interest and recover any amount that is determined to be unallowable.

USAID/Southern Africa verify that HIV South Africa corrects the two material weaknesses in internal control detailed on pages 21 to 23 of the audit report.

USAID/Southern Africa determine the allowability of $83,070 in ineligible questioned costs on pages 27 and 42 to 43 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that AgriAid corrects the four significant deficiencies in internal control detailed on pages 22 to 26 of the audit report.

USAID/Southern Africa verify that Witkoppen Health and Welfare Centre corrects the one significant deficiency in internal control detailed on pages 30 to 31 of the audit report.

USAID/Southern Africa determine whether outstanding advances to the Baylor College of Medicine Children's Foundation Malawi are excessive, and, if so, request a refund of funds in excess of immediate disbursing needs in accordance with ADS 636.3.3.2.

USAID/Zimbabwe determine the allowability of $127,151 in ineligible questioned costs on page 30 of the audit report and recover any amount that is unallowable.

USAID/Zimbabwe verify that Family AIDS Caring Trust corrects the significant deficiency in internal control detailed on pages 10 and 31 of the audit report.

USAID/Zimbabwe verify that Family AIDS Caring Trust corrects the two instances of material noncompliance detailed on pages 30 and 32 of the audit report.

USAID/Liberia determine the allowability of $338,880 in questioned costs ($69,559 ineligible and $269,321 unsupported) identified on pages 18 and 24 to 34 of the audit report and recover any amount that is unallowable.

USAID/Liberia verify that Building Markets corrects the four significant deficiencies in internal control detailed on pages 34 to 38 of the audit report.

USAID/Liberia verify that Building Markets corrects the two instances of material noncompliance detailed on pages 33 and 38 to 39 of the audit report.

USAID/Liberia determine the allowability of $791,643 in ineligible cost sharing contributions identified on page 14 of Building Markets' audit report and take action deemed necessary under Automated Directives System 303.3.10.

USAID/West Africa Regional determine the allowability of $10,682 in ineligible questioned costs identified on pages 16, 18, 29, and 30 of the audit report and recover any amount that is unallowable

USAID/West Africa Regional verify that West and Central African Council for Agricultural Research and Development corrects the one significant deficiency in internal control detailed on page 24 of the audit report.

USAID/West Africa Regional verify that West and Central African Council for Agricultural Research and Development corrects the two instances of material noncompliance detailed on pages 29 and 30 of the audit report.

USAID/West Africa Regional verify that all closeout procedures regarding agreement 624-A-00-09-00037-00 with West and Central African Council for Agricultural Research and Development are finalized and that a disposition plan is in place.

USAID/Tanzania verify that National Council for People Living with HIV and AIDS corrects the one instance of material noncompliance detailed on pages 15 and 16 of the management letter.

USAID/Zimbabwe determine the allowability of $51,925 in ineligible questioned cost on page 8 of the audit report and recover any amount that is unallowable.

USAID/Zimbabwe verify that Southern Africa HIV and AIDS Information Dissemination Service corrects the two instances of material noncompliance detailed on pages 18 and 19 of the audit report.

USAID/Nepal verify that the Social Empowerment and Building Accessibility Centre-Nepal corrects the two significant deficiencies in internal control discussed on page 2 of this memorandum and detailed in Observations A.1 and A.2 of the management letter.

USAID/Nepal verify that the Social Empowerment and Building Accessibility Centre-Nepal corrects the two material instances of noncompliance discussed on page 2 of this memorandum and detailed in Issue 6 on page 11 of the report and Observation B.3 of the management letter.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Plan International, Inc. has corrected the four material weaknesses and three significant deficiencies in internal control over financial reporting and the three material weaknesses in internal control over compliance detailed on pages 39 through 47 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Plan International, Inc. has corrected the three instances of noncompliance with requirements that could have a direct and material effect on each major program detailed on pages 47 through 50 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $79,853 in reimbursements from Associates in Rural Development, Inc. detailed on pages 1 and 2 and 29 through 34 of the report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $13,367 in unsupported direct costs from Associates in Rural Development, Inc. detailed on pages 1 and 2 and 29 through 34 of the report and recover any amount that is unallowable.

USAID/Haiti verify that FPDI corrects the one significant deficiency in internal control detailed on pages 18 and 19 of the audit report.

USAID/Haiti determine the allowability of $3,242 in unsupported questioned costs included on pages 10 and 14 of the audit report and recover any amount that is unallowable.

USAID/Haiti verify that YSBH corrects the six significant deficiencies in internal control detailed on pages 19 and 20 of the audit report.

USAID/Haiti determine the allowability of $1,057 in ineligible questioned costs included on page 30 of the audit report and recover any amount that is unallowable.

USAID/Haiti verify that YSBH corrects the one instance of noncompliance detailed on page 35 of the audit report.

USAID/Haiti verify that YSBH corrects the prior audit report recommendations detailed on page 9 of the audit report.

USAID/Colombia determine the allowability of $12,663 in ineligible questioned costs on page 20 of the audit report and recover any amount that is unallowable.

USAID/Colombia verify that CODHES corrects the two instances of material noncompliance detailed on pages 36 and 37 of the audit report and pages 17-18 of the management letter.

USAID/Colombia verify that CODHES corrects the four significant deficiencies in internal control detailed on pages 3-17 of the management letter.

USAID/Colombia determine the allowability of $7,401 in ineligible questioned costs on page 26 of the audit report and on pages 8 and 9 of the management letter and recover any amount that is unallowable. 

USAID/Colombia verify that CODHES takes corrective action on the two prior year recommendations reported on pages 41-42 of the audit report.

USAID/Nepal determine the allowability of $49,117 in questioned costs (ineligible) identified in the fund accountability statements on pages 6 and 8, and further detailed in Annexure 1 on page 26 of the audit report, and recover any amount that is unallowable. 

USAID/Nepal verify that the National Society for Earthquake Technology – Nepal corrects the two material instances of noncompliance identified in the report on compliance on page 16 and further discussed in Findings 3 and 4 on page 19 of the audit report.

USAID/Nepal verify that the National Society for Earthquake Technology – Nepal corrects the significant deficiency in internal control discussed on page 2 of this memorandum and detailed in Finding 2 on pages 18–19 of the audit report.

MCC verify that MCA-Benin II corrects the one significant deficiency in internal control detailed on pages 30 to 31 of the audit report.

MCC verify that MCA-Benin II corrects the one instance of material noncompliance detailed on page 32 of the audit report.

USAID/Pakistan Implement a plan to bring together relevant Government of Pakistan officials, Government of Gilgit-Baltistan officials, and water-rights holders to resolve the issues of maintenance and operation of the Satpara Development Project’s irrigation system and water access rights.

USAID/Jamaica determine the allowability of $34,506 in ineligible questioned costs on page 2 of the management letter and recover any amount that is unallowable. 

USAID/Jamaica verify if cost sharing contributions, on page 28 of the audit report, were provided for Implementation Letter 2 and 3 as required by the agreement terms prior to the closeout of these awards.

USAID/Jamaica determine the allowability of $8,193 in ineligible questioned costs on page 12 of the audit report related to the outstanding balance and recover any amount that is unallowable.

USAID develop a comprehensive risk management policy for assessing and mitigating risk for PIO awards. The policy should inform staff on risk tolerances and risk categories; provide a framework and guidance on how and when to assess risks, develop risk responses, and assign mitigating controls based on risks; and clearly communicate roles and responsibilities for carrying out risk management across the Agency.

USAID establish a dedicated, centralized entity with the authority and resources to assess and address (1) PIO performance, (2) PIO internal oversight effectiveness, (3) other crosscutting PIO oversight methods, and (4) oversight units operating across multiple organizations, using information from across the Agency.

USAID develop a comprehensive policy that outlines (1) what authority—for example, other transaction authority—will be used to make each PIO award and (2) what corresponding rules and regulations apply, to include the roles and responsibilities for individuals and offices responsible for award management.

USAID direct the Office of Foreign Disaster Assistance to (1) review and define its processes for making awards to PIOs to carry out work in long-term crisis environments and (2) update policies to ensure they include standards of internal control related to documenting the internal control system, analyzing risks, designing control activities, and documenting transactions by retaining records.

USAID direct the Office of Food for Peace to (1) review and define its processes for making awards to PIOs to carry out work in long-term crisis environments and (2) update policies to ensure they include standards of internal control related to documenting the internal control system, analyzing risks, designing control activities, and documenting transactions by retaining records.

USAID Establish requirements for PIOs to notify USAID of suspected and identified serious criminal misconduct in activities funded by USAID to include unlawful actions taken by employees, subpartners, subcontractors, vendors, or other parties. The requirements should specify the process for reporting and criteria for what to report.

USAID/Peru determine the allowability of $78,330 in ineligible questioned costs on page 20 of the audit report and recover any amount that is unallowable.

USAID/Peru determine the allowability of $28,848 in questioned costs ($7,698 ineligible, $21,150 unsupported) on page 21 of the audit report and recover any amount that is unallowable.

USAID/Peru determine the allowability of $49,846 in unsupported questioned costs reported in the cost sharing schedule on pages 48 and 50 of the audit report and recover any amount that is unallowable

USAID/Peru verify that GORESAM corrects the one material weaknesses detailed on page 28 of the audit report.

USAID/Peru verify that GORESAM corrects the four instances of material noncompliance detailed on pages 30 and 31 of the audit report.

USAID/Peru verify that GORESAM takes corrective action on the 9 prior year recommendations reported on page 18 of the audit report. 

USAID/Dominican Republic determine the allowability of $15,724 in ineligible questioned costs in regard to the outstanding balance included on page 39 of the audit report and recover any amount that is unallowable.

USAID/Nepal determine the allowability of $90,732 in questioned costs ($29,011 ineligible, and $56,141 plus $5,580 unsupported) on page 3 of the audit report, and further detailed in Annexure V on page 41, and recover any amount that is unallowable.

USAID/Nepal verify that the Department of Health Services, Government of Nepal corrects the seven significant deficiencies (Findings 1-7 on pages 8-17 of the audit report).

USAID/Nepal verify that the Department of Health Services, Government of Nepal corrects the nine material instances of noncompliance (Findings 8-15 on pages 21-29 of the audit report and Observation 3 on page 2 of the management letter).

USAID/West Bank and Gaza require Near East Foundation to establish and implement policies and procedures ensuring proper incorporation of the required mandatory provision in its subcontracts with third parties, as detailed on page 14 of Ernst and Young audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $15,296,357 in unsupported direct costs from AECOM International Development, Inc. detailed on pages 2 through 4, and 12 through 16 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that AECOM International Development, Inc. corrects Findings #1 and #2 detailed on pages 12 through 16 of the audit report.

USAID/Afghanistan determine the allowability, and collect as appropriate, $1,329,286 in ineligible questioned costs, as detailed on pages 18 of the audit report.

USAID/Afghanistan verify that the Ministry of Agriculture, Irrigation and Livestock corrects the three material weaknesses (1. the recipient has not exercised its right to liquidate the collaterals against the loans written off over the project period, 2. the recipient has no documented financial statement closing process, and 3. the recipient has weaknesses in information technology general controls) and one significant deficiency in internal control related to the accounting application used by the recipient as detailed on pages 27 to 32 of the audit report.

USAID/Afghanistan verify that the Ministry of Agriculture, Irrigation and Livestock corrects the three instances of material noncompliance (1. loans and advances were written off in excess of the allowed 5% threshold of loans portfolio, 2. operating expenditure included in the fund accountability statement that were not included in the approved budget, and 3. advances paid to staff and prepayment to contractors against operational expenses. These payments were not provided in the budget) as detailed on pages 37 to 39 of the audit report. 

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that The Nature Conservancy corrects the material weaknesses in internal control over financial reporting and in the report on internal control over compliance and the significant deficiencies in the report on internal control over compliance detailed on pages 49 through 52 and pages 55 through 61 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that The Nature Conservancy corrects the instances of noncompliance in the report on compliance and other matters for each major federal program detailed on pages 52 and 59 through 61 of the audit report.

USAID/Pakistan determine the allowability of $1,225,524 in questioned costs ($950,865 ineligible, $274,659 unsupported) as detailed in Table 1 on pages 3–4 of this memorandum, and recover any amount that is unallowable.

USAID/Pakistan determine (1) the breakdown of the $1,288,671 in questioned costs identified in the report on the fund accountability statement, (2) the questioned costs identified in the report on the fund accountability statement that did not pertain to the questioned costs summarized in Table 1 on pages 3–4 of this memorandum, and (3) the allowability and recovery, if appropriate, of these questioned costs.

USAID/Pakistan verify that the Provincial Reconstruction Rehabilitation and Settlement Authority, Government of Khyber Pakhtunkhwa corrects the 16 material instances of noncompliance detailed in Table 1 on pages 3–4 of this memorandum.

USAID/Barbados verify that The Prince's Youth Business International corrects the two instances of material noncompliance detailed on page 16 of the audit report.

USAID/Haiti conducts an assessment and implement a plan to align activities in each value chain to areas with the greatest potential for economic impact in the time remaining.

USAID/Haiti revises the monitoring and evaluation plan and implement procedures to more effectively measure and evaluate project success and impact.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $19,663 in USAID ineligible direct questioned costs and recover any amount that is unallowable detailed on pages I-9, I-17, and IV-5 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Oxfam GB corrects the two significant deficiencies in internal control detailed on pages 5 and II-1 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Oxfam GB corrects the two material instances of noncompliance detailed on pages 5, III-1and III-2 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $19,680 in USAID unsupported direct questioned costs and recover any amount that is unallowable detailed on pages 1, 11, and 12 of the audit report.

USAID Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $111,383 in unsupported direct questioned costs on pages 1, 2 and 17 of the audit report, and recover any amount that is unallowable.

USAID/Malawi determine the allowability of $226,627 in questioned costs ($2,440 ineligible, $224,187 unsupported) on pages 22 and 26 of the audit report and recover any amount that is unallowable.

USAID/Malawi verify that Mulanje Mountain Conservation Trust corrects the five significant deficiencies in internal control detailed on pages 34 to 38 of the audit report.

USAID/Malawi verify that Mulanje Mountain Conservation Trust corrects the five instances of material noncompliance detailed on page 40 of the report.

USAID/Malawi determine the allowability of $46,242 shortfall in cost sharing identified on page 28 to 29 of the audit report and take corrective action deemed necessary under Automated Directives System (ADS) 303.3.10.

USAID/Southern Africa/PATA determine the allowability of $154,582 in questioned costs ($28,552 ineligible, $126,030 unsupported) on pages 23 to 48 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa/PATA verify that Tony Blair Governance Initiative corrects the one material weaknesses and four significant deficiencies in internal control detailed on pages 50 to 62 of the audit report.

USAID/Southern Africa/PATA determine the allowability of $346,125 in unsupported questioned cost sharing on pages 17 and 18 of the audit report and take corrective action deemed necessary under Automated Directives System, (ADS) 303.3.10.

USAID/Kenya and East Africa determine the allowability of $53,116 in ineligible questioned costs on pages 23 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that The Nature Conservancy corrects the five instances of material noncompliance detailed on pages 36 to 45 of the audit report.

USAID/Zimbabwe determine the allowability of $92,954 in ineligible questioned costs on pages 9 and 12 of the audit report and recover any amount that is unallowable.

USAID/Zimbabwe verify that Population Services Zimbabwe corrects the one instance of material noncompliance detailed on page 21 of the audit report.

USAID/M/OAA/CAS/CAM determine the allowability of $142,220 in questioned costs ($141,708 ineligible and $512 unsupported) identified on pages 10 and 11 of the audit report and recover any amount that is unallowable.

USAID/M/OAA/CAS/CAM verify that Deloitte & Touche corrects the one significant deficiency and one material weakness in internal control detailed on pages 20 and 21 of the audit report.

USAID/M/OAA/CAS/CAM verify that Deloitte & Touche corrects the two instances of material noncompliance detailed on pages 24 and 25 of the audit report.

USAID/Armenia determines the allowability, and collect as appropriate, $1,154 in questioned ineligible costs, as detailed on page 13 of BDO Armenia cjsc report.

USAID's Office of Acquisition and Assistance, Cost Audit and Support Division determine the allowability of $20,987 in direct unsupported questioned costs and recover any amount that is unallowable detailed on page 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost Audit and Support Division verify that Catholic Relief Services - United States Conference of Catholic Bishops, and Affiliates corrects the three significant deficiencies findings 2017-001 through 2017-003 in the report on internal control over financial reporting and the two significant deficiencies findings 2017-004 and 2017-005 in the report on internal control over compliance detailed on pages 20 through 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost Audit and Support Division verify that Catholic Relief Services - United States Conference of Catholic Bishops, and Affiliates corrects the two instances on noncompliance findings 2017-004 and 2017-005 in the report on compliance for each major federal program detailed on page 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost Audit and Support Division determine the allowability of $1,322,702 in USAID unsupported direct questioned costs and recover any amount that is unallowable detailed on pages 1 and 16 through 22 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Nathan Associates, Inc. corrects Findings #1 through # 3 detailed on pages 16 through 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Louis Berger, Inc., Intermediate Home Office corrects Finding # 1 on page 4 and 5 of the audit report.

USAID/Pakistan verify that the Higher Education Commission corrects the four material instances of noncompliance discussed on page 2 of this memorandum and detailed in Observations 4.1.2, 4.1.3, 4.3.1, and 4.4.3 on pages 22–25 of the report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $2,340,798 in unsupported direct questioned costs on pages 1, 2, 8 and 14 of the audit report, and recover any amount that is unallowable.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that International Resource Group corrects finding #1 on pages 12 through 15 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that IntraHealth International, Inc. corrects the significant deficiency in internal control over financial reporting and internal control over compliance detailed on pages II-1 and III-2 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that IntraHealth International, Inc. corrects the instance of noncompliance with other matters and on each major federal program detailed on pages II-2 and III-2 of the audit report.

USAID Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $231,284 in unsupported direct questioned costs and $17,488 in ineligible direct questioned costs detailed on pages 2, 11 and 12 of the report and recovers any amount that is unallowable.

USAID Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Pragma Corporation corrects Finding #1 on pages 11 and 12 of the report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Abt Associates Inc., Government Segment corrects Finding # 1 on pages 7 through 11 of the audit report.

MCC's Department of Administration and Finance Update its "Improper Payment Requirements under OMB Circular A-123 Appendix C Financial Management Division Procedure Manual" and risk assessment tool to:

• Provide clear guidance and criteria on how each risk factor is to be assessed and documented by fund.
• Include requirements as to the nature and sufficiency of supporting documentation.

MCC's Department of Administration and Finance implement a procedure to review improper payments reported against the supporting documentation.

MCC's Department of Administration and Finance Include all forms of payments in the amounts reported for recapture in its Agency Financial Report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Nathan Associates, Inc. correct finding #1 on pages 6 through 10 of the report.

USAID/Nepal verify that the Nepal CRS Company Pvt. Ltd. corrects the one significant deficiency in internal control detailed on page 11 of the audit report.

USAID/Peru verify that Centro Agronomico Tropical de Investigacion y Ensenanza reimburses USAID the value added tax totaling $12,725 included on page 18 of the audit report.

USAID/Peru determine the allowability of $13,523 in eligible questioned costs identified on pages 25 and 26 of the management letter.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that World Learning, Inc. corrects the instance of noncompliance detailed on pages 40 and 41 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Viet-Nam  Assistance for the Handicapped has corrected the instance of noncompliance over other matters in the report on compliance for each major federal program detailed on pages 17 and 18 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Viet-Nam Assistance for the Handicapped has corrected the material weakness in internal control over compliance detailed on page 19 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division, verify that Africare corrects the two material weaknesses (Findings 2016-001 and 2016-002) and two significant deficiencies (Findings 2016-003 and 2016-004) in the report on internal control over financial reporting  and corrects the two material weakness (Findings 2016-001 and 2016-002) and five significant deficiencies (Findings 2016-003 through 2016-007) in the report on compliance for each major federal program and on internal control over compliance detailed on pages II-1 through III-3 of the report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division, verify that Africare corrects the four instances of noncompliance (Findings 2016-001 through 2016-004) in the report on compliance and other matters and corrects the two material noncompliances findings 2016-001 and 2016-002 and five instances of noncompliance findings 2016-003 through 2016-007 in the report on compliance for each major federal program detailed on pages II-2 through III-2 of the report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that ARC Finance, Ltd. has corrected the material weaknesses in internal control over financial reporting and compliance detailed on pages 18 through 21 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that ARC Finance, Ltd. has corrected the instances of noncompliance and other matters and for each major program and other matters detailed on pages 18 through 21 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that Relief International, Inc. and Subsidiary corrects the two material weaknesses (Findings 2014-003 and 2014-004) and the two significant deficiencies (Findings 2014-001 and 2014-002) in internal control over financial reporting detailed on page II-1 of the report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that Relief International, Inc. and Subsidiary corrects the five instances of noncompliance (Findings 2014-001 through 2014-005) detailed on page III-2 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that Relief International, Inc. and Subsidiary corrects the five significant deficiencies (Findings 2014-001 through 2014-005) in internal control over compliance detailed on page III-2 of the audit report.

M/OAA/CAS/CAM verify that KPMG East Africa Limited corrects the four instances of material noncompliance detailed on pages 18 to 21 of the audit report.

USAID/Zambia determine the allowability of $4,509,147 in questioned costs ($693,983 ineligible, $3,815,164 unsupported) on pages 25 to 118 of the report and recover any amount that is unallowable.

USAID/Zambia verify that Development Aid from People to People corrects the four material weaknesses in internal control detailed on pages 15 to 33 of Deloitte and Touche's report.

USAID/Zambia verify that Development Aid from People to People corrects the eleven instances of material noncompliance detailed on pages 34 to 118 of Deloitte and Touche's report.

USAID/Kenya and East Africa determine the allowability of ineligible questioned $133,214 in VAT costs identified on page 11 of the audit report and recover from Northern Rangelands Trust any amounts determined to be unallowable.

USAID/Kenya and East Africa verify that Northern Rangelands Trust corrects the eight instances of material noncompliance detailed on pages 19 to 27 of the audit report.

USAID/Kenya and East Africa determine the allowability of $3,624,147 in ineligible questioned costs on pages 12 and 15 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Project for Appropriate Technology in Health corrects the one material weakness and one significant deficiency in internal control detailed on pages 19 to 21 of the audit report.

USAID/Kenya and East Africa verify that Project for Appropriate Technology in Health corrects the four instances of material noncompliance detailed on pages 24 to 29 of the audit report.

USAID/Kenya and East Africa determine the allowability of $58,841 in ineligible questioned cost sharing contributions identified on pages 24, 25, and 31 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/Pakistan determine the allowability of $1,901 in questioned costs (unsupported) as discussed on page 2 of this memorandum and further detailed in Finding 1 (for subrecipient Sindh Rural Support Organisation) on pages 50–51 of the audit report, and recover any amount that is unallowable.

USAID/Pakistan verify that the Rural Support Programmes Network corrects the one significant deficiency in internal control as discussed on page 2 of this memorandum and further detailed in Finding 1 (for subrecipient Sindh Rural Support Organisation) on pages 50–51 of the audit report.

USAID/Pakistan verify that the Rural Support Programmes Network corrects the two material instances of noncompliance as discussed on pages 2 and 3 of this memorandum and further detailed in Annexure 1 (for subrecipient National Rural Support Programme) on pages 45–46 of the audit report and Observation 1 on page 60 of the management letter.

USAID/Kenya and East Africa determine the allowability of $141,107 in questioned costs ($7,697 ineligible, $133,410 unsupported) on pages 19 to 22 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Common Market for Eastern and Southern Africa corrects the ten material weaknesses in internal control detailed on pages 31 to 42 and 44 of the audit report.

USAID/Kenya and East Africa verify that Common Market for Eastern and Southern Africa corrects the ten instances of material noncompliance detailed on pages 31to 41 and 43 to 44 of the audit report.

USAID/Southern Africa determine the allowability of $200,414 ineligible questioned costs on page 23 of the audit report and outlined in the memo transmitting the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Wits Health Consortium corrects the four significant deficiencies in internal control detailed on pages 45 to 48 of the audit report.

USAID/Southern Africa verify that Wits Health Consortium corrects the four instances of material noncompliance detailed on pages 51 to 54 of the audit report.

USAID/Dominican Republic verify that UNIBE corrects the one significant deficiency in internal control identified on pages 44 and 45 of the audit report pertaining to the shortfall in the annual cost-sharing contribution.

USAID/Dominican Republic verify that UNIBE corrects the one material instance of noncompliance identified on page 49 of the audit report pertaining to the shortfall in the annual cost-sharing contribution.

USAID/Dominican Republic verify that UNIBE takes corrective action on the two prior year recommendations reported on pages 14 and 15 of the audit report.

USAID/Cambodia take the following action rquire Khmer HIV/AIDS NGO Alliance to describe in the HIV/AIDS Flagship Project's exit plan the roles technical support providers would play and how implementation of technical innovations would continue after the project ends.

USAID/Ukraine determine the allowability, and collect as appropriate, $3,364 in ineligible questioned costs, as detailed on pages 4 and 5 of JSC KPMG Audit report.

USAID/Belarus determine the allowability and collect as appropriate, $10,850 in ineligible questioned costs as detailed on page 16 of RSM UKRAINE audit report..

MCC restructure the corporation's organizational structure for the chief information officer to report directly to the corporation's Chief Executive Officer or the Deputy Chief Executive Officer, as required by the Clinger-Cohen Act.

MCC Create a corporation-wide glossary of key terms and definitions, which incorporates the Clinger-Cohen Act's definitions of "information technology resources" and "information technology."

MCC perform a corporation-wide self-assessment using the Federal Information Technology Acquisition Reform Act implementation guidelines in Office of Management and Budget M-15-14.

MCC prepare a plan to implement the Federal Information Technology Acquisition Reform Act as prescribed by Office of Management and Budget M-15-14.

MCC update the corporation's budget formulation and planning policies and procedures to include the chief information officer's roles, responsibilities, and requirements found in Office of Management and Budget M-15-14.

MCC update the corporation's information technology acquisition strategy procedures to include a requirement for the chief information officer to review and approve all information technology cost estimates and information technology acquisition strategies and plans.

MCC implement policies and procedures requiring the chief information officer to review and approve all agreements for the acquisition of information technology goods and services before they are awarded.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Adventist Development and Relief Agency International corrects the significant deficiencies in internal control over financial reporting and internal control over compliance detailed on pages 40 through 43 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Adventist Development and Relief Agency International corrects the instance of noncompliance detailed on pages 41 through 43 of the audit report.

USAID/India determine the allowability of $714,822 in questioned costs ($713,989 ineligible, and $56 plus $777 unsupported) on pages 27 and 58 of the audit report and further detailed on page 2 of this memorandum, and recover any amount that is unallowable.

USAID/India establish the amounts of the salary increments without approval documents, salary payments that were not fully supported, and service tax paid on project expenses as discussed on pages 2 and 3 of this memorandum and further detailed in IC Finding 23 on page 76, NC Finding 11 on page 85, and item 3 on page 100 of the management letter, respectively; determine allowability and recover, as appropriate.

USAID/India determine the allowability of and recover, as appropriate, the questioned cost-sharing contributions of $47,056 (ineligible) identified in the Cost-Sharing Schedule on page 51 and further detailed in Note 3 to the Cost-Sharing Schedule on pages 52-54 of the report.

USAID/India verify that the Ashwattha Advisors Private Limited corrects the thirty-one material weaknesses (IC Findings 1–23 on pages 57–76 of the audit report) and six significant deficiencies in internal control (QC Findings 3–6 on pages 40–47 of the audit report and Items 1–2 on page 99 of the management letter).

USAID/India verify that the Ashwattha Advisors Private Limited corrects the nine material instances of noncompliance (NC Findings 1, 2, 6, 11, 12F, 16 and 17 on pages 79–82, 85, 88, and 92–98 of the audit report, Note 3 to the Cost-Sharing Schedule on pages 52–54 of the audit report and item 3 on page 100 of the management letter).

USAID determine the allowability of $29,704 in questioned costs (unsupported) discussed on page 2 of this memorandum and detailed in Observations 01 and 02 on pages 34–36 in Appendix E of the report, and recover any amount that is unallowable.

USAID establish the amount of cost-sharing shortfall (the excess of budgeted contributions over actual contributions) for the period audited, determine allowability, and recover, as appropriate.

USAID verify that Bangladesh Rural Advancement Committee corrects the two material weaknesses in internal control (Observations 01 and 02 on pages 34–36 in Appendix E of the report).

USAID/Georgia determine the allowability, and collect as appropriate, $2,324 in questioned ineligible costs, as detailed on page 25 of Grant Thornton report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that American Community School has implemented the auditor's recommendations for Finding 2015-001 and 2015-002. (See pages 36 through 38 of the report)

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division  determine the allowability of $2,335 in USAID's ineligible direct questioned costs and recover any amount that is unallowable see pages I-6 and I-7 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division  verify that Solidarités International corrects the significant deficiency in internal control detailed on page IV-2 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division  verify that Solidarites International corrects the material instance of noncompliance detailed on page IV-2 of the audit report.

USAID/Southern Africa verify that National Association of Child Care Workers corrects the one instance of material noncompliance detailed on page 33 of the audit report.

USAID/Zambia determine the allowability of $106,082 in ineligible questioned costs identified on pages 16 to 18 of the audit report and recover any amount that is unallowable.

USAID/Zambia verify that Churches Health Association in Zambia corrects the three significant deficiencies in internal control detailed on pages 31 to 33 of the audit report.

USAID/Zambia verify that Churches Health Association corrects the three instances of material noncompliance detailed on pages 36 to 39 of the audit report and the additional three instances of noncompliance related to questioned costs outlined on pages 22 to 28.

USAID/Southern Africa determine the allowability of $49,855 in ineligible questioned costs identified on pages 17, 20, 21, and 28 to 35 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Childline Mpumalanga corrects the seven significant deficiencies in internal control detailed on pages 26 to 36 of the audit report and Annexure B pages 54 to 55.

USAID/Ghana determine the allowability of $197,177 in questioned costs ($29,330 ineligible and $167,847 unsupported) on pages 15, 20 to 21, and 25 of the audit report and recover any amount that is unallowable.

USAID/Ghana verify that Council for Scientific and Industrial Research – Savannah Agricultural Research Institute corrects the three significant deficiencies in internal control detailed on pages 20 to 22 of the audit report.

USAID/Ghana verify that Council for Scientific and Industrial Research – Savannah Agricultural Research Institute corrects the two instances of material noncompliance detailed on pages 25 and 30 of the audit report.

USAID/Ghana determine the allowability of $589,645 in unsupported questioned cost sharing contributions identified on pages 28 and 30 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/Southern Africa determine the allowability of $4,164 in unsupported questioned costs on pages 18 and 23 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Networking HIV and AIDS Community of Southern Africa corrects the four material weaknesses in internal control detailed on pages 32 to 39 of the audit report.

We recommend that USAID/Southern Africa verify that Networking HIV and AIDS Community of Southern Africa corrects the five instances of material noncompliance detailed on pages 42 to 51 of the audit report.

USAID/Zimbabwe determine the allowability of $22,391 in ineligible questioned costs identified on page 10 of the audit report and recover any amount that is unallowable.

USAID/Ghana verify that Ghana Integrity Initiative corrects the four significant deficiencies in internal control detailed on pages 27 to 30 of the audit report.

USAID/Ghana verify that Ghana Integrity Initiative corrects the one instance of material noncompliance detailed on page 33 of the audit report.

USAID/Zambia determine the allowability of $16,042 in unsupported questioned costs on pages 21 and 28 of the audit report and recover any amount that is unallowable.

USAID/Zambia verify that Zambia Centre for Communication Programmes corrects the one material weakness in internal control detailed on page 28 of the audit report.

USAID/Zambia verify that Zambia Centre for Communication Programmes corrects the three instances of material noncompliance detailed on pages 32 to 35 of the audit report.

USAID/Zambia determine whether outstanding advances to Zambia Centre for Communication Programmes are excessive, and, if so, request refund of funds in excess of immediate disbursing needs in accordance with ADS 636.3.3.2.

USAID/Tanzania determine the allowability of $28,423 in ineligible questioned costs on pages 13 and 14 of the audit report and recover any amount that is unallowable.

We recommend that USAID/Tanzania verify that the National Malaria Control Program corrects the three instances of material noncompliance detailed on pages 22 to 25 of the audit report.

USAID/Southern Africa determine the allowability of $333,573 in ineligible questioned costs identified on pages 25, 69, and 77 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that University of South Africa corrects the six material weaknesses and eight significant deficiencies in internal control detailed on pages 37 to 53, 66 to 72, and 77 of the audit report and the management letter.

USAID/Southern Africa verify that University of South Africa corrects the two instances of material noncompliance detailed on pages 56 to 58 of the audit report.

USAID/Southern Africa determine the allowability of $2,425 in unsupported questioned cost sharing contributions identified on pages 75 to 76 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/Southern Africa verify that Children in Distress Network corrects the six significant deficiencies in internal control detailed on pages 22 to 37 of the audit report.

USAID/Southern Africa verify that Children in Distress Network corrects the two instances of material noncompliance detailed on pages 40 to 42 of the audit report.

USAID/Ghana determine the allowability of $92,463 in questioned costs ($7,266 in ineligible question costs and $85,197 unsupported question costs) identified on page 17 of Ghana Audit Service’s audit report.

USAID/Ghana verify that University of Cape Coast – Department of Fisheries and Aquatic Science corrects the three significant deficiencies in internal control detailed on pages 23 to 25 and 33 of the audit report.

USAID/Ghana determine the allowability of $275,862 unsupported in questioned cost sharing contributions identified on pages 31 to 33 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/Afghanistan verify that Amec Foster Wheeler Environment & Infrastructure, Inc. corrects the three significant deficiencies in internal control detailed on pages 20 through 24 of the audit report.

USAID/Afghanistan verify that Amec Foster Wheeler Environment & Infrastructure, Inc. corrects the three instances of material noncompliance detailed on pages 20 through 24 of the audit report.

USAID/Kenya and East Africa verify that Mercy Corps corrects the two instances of material noncompliance detailed on pages 33 and 34 of the audit report.

USAID/Zambia determine the allowability of $107,807 in questioned costs ($40,503 ineligible and $67,304 unsupported) on page 13  of the audit report and recover any amount that is unallowable

USAID/Zambia verify that BioCarbon Partners corrects the twenty-three significant deficiencies in internal control detailed on pages 18 to 43  of the audit report

USAID/Zambia verify that BioCarbon Partners corrects the nine instances of material noncompliance detailed on pages 46 to 55 of the audit report

USAID/West Africa determine the allowability of $82,830 in questioned costs ($180 ineligible, $82,650 unsupported) on pages 52, 74 and 75 of the audit report and recover any amount that is unallowable.

USAID/West Africa verify that CILSS corrects the two instances of material noncompliance detailed on pages 134 and 141 of the audit report.

USAID/Ghana determine the allowability of $146,197 in ineligible questioned costs identified on pages 14 and 17 of the Ghana Audit Service’s audit report.

USAID/Ghana verify that National Health Insurance Authority corrects the three instances of material noncompliance detailed on pages 24 to 26 and  two instances  of material noncompliance on pages 31 to 32 of the Ghana Audit Service's audit report.

USAID/Ghana determine the allowability of $249,763 in questioned cost-sharing contributions ($170,629 ineligible and $79,134 unsupported) identified on pages 29 to 32 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/India determine the allowability of $32,787 in questioned costs (unsupported) on page 17 and further detailed on pages 30–32 of the audit report and recover any amount that is unallowable.

USAID/India determine the allowability of $40,394 in questioned cost-sharing contributions (unsupported) on page 28 and further detailed on pages 35–36 of the audit report and recover any amount that is unallowable.

USAID/India verify that IL&FS Cluster Development Initiative Limited corrects the three significant deficiencies in internal control (Findings 2, 3, and 4 on pages 32–34 of the audit report).

USAID/India verify that IL&FS Cluster Development Initiative Limited corrects the four material instances of noncompliance (Findings 1, 5, 6, and 7 on pages 30–31 and 35–39 of the audit report).

USAID/Kenya and East Africa determine the allowability of $540,129 in ineligible questioned costs on pages 29 and 30 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Centre for Health Solutions - Kenya corrects the six material weaknesses in internal control detailed on pages 22 to 25 of the audit report and pages 13, 15, and 18 of the management letter.

USAID/Kenya and East Africa verify that Centre for Health Solutions - Kenya corrects the two instances of material noncompliance detailed on pages 28 to 30 of the audit report.

USAID/Southern Africa determine the allowability of $7,082 in unsupported questioned costs on pages 24 and 25 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Child Welfare Bloemfontein & Childline Free State corrects the one instance of material noncompliance detailed on pages 24 and 25 of the audit report.

USAID/Malawi determine the allowability of the $47,811 in ineligible questioned costs identified on page 25 of the audit report and recover any amount that is unallowable.

USAID/Ethiopia determine the allowability of $4,510 in ineligible questioned costs identified on page 16 of the audit report and recover any amount that is unallowable.

USAID/Ethiopia verify that Stand for Vulnerable Organization corrects the significant deficiency in internal control detailed on page 19 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that the Jane Goodall Institute for Wildlife Research, Education and Conservation and Related Entity corrects Findings 2015-001 through 2015-004 (see pages I-22 through I-25 of the audit report).

USAID Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $23,157,935 in unsupported direct questioned costs on pages 2 and 13 - 24 of the report and recover any amount that is unallowable.

USAID Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Futures Group corrects findings #1 through #4 on pages 13 - 24 of the report.

USAID determine the allowability of $131,875 in questioned costs ($120,248 plus $7,215 and $4,412 ineligible) on page 14 of the audit report, and further detailed on pages 2-3 of this memorandum, and recover any amount that is unallowable.

USAID verify that the Semiotics Consultants (Private) Limited corrects the one material weakness (consolidated Findings PRTE—4, 5, 6, 8, 11, and 13 on pages 40, 43, 45, 46, 48, and 49 of the audit report) and four significant deficiencies in internal control (Findings IC-1, IC-2, and IC-3 on pages 24–26 of the audit report and Observation 1 on page 51 of the management letter).

USAID verify that the Semiotics Consultants (Private) Limited corrects the six material instances of noncompliance (Findings NC-1, NC-2, NC-3, and NC-4 on pages 29–36 of the audit report, Note 25 to the cost representation statement on page 21 of the audit report, and Observation 2 on page 52 of the management letter).

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that CARE USA has implemented the auditor's recommendation for Findings 2016-001 (see pages 49 through 51of the audit report).

We recommend that USAID's Bureau for Democracy, Conflict, and Humanitarian Assistance require Chemonics to perform the required suspension and debarment verification of its subgrantees and assign individuals to perform independent reviews of the procurement files to authenticate the existence of the files (see page 10 of the audit report).

We recommend that USAID's Bureau for Democracy, Conflict, and Humanitarian Assistance verify that Chemonics performs independent reviews of its compliance documentation and ensures the documentation is properly reviewed and approved (see page 11 of the audit report).

We recommend that USAID's Bureau for Democracy, Conflict, and Humanitarian Assistance require Chemonics to enforce the internal control policy to ensure all travel for employees is properly reviewed and approved, and that Chemonics properly retains all approval documentation in accordance with the established internal policies ( see page 12 of the audit report).

We recommend that USAID's Office of Acquisition and Assistance, Cost Audit and Support Division determine the allowability of the $5,588,215 in questioned costs identified as unsupported, and recover from Chemonics any amounts determined to be unallowable.

USAID verify that the University of Agriculture, Faisalabad corrects the one material weakness (Observation No. 6.12 on page 35 of the management letter) and two significant deficiencies in internal control (Finding No. 5.3.1 on page 24 of the audit report and Observation No. 6.3 on page 27 of the management letter).

USAID verify that the University of Agriculture, Faisalabad corrects the eight material instances of noncompliance (Finding Nos. 5.1.1 and 5.2.1–5.2.4 on pages 19–23 of the audit report and Observation Nos. 6.1, 6.2, and 6.8 on pages 25, 26, and 31 of the management letter).

USAID/Pakistan implement a plan to work with executive management at the Water and Power Development Authority to expeditiously resolve the critical issues limiting power generation by the Gomal Zam Dam.

USAID/Pakistan recover from the Water and Power Development Authority the $11.5 million increase in the fixed-amount reimbursable agreement for the Gomal Zam Irrigation Project.

USAID/Pakistan require the Water and Power Development Authority to remediate borrow sites as required by the project environmental mitigation and monitoring plan.

USAID/Egypt determine the allowability of $189,069 in unsupported cost-sharing contributions reported as of March 31, 2016, and factor the determination into identifying any shortfall at the conclusion of World Learning's award

USAID/Egypt determine whether cost-sharing amounts claimed for the books rejected by the Egyptian Government should be counted toward World Learning's required cost-sharing contribution, and factor the determination into identifying any shortfall at the end of World Learning’s award.

USAID/Egypt conduct and document a comprehensive review of the total cost sharing reported by World Learning and its supporting documentation after March 31, 2016, and recover any identified shortfall.

USAID/West Bank and Gaza take the following actions: Correct errors in data reported in the mission's Geographic Management Information System noted in our 2013 "Audit of USAID/West Bank and Gaza's Peace and Reconciliation Program," and document the results.

USAID/West Bank and Gaza take the following actions: Complete the evaluation of the Conflict Mitigation and Management Program that has been initiated, and implement an action plan to take action, as appropriate, on the evaluation's findings.

The Assistant to the Administrator for Policy, Planning and Learning direct the implementation of a communication and coordination strategy that would govern how the Agency will work with external actors (such as other U.S. Government agencies, the United Nations, international organizations, nongovernmental organizations) who can respond in the event of an international public health emergency. This communication and coordination strategy should also be sufficient in the event that the United Nations' humanitarian cluster approach system is delayed.

The Assistant to the Administrator for Policy, Planning and Learning work with other U.S. agencies to clearly identify, and regularly test, roles and capabilities, and responsibilities for use in a future international public health emergency. This should include policy related to the Office of U.S. Foreign Disaster Assistance’s use of the Mission Tasking Matrix with the Department of Defense. And agreements should specify operational details; clearly define roles and responsibilities; and ensure a common understanding of standardized language.

The Assistant to the Administrator for Policy, Planning and Learning direct the creation and maintenance of an inventory, by country, of nongovernmental organizations and local actors who are involved in response, development, and other humanitarian activities; and determine which of these could potentially be called upon as implementing partners in an emergency.

The Assistant to the Administrator for Policy, Planning and Learning develop policies for rapid data and information sharing including with host governments, with the World Health Organization, and within the U.S. Government.

The Assistant to the Administrator for Policy, Planning and Learning direct the creation of procedures governing coordinating bodies (Secretariat, task force, etc.) including (1) criteria for when they are established, (2) how they are staffed, (3) their responsibilities and authorities in responding to an emerging crisis, (4) their expected level of interaction within USAID and with external stakeholders, (5) policies for how they clear documents for distribution and reporting, and (6) how they are disbanded, including the transfer of residual activities to relevant regional or functional bureaus at the conclusion of the crisis.

The Assistant to the Administrator for Policy, Planning and Learning direct the development of—and test procedures for—integrating response, recovery, and transition activities during a complex whole-of-Agency humanitarian or health emergency.

The Assistant to the Administrator for Policy, Planning and Learning direct the Office of U.S. Foreign Disaster Assistance, in collaboration with Global Health and health officers from other bureaus, to develop policies for identifying health response triggers, deploying a small team to assess a health situation in collaboration with mission staff, and provide an initial needs assessment before a disaster declaration is made.

The Assistant to the Administrator for Policy, Planning and Learning direct all regional and functional bureaus to identify and maintain a listing of key staff who would be involved in a whole-of-Agency emergency response, and provide those staff with abbreviated training on the Office of U.S. Foreign Disaster Assistance Disaster Assistance Response Team and Response Management Team to build a stronger cadre of cross-sectoral teams.

The Assistant to the Administrator for Policy, Planning and Learning direct the formation of a process for (1) identifying relevant technical experts across the Agency, (2) maintaining a catalog that includes how they can be reached in the event of another health crisis, and (3) temporarily reassigning them away from their existing duties.

The Assistant to the Administrator for Policy, Planning and Learning direct the establishment of guidelines outlining the steps missions and bureaus can take in the event of an emerging crisis, including how to reprogram existing funds (from central mechanisms and mission mechanisms) and transfer resources. This should be coordinated among the Office of Acquisition and Assistance, the Office of Budget and Resource Management, and the Chief Financial Officer.

The Assistant to the Administrator for Policy, Planning and Learning direct the Office of Acquisition and Assistance to determine what can be done to insert flexibility clauses into the missions’ program awards, as appropriate, so that missions can respond to emerging crises using existing resources and nongovernmental organizations on the ground that are familiar with the country context, and implement a policy accordingly. This additional flexibility should be accompanied by sufficient controls to prevent abuse.

The Assistant to the Administrator for Policy, Planning and Learning direct the development of an Agency-wide content management system where decisions, documents, and lessons can be tracked and accessed by staff to improve the consistency of records management.

The Assistant to the Administrator for Policy, Planning and Learning direct the development of an Agency-wide system that tracks program awards and relevant contractors and partners implementing those awards to bring all systems together, reduce duplication, and increase collaboration and oversight.

The Assistant to the Administrator for Policy, Planning and Learning direct the creation or appointment of a unit, and development of a policy that requires operating units involved in an emergency response or recovery to (1) collectively identify lessons learned, (2) develop after-action reports, (3) create a timeline for corrective actions to take place, and (4) follow up on those planned actions to ensure they occur, including updating the policy framework, if necessary.

OFDA update policies and procedures to clearly define how staff should conduct initial and ongoing assessments and how the assessments should inform the development and modification of OFDA's strategic approach to disasters—especially the longer-term, complex emergencies that are becoming more common.

OFDA determine the extent to which the USAID-funded Ebola inventory has been redistributed in accordance with implementers' disposition plans, the excess inventory that remains, and whether U.S. Government funds are being used to store excess inventory.

OFDA determine the extent to which the USAID-funded Ebola inventory has been redistributed in accordance with implementers' disposition plans, the excess inventory that remains, and whether U.S. Government funds are being used to store excess inventory.

FDA update policies and procedures on monitoring response effectiveness, specifying the parties responsible, the frequency, and the method for collecting, analyzing, documenting, and reporting the information necessary to oversee response activities.

OFDA establish handover policies and procedures for members of Disaster Assistance Response Teams to provide consistency, continuity of operations, and institutional memory.

OFDA implement a strategy to provide proper monitoring and management of awards by agreement officer's representatives, especially when a disaster requires immediate oversight on a large scale.

OFDA implement a strategy to institutionalize OFDA's lessons learned from previous emergency responses and after-action reviews.

OFDA include sections in the multiple response strategy on filling open positions, ensuring a sufficient surge roster, and attracting qualified individuals to work on response efforts.

The Office of the Chief Financial Officer continue to investigate the $83 million differences between the Agency's Fund Balance With Treasury Account and Treasury fund balance to identify the root cause and, if appropriate, modify its
business process to mitigate future occurrences.

The Office of the Chief Financial Officer enhance its policies and procedures to ensure the subsidiary and general ledgers are completely reconciled and the causes of the differences are corrected.

The Office of the Chief Financial Officer implement a quality assurance program to validate the quarterly information that missions submit, and ensure that there are no differences between vehicle management information system and the Chief Financial Officer's records.

Evaluate whether its grant accrual methodology assumptions and calculations are effective. This evaluation should include an assessment of root causes for variances in estimated and actual accruals and take into consideration, experiences from at least the last 5 years.

Update the “Expense Accruals Financial Management Division Procedure Manual” to:

• Require supporting documentation, including rationale for deviating from MCC’s accrual policy and procedures. This documentation should also include MCC’s management approval for any deviations.
• Indicate in the guidance how reinstated unused spending authority and applicable subsequent disbursements are to be addressed in the grant accrual calculation.

Correct the accrual data for quarters three and four to reflect the actual spending authority and disbursements.

Update the "Compact Grant Accrual Validation Data Call Desktop Manual" to include timeframes for validating Millennium Challenge Accounts' grant accrual estimates and MCC's follow-up on significant differences so errors are promptly identified and addressed.

Provide Millennium Challenge Accounts with additional written instructions and training on evaluating the reasonableness of MCC's grant accrual estimates, and require each Millennium Challenge Account to submit documentation showing why it agrees with MCC's estimate.

Implement procedures for tracking and monitoring Millennium Challenge Accounts’ compliance with grant management policies and procedures, including Millennium Challenge Accounts' grant oversight, procurement eligibility verification, and grant award processes.

Enforce the requirement for the Millennium Challenge Accounts to submit quarterly financial reports and financial information by the due dates.

Establish procedures to ensure that Millennium Challenge Accounts' are providing accurate, complete, supportable, and valid financial information for data calls for contract retentions.

USAID's chief financial officer perform a written risk assessment of its general ledger posting model process, as required by Office of Management and Budget Circular A-123. The risk assessment should include cost-benefit considerations and a plan to implement compensating or appropriate internal controls to prevent and detect errors. The risk assessment should address:

• Segregation of duties.
• Data owner approval of changes to the general ledger posting models.
• Records of all steps in procedures.
• Use of activity or transaction logs for monitoring.
• The risk assessment should also document the acceptance of all risks that will not be mitigated.

USAID's chief financial officer update and implement USAID's general ledger posting model procedures, after taking final corrective action on recommendation 1, to include explicit roles and responsibilities and a step-by-step process for updating the posting models.

The chief financial officer document and implement Agency-integrated standard operating procedures for extracting, reviewing, validating, and submitting Digital Accountability and Transparency Act (DATA Act) files to the Treasury's DATA Act Broker website.

The chief financial officer document and implement procedures to validate and reconcile financial data in Digital Accountability and Transparency Act (DATA Act) files before submitting them to the Treasury's DATA Act Broker website.

We recommend that the chief information officer document and implement a process to track and remediate persistent vulnerabilities, or document acceptance of the associated risks.

We recommend that the chief information officer document and implement a process to verify that vulnerability assessment tools are configured to detect vulnerabilities previously undiscovered by internal scans.

We recommend that the chief information officer develop and implement a documented process to migrate unsupported applications from their existing platform to vendor-supported platforms. The risk and approval, including adequate compensating controls, should be documented if an exception must be made until the unsupported software is migrated to vendor-supported platforms.

We recommend that the chief information officer document and implement a process to verify that Microsoft Windows systems comply with the U.S. Government Configuration Baseline, and to grant and disseminate approved deviations from the baseline configuration settings.

We recommend that the chief information officer document and implement a plan to confirm all internal and external systems are currently authorized to operate.

We recommend that the chief information officer document and implement a plan to annually assess risks for all internal and external systems in accordance with agency policy.

We recommend that the chief information officer establish a process to monitor the operation of the automated script that disables accounts after 90 days of inactivity.

We recommend that the chief information officer (a) identify system owners; (b) require them to verify their procedures for revoking system access accounts for separated and transferred employees and contractors are enforced; and (c) document their responses.

We recommend that the chief information officer document and implement a procedure to check for unauthorized software at established intervals.

We recommend that the chief human capital officer document and implement a process to verify that all employees' exit clearance forms are completed and maintained in accordance with policy.

We recommend that the chief information officer document and implement a procedure to review and analyze remote access connections.

USADF's chief information security officer strengthen the organization-wide information security program in accordance with National Institute of Standards and Technology standards by establishing and implementing documented processes to:

• Establish, communicate, and implement an organization-wide risk management strategy for operation and use of the Foundation's information systems in accordance with National Institute of Standards and Technology standards.
• Review and update the system security plans to reflect National Institute of Standards and Technology Special Publication 800-53, Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations." At a minimum, this should include a determination whether the security requirements and controls for the system are adequately documented and reflect the current information system environment.
• Perform information system security assessments on an annual basis in accordance with USADF's policy.
• Review and update the system

USADF's chief information security officer develop and implement a documented process to track and remediate vulnerabilities in accordance with USADF's policy. This includes confirming patches are applied in a timely manner and tested prior to implementation in accordance with USADF policy.

USADF's chief information security officer develop and implement a documented process to migrate unsupported applications from their existing platform to vendor-supported platforms. That process must document the risks, required approvals, and adequate mitigating controls that will be used for unsupported software until it can be migrated to vendor-supported platforms.

USADF's chief information security officer develop and implement a written process to enforce the immediate disabling of employee user accounts upon separation from the organization and perform account recertification in accordance with USADF policy, including adhering to the required frequency for recertifying accounts and providing responses.

We recommend that the Inter-American Foundation's chief information officer remediate unsupported software and configuration related vulnerabilities in the network identified by the Office of Inspector General, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities.

We recommend that the Inter-American Foundation's Chief Information Officer document and implement a process to test system changes and document the results of testing.

We recommend that the Inter-American Foundation's Chief Information Officer document and implement a process to test the Foundation's incident response capabilities.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $33,000 in USAID ineligible direct questioned costs and recover any amount that is unallowable detailed on pages 1-11 and 1-63  of the audit report.

OPIC's chief information officer remediate network vulnerabilities identified by the Office of Inspector General's contractor, as appropriate, or document acceptance of the risks of those vulnerabilities.