Recommendation Dashboard

We recommend that USAID/Kenya and East Africa determine the allowability of $60,533 in ineligible questioned costs on pages 13 and 17 of the audit report and recover any amount that is unallowable.

We recommend that USAID/Kenya and East Africa verify that Deloitte & Touche LLP corrects the one instance of material noncompliance detailed on pages 23 to 25 of the audit report.

We recommend that USAID/Southern Africa verify that Baylor College of Medicine Children's Foundation Lesotho corrects the one instance of material noncompliance detailed on pages 37 and 38 of the audit report.

We recommend that USAID/Southern Africa verify that Baylor College of Medicine Children's Foundation Lesotho provides Elizabeth Glaser Pediatric AIDS Foundation with a copy of the findings raised in the audit report for their review and any appropriate action regarding the one material weakness in internal control and one instance of material noncompliance related to the subagreement under cooperative agreement AID-674-A-16-00005 as detailed on page 33 of the report.

We recommend that the Millennium Challenge Corporation verify that Millennium Challenge Coordinating Unit Sierra Leone corrects the four material instances of noncompliance detailed on pages 26 to 31 of the final audit report.

Establish and implement procedures to ensure that congressional reporting is timely and complete, including reporting on planned funding for countries outside of the Top 50 on the WASH Needs Index.

We recommend that USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $619,608 in direct questioned costs ($89,091 ineligible, $530,517 unsupported) summarized on page 24 of the report, and recover any amount that is unallowable

We recommend that USAID's Office of Acquisition and Assistance, Cost, Audit and Support Division verify that Financial Markets International Inc. corrects the five instances of material noncompliance detailed on page 3 and 4 of the audit report

Assess country-specific capacity needs for local partners and develop a plan to address critical capacity gaps to inform an updated analysis of risks and mission-level local partner funding goals for the U.S. President's Emergency Plan for AIDS Relief.

Develop and implement a plan to update mission-level local partner funding goals for future U.S. President's Emergency Plan for AIDS Relief funding at its critical missions considering the Agency's current progress, the COVID-19 operating environment, and the Office of the U.S. Global AIDS Coordinator and Health Diplomacy's intentions for the local partner initiative.

Verify that El Hawakeer corrects the 2 material weaknesses in internal control detailed on pages 15 and 16 of the audit report.

Verify that El Hawakeer corrects the 2 material instances of noncompliance detailed on pages 18 and 19 of the audit report.

We recommend that USAID Office of Acquisition and Assistance, Cost, Audit and Support Division determine the allowability of $50,000 in questioned costs ($50,000 Ineligible) on page 35 of the audit report and recover any amount that is unallowable.

Implement a process to automatically disable system user accounts after 90 days of inactivity or implement a daily review process to ensure that accounts are disabled after 90 days of inactivity.

Address the management of system components requiring repair or service in its Supply Chain Risk Management Standard Operating Procedures.

We recommend that MCC's Chief Information Officer develop and implement processes to document and implement lessons learned related to risk management, configuration management and identity and access management

We recommend that MCC's Chief Information Officer develop and document supply chain policies, procedures and strategies

We recommend that MCC's Chief Information Officer revise and implement MCC's Vulnerability Patch Compliance Policy to align with timeframes in the Department of Homeland's Fiscal Year 2021 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics

We recommend that MCC's Chief Information Officer develop and implement a process to conduct an independent periodic review of MCC's privacy program.

We recommend that MCC's Chief Information Officer fully develop and implement a security awareness training strategy.

We recommend that MCC's Chief Information Officer document and implement a process to monitor and enforce MCC's procedures for security training

We recommend that MCC's Chief Information Officer document and implement a written process for obtaining and evaluating feedback on MCC's privacy and security training content, including role-based training