Recommendation Dashboard

USAID/Peru determine the allowability of $184,318 in ineligible questioned costs on pages 16 and 18 of the audit report and recover any amount that is unallowable.

USAID/Peru veify that DEVIDA corrects the two significant deficiencies in internal control detailed on pages 27 and 28 of the audit report. 

USAID Peru verify that DEVIDA corrects the one instance of material noncompliance detailed on page 42 of the audit report.

USAID/Pakistan determine the allowability of $5,738,008 in questioned costs ($5,698,756 ineligible and $39,252 unsupported) as detailed in Table 1 on pages 3–4 of this memorandum, and recover any amount that is unallowable.

USAID/Pakistan determine (1) whether disposal was made for the dismantled materials; (2) the amount of sales of the dismantled materials not reported to USAID; and (3) the allowability and recovery, if appropriate, of these questioned revenues, as detailed in Finding 4.1.4 on pages 29-30 of the audit report.

USAID/Pakistan verify that the Provincial Reconstruction Rehabilitation & Settlement Authority, Government of Khyber Pakhtunkhwa corrects the 30 material instances of noncompliance detailed in Table 1 on pages 3–4 of this memorandum. 

USAID/Cyprus determine the allowability and collect as appropriate, $34,112 in ineligible questioned costs as detailed in appendix A of PricewaterhouseCoopers report.

USAID/West Bank and Gaza require Development Alternatives, Inc. to establish and implement policies and procedures ensuring competitive contracting, as detailed on pages 19-21 of PricewaterhouseCoopers audit report.

USAID/West Bank and Gaza require Development Alternatives, Inc. to establish and implement policies and procedures ensuring proper incorporation of the required provisions in its sub-awards, as detailed on pages 22-24 of PricewaterhouseCoopers audit report.

USAID/Pakistan verify that Trust for Democratic Education and Accountability corrects the one material weakness in internal control identified in the report on internal control on page 21 and further detailed in Finding 7.1 on page 25 of the audit report.

USAID/Pakistan verify that Trust for Democratic Education and Accountability corrects the two issues which we considered as material instances of noncompliance as discussed on page 2 of this memorandum and further detailed in Issues 1 and 2 of the management letter.

USAID's chief information officer update the Agency's Vulnerability Management Standard Operating Procedure to (1) define the timeframe for applying system patches and (2) document and implement a process to validate that system patches are applied according to the timeframe
specified in the procedure.

USAID's chief information officer document and implement a process to validate that unsupported software is either upgraded or removed within 48 hours of identification, as specified in the Agency's Unauthorized/Unsupported Software Standard Operating Procedures, or document acceptance of the risk for allowing the unsupported software on the network.

USAID's chief information officer document and implement a process to fully automate the disabling of accounts after 90 days of inactivity and document the results.

USAID's chief information officer document and implement a process to validate that Agency account management policies are enforced for all USAID information systems, or formally document acceptance of the risk when implementing the account management policies is not feasible.

USAID's chief information officer document and implement a process to validate that USAID procedures are followed for testing, conducting security impact analysis of, and approving system changes.

USAID's chief information officer document and implement a process to validate that security assessment plans are documented and uploaded into the Cyber Security Assessment and Management tool.

USAID's chief information officer document and implement a process for reviewing plans of action and milestones on a regular basis to validate that scheduled completion dates, milestone updates, and quarterly updates are documented.

USAID's chief information officer document and implement a process to validate that USAID's privacy plan, policies, and procedures define personally identifiable information in accordance with National Institute of Standards and Technology (NIST) Special Publication 800-122, and are reviewed and kept up-to-date at least on a biannual basis as recommended by NIST Special Publication 800-53 (revision 4).

USAID's chief information officer document and implement a process to complete the rollout of the role-based security training to all required individuals.

USAID/Guinea determine the allowability of $2,371 ineligible questioned costs on pages 14 and 17 of the audit report and recover any amount that is unallowable.

USAID/Guinea verify that Organisation Catholique pour la Promotion Humaine Caritas Guinea corrects the one material weaknesses and two significant deficiencies in internal control detailed on pages 24 to 26 of the audit report.

USAID/Guinea verify that Organisation Catholique pour la Promotion Humaine Caritas Guinea corrects the two instances of material noncompliance detailed on pages 29 and 30 of the audit report.

USAID/Southern Africa verify that Africa Health Placements NPC corrects the two instances of material noncompliance detailed on pages 22 and 23 of the audit report.

USAID/M/OAA/CAS/CAM determine the allowability of $123,749 in ineligible questioned costs on page 11 of the audit report and recover any amount that is unallowable.

USAID/M/OAA/CAS/CAM verify that KPMG East Africa Limited corrects the two instances of material noncompliance detailed on pages 17 to 19 of the audit report.

USAID/M/OAA/CAS/CAM verify that KPMG East Africa Limited corrects the one instance of material noncompliance emanating from prior periods and detailed on page 20 of the audit report.

USAID/Kenya and East Africa determine the allowability of $38,715 in questioned costs ($37,521 ineligible, $1,194 unsupported) on pages 12 and 17 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that African Union-Interafrican Bureau for Animal Resources corrects the one significant deficiency in internal control detailed on page 25 of the audit report.

USAID/Kenya and East Africa verify that African Union-Interafrican Bureau for Animal Resources corrects the three instances of material noncompliance detailed on pages 29 to 32 of the audit report.

USAID/Nigeria determine the allowability of $98,820 in ineligible questioned costs on pages 19, 20, 25, and 26 of the audit report and recover any amount that is unallowable.

USAID/Nigeria verify that Interfaith Mediation Centre corrects the two material weaknesses in internal control identified on page 25 of the audit report.

MCC's Department of Administration and Finance and the Chief Financial Officer update the "Expense Accruals Financial Management Division Procedure Manual" to reflect the current grant accrual methodology.

MCC's Department of Administration and Finance and the Chief Financial Officer provide Millennium Challenge Accounts with written guidance on developing grant accrual estimates to ensure validity of the grant accruals estimate. The guidance should include, but not be limited to, the following: 1) Take into consideration the impact of contract advances and retentions for large works contracts in the accrual estimate. 2) Ensure that accrual estimates do not include costs that will not be paid with compact funds. 3) Consider historical questioned costs for contracts and grants that are significant in developing the accrual estimate.

MCC's Department of Administration and Finance and the Chief Financial Officer update the "Compact Grant Accrual Validation Data Call Desktop Manual" to include a time requirement for MCC to perform followup with Millennium Challenge Accounts so that errors in accrual estimates or validations are promptly identified and addressed.

MCC's Department of Administration and Finance and the Chief Financial Officer provide Millennium Challenge Accounts with written guidance to ensure that the Millennium Challenge Accounts perform grant accrual validation correctly to include, but not be limited to, validation of consultant contract costs.

MCC's Department of Administration and Finance and the Chief Financial Officer develop clear and complete written guidance for the Millennium Challenge Accounts' internal control over the data call process, provide effective training, and monitor the effectiveness of the internal control.

MCC's Department of Administration and Finance and the Chief Financial Officer develop, document, and implement a process to oversee and verify that the accountable Government entities conduct pre-Millennium Challenge Accounts compact procurements in accordance with the compact agreement and the Program Procurement Guidelines.

MCC's Department of Administration and Finance and the Chief Financial Officer update MCC's Program Procurement Guidelines to require the Millennium Challenge Accounts to document alternative procurement procedures so that all parties are aware of what is required, who is accountable for what, and how the procurement will be documented.

MCC's Department of Administration and Finance and the Chief Financial Officer develop, document, and implement policies and procedures for MCC's management oversight of transfer and retention of pre-Millennium Challenge Accounts compact procurement and related documents to the Millennium Challenge Accounts.

MCC's Department of Administration and Finance and the Chief Financial Officer inform the Millennium Challenge Accounts that the U.S. State Department’s Terrorist Exclusion List should be documented separately, for all currently active awards and future awards, and update MCC’s vendor eligibility verification guidance provided to the Millennium Challenge Accounts for completeness and accuracy.

MCC's Department of Administration and Finance and the Chief Financial Officer Identify the Millennium Challenge Accounts who are late with the vendor invoice payments, determine the reasons/causes for late payments, implement corrective actions, and monitor effectiveness of the corrective actions.

USAID/Haiti document and implement a detailed plan to conclude the Pilot Project for Sustainable Electricity Distribution that includes deliberate benchmarks and timelines for modernization and expansion to best position the utility for the private sector transfer strategy at the end of the project, and a formal contingency plan in case a private sector operator is not on track to take over the utility by the specified time.

USAID/Haiti implement a plan to address the longstanding staffing challenges at USAID/Haiti, reported repeatedly in the mission’s Federal Manager’s Financial Integrity Act of 1982 certifications, to enable the mission to better address the project oversight deficiencies identified in this report.

USAID develop and implement a governance structure so that the chief information officer position reports directly to the Administrator as required by the Federal Information Technology Acquisition Reform Act and the Clinger-Cohen Act.

USAID revise Automated Directives System 101 to give the chief information officer the roles, responsibilities, and authorities to oversee all annual and multiyear planning, programming, and budget execution decisions, and reports related to information technology resources, as required by the Federal Information Technology Acquisition Reform Act.

USAID develop and implement policies that give the chief information officer authority for formulating and executing the information technology budget and overseeing information technology resources, as required by the Federal Information Technology Acquisition Reform Act.

USAID revise Agency policies and procedures to provide the chief information officer with information needed for overseeing all information technology investments and acquisitions to prevent, detect, and correct shadow and hidden information technology.

USAID issue a written decision on whether to authorize DTRAMS, and take appropriate actions to comply with security assessment and authorization controls in National Institute of Standards and Technology Special Publication 800-53 Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations."

USAID document and implement an inventory validation process to accurately and completely document information technology investments, the information technology systems inventory, and the Federal Information Security Modernization Act reportable systems inventory.

USAID document and implement processes for maintaining accurate records for, and managing the consolidation and streamlining of, its information technology resources, systems, data centers, and other shared information technology services in compliance with Office of Management and Budget Memorandum M-15-14.

USAID revise Agency policies, procedures, and directives to adopt the definitions of terms and requirements presented in Office of Management and Budget Memorandum M-15-14, including (1) information technology budgetary resources, personnel, and facilities and (2) acquisitions and interagency agreements that include information technology and the services or equipment provided by such acquisitions or interagency agreements.

USAID document and implement a process to enforce the competency requirements for information technology staff, including those in information technology leadership positions, and complete the assessment of competency requirements for information technology staff.

USAID/Pakistan determine the allowability of $1,301,519 in questioned costs ($1,195,033 ineligible and $106,486 unsupported) as detailed in Table 1 on pages 3–4 of this memorandum, and recover any amount that is unallowable.

USAID/Pakistan determine (1) whether disposal was made for old pipes extracted from sites; (2) the amount of sales of the old pipes not reported to USAID; and (3) the allowability and recovery, if appropriate, of these questioned revenues, as detailed in Finding 4.3.16 on page 46 of the audit report.

USAID/Pakistan verify that the Local Government & Rural Development Department, Government of Khyber Pakhtunkhwa corrects the 17 material instances of noncompliance detailed in Table 1 on pages 3–4 of this memorandum.

USAID/Haiti determine the allowability of $110,064 in unsupported questioned costs on pages 10 and 11 of the audit report and recover any amount that is unallowable.

USAID/Haiti verify that FONKOZE corrects the one significant deficiency in internal control detailed on pages 24 to 27 of the audit report. 

USAID/Haiti verify that FONKOZE corrects the one instance of material noncompliance detailed on pages 33 and 36 of the audit report.

USAID/Haiti verify that FONKOZE corrects the one significant deficiency in internal control related to tax withholding on transportation allowance for employees totaling $4,513 detailed on page 35 of the management letter. 

USAID's Office of Acquisition and Assistance, Cost Audit and Support Division determine the allowability of $3,237 in unsupported direct questioned costs  detailed on page 2, of the audit  report and recovers any amount that is unallowable.

USAID's Office of Acquisition and Assistance, Cost Audit and Support Division determine the allowability of $1,503 in reimbursements from Advanced Engineering Associates International, Inc. as detailed  on page 2, of the audit report.

IAF develop and implement an enterprise risk management policy that fully defines the Foundation's risk management policies, procedures, and strategy, including (a) the organization's processes and methodologies for categorizing risk; (b) developing a risk profile; (c) assessing risk and risk appetite/tolerance levels and responding to risk; and (d) monitoring risk.

IAF (a) create a change control board or related oversight body, composed of knowledgeable individuals from across functional departments that reviews, approves, and manages changes to configuration items; and (b) ensure that the oversight body formed in "a" above develops a configuration management plan that documents roles and responsibilities and configuration management processes, including identifying and managing configuration items at the appropriate point in an organization's software development life cycle; performing configuration monitoring; and applying configuration management requirements to contracted systems. The plan should also ensure that the originator and approver of changes are not the same person.

IAF test and exercise the Foundation's continuity of operations plan and document the specific test and exercise activities conducted, along with their results.

IAF remediate configuration-related vulnerabilities in the network identified by the Office of Inspector General, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities. 

United States African Development Foundation's chief information security officer fully develop and document a risk management strategy for information technology operations that requires the Foundation to identify: (i) risk assumptions; (ii) risk constraints (iii) risk tolerance; and (iv) priorities and trade-offs. 

United States African Development Foundation's chief information security officer update the Foundation’s access control policies and procedures to include the use of personal identity verification credentials and how the credentials are enforced for logical access to USADF’s information technology resources.

United States African Development Foundation's chief information security officer update the Foundation’s continuous monitoring policies and procedures to include how its chief Information officer, information technology systems administrator, and security analyst gather, document, assess, and remediate information system vulnerabilities, threats, and risks in a timely manner and then implement the procedures.

USAID/Eastern and Southern Caribbean determine the allowability of $2,630 in ineligible questioned costs on page 20 of the audit report related to the outstanding balance and recover any amount that is unallowable. 

USAID/El Salvador verify that FEPADE corrects the indirect cost rate schedule detailed on page 53 of the audit report and confirm if the cumulative indirect costs charged to the program on page 18 of the audit report are correct.

USAID/India determine the allowability of $146,204 in questioned costs (ineligible) identified in the fund accountability statement on page 28, and further detailed in Findings 1 and 2 in the Annexure to Questioned Costs on pages 40–41 of the audit report, and recover any amount that is unallowable.

USAID/India verify that the IPE Global Limited corrects the two material instances of noncompliance discussed on page 2 of this memorandum and further discussed in Findings 1 and 2 in the Annexure to Questioned Costs on pages 40–41 of the audit report.

USAID/India verify that the IPE Global Limited corrects the material weakness in internal control identified in the report on internal control on page 46 and further discussed in Finding 1 in the Annexure on page 47 of the audit report.

USAID/India verify that the IPE Global Limited corrects the material instance of noncompliance identified in the report on compliance on page 50 and further discussed in the Annexure on pages 51–52; and the finding in the report on internal control on page 46 that we considered as a material instance of noncompliance discussed on page 2 of this memorandum and further discussed in Finding 2 in the Annexure on pages 47–48 of the audit report.

USAID/Brazil ensure that IEB corrects internal control deficiency number 1 identified in the letter to management on page 22 that resulted in questioned costs and make a management decision with regards to the allowability of related costs and recover the amounts determined to be unallowable.

USAID/Southern Africa determine the allowability of $269,232 in ineligible questioned costs on page 13 of the audit report and recover any amount that is unallowable.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $3,168 in unsupported direct costs from Tetra Teck ES, Inc. detailed on page 2 of the audit report and recover any amount that is unallowable.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Tetra Teck ES, Inc. corrects Finding #1 detailed on pages 13 and 14 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $7,620 in reimbursements from Associates in Rural Development, Inc. detailed on pages 1 and 2 of the report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $6,798 in unsupported direct questioned costs from Associates in Rural Development, Inc. detailed on pages 1 and 2 of the report and recover any amount that is unallowable.

USAID/Zambia verify that Luapula Foundation corrects the three instances of noncompliance detailed on pages 30, 31, 33 and 34 of the audit report.

MCC's chief risk officer develop and implement its enterprise risk management program to include a strategy to manage risks associated with the operations and use of information systems.

MCC's chief information officer update the privacy threshold analysis for the MCC management information system with the revised template to determine whether a privacy impact assessment is required.

MCC's Domestic and International Security Office update MCC's "Background Investigation and Clearances for Federal
Employment, Contract Service and/or Volunteer Service at the Millennium Challenge Corporation" policy to reflect the current personnel security controls.

MCC's Domestic and International Security Office document and implement a process to review the data within the Background Investigation Access Database to validate whether the data are complete, accurate, and kept up-to-date.

MCC's Domestic and International Security Office document and implement a process to track reinvestigations of employees and contractors and initiate reinvestigations in a timely manner.

USAID/West Africa Regional determine the allowability of $52,418 in questioned cost ($2,096 in ineligible and $50,322 in unsupported questioned cost) identified on pages 15, 16, and 18 of the audit report and recover any amount that is unallowable.

USAID/West Africa Regional verify that West and Central African Council for Agricultural Research and Development corrects the two significant deficiencies in internal control detailed on pages 23 to 24 of the audit report.

USAID/West Africa Regional verify that West and Central African Council for Agricultural Research and Development corrects the two instances of material noncompliance detailed on pages 28 and 29 of the audit report.

USAID/Malawi determine the allowability of $2,095,324 in questioned costs ($254,693 ineligible, $1,840,631 unsupported) on pages 16, 22, 23 and 27 of the agreed-upon procedures report and recover any amount that is unallowable.

USAID/Malawi verify that Dignitas International corrects the 18 factual findings detailed on pages 28 to 46 of the agreed-upon procedures report.

MCC verify thatt MCA-Zambia corrects the one instance of material noncompliance detailed on page 20 of the audit report.

USAID/Zambia verify that Expanded Church Response corrects the five significant deficiencies in internal control detailed on pages 27 to 32 of the audit report.

USAID/Zambia verify that Expanded Church Response corrects the three instances of material noncompliance detailed on pages 35 to 37 of the audit report.

USAID/Zambia verify that Expanded Church Response provide World Vision Zambia with a copy of the findings raised in Deloitte & Touche's audit report for their review and any appropriate action regarding the two significant deficiencies in internal control and three instances of material noncompliance related to the subagreement Gender Based Violence Survivor Support Project, cooperative agreement AID-611-A-12-00004 as detailed on pages 26 to 27, and 35 to 37 of the report.

USAID/Uganda verify that RECO Industries Limited corrects the two significant deficiencies in internal control detailed on pages 25 and 27 of the audit report.

USAID/Tanzania determine the allowability of $53,137 in questioned costs ($50,542 ineligible, $2,595 unsupported) on pages 10, 12, and 13 of the audit report and page 7 of the management letter and recover any amount that is unallowable.

USAID/Tanzania verify that Selian Lutheran Hospital corrects the four instances of material noncompliance detailed on pages 16 to 19 of the audit report.

USAID/Southern Africa determine the allowability of $58,124 in ineligible questioned costs on pages 9, 10, 14, and 15 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Society for Family Health Trust corrects the one material weakness in internal control detailed on page 5 of the audit report.

We recommend that USAID/Southern Africa verify that Society for Family Health Trust corrects the one instance of material noncompliance detailed on page 7 of the audit report.

USAID/Southern Africa determine the allowability of $1,250 in ineligible questioned costs for excess interest and recover any amount that is determined to be unallowable.

USAID/Southern Africa verify that HIV South Africa corrects the two material weaknesses in internal control detailed on pages 21 to 23 of the audit report.

USAID/Southern Africa determine the allowability of $83,070 in ineligible questioned costs on pages 27 and 42 to 43 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that AgriAid corrects the four significant deficiencies in internal control detailed on pages 22 to 26 of the audit report.

USAID/Southern Africa verify that Witkoppen Health and Welfare Centre corrects the one significant deficiency in internal control detailed on pages 30 to 31 of the audit report.

USAID/Southern Africa determine whether outstanding advances to the Baylor College of Medicine Children's Foundation Malawi are excessive, and, if so, request a refund of funds in excess of immediate disbursing needs in accordance with ADS 636.3.3.2.

USAID/Zimbabwe determine the allowability of $127,151 in ineligible questioned costs on page 30 of the audit report and recover any amount that is unallowable.

USAID/Zimbabwe verify that Family AIDS Caring Trust corrects the significant deficiency in internal control detailed on pages 10 and 31 of the audit report.

USAID/Zimbabwe verify that Family AIDS Caring Trust corrects the two instances of material noncompliance detailed on pages 30 and 32 of the audit report.

USAID/Liberia determine the allowability of $338,880 in questioned costs ($69,559 ineligible and $269,321 unsupported) identified on pages 18 and 24 to 34 of the audit report and recover any amount that is unallowable.

USAID/Liberia verify that Building Markets corrects the four significant deficiencies in internal control detailed on pages 34 to 38 of the audit report.

USAID/Liberia verify that Building Markets corrects the two instances of material noncompliance detailed on pages 33 and 38 to 39 of the audit report.

USAID/Liberia determine the allowability of $791,643 in ineligible cost sharing contributions identified on page 14 of Building Markets' audit report and take action deemed necessary under Automated Directives System 303.3.10.

USAID/West Africa Regional determine the allowability of $10,682 in ineligible questioned costs identified on pages 16, 18, 29, and 30 of the audit report and recover any amount that is unallowable

USAID/West Africa Regional verify that West and Central African Council for Agricultural Research and Development corrects the one significant deficiency in internal control detailed on page 24 of the audit report.

USAID/West Africa Regional verify that West and Central African Council for Agricultural Research and Development corrects the two instances of material noncompliance detailed on pages 29 and 30 of the audit report.

USAID/West Africa Regional verify that all closeout procedures regarding agreement 624-A-00-09-00037-00 with West and Central African Council for Agricultural Research and Development are finalized and that a disposition plan is in place.

USAID/Tanzania verify that National Council for People Living with HIV and AIDS corrects the one instance of material noncompliance detailed on pages 15 and 16 of the management letter.

USAID/Zimbabwe determine the allowability of $51,925 in ineligible questioned cost on page 8 of the audit report and recover any amount that is unallowable.

USAID/Zimbabwe verify that Southern Africa HIV and AIDS Information Dissemination Service corrects the two instances of material noncompliance detailed on pages 18 and 19 of the audit report.

USAID/Nepal verify that the Social Empowerment and Building Accessibility Centre-Nepal corrects the two significant deficiencies in internal control discussed on page 2 of this memorandum and detailed in Observations A.1 and A.2 of the management letter.

USAID/Nepal verify that the Social Empowerment and Building Accessibility Centre-Nepal corrects the two material instances of noncompliance discussed on page 2 of this memorandum and detailed in Issue 6 on page 11 of the report and Observation B.3 of the management letter.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Plan International, Inc. has corrected the four material weaknesses and three significant deficiencies in internal control over financial reporting and the three material weaknesses in internal control over compliance detailed on pages 39 through 47 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Plan International, Inc. has corrected the three instances of noncompliance with requirements that could have a direct and material effect on each major program detailed on pages 47 through 50 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $79,853 in reimbursements from Associates in Rural Development, Inc. detailed on pages 1 and 2 and 29 through 34 of the report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $13,367 in unsupported direct costs from Associates in Rural Development, Inc. detailed on pages 1 and 2 and 29 through 34 of the report and recover any amount that is unallowable.

USAID/Haiti verify that FPDI corrects the one significant deficiency in internal control detailed on pages 18 and 19 of the audit report.

USAID/Haiti determine the allowability of $3,242 in unsupported questioned costs included on pages 10 and 14 of the audit report and recover any amount that is unallowable.

USAID/Haiti verify that YSBH corrects the six significant deficiencies in internal control detailed on pages 19 and 20 of the audit report.

USAID/Haiti determine the allowability of $1,057 in ineligible questioned costs included on page 30 of the audit report and recover any amount that is unallowable.

USAID/Haiti verify that YSBH corrects the one instance of noncompliance detailed on page 35 of the audit report.

USAID/Haiti verify that YSBH corrects the prior audit report recommendations detailed on page 9 of the audit report.

USAID/Colombia determine the allowability of $12,663 in ineligible questioned costs on page 20 of the audit report and recover any amount that is unallowable.

USAID/Colombia verify that CODHES corrects the two instances of material noncompliance detailed on pages 36 and 37 of the audit report and pages 17-18 of the management letter.

USAID/Colombia verify that CODHES corrects the four significant deficiencies in internal control detailed on pages 3-17 of the management letter.

USAID/Colombia determine the allowability of $7,401 in ineligible questioned costs on page 26 of the audit report and on pages 8 and 9 of the management letter and recover any amount that is unallowable. 

USAID/Colombia verify that CODHES takes corrective action on the two prior year recommendations reported on pages 41-42 of the audit report.

USAID/Nepal determine the allowability of $49,117 in questioned costs (ineligible) identified in the fund accountability statements on pages 6 and 8, and further detailed in Annexure 1 on page 26 of the audit report, and recover any amount that is unallowable. 

USAID/Nepal verify that the National Society for Earthquake Technology – Nepal corrects the two material instances of noncompliance identified in the report on compliance on page 16 and further discussed in Findings 3 and 4 on page 19 of the audit report.

USAID/Nepal verify that the National Society for Earthquake Technology – Nepal corrects the significant deficiency in internal control discussed on page 2 of this memorandum and detailed in Finding 2 on pages 18–19 of the audit report.

MCC verify that MCA-Benin II corrects the one significant deficiency in internal control detailed on pages 30 to 31 of the audit report.

MCC verify that MCA-Benin II corrects the one instance of material noncompliance detailed on page 32 of the audit report.

USAID/Pakistan Implement a plan to bring together relevant Government of Pakistan officials, Government of Gilgit-Baltistan officials, and water-rights holders to resolve the issues of maintenance and operation of the Satpara Development Project’s irrigation system and water access rights.

USAID/Jamaica determine the allowability of $34,506 in ineligible questioned costs on page 2 of the management letter and recover any amount that is unallowable. 

USAID/Jamaica verify if cost sharing contributions, on page 28 of the audit report, were provided for Implementation Letter 2 and 3 as required by the agreement terms prior to the closeout of these awards.

USAID/Jamaica determine the allowability of $8,193 in ineligible questioned costs on page 12 of the audit report related to the outstanding balance and recover any amount that is unallowable.

USAID develop a comprehensive risk management policy for assessing and mitigating risk for PIO awards. The policy should inform staff on risk tolerances and risk categories; provide a framework and guidance on how and when to assess risks, develop risk responses, and assign mitigating controls based on risks; and clearly communicate roles and responsibilities for carrying out risk management across the Agency.

USAID establish a dedicated, centralized entity with the authority and resources to assess and address (1) PIO performance, (2) PIO internal oversight effectiveness, (3) other crosscutting PIO oversight methods, and (4) oversight units operating across multiple organizations, using information from across the Agency.

USAID develop a comprehensive policy that outlines (1) what authority—for example, other transaction authority—will be used to make each PIO award and (2) what corresponding rules and regulations apply, to include the roles and responsibilities for individuals and offices responsible for award management.

USAID direct the Office of Foreign Disaster Assistance to (1) review and define its processes for making awards to PIOs to carry out work in long-term crisis environments and (2) update policies to ensure they include standards of internal control related to documenting the internal control system, analyzing risks, designing control activities, and documenting transactions by retaining records.

USAID direct the Office of Food for Peace to (1) review and define its processes for making awards to PIOs to carry out work in long-term crisis environments and (2) update policies to ensure they include standards of internal control related to documenting the internal control system, analyzing risks, designing control activities, and documenting transactions by retaining records.

USAID Establish requirements for PIOs to notify USAID of suspected and identified serious criminal misconduct in activities funded by USAID to include unlawful actions taken by employees, subpartners, subcontractors, vendors, or other parties. The requirements should specify the process for reporting and criteria for what to report.

USAID/Peru determine the allowability of $78,330 in ineligible questioned costs on page 20 of the audit report and recover any amount that is unallowable.

USAID/Peru determine the allowability of $28,848 in questioned costs ($7,698 ineligible, $21,150 unsupported) on page 21 of the audit report and recover any amount that is unallowable.

USAID/Peru determine the allowability of $49,846 in unsupported questioned costs reported in the cost sharing schedule on pages 48 and 50 of the audit report and recover any amount that is unallowable

USAID/Peru verify that GORESAM corrects the one material weaknesses detailed on page 28 of the audit report.

USAID/Peru verify that GORESAM corrects the four instances of material noncompliance detailed on pages 30 and 31 of the audit report.

USAID/Peru verify that GORESAM takes corrective action on the 9 prior year recommendations reported on page 18 of the audit report. 

USAID/Dominican Republic determine the allowability of $15,724 in ineligible questioned costs in regard to the outstanding balance included on page 39 of the audit report and recover any amount that is unallowable.

USAID/Nepal determine the allowability of $90,732 in questioned costs ($29,011 ineligible, and $56,141 plus $5,580 unsupported) on page 3 of the audit report, and further detailed in Annexure V on page 41, and recover any amount that is unallowable.

USAID/Nepal verify that the Department of Health Services, Government of Nepal corrects the seven significant deficiencies (Findings 1-7 on pages 8-17 of the audit report).

USAID/Nepal verify that the Department of Health Services, Government of Nepal corrects the nine material instances of noncompliance (Findings 8-15 on pages 21-29 of the audit report and Observation 3 on page 2 of the management letter).

USAID/West Bank and Gaza require Near East Foundation to establish and implement policies and procedures ensuring proper incorporation of the required mandatory provision in its subcontracts with third parties, as detailed on page 14 of Ernst and Young audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $15,296,357 in unsupported direct costs from AECOM International Development, Inc. detailed on pages 2 through 4, and 12 through 16 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that AECOM International Development, Inc. corrects Findings #1 and #2 detailed on pages 12 through 16 of the audit report.

USAID/Afghanistan determine the allowability, and collect as appropriate, $1,329,286 in ineligible questioned costs, as detailed on pages 18 of the audit report.

USAID/Afghanistan verify that the Ministry of Agriculture, Irrigation and Livestock corrects the three material weaknesses (1. the recipient has not exercised its right to liquidate the collaterals against the loans written off over the project period, 2. the recipient has no documented financial statement closing process, and 3. the recipient has weaknesses in information technology general controls) and one significant deficiency in internal control related to the accounting application used by the recipient as detailed on pages 27 to 32 of the audit report.

USAID/Afghanistan verify that the Ministry of Agriculture, Irrigation and Livestock corrects the three instances of material noncompliance (1. loans and advances were written off in excess of the allowed 5% threshold of loans portfolio, 2. operating expenditure included in the fund accountability statement that were not included in the approved budget, and 3. advances paid to staff and prepayment to contractors against operational expenses. These payments were not provided in the budget) as detailed on pages 37 to 39 of the audit report. 

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that The Nature Conservancy corrects the material weaknesses in internal control over financial reporting and in the report on internal control over compliance and the significant deficiencies in the report on internal control over compliance detailed on pages 49 through 52 and pages 55 through 61 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that The Nature Conservancy corrects the instances of noncompliance in the report on compliance and other matters for each major federal program detailed on pages 52 and 59 through 61 of the audit report.

USAID/Pakistan determine the allowability of $1,225,524 in questioned costs ($950,865 ineligible, $274,659 unsupported) as detailed in Table 1 on pages 3–4 of this memorandum, and recover any amount that is unallowable.

USAID/Pakistan determine (1) the breakdown of the $1,288,671 in questioned costs identified in the report on the fund accountability statement, (2) the questioned costs identified in the report on the fund accountability statement that did not pertain to the questioned costs summarized in Table 1 on pages 3–4 of this memorandum, and (3) the allowability and recovery, if appropriate, of these questioned costs.

USAID/Pakistan verify that the Provincial Reconstruction Rehabilitation and Settlement Authority, Government of Khyber Pakhtunkhwa corrects the 16 material instances of noncompliance detailed in Table 1 on pages 3–4 of this memorandum.

USAID/Barbados verify that The Prince's Youth Business International corrects the two instances of material noncompliance detailed on page 16 of the audit report.

USAID/Haiti conducts an assessment and implement a plan to align activities in each value chain to areas with the greatest potential for economic impact in the time remaining.

USAID/Haiti revises the monitoring and evaluation plan and implement procedures to more effectively measure and evaluate project success and impact.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $19,663 in USAID ineligible direct questioned costs and recover any amount that is unallowable detailed on pages I-9, I-17, and IV-5 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Oxfam GB corrects the two significant deficiencies in internal control detailed on pages 5 and II-1 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Oxfam GB corrects the two material instances of noncompliance detailed on pages 5, III-1and III-2 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $19,680 in USAID unsupported direct questioned costs and recover any amount that is unallowable detailed on pages 1, 11, and 12 of the audit report.

USAID Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $111,383 in unsupported direct questioned costs on pages 1, 2 and 17 of the audit report, and recover any amount that is unallowable.

USAID/Malawi determine the allowability of $226,627 in questioned costs ($2,440 ineligible, $224,187 unsupported) on pages 22 and 26 of the audit report and recover any amount that is unallowable.

USAID/Malawi verify that Mulanje Mountain Conservation Trust corrects the five significant deficiencies in internal control detailed on pages 34 to 38 of the audit report.

USAID/Malawi verify that Mulanje Mountain Conservation Trust corrects the five instances of material noncompliance detailed on page 40 of the report.

USAID/Malawi determine the allowability of $46,242 shortfall in cost sharing identified on page 28 to 29 of the audit report and take corrective action deemed necessary under Automated Directives System (ADS) 303.3.10.

USAID/Southern Africa/PATA determine the allowability of $154,582 in questioned costs ($28,552 ineligible, $126,030 unsupported) on pages 23 to 48 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa/PATA verify that Tony Blair Governance Initiative corrects the one material weaknesses and four significant deficiencies in internal control detailed on pages 50 to 62 of the audit report.

USAID/Southern Africa/PATA determine the allowability of $346,125 in unsupported questioned cost sharing on pages 17 and 18 of the audit report and take corrective action deemed necessary under Automated Directives System, (ADS) 303.3.10.

USAID/Kenya and East Africa determine the allowability of $53,116 in ineligible questioned costs on pages 23 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that The Nature Conservancy corrects the five instances of material noncompliance detailed on pages 36 to 45 of the audit report.

USAID/Zimbabwe determine the allowability of $92,954 in ineligible questioned costs on pages 9 and 12 of the audit report and recover any amount that is unallowable.

USAID/Zimbabwe verify that Population Services Zimbabwe corrects the one instance of material noncompliance detailed on page 21 of the audit report.

USAID/M/OAA/CAS/CAM determine the allowability of $142,220 in questioned costs ($141,708 ineligible and $512 unsupported) identified on pages 10 and 11 of the audit report and recover any amount that is unallowable.

USAID/M/OAA/CAS/CAM verify that Deloitte & Touche corrects the one significant deficiency and one material weakness in internal control detailed on pages 20 and 21 of the audit report.

USAID/M/OAA/CAS/CAM verify that Deloitte & Touche corrects the two instances of material noncompliance detailed on pages 24 and 25 of the audit report.

USAID/Armenia determines the allowability, and collect as appropriate, $1,154 in questioned ineligible costs, as detailed on page 13 of BDO Armenia cjsc report.

USAID's Office of Acquisition and Assistance, Cost Audit and Support Division determine the allowability of $20,987 in direct unsupported questioned costs and recover any amount that is unallowable detailed on page 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost Audit and Support Division verify that Catholic Relief Services - United States Conference of Catholic Bishops, and Affiliates corrects the three significant deficiencies findings 2017-001 through 2017-003 in the report on internal control over financial reporting and the two significant deficiencies findings 2017-004 and 2017-005 in the report on internal control over compliance detailed on pages 20 through 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost Audit and Support Division verify that Catholic Relief Services - United States Conference of Catholic Bishops, and Affiliates corrects the two instances on noncompliance findings 2017-004 and 2017-005 in the report on compliance for each major federal program detailed on page 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost Audit and Support Division determine the allowability of $1,322,702 in USAID unsupported direct questioned costs and recover any amount that is unallowable detailed on pages 1 and 16 through 22 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Nathan Associates, Inc. corrects Findings #1 through # 3 detailed on pages 16 through 24 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that Louis Berger, Inc., Intermediate Home Office corrects Finding # 1 on page 4 and 5 of the audit report.

USAID/Pakistan verify that the Higher Education Commission corrects the four material instances of noncompliance discussed on page 2 of this memorandum and detailed in Observations 4.1.2, 4.1.3, 4.3.1, and 4.4.3 on pages 22–25 of the report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $2,340,798 in unsupported direct questioned costs on pages 1, 2, 8 and 14 of the audit report, and recover any amount that is unallowable.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that International Resource Group corrects finding #1 on pages 12 through 15 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that IntraHealth International, Inc. corrects the significant deficiency in internal control over financial reporting and internal control over compliance detailed on pages II-1 and III-2 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that IntraHealth International, Inc. corrects the instance of noncompliance with other matters and on each major federal program detailed on pages II-2 and III-2 of the audit report.

USAID Office of Acquisition and Assistance Cost, Audit and Support Division determine the allowability of $231,284 in unsupported direct questioned costs and $17,488 in ineligible direct questioned costs detailed on pages 2, 11 and 12 of the report and recovers any amount that is unallowable.

USAID Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Pragma Corporation corrects Finding #1 on pages 11 and 12 of the report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Abt Associates Inc., Government Segment corrects Finding # 1 on pages 7 through 11 of the audit report.

MCC's Department of Administration and Finance Update its "Improper Payment Requirements under OMB Circular A-123 Appendix C Financial Management Division Procedure Manual" and risk assessment tool to:

• Provide clear guidance and criteria on how each risk factor is to be assessed and documented by fund.
• Include requirements as to the nature and sufficiency of supporting documentation.

MCC's Department of Administration and Finance implement a procedure to review improper payments reported against the supporting documentation.

MCC's Department of Administration and Finance Include all forms of payments in the amounts reported for recapture in its Agency Financial Report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Nathan Associates, Inc. correct finding #1 on pages 6 through 10 of the report.

USAID/Nepal verify that the Nepal CRS Company Pvt. Ltd. corrects the one significant deficiency in internal control detailed on page 11 of the audit report.

USAID/Peru verify that Centro Agronomico Tropical de Investigacion y Ensenanza reimburses USAID the value added tax totaling $12,725 included on page 18 of the audit report.

USAID/Peru determine the allowability of $13,523 in eligible questioned costs identified on pages 25 and 26 of the management letter.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that World Learning, Inc. corrects the instance of noncompliance detailed on pages 40 and 41 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Viet-Nam  Assistance for the Handicapped has corrected the instance of noncompliance over other matters in the report on compliance for each major federal program detailed on pages 17 and 18 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Viet-Nam Assistance for the Handicapped has corrected the material weakness in internal control over compliance detailed on page 19 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division, verify that Africare corrects the two material weaknesses (Findings 2016-001 and 2016-002) and two significant deficiencies (Findings 2016-003 and 2016-004) in the report on internal control over financial reporting  and corrects the two material weakness (Findings 2016-001 and 2016-002) and five significant deficiencies (Findings 2016-003 through 2016-007) in the report on compliance for each major federal program and on internal control over compliance detailed on pages II-1 through III-3 of the report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division, verify that Africare corrects the four instances of noncompliance (Findings 2016-001 through 2016-004) in the report on compliance and other matters and corrects the two material noncompliances findings 2016-001 and 2016-002 and five instances of noncompliance findings 2016-003 through 2016-007 in the report on compliance for each major federal program detailed on pages II-2 through III-2 of the report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that ARC Finance, Ltd. has corrected the material weaknesses in internal control over financial reporting and compliance detailed on pages 18 through 21 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division verify that ARC Finance, Ltd. has corrected the instances of noncompliance and other matters and for each major program and other matters detailed on pages 18 through 21 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that Relief International, Inc. and Subsidiary corrects the two material weaknesses (Findings 2014-003 and 2014-004) and the two significant deficiencies (Findings 2014-001 and 2014-002) in internal control over financial reporting detailed on page II-1 of the report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that Relief International, Inc. and Subsidiary corrects the five instances of noncompliance (Findings 2014-001 through 2014-005) detailed on page III-2 of the audit report.

USAID's Office of Acquisition and Assistance Cost, Audit and Support Division, verify that Relief International, Inc. and Subsidiary corrects the five significant deficiencies (Findings 2014-001 through 2014-005) in internal control over compliance detailed on page III-2 of the audit report.

M/OAA/CAS/CAM verify that KPMG East Africa Limited corrects the four instances of material noncompliance detailed on pages 18 to 21 of the audit report.

USAID/Zambia determine the allowability of $4,509,147 in questioned costs ($693,983 ineligible, $3,815,164 unsupported) on pages 25 to 118 of the report and recover any amount that is unallowable.

USAID/Zambia verify that Development Aid from People to People corrects the four material weaknesses in internal control detailed on pages 15 to 33 of Deloitte and Touche's report.

USAID/Zambia verify that Development Aid from People to People corrects the eleven instances of material noncompliance detailed on pages 34 to 118 of Deloitte and Touche's report.

USAID/Kenya and East Africa determine the allowability of ineligible questioned $133,214 in VAT costs identified on page 11 of the audit report and recover from Northern Rangelands Trust any amounts determined to be unallowable.

USAID/Kenya and East Africa verify that Northern Rangelands Trust corrects the eight instances of material noncompliance detailed on pages 19 to 27 of the audit report.

USAID/Kenya and East Africa determine the allowability of $3,624,147 in ineligible questioned costs on pages 12 and 15 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Project for Appropriate Technology in Health corrects the one material weakness and one significant deficiency in internal control detailed on pages 19 to 21 of the audit report.

USAID/Kenya and East Africa verify that Project for Appropriate Technology in Health corrects the four instances of material noncompliance detailed on pages 24 to 29 of the audit report.

USAID/Kenya and East Africa determine the allowability of $58,841 in ineligible questioned cost sharing contributions identified on pages 24, 25, and 31 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/Pakistan determine the allowability of $1,901 in questioned costs (unsupported) as discussed on page 2 of this memorandum and further detailed in Finding 1 (for subrecipient Sindh Rural Support Organisation) on pages 50–51 of the audit report, and recover any amount that is unallowable.

USAID/Pakistan verify that the Rural Support Programmes Network corrects the one significant deficiency in internal control as discussed on page 2 of this memorandum and further detailed in Finding 1 (for subrecipient Sindh Rural Support Organisation) on pages 50–51 of the audit report.

USAID/Pakistan verify that the Rural Support Programmes Network corrects the two material instances of noncompliance as discussed on pages 2 and 3 of this memorandum and further detailed in Annexure 1 (for subrecipient National Rural Support Programme) on pages 45–46 of the audit report and Observation 1 on page 60 of the management letter.

USAID/Kenya and East Africa determine the allowability of $141,107 in questioned costs ($7,697 ineligible, $133,410 unsupported) on pages 19 to 22 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Common Market for Eastern and Southern Africa corrects the ten material weaknesses in internal control detailed on pages 31 to 42 and 44 of the audit report.

USAID/Kenya and East Africa verify that Common Market for Eastern and Southern Africa corrects the ten instances of material noncompliance detailed on pages 31to 41 and 43 to 44 of the audit report.

USAID/Southern Africa determine the allowability of $200,414 ineligible questioned costs on page 23 of the audit report and outlined in the memo transmitting the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Wits Health Consortium corrects the four significant deficiencies in internal control detailed on pages 45 to 48 of the audit report.

USAID/Southern Africa verify that Wits Health Consortium corrects the four instances of material noncompliance detailed on pages 51 to 54 of the audit report.

USAID/Dominican Republic verify that UNIBE corrects the one significant deficiency in internal control identified on pages 44 and 45 of the audit report pertaining to the shortfall in the annual cost-sharing contribution.

USAID/Dominican Republic verify that UNIBE corrects the one material instance of noncompliance identified on page 49 of the audit report pertaining to the shortfall in the annual cost-sharing contribution.

USAID/Dominican Republic verify that UNIBE takes corrective action on the two prior year recommendations reported on pages 14 and 15 of the audit report.

USAID/Cambodia take the following action rquire Khmer HIV/AIDS NGO Alliance to describe in the HIV/AIDS Flagship Project's exit plan the roles technical support providers would play and how implementation of technical innovations would continue after the project ends.

USAID/Ukraine determine the allowability, and collect as appropriate, $3,364 in ineligible questioned costs, as detailed on pages 4 and 5 of JSC KPMG Audit report.

USAID/Belarus determine the allowability and collect as appropriate, $10,850 in ineligible questioned costs as detailed on page 16 of RSM UKRAINE audit report..

MCC restructure the corporation's organizational structure for the chief information officer to report directly to the corporation's Chief Executive Officer or the Deputy Chief Executive Officer, as required by the Clinger-Cohen Act.

MCC Create a corporation-wide glossary of key terms and definitions, which incorporates the Clinger-Cohen Act's definitions of "information technology resources" and "information technology."

MCC perform a corporation-wide self-assessment using the Federal Information Technology Acquisition Reform Act implementation guidelines in Office of Management and Budget M-15-14.

MCC prepare a plan to implement the Federal Information Technology Acquisition Reform Act as prescribed by Office of Management and Budget M-15-14.

MCC update the corporation's budget formulation and planning policies and procedures to include the chief information officer's roles, responsibilities, and requirements found in Office of Management and Budget M-15-14.

MCC update the corporation's information technology acquisition strategy procedures to include a requirement for the chief information officer to review and approve all information technology cost estimates and information technology acquisition strategies and plans.

MCC implement policies and procedures requiring the chief information officer to review and approve all agreements for the acquisition of information technology goods and services before they are awarded.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Adventist Development and Relief Agency International corrects the significant deficiencies in internal control over financial reporting and internal control over compliance detailed on pages 40 through 43 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Adventist Development and Relief Agency International corrects the instance of noncompliance detailed on pages 41 through 43 of the audit report.

USAID/India determine the allowability of $714,822 in questioned costs ($713,989 ineligible, and $56 plus $777 unsupported) on pages 27 and 58 of the audit report and further detailed on page 2 of this memorandum, and recover any amount that is unallowable.

USAID/India establish the amounts of the salary increments without approval documents, salary payments that were not fully supported, and service tax paid on project expenses as discussed on pages 2 and 3 of this memorandum and further detailed in IC Finding 23 on page 76, NC Finding 11 on page 85, and item 3 on page 100 of the management letter, respectively; determine allowability and recover, as appropriate.

USAID/India determine the allowability of and recover, as appropriate, the questioned cost-sharing contributions of $47,056 (ineligible) identified in the Cost-Sharing Schedule on page 51 and further detailed in Note 3 to the Cost-Sharing Schedule on pages 52-54 of the report.

USAID/India verify that the Ashwattha Advisors Private Limited corrects the thirty-one material weaknesses (IC Findings 1–23 on pages 57–76 of the audit report) and six significant deficiencies in internal control (QC Findings 3–6 on pages 40–47 of the audit report and Items 1–2 on page 99 of the management letter).

USAID/India verify that the Ashwattha Advisors Private Limited corrects the nine material instances of noncompliance (NC Findings 1, 2, 6, 11, 12F, 16 and 17 on pages 79–82, 85, 88, and 92–98 of the audit report, Note 3 to the Cost-Sharing Schedule on pages 52–54 of the audit report and item 3 on page 100 of the management letter).

USAID determine the allowability of $29,704 in questioned costs (unsupported) discussed on page 2 of this memorandum and detailed in Observations 01 and 02 on pages 34–36 in Appendix E of the report, and recover any amount that is unallowable.

USAID establish the amount of cost-sharing shortfall (the excess of budgeted contributions over actual contributions) for the period audited, determine allowability, and recover, as appropriate.

USAID verify that Bangladesh Rural Advancement Committee corrects the two material weaknesses in internal control (Observations 01 and 02 on pages 34–36 in Appendix E of the report).

USAID/Georgia determine the allowability, and collect as appropriate, $2,324 in questioned ineligible costs, as detailed on page 25 of Grant Thornton report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that American Community School has implemented the auditor's recommendations for Finding 2015-001 and 2015-002. (See pages 36 through 38 of the report)

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division  determine the allowability of $2,335 in USAID's ineligible direct questioned costs and recover any amount that is unallowable see pages I-6 and I-7 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division  verify that Solidarités International corrects the significant deficiency in internal control detailed on page IV-2 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division  verify that Solidarites International corrects the material instance of noncompliance detailed on page IV-2 of the audit report.

USAID/Southern Africa verify that National Association of Child Care Workers corrects the one instance of material noncompliance detailed on page 33 of the audit report.

USAID/Zambia determine the allowability of $106,082 in ineligible questioned costs identified on pages 16 to 18 of the audit report and recover any amount that is unallowable.

USAID/Zambia verify that Churches Health Association in Zambia corrects the three significant deficiencies in internal control detailed on pages 31 to 33 of the audit report.

USAID/Zambia verify that Churches Health Association corrects the three instances of material noncompliance detailed on pages 36 to 39 of the audit report and the additional three instances of noncompliance related to questioned costs outlined on pages 22 to 28.

USAID/Southern Africa determine the allowability of $49,855 in ineligible questioned costs identified on pages 17, 20, 21, and 28 to 35 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Childline Mpumalanga corrects the seven significant deficiencies in internal control detailed on pages 26 to 36 of the audit report and Annexure B pages 54 to 55.

USAID/Ghana determine the allowability of $197,177 in questioned costs ($29,330 ineligible and $167,847 unsupported) on pages 15, 20 to 21, and 25 of the audit report and recover any amount that is unallowable.

USAID/Ghana verify that Council for Scientific and Industrial Research – Savannah Agricultural Research Institute corrects the three significant deficiencies in internal control detailed on pages 20 to 22 of the audit report.

USAID/Ghana verify that Council for Scientific and Industrial Research – Savannah Agricultural Research Institute corrects the two instances of material noncompliance detailed on pages 25 and 30 of the audit report.

USAID/Ghana determine the allowability of $589,645 in unsupported questioned cost sharing contributions identified on pages 28 and 30 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/Southern Africa determine the allowability of $4,164 in unsupported questioned costs on pages 18 and 23 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Networking HIV and AIDS Community of Southern Africa corrects the four material weaknesses in internal control detailed on pages 32 to 39 of the audit report.

We recommend that USAID/Southern Africa verify that Networking HIV and AIDS Community of Southern Africa corrects the five instances of material noncompliance detailed on pages 42 to 51 of the audit report.

USAID/Zimbabwe determine the allowability of $22,391 in ineligible questioned costs identified on page 10 of the audit report and recover any amount that is unallowable.

USAID/Ghana verify that Ghana Integrity Initiative corrects the four significant deficiencies in internal control detailed on pages 27 to 30 of the audit report.

USAID/Ghana verify that Ghana Integrity Initiative corrects the one instance of material noncompliance detailed on page 33 of the audit report.

USAID/Zambia determine the allowability of $16,042 in unsupported questioned costs on pages 21 and 28 of the audit report and recover any amount that is unallowable.

USAID/Zambia verify that Zambia Centre for Communication Programmes corrects the one material weakness in internal control detailed on page 28 of the audit report.

USAID/Zambia verify that Zambia Centre for Communication Programmes corrects the three instances of material noncompliance detailed on pages 32 to 35 of the audit report.

USAID/Zambia determine whether outstanding advances to Zambia Centre for Communication Programmes are excessive, and, if so, request refund of funds in excess of immediate disbursing needs in accordance with ADS 636.3.3.2.

USAID/Tanzania determine the allowability of $28,423 in ineligible questioned costs on pages 13 and 14 of the audit report and recover any amount that is unallowable.

We recommend that USAID/Tanzania verify that the National Malaria Control Program corrects the three instances of material noncompliance detailed on pages 22 to 25 of the audit report.

USAID/Southern Africa determine the allowability of $333,573 in ineligible questioned costs identified on pages 25, 69, and 77 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that University of South Africa corrects the six material weaknesses and eight significant deficiencies in internal control detailed on pages 37 to 53, 66 to 72, and 77 of the audit report and the management letter.

USAID/Southern Africa verify that University of South Africa corrects the two instances of material noncompliance detailed on pages 56 to 58 of the audit report.

USAID/Southern Africa determine the allowability of $2,425 in unsupported questioned cost sharing contributions identified on pages 75 to 76 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/Southern Africa verify that Children in Distress Network corrects the six significant deficiencies in internal control detailed on pages 22 to 37 of the audit report.

USAID/Southern Africa verify that Children in Distress Network corrects the two instances of material noncompliance detailed on pages 40 to 42 of the audit report.

USAID/Ghana determine the allowability of $92,463 in questioned costs ($7,266 in ineligible question costs and $85,197 unsupported question costs) identified on page 17 of Ghana Audit Service’s audit report.

USAID/Ghana verify that University of Cape Coast – Department of Fisheries and Aquatic Science corrects the three significant deficiencies in internal control detailed on pages 23 to 25 and 33 of the audit report.

USAID/Ghana determine the allowability of $275,862 unsupported in questioned cost sharing contributions identified on pages 31 to 33 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/Afghanistan verify that Amec Foster Wheeler Environment & Infrastructure, Inc. corrects the three significant deficiencies in internal control detailed on pages 20 through 24 of the audit report.

USAID/Afghanistan verify that Amec Foster Wheeler Environment & Infrastructure, Inc. corrects the three instances of material noncompliance detailed on pages 20 through 24 of the audit report.

USAID/Kenya and East Africa verify that Mercy Corps corrects the two instances of material noncompliance detailed on pages 33 and 34 of the audit report.

USAID/Zambia determine the allowability of $107,807 in questioned costs ($40,503 ineligible and $67,304 unsupported) on page 13  of the audit report and recover any amount that is unallowable

USAID/Zambia verify that BioCarbon Partners corrects the twenty-three significant deficiencies in internal control detailed on pages 18 to 43  of the audit report

USAID/Zambia verify that BioCarbon Partners corrects the nine instances of material noncompliance detailed on pages 46 to 55 of the audit report

USAID/West Africa determine the allowability of $82,830 in questioned costs ($180 ineligible, $82,650 unsupported) on pages 52, 74 and 75 of the audit report and recover any amount that is unallowable.

USAID/West Africa verify that CILSS corrects the two instances of material noncompliance detailed on pages 134 and 141 of the audit report.

USAID/Ghana determine the allowability of $146,197 in ineligible questioned costs identified on pages 14 and 17 of the Ghana Audit Service’s audit report.

USAID/Ghana verify that National Health Insurance Authority corrects the three instances of material noncompliance detailed on pages 24 to 26 and  two instances  of material noncompliance on pages 31 to 32 of the Ghana Audit Service's audit report.

USAID/Ghana determine the allowability of $249,763 in questioned cost-sharing contributions ($170,629 ineligible and $79,134 unsupported) identified on pages 29 to 32 of the audit report and take any corrective action deemed necessary under ADS 303.3.10.

USAID/India determine the allowability of $32,787 in questioned costs (unsupported) on page 17 and further detailed on pages 30–32 of the audit report and recover any amount that is unallowable.

USAID/India determine the allowability of $40,394 in questioned cost-sharing contributions (unsupported) on page 28 and further detailed on pages 35–36 of the audit report and recover any amount that is unallowable.

USAID/India verify that IL&FS Cluster Development Initiative Limited corrects the three significant deficiencies in internal control (Findings 2, 3, and 4 on pages 32–34 of the audit report).

USAID/India verify that IL&FS Cluster Development Initiative Limited corrects the four material instances of noncompliance (Findings 1, 5, 6, and 7 on pages 30–31 and 35–39 of the audit report).

USAID/Kenya and East Africa determine the allowability of $540,129 in ineligible questioned costs on pages 29 and 30 of the audit report and recover any amount that is unallowable.

USAID/Kenya and East Africa verify that Centre for Health Solutions - Kenya corrects the six material weaknesses in internal control detailed on pages 22 to 25 of the audit report and pages 13, 15, and 18 of the management letter.

USAID/Kenya and East Africa verify that Centre for Health Solutions - Kenya corrects the two instances of material noncompliance detailed on pages 28 to 30 of the audit report.

USAID/Southern Africa determine the allowability of $7,082 in unsupported questioned costs on pages 24 and 25 of the audit report and recover any amount that is unallowable.

USAID/Southern Africa verify that Child Welfare Bloemfontein & Childline Free State corrects the one instance of material noncompliance detailed on pages 24 and 25 of the audit report.

USAID/Malawi determine the allowability of the $47,811 in ineligible questioned costs identified on page 25 of the audit report and recover any amount that is unallowable.

USAID/Ethiopia determine the allowability of $4,510 in ineligible questioned costs identified on page 16 of the audit report and recover any amount that is unallowable.

USAID/Ethiopia verify that Stand for Vulnerable Organization corrects the significant deficiency in internal control detailed on page 19 of the audit report.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that the Jane Goodall Institute for Wildlife Research, Education and Conservation and Related Entity corrects Findings 2015-001 through 2015-004 (see pages I-22 through I-25 of the audit report).

USAID Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $23,157,935 in unsupported direct questioned costs on pages 2 and 13 - 24 of the report and recover any amount that is unallowable.

USAID Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Futures Group corrects findings #1 through #4 on pages 13 - 24 of the report.

USAID determine the allowability of $131,875 in questioned costs ($120,248 plus $7,215 and $4,412 ineligible) on page 14 of the audit report, and further detailed on pages 2-3 of this memorandum, and recover any amount that is unallowable.

USAID verify that the Semiotics Consultants (Private) Limited corrects the one material weakness (consolidated Findings PRTE—4, 5, 6, 8, 11, and 13 on pages 40, 43, 45, 46, 48, and 49 of the audit report) and four significant deficiencies in internal control (Findings IC-1, IC-2, and IC-3 on pages 24–26 of the audit report and Observation 1 on page 51 of the management letter).

USAID verify that the Semiotics Consultants (Private) Limited corrects the six material instances of noncompliance (Findings NC-1, NC-2, NC-3, and NC-4 on pages 29–36 of the audit report, Note 25 to the cost representation statement on page 21 of the audit report, and Observation 2 on page 52 of the management letter).

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that CARE USA has implemented the auditor's recommendation for Findings 2016-001 (see pages 49 through 51of the audit report).

We recommend that USAID's Bureau for Democracy, Conflict, and Humanitarian Assistance require Chemonics to perform the required suspension and debarment verification of its subgrantees and assign individuals to perform independent reviews of the procurement files to authenticate the existence of the files (see page 10 of the audit report).

We recommend that USAID's Bureau for Democracy, Conflict, and Humanitarian Assistance verify that Chemonics performs independent reviews of its compliance documentation and ensures the documentation is properly reviewed and approved (see page 11 of the audit report).

We recommend that USAID's Bureau for Democracy, Conflict, and Humanitarian Assistance require Chemonics to enforce the internal control policy to ensure all travel for employees is properly reviewed and approved, and that Chemonics properly retains all approval documentation in accordance with the established internal policies ( see page 12 of the audit report).

We recommend that USAID's Office of Acquisition and Assistance, Cost Audit and Support Division determine the allowability of the $5,588,215 in questioned costs identified as unsupported, and recover from Chemonics any amounts determined to be unallowable.

USAID verify that the University of Agriculture, Faisalabad corrects the one material weakness (Observation No. 6.12 on page 35 of the management letter) and two significant deficiencies in internal control (Finding No. 5.3.1 on page 24 of the audit report and Observation No. 6.3 on page 27 of the management letter).

USAID verify that the University of Agriculture, Faisalabad corrects the eight material instances of noncompliance (Finding Nos. 5.1.1 and 5.2.1–5.2.4 on pages 19–23 of the audit report and Observation Nos. 6.1, 6.2, and 6.8 on pages 25, 26, and 31 of the management letter).

USAID/Pakistan implement a plan to work with executive management at the Water and Power Development Authority to expeditiously resolve the critical issues limiting power generation by the Gomal Zam Dam.

USAID/Pakistan recover from the Water and Power Development Authority the $11.5 million increase in the fixed-amount reimbursable agreement for the Gomal Zam Irrigation Project.

USAID/Pakistan require the Water and Power Development Authority to remediate borrow sites as required by the project environmental mitigation and monitoring plan.

USAID/Egypt determine the allowability of $189,069 in unsupported cost-sharing contributions reported as of March 31, 2016, and factor the determination into identifying any shortfall at the conclusion of World Learning's award

USAID/Egypt determine whether cost-sharing amounts claimed for the books rejected by the Egyptian Government should be counted toward World Learning's required cost-sharing contribution, and factor the determination into identifying any shortfall at the end of World Learning’s award.

USAID/Egypt conduct and document a comprehensive review of the total cost sharing reported by World Learning and its supporting documentation after March 31, 2016, and recover any identified shortfall.

USAID/West Bank and Gaza take the following actions: Correct errors in data reported in the mission's Geographic Management Information System noted in our 2013 "Audit of USAID/West Bank and Gaza's Peace and Reconciliation Program," and document the results.

USAID/West Bank and Gaza take the following actions: Complete the evaluation of the Conflict Mitigation and Management Program that has been initiated, and implement an action plan to take action, as appropriate, on the evaluation's findings.

The Assistant to the Administrator for Policy, Planning and Learning direct the implementation of a communication and coordination strategy that would govern how the Agency will work with external actors (such as other U.S. Government agencies, the United Nations, international organizations, nongovernmental organizations) who can respond in the event of an international public health emergency. This communication and coordination strategy should also be sufficient in the event that the United Nations' humanitarian cluster approach system is delayed.

The Assistant to the Administrator for Policy, Planning and Learning work with other U.S. agencies to clearly identify, and regularly test, roles and capabilities, and responsibilities for use in a future international public health emergency. This should include policy related to the Office of U.S. Foreign Disaster Assistance’s use of the Mission Tasking Matrix with the Department of Defense. And agreements should specify operational details; clearly define roles and responsibilities; and ensure a common understanding of standardized language.

The Assistant to the Administrator for Policy, Planning and Learning direct the creation and maintenance of an inventory, by country, of nongovernmental organizations and local actors who are involved in response, development, and other humanitarian activities; and determine which of these could potentially be called upon as implementing partners in an emergency.

The Assistant to the Administrator for Policy, Planning and Learning develop policies for rapid data and information sharing including with host governments, with the World Health Organization, and within the U.S. Government.

The Assistant to the Administrator for Policy, Planning and Learning direct the creation of procedures governing coordinating bodies (Secretariat, task force, etc.) including (1) criteria for when they are established, (2) how they are staffed, (3) their responsibilities and authorities in responding to an emerging crisis, (4) their expected level of interaction within USAID and with external stakeholders, (5) policies for how they clear documents for distribution and reporting, and (6) how they are disbanded, including the transfer of residual activities to relevant regional or functional bureaus at the conclusion of the crisis.

The Assistant to the Administrator for Policy, Planning and Learning direct the development of—and test procedures for—integrating response, recovery, and transition activities during a complex whole-of-Agency humanitarian or health emergency.

The Assistant to the Administrator for Policy, Planning and Learning direct the Office of U.S. Foreign Disaster Assistance, in collaboration with Global Health and health officers from other bureaus, to develop policies for identifying health response triggers, deploying a small team to assess a health situation in collaboration with mission staff, and provide an initial needs assessment before a disaster declaration is made.

The Assistant to the Administrator for Policy, Planning and Learning direct all regional and functional bureaus to identify and maintain a listing of key staff who would be involved in a whole-of-Agency emergency response, and provide those staff with abbreviated training on the Office of U.S. Foreign Disaster Assistance Disaster Assistance Response Team and Response Management Team to build a stronger cadre of cross-sectoral teams.

The Assistant to the Administrator for Policy, Planning and Learning direct the formation of a process for (1) identifying relevant technical experts across the Agency, (2) maintaining a catalog that includes how they can be reached in the event of another health crisis, and (3) temporarily reassigning them away from their existing duties.

The Assistant to the Administrator for Policy, Planning and Learning direct the establishment of guidelines outlining the steps missions and bureaus can take in the event of an emerging crisis, including how to reprogram existing funds (from central mechanisms and mission mechanisms) and transfer resources. This should be coordinated among the Office of Acquisition and Assistance, the Office of Budget and Resource Management, and the Chief Financial Officer.

The Assistant to the Administrator for Policy, Planning and Learning direct the Office of Acquisition and Assistance to determine what can be done to insert flexibility clauses into the missions’ program awards, as appropriate, so that missions can respond to emerging crises using existing resources and nongovernmental organizations on the ground that are familiar with the country context, and implement a policy accordingly. This additional flexibility should be accompanied by sufficient controls to prevent abuse.

The Assistant to the Administrator for Policy, Planning and Learning direct the development of an Agency-wide content management system where decisions, documents, and lessons can be tracked and accessed by staff to improve the consistency of records management.

The Assistant to the Administrator for Policy, Planning and Learning direct the development of an Agency-wide system that tracks program awards and relevant contractors and partners implementing those awards to bring all systems together, reduce duplication, and increase collaboration and oversight.

The Assistant to the Administrator for Policy, Planning and Learning direct the creation or appointment of a unit, and development of a policy that requires operating units involved in an emergency response or recovery to (1) collectively identify lessons learned, (2) develop after-action reports, (3) create a timeline for corrective actions to take place, and (4) follow up on those planned actions to ensure they occur, including updating the policy framework, if necessary.

OFDA update policies and procedures to clearly define how staff should conduct initial and ongoing assessments and how the assessments should inform the development and modification of OFDA's strategic approach to disasters—especially the longer-term, complex emergencies that are becoming more common.

OFDA determine the extent to which the USAID-funded Ebola inventory has been redistributed in accordance with implementers' disposition plans, the excess inventory that remains, and whether U.S. Government funds are being used to store excess inventory.

OFDA determine the extent to which the USAID-funded Ebola inventory has been redistributed in accordance with implementers' disposition plans, the excess inventory that remains, and whether U.S. Government funds are being used to store excess inventory.

FDA update policies and procedures on monitoring response effectiveness, specifying the parties responsible, the frequency, and the method for collecting, analyzing, documenting, and reporting the information necessary to oversee response activities.

OFDA establish handover policies and procedures for members of Disaster Assistance Response Teams to provide consistency, continuity of operations, and institutional memory.

OFDA implement a strategy to provide proper monitoring and management of awards by agreement officer's representatives, especially when a disaster requires immediate oversight on a large scale.

OFDA implement a strategy to institutionalize OFDA's lessons learned from previous emergency responses and after-action reviews.

OFDA include sections in the multiple response strategy on filling open positions, ensuring a sufficient surge roster, and attracting qualified individuals to work on response efforts.

The Office of the Chief Financial Officer continue to investigate the $83 million differences between the Agency's Fund Balance With Treasury Account and Treasury fund balance to identify the root cause and, if appropriate, modify its
business process to mitigate future occurrences.

The Office of the Chief Financial Officer enhance its policies and procedures to ensure the subsidiary and general ledgers are completely reconciled and the causes of the differences are corrected.

The Office of the Chief Financial Officer implement a quality assurance program to validate the quarterly information that missions submit, and ensure that there are no differences between vehicle management information system and the Chief Financial Officer's records.

Evaluate whether its grant accrual methodology assumptions and calculations are effective. This evaluation should include an assessment of root causes for variances in estimated and actual accruals and take into consideration, experiences from at least the last 5 years.

Update the “Expense Accruals Financial Management Division Procedure Manual” to:

• Require supporting documentation, including rationale for deviating from MCC’s accrual policy and procedures. This documentation should also include MCC’s management approval for any deviations.
• Indicate in the guidance how reinstated unused spending authority and applicable subsequent disbursements are to be addressed in the grant accrual calculation.

Correct the accrual data for quarters three and four to reflect the actual spending authority and disbursements.

Update the "Compact Grant Accrual Validation Data Call Desktop Manual" to include timeframes for validating Millennium Challenge Accounts' grant accrual estimates and MCC's follow-up on significant differences so errors are promptly identified and addressed.

Provide Millennium Challenge Accounts with additional written instructions and training on evaluating the reasonableness of MCC's grant accrual estimates, and require each Millennium Challenge Account to submit documentation showing why it agrees with MCC's estimate.

Implement procedures for tracking and monitoring Millennium Challenge Accounts’ compliance with grant management policies and procedures, including Millennium Challenge Accounts' grant oversight, procurement eligibility verification, and grant award processes.

Enforce the requirement for the Millennium Challenge Accounts to submit quarterly financial reports and financial information by the due dates.

Establish procedures to ensure that Millennium Challenge Accounts' are providing accurate, complete, supportable, and valid financial information for data calls for contract retentions.

USAID's chief financial officer perform a written risk assessment of its general ledger posting model process, as required by Office of Management and Budget Circular A-123. The risk assessment should include cost-benefit considerations and a plan to implement compensating or appropriate internal controls to prevent and detect errors. The risk assessment should address:

• Segregation of duties.
• Data owner approval of changes to the general ledger posting models.
• Records of all steps in procedures.
• Use of activity or transaction logs for monitoring.
• The risk assessment should also document the acceptance of all risks that will not be mitigated.

USAID's chief financial officer update and implement USAID's general ledger posting model procedures, after taking final corrective action on recommendation 1, to include explicit roles and responsibilities and a step-by-step process for updating the posting models.

The chief financial officer document and implement Agency-integrated standard operating procedures for extracting, reviewing, validating, and submitting Digital Accountability and Transparency Act (DATA Act) files to the Treasury's DATA Act Broker website.

The chief financial officer document and implement procedures to validate and reconcile financial data in Digital Accountability and Transparency Act (DATA Act) files before submitting them to the Treasury's DATA Act Broker website.

We recommend that the chief information officer document and implement a process to track and remediate persistent vulnerabilities, or document acceptance of the associated risks.

We recommend that the chief information officer document and implement a process to verify that vulnerability assessment tools are configured to detect vulnerabilities previously undiscovered by internal scans.

We recommend that the chief information officer develop and implement a documented process to migrate unsupported applications from their existing platform to vendor-supported platforms. The risk and approval, including adequate compensating controls, should be documented if an exception must be made until the unsupported software is migrated to vendor-supported platforms.

We recommend that the chief information officer document and implement a process to verify that Microsoft Windows systems comply with the U.S. Government Configuration Baseline, and to grant and disseminate approved deviations from the baseline configuration settings.

We recommend that the chief information officer document and implement a plan to confirm all internal and external systems are currently authorized to operate.

We recommend that the chief information officer document and implement a plan to annually assess risks for all internal and external systems in accordance with agency policy.

We recommend that the chief information officer establish a process to monitor the operation of the automated script that disables accounts after 90 days of inactivity.

We recommend that the chief information officer (a) identify system owners; (b) require them to verify their procedures for revoking system access accounts for separated and transferred employees and contractors are enforced; and (c) document their responses.

We recommend that the chief information officer document and implement a procedure to check for unauthorized software at established intervals.

We recommend that the chief human capital officer document and implement a process to verify that all employees' exit clearance forms are completed and maintained in accordance with policy.

We recommend that the chief information officer document and implement a procedure to review and analyze remote access connections.

USADF's chief information security officer strengthen the organization-wide information security program in accordance with National Institute of Standards and Technology standards by establishing and implementing documented processes to:

• Establish, communicate, and implement an organization-wide risk management strategy for operation and use of the Foundation's information systems in accordance with National Institute of Standards and Technology standards.
• Review and update the system security plans to reflect National Institute of Standards and Technology Special Publication 800-53, Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations." At a minimum, this should include a determination whether the security requirements and controls for the system are adequately documented and reflect the current information system environment.
• Perform information system security assessments on an annual basis in accordance with USADF's policy.
• Review and update the system

USADF's chief information security officer develop and implement a documented process to track and remediate vulnerabilities in accordance with USADF's policy. This includes confirming patches are applied in a timely manner and tested prior to implementation in accordance with USADF policy.

USADF's chief information security officer develop and implement a documented process to migrate unsupported applications from their existing platform to vendor-supported platforms. That process must document the risks, required approvals, and adequate mitigating controls that will be used for unsupported software until it can be migrated to vendor-supported platforms.

USADF's chief information security officer develop and implement a written process to enforce the immediate disabling of employee user accounts upon separation from the organization and perform account recertification in accordance with USADF policy, including adhering to the required frequency for recertifying accounts and providing responses.

We recommend that the Inter-American Foundation's chief information officer remediate unsupported software and configuration related vulnerabilities in the network identified by the Office of Inspector General, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities.

We recommend that the Inter-American Foundation's Chief Information Officer document and implement a process to test system changes and document the results of testing.

We recommend that the Inter-American Foundation's Chief Information Officer document and implement a process to test the Foundation's incident response capabilities.

USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $33,000 in USAID ineligible direct questioned costs and recover any amount that is unallowable detailed on pages 1-11 and 1-63  of the audit report.

OPIC's chief information officer remediate network vulnerabilities identified by the Office of Inspector General's contractor, as appropriate, or document acceptance of the risks of those vulnerabilities.

OPIC's chief information officer prepare a written authorization to operate each application or service, or decommission them and document the results.

OPIC's chief information officer document and implement an automated process to track the annual reviews of the Information Security Program Plan and update it, if needed.

USAID chief human capital officer conduct a needs assessment and, based on the results, implement a plan to staff development outreach and communications specialists in overseas missions.

USAID chief human capital officer implement a process to track and report the number of U.S. personal services contractors in mentoring programs consistent with reporting for other employment categories.

OAA issue a policy prohibiting the classification of U.S. personal services contract positions by the hiring office.

OAA implement a plan to require overseas missions to modify all active U.S. personal services contracts to accurately reflect the work required, to exclude "other duties as assigned" or similar language, and to confirm that missions took the required corrective action.

OAA issue new guidance requiring minimum standards for periodic, written performance evaluations for all long-term U.S. personal services contractors.

The Director of OAA implement policies and procedures for procurements related to transporting the Office of U.S. Foreign Disaster Assistance's emergency commodities. Policies and procedures should require the segregation of duties-so that Transportation contracting officers have clear lines of authority and adequate management oversight-and routine updates to the division's Web page so that it contains current, accurate information.

The Director of OAA update the Transportation Division's portion of USAID's Web site to reflect current information, and provide guidance to potential contractors on the procurement process for Office of U.S. Foreign Disaster Assistance emergency commodity transportation.

The Director of OAA initiate the closeout of award AID-OAA-O-15-00003.

The Director of OAA deobligate the reported unliquidated balance of $11,532,247 from award no. AID-OAA-O-15-00003, and put the funds to better use.

The Director of OAA review its Ebola portfolio, and verify that each applicable award file is entered completely into the Agency Secure Image and Storage Tracking database.

The Director of OAA review its current training program on the use of the Agency Secure Image and Storage Tracking database, and incorporate identified improvements to promote greater policy
compliance.

The Director of OAA review its Office of U.S. Foreign Disaster Assistance Ebola portfolio and confirm that each of the awards has an agreement officer's representative designated by the agreement officer and that the designation letter is in the official award file.

We recommend that MCC's Department of Administration and Finance and the chief financial officer update its Expense Accruals Financial Management Procedure Manual to a) Require justification and analysis to be documented, supported, and approved by MCC's management when deviating from its accrual policy and procedures. This should include MCC verification of information provided by the Millennium Challenge Account to support the accrual.  b) Include the guidance provided to the Millennium Challenge Accounts on how and what each Millennium Challenge Account will provide as support in addressing the reasonableness of their accrual.

We recommend that MCC's Department of Administration and Finance and the chief financial officer conduct a comprehensive review and formalize the Grant Accrual Validation Whitepaper as an official policy and procedures document that includes: a) Establishing a documented supervisory review of the grant accrual validation to ensure that the validation is performed correctly and is in accordance with MCC's validation methodology. b) Establishing procedures that clearly state how the accrual validation will be carried out when a Millennium Challenge Account is closed out and no longer exists.

We recommend that MCC's Department of Administration and Finance and the chief financial officer establish internal control procedures to properly review the accounting and reporting of funds returned by the Millennium Challenge Accounts and foreign governments, and other transactions that are not routinely prepared in its financial operations to ensure that these transactions are recorded correctly and in accordance with United States Standard General Ledger.

We recommend that MCC's Department of Administration and Finance and the chief financial officer establish an internal control process to ensure that financial statements are prepared in accordance with the most current version of Office of Management and Budget A-136.

We recommend that MCC's Department of Administration and Finance and the chief financial officer conduct a quarterly reconciliation between the status of budgetary resources and the Office of Management and Budget SF-132, Apportionment and Reapportionment Schedule.

We recommend that MCC's Department of Administration and Finance and the chief financial officer implement a management control to properly review and approve unapportioned funds by programs/projects at the fund level before entries are made.

We recommend that MCC's Department of Administration and Finance and the chief financial officer implement a management control to review the impact of funds unapportioned at the fund level before apportionment and recoveries adjustments are recorded.

We recommend that MCC's Department of Administration and Finance and the chief financial officer continue requiring all compact obligating documents be accompanied by an entry-into-force memo prior to recognizing obligation.

The Office of the Chief Financial Officer resolve all unexplained differences between USAID's Fund Balance With Treasury account and the Department of the Treasury by December 31, 2016, and institutionalize the monthly reconciliation of the Fund Balance With Treasury account.

The Office of the Chief Financial Officer implement a quality assurance program to validate the quarterly information that missions submit.

The Office of the Chief Financial Officer implement a plan to immediately investigate all potential funds control violations reported as of September 30, 2016, and resolve them by June 30, 2017.

The Office of the Chief Financial Officer enhance its policies and procedures to evaluate potential funds control violations so that they are investigated and resolved promptly.

The Inter-American Foundation's chief information officer remediate vulnerabilities in the network identified by the Office of Inspector General's contractor and document the results or document acceptance of the risks of those vulnerabilities.

The Inter-American Foundation's chief information officer develop and implement a continuous monitoring plan and program.

The Inter-American Foundation's chief information officer develop and implement monitoring controls of baseline configurations for the Enterprise Network and document the results.

The Inter-American Foundation's chief information officer complete a system risk assessment for the Enterprise Network that takes into account all known vulnerabilities, threat sources, and security controls planned or in place, determine the residual risk, and inform the authorizing official of the security state of the information system.

The Inter-American Foundation's chief information officer obtain a current authorization to operate the Enterprise Network that results from a completed security controls assessment and updated system security plan, risk assessment, and plan of action and milestones.

The Inter-American Foundation's chief information officer document and implement a process to review and analyze auditable events.

The Inter-American Foundation's chief information officer implement multifactor authentication for all network accounts and document the results.

The Inter-American Foundation's chief information officer update the continuity of operations plan to include a business impact analysis.

The Inter-American Foundation's chief information officer document and implement a process to validate annual testing of the continuity of operations plan.

The Inter-American Foundation's chief information officer develop and implement a written process to validate whether the plan of action and milestones is completed and updated promptly and includes all applicable control weaknesses.

The Inter-American Foundation's chief information officer update and implement the Information System Security Program Standard Operating Procedures to include the privacy controls identified in National Institute of Standards and Technology Special Publication 800-53, Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations."

The Inter-American Foundation's chief information officer update the organization's Enterprise Network and Software Applications System Security Plan to reflect the current operating environment.

The Inter-American Foundation chief information officer obtain a written, fully executed Interconnection Security Agreement with the Department of Interior Business Center.

The United States African Development Foundation's president appoint in writing a senior-level chief information security officer in accordance with the Federal Information Security Modernization Act and the National Institute of Standards and Technology.

The United States African Development Foundation's chief information security officer document and implement a process to review and update system security plans to reflect National Institute of Standards and Technology Special Publication 800-53, Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations." At a minimum, this process should include determining whether the security requirements and controls for the system are adequately documented and reflect the current information system environment.

The United States African Development Foundation's chief information security officer document and implement a process to perform security assessments in accordance with National Institute of Standards and Technology standards. This process should include documenting assessment procedures to be used to determine security control effectiveness and testing the operating effectiveness of security controls.

The United States African Development Foundation's chief information security officer document and implement a process for assessing risk in internal and cloud service provider’s systems-taking into account all known vulnerabilities and threat sources, security controls planned or in place, and residual risk-to make the authorizing official for each system aware of its security state.

The United States African Development Foundation's chief information security officer document and implement a process to update all known security weaknesses and associated corrective plans quarterly as required by the foundation's policy and include them in the plan of action and milestones.

The United States African Development Foundation's chief information security officer document and implement a process to develop, communicate, and implement an organization-wide risk management strategy associated with the operation and use of the foundation's information systems in accordance with National Institute of Standards and Technology standards.

The United States African Development Foundation's chief information security officer document and implement a process to review and maintain an up-to-date information system inventory.

The United States African Development Foundation's chief information security officer document and implement a process to develop, document, and implement an enterprise architecture in accordance with National Institute of Standards and Technology standards.

The United States African Development Foundation's chief information security officer document and implement a process to perform quarterly scans of all Internet protocol ranges in the network.

The United States African Development Foundation's chief information security officer document and implement a process to track and remediate vulnerabilities timely in accordance with the foundation's policy. This process should include ascertaining that patches are tested before being put into production and applied promptly in accordance with policy.

'The United States African Development Foundation's chief information security officer document and implement a process to migrate unsupported applications to platforms supported by vendors. For unsupported applications that cannot be migrated immediately, this process must include documenting the risk of leaving them on their current platforms, acceptance of that risk, and compensating controls that will be used until migration is possible.

The United States African Development Foundation's chief information security officer document and implement a process to scan each workstation for compliance with the United States Government Configuration Baseline settings, including remediating any noncompliant settings.

The United States African Development Foundation's chief information security officer document and implement a process to remove users' administrator access to foundation workstations and prevent granting that access in the future. This process must include documenting the risk of such access and documenting the approval of any exceptions, along with adequate compensating controls.

The United States African Development Foundation's chief information security officer document and implement a process to document, approve, and disseminate approved deviations from the United States Government Configuration Baseline settings.

The United States African Development Foundation's chief information security officer document and implement a process to configure and regularly monitor password settings in accordance with the foundation's policy and encrypt passwords during authentication.

The United States African Development Foundation's chief information security officer document and implement a process to specify an organization-defined frequency for reviewing and updating the inventory of information system components.

The United States African Development Foundation's chief information security officer document and implement a process to maintain the inventory according to policy.

The United States African Development Foundation's chief information security officer document and implement a process to remove and decommission unused systems promptly.

The United States African Development Foundation's chief information security officer document and implement a process to implement and enforce multifactor authentication for network access to privileged accounts.

The United States African Development Foundation's chief information security officer document and implement a process to implement and enforce the use of personal identity verification credentials for access to the foundation's facilities, computers, and network.

The United States African Development Foundation's chief information security officer document and implement a process to change default usernames and passwords before system installation.

The United States African Development Foundation's chief information security officer document and implement a process to review and analyze all required audit logs in accordance with National Institute of Standards and Technology standards and the foundation's policy.

The United States African Development Foundation's chief information security officer document and implement a process to reevaluate the security categorization of the general support, travel, and human resources systems in accordance with the Office of Management and Budget and National Institute of Standards and Technology guidance given that the systems contain personally identifiable information.

The United States African Development Foundation's chief information security officer document and implement a process to maintain a current interconnection security agreement and memorandum of understanding between the foundation and the U.S. Department of Interior's Interior Business Center.

The United States African Development Foundation's chief information security officer document and implement a process to provide annual security awareness training to overseas partners.

The United States African Development Foundation's chief information security officer document and implement a process to provide annual role-based training to all personnel with significant information security responsibilities.

We recommend that the Millennium Challenge Corporation’s Domestic and International Security Division, in coordination with the Office of the General Counsel, implement a corrective action plan that addresses the Office of Inspector General’s review results and to strengthen the agency’s classified national security information program and to achieve full compliance with Executive Order 13526 and Information Security Oversight Office regulations and directives.

USAID/Egypt implement additional controls to make sure required data quality assessments are completed before submitting data in the annual performance plan and report.

USAID/Jordan implement additional controls to make sure required data quality assessments are completed before submitting data in the annual performance plan and report.

USAID/West Bank and Gaza implement additional controls to make sure required data quality assessments are completed before submitting data in the annual performance plan and report.

USAID/Egypt's program office provide technical assistance to agreement officer's representatives and contracting officer's representatives on how to verify implementers’ data.

USAID/Jordan's management implement a plan to reinforce sound methodologies with agreement officer's representatives and contracting officer's representatives for verifying implementers' data.

USAID/West Bank and Gaza's management implement a plan to reinforce sound methodologies with agreement officer's representatives and contracting officer’s representatives for verifying implementers' data.

USAID/Egypt's office directors implement a plan to make sure data quality assessments are complete.

USAID/Jordan's office directors implement a plan to make sure data quality assessments are complete.

USAID/West Bank and Gaza's office directors implement a plan to make sure data quality assessments are complete.

USAID/Egypt, in coordination with its technical offices, implement a plan to strengthen controls over its databases to reduce errors in reporting.

USAID/Egypt conduct an assessment with mission employees to find ways of improving Egypt Info for performance monitoring and reporting, and document an action plan with milestones to address the assessment's findings.

USAID/Jordan, in coordination with its technical offices, implement a plan to strengthen controls over its databases to reduce errors in reporting.

USAID/Jordan implement procedures to assess what agreement officer's representatives, contracting officer's representatives, and office directors need before the mission develops a new information management system for performance monitoring.

USAID/West Bank and Gaza document an assessment and decision whether to hire an outside firm or other alternative to provide technical assistance for local nongovernmental organizations on USAID's requirements.

USAID/West Bank and Gaza conduct an assessment with its staff and implementers to find ways of improving the Geo-Management Information System for performance monitoring and reporting, and document an action plan with timelines to address the assessment's findings.

USAID/Egypt develop a mission-wide performance management plan.

USAID/Jordan implement an action plan to make sure all activity and project performance management plan indicators feed into the mission performance management plan.

USAID/West Bank and Gaza develop a mission-wide performance management plan.

USAID/Egypt implement an action plan to make sure gender-sensitive indicators and sex-disaggregated data are incorporated in project design documents and activity performance management plans.

USAID/Jordan implement an action plan to make sure sex-disaggregated data are incorporated in activity performance management plans.

USAID/West Bank and Gaza implement an action plan to make sure sex-disaggregated data are incorporated in activity performance management plans.

USAID/Egypt document the reallocation of budgeted funds to make sure enough money is dedicated to monitoring and evaluations.

USAID/Jordan document the reallocation of budgeted funds to make sure enough money is dedicated to monitoring and evaluations.

USAID/West Bank and Gaza document the reallocation of budgeted funds to make sure enough money is dedicated to monitoring and evaluations.

USAID/West Bank and Gaza implement changes to its budgeting process to make sure the monitoring and evaluation point of contact has input on how monitoring and evaluation funds are allocated.

USAID/Egypt implement additional tools (e.g., templates, standardized filing systems, handover checklists) that management deems appropriate for agreement officer's representatives and contracting officer's representatives to use when documenting and maintaining official files.

USAID/Egypt's contracting and agreement office implement a plan to work with agreement officer's representatives and contracting officer's representatives to reinforce requirements for documenting site visit reports and maintaining official files.

USAID/Jordan implement additional tools (e.g., templates, standardized filing systems, handover checklists) that management deems appropriate for agreement officer’s representatives and contracting officer's representatives to use when documenting and maintaining official files.

'USAID/Jordan's contracting and agreement office implement a plan to work with agreement officer’s representatives and contracting officer's representatives to reinforce requirements for documenting site visit reports and maintaining official files.

USAID/West Bank and Gaza's contracting and agreement office implement a plan to work with agreement officer's representatives and contracting officer's representatives to reinforce requirements for documenting site visit reports and maintaining official files.

USAID/Egypt's office directors implement a plan to reinforce guidelines for agreement officer's representatives and contracting officer's representatives to conduct site visits to provide oversight according to the mission order on performance monitoring.

USAID/Jordan's office directors implement a plan to reinforce guidelines for agreement officer's representatives and contracting officer's representatives to conduct monthly site visits to provide oversight according to the mission order on performance monitoring.

USAID/West Bank and Gaza's office directors implement a plan to reinforce guidelines for agreement officer’s representatives and contracting officer's representatives to conduct site visits to provide oversight.

USAID/Egypt's mission management document actions to make sure future portfolio reviews are conducted according to Automated Directives System 203.3.12.

USAID/Egypt implement measures to confirm that implementers and agreement officer's representatives and contracting officer's representatives are informed of Development Experience Clearinghouse submission requirements.

USAID/Jordan implement measures to confirm that implementers and agreement officer's representatives and contracting officer's representatives are informed of Development Experience Clearinghouse submission requirements.

USAID/West Bank and Gaza implement measures to confirm that implementers and agreement officer's representatives and contracting officer's representatives are informed of Development Experience Clearinghouse submission requirements.

USAID/West Bank and Gaza's contracting office implement a plan to confirm that contracting performance report requirements are met.

USAID/Egypt implement a plan to make sure the evaluation point of contact's workload in the program office is adequate so all required evaluations are completed in a timely manner and reviewed for quality control.

USAID/Egypt implement a training and technical assistance plan to make sure key mission staff working on evaluations have received initial or refresher training on evaluation management and methods.

USAID/Jordan implement a plan to make sure the evaluation point of contact's workload in the program office is adequate so all required evaluations are completed in a timely manner and reviewed for quality control.

USAID/Jordan implement and document a training and technical assistance plan to make sure key mission staff working on evaluations have received initial or refresher training on evaluation management and methods.

USAID/West Bank and Gaza implement a plan to make sure the staffing levels and workloads of program office employees, including the evaluation point of contact, are adequate so all required evaluations are completed in a timely manner and reviewed for quality control.

USAID/West Bank and Gaza implement and document a training and technical assistance plan to make sure key mission staff working on evaluations have received initial or refresher training on evaluation management and methods.

USAID/Egypt implement an action plan to make sure project design documents address the evaluation policy planning requirements.

USAID/Jordan complete and document its calculations of the average size of projects and include all required large projects in its inventory.

USAID/Jordan implement an action plan to make sure project design documents address the evaluation policy planning requirements.

USAID/West Bank and Gaza document its calculations of the average size of projects and include all required large projects in the mission's inventory and annual performance, plan, and report evaluation registry.

USAID/West Bank and Gaza implement an action plan to make sure project design documents address the evaluation policy planning requirements.

USAID/Egypt implement actions to make sure mission personnel complete a statement of work checklist or the equivalent before an evaluation is conducted.

USAID/Jordan implement actions to make sure mission personnel complete a statement of work checklist or the equivalent before an evaluation is conducted.

USAID/West Bank and Gaza implement actions to make sure mission personnel complete a statement of work checklist or the equivalent before an evaluation is conducted.

USAID/Egypt implement a comprehensive plan to make sure draft reports for evaluations meet USAID's standards and minimum documentation requirements, and that management or program actions to address recommendations are documented.

USAID/Jordan implement a comprehensive plan to make sure draft reports for evaluations meet USAID's standards and minimum documentation requirements, and that management or program actions to address recommendations are documented.

USAID/West Bank and Gaza implement a plan to document management or program actions to address recommendations and maintain documentation in a central location.

USAID/Azerbaijan issue additional guidance, such as training materials and reporting templates, to clarify the allowability of and accounting for in-kind and cash contributions.

USAID/Belarus issue additional guidance, such as training materials and reporting templates, to clarify the allowability of and accounting for in-kind and cash contributions.

USAID/Ukraine issue additional guidance, such as training materials and reporting templates, to clarify the allowability of and accounting for in-kind and cash contributions.

USAID/Azerbaijan issue an official notice, provide training, or update operating procedures to remind agreement officers about the Automated Directives System 303 requirement for cost-sharing memorandums.

USAID/Belarus issue an official notice, provide training, or update operating procedures to remind agreement officers about the Automated Directives System 303 requirement for cost-sharing memorandums.

USAID/Ukraine issue an official notice, provide training, or update operating procedures to remind agreement officers about the Automated Directives System 303 requirement for cost-sharing memorandums.

The Bureau for Policy, Planning and Learning determine whether Automated Directives System 201 should include guidance on cost-sharing determination and design.

The Bureau for Policy, Planning and Learning, in consultation with the Office of Acquisition and Assistance, develop supplemental guidance on cost-sharing determination and best practices.

USAID/Azerbaijan implement procedures to confirm that USAID teams conduct a documented analysis in determining the amount of cost sharing to require.

USAID/Belarus implement procedures to confirm that USAID teams conduct a documented analysis in determining the amount of cost sharing to require.

USAID/Ukraine implement procedures to confirm that USAID teams conduct a documented analysis in determining the amount of cost sharing to require.

The Bureau for Policy, Planning and Learning, in consultation with the Office of Acquisition and Assistance, analyze whether and how to allow USAID missions and field offices to provide input about their posts when cost-sharing amounts and requirements pertaining to worldwide grants are determined.

USAID/Azerbaijan issue an official notice, provide training, or update operating procedures to remind agreement officer's representatives of their responsibility to monitor cost-sharing progress.

USAID/Belarus issue an official notice, provide training, or update operating procedures to remind agreement officer's representatives of their responsibility to monitor cost-sharing progress.