Recommendation Dashboard

We recommend that the Millennium Challenge Corporation's Director of Security (1) verify that the board meeting minutes from September 2011 to September 2013 are marked properly and provide the results of the verification to OIG,
(2) include instructions on how to correctly mark derivative classification documents in Millennium Challenge Corporation mandatory training courses, and (3) verify compliance with marking requirements in annual self-inspection reports.

Include instructions on how to correctly mark derivative classification documents in Millennium Challenge Corporation mandatory training courses,

(3). Verify compliance with marking requirements in annual self-inspection reports.

We recommend that the Millennium Challenge Corporation's Director of Security document that all original classification authorities have completed required training or obtained waivers.

We recommend that the Millennium Challenge Corporation's Director of Security establish formal guidance that requires documentation of completion of Executive Order 13526 training requirements for all employees, including original
classification authorities.

We recommend that the Millennium Challenge Corporation's Director of Security update the Procedures for MCC Private Sector Board Members and Plus Ones for Storing Confidential Information in GSA-approved safes or submit alternative measures to the Information Security Oversight Office, as required.

USAID/Haiti implement procedures to use Standard Form 1190 for all allowances as required by the Department of State Standard Regulation.

USAID/Haiti implement procedures to verify employees' and their dependents' eligibility for all cost-of-living allowances.

USAID/Haiti implement a plan to improve communication between USAID/Haiti and USAID/Dominican Republic to prevent funds control violations and obtain proper documentation for approval of allowances.

USAID/Haiti determine and document options for calculating the separate maintenance allowance electronically.

USAID/Haiti implement a plan to monitor and verify that post allowance rates are updated accurately and in a timely manner in the system to avoid calculation errors.

USAID/Haiti collaborate with USAID/Dominican Republic to identify areas and opportunities for increased data verification and improved management oversight over the application, authorization, and payment of the cost-of-living allowances, and document these results.

USAID/Haiti review cost-of-living allowances
determine any amounts unallowable, and recover those amounts deemed unallowable.

USAID/Haiti implement a system that meets the Agency's record management policy to obtain and store necessary data accurately to track and manage cost-of-living allowances at post.

USAID/Haiti provide and document training on allowance regulations to mission staff involved in approving and paying allowances.

USAID/Haiti document in a mission order the allowance process and the roles and responsibilities of those involved with managing the cost-of-living allowances.

USAID/Haiti implement a plan to educate incoming employees on available allowances and how to make a claim.

USAID's Office of the Chief Financial Officer continue the reconciliation effort to investigate and resolve unreconciled differences and monitor and report the results to ensure that the balances in the general ledger and subsidiary ledger are consistently in agreement.

USAID's Office of the Chief Financial Officer consult with the U.S. Treasury to obtain advice and approval for resolving unreconciled funds.

USAID's Office of the Chief Financial Officer coordinate with the Director of the Office of Acquisition and Assistance to periodically investigate unliquidated obligations, especially those that make up the $47 million with no activity since they were established, and deobligate as necessary.

USAID's Office of the Chief Financial Officer establish procedures to periodically research and take appropriate action on advances outstanding for more than 150 days.

USAID's Office of the Chief Financial Officer investigate the negative unliquidated advances and determine whether they should be refunded to USAID.

USAID's Chief Human Capital Officer perform periodic reviews of employees' eOPF to ensure that employee benefit elections are current and properly recorded.

USAID's Office of the Chief Financial Officer reconfigure its financial management system to account for reimbursable agreements in accordance with Federal Generally Accepted Accounting Principles, and in consultation with appropriate stakeholders, develop and implement improved processes to account for reimbursable agreements.

Perform a comprehensive review and determine whether the Shared Service Provider's (SSP) financial management system is meeting its financial management and reporting needs. As part of this review, management should continue to evaluate whether: a. a separate grants management system that focuses on program and financial administrations that interfaces with the core financial system is needed, or b. to establish alternatives to recording numerous data lines in the Oracle AP and PO modules which is manual intensive and prone to errors.

Investigate and collect the underlying causes for the system errors and limitations that prevent or delay the recording, processing, and summarizing of accounting transactions. Key issues that remain unresolved should be escalated immediately rather than back-log the problem. MCC should ensure that e1rnrs and open tickets are resolved appropriately and timely by the SSP and that routine MCA accounting activities recorded in Oracle within the specified timeline. Moreover, manual adjusting journal entries should be used for limited transactions like unusual one-time entries or correcting entries.

In collaboration with the SSP, formalize in writing the system's issues and standardize the resolution processes and policy/procedures.

Further review SSP data entries relating to MCA payment processing and related
adjustments (i.e. obligation/disbursement adjustments). Perform reconciliation of AP and PO on a monthly basis and proactively resolve all differences in a timely manner.

Update its Expense Accruals Financial management Division Procedure Manual to:
A. Provide clear guidance regarding the accrual process as it relates to compacts that are in their final year as to how the accrual will be determined;
B. Address how contract retentions will be accounted for and included in the grant accrual estimate; and C. Provide a logical and supportable look-back analysis and validation process to assess the reasonableness of the grant accrual on a quarterly basis. The look back analysis should provide MCC with sufficient and appropriate information to explain unusual variances between actual and estimates, or support updating the current grant accrual methodology. Such periodic assessment of the adequacy of the grant accrual methodology should be documented and supported by data analysis. The accrued liability amount is subject to the risks that actual subsequent disbursement amount may be significantly different from management's estimate. When this occurs, management should further anal

Ensure that policies and procedures developed are current and are fully implemented by MCC staff during the grant accrual process to avoid potential calculation errors in the future.

USAID/Haiti determine whether the scope should be simplified before designing the follow-on program and document its decision.

USAID/Haiti implement a plan to coordinate and streamline mission approvals of program documents for the new program, defining roles and responsibilities within the mission, and estimating timelines for approvals.

USAID/Haiti develop and document a plan for a rigorous design process in accordance with Automated Directives System 201 for the follow-on program, and determine and document its expected level of involvement in program implementation before deciding on the appropriate type of award mechanism.

The mission review and document its awardprocessing
time to identify potential bottlenecks.

USAID/Haiti review the new program's description for clarity, revise it as necessary before implementation, and document all revisions.

USAID/Haiti identify and document areas of intervention before implementing the follow-on program.

USAID/Haiti complete and document the baseline survey to determine the capacity of local partners.

USAID/Haiti's agreement officer determine the allowability of the $110,000 in questioned costs spent on the baseline survey ($110,000) and recover from Cooperative for Assistance and Relief Everywhere Inc. any amounts determined to be unallowable.

USAID/Haiti define the assessment tools for studies required by the agreement, clarify them with the implementer before awarding the follow-on program, and document the complete process.

USAID/Haiti clarify and document the goals of the grants component of the program and its relationship to institutional capacity building before implementing the follow-on program.

USAID/Haiti assess the new implementer's capacity for awarding and managing grants before awarding the agreement for the follow-on program and document the results of the assessment.

USAID/Vietnam implement a formal risk management plan with updated potential risks and documented responses to address the identified risks.

USAID/Vietnam finalize and implement the training plan for Vietnamese Government agencies.

USAID/Vietnam implement an action plan to work with the Vietnamese Government to allow the project to have direct access to the local residents.

USAID/Vietnam implement clearly defined performance indicators to measure the progress in capacity building to achieve the project's objectives.

USAID/Vietnam implement realistic, ambitious targets for performance indicators to measure progress in capacity training for the Vietnamese Government and other stakeholders.

USAID/Vietnam implement the monitoring and evaluation plan for the project with the appropriate performance indicators that align with its performance management plan and country development cooperation strategy.

USAID/Vietnam implement its performance management plan to align with the country development cooperation strategy results framework, as required by Automated Directives System 203.3.3.

USAID/Vietnam perform a second data quality assessment of the project that includes reviewing source documentation for the reported data, as required in Automated Directive System 203.3.11.

USAID/Vietnam require CDM to implement procedures to verify reported data before submitting them to the mission.

USAID/Guinea, in coordination with USAID/Senegal's Regional Financial Management Office, implement procedures that track its annual audit plan and verify that required audits are performed in compliance with regulations. These procedures should include a checklist of all the required tasks, the name of the employee in charge of each task, and a timeline for each one so all audits are submitted to Regional Inspector General/Dakar on time.

USAID/Guinea, in coordination with USAID/Senegal's Regional Financial Management Office, revise its current audit plan to incorporate the close-out audit of the Baptist Convention and hire an audit firm to perform it.

USAID/Guinea, in coordination with USAID/Senegal's Regional Financial Management Office, implement procedures to verify that it performs close-out audits in accordance with Agency policies.

USAID/Guinea, in coordination with USAID/Senegal's Regional Office of Assistance and Acquisition and USAID/Washington, implement a plan to close expired awards and deobligate any remaining balances as required by applicable USAID policy.

The Chief Information Officer update the USAID FISMA Cybersecurity Roadmap and Work Plan to address each activity and milestone clearly in the Federal Information Security Management Act action plan.

The Chief Information Officer fully implement a process to test FISMA Action Plan activities identified as complete before closing them in the USAID FISMA Cybersecurity Roadmap and Work Plan.

The Chief Information Officer test activities already identified as complete to verify they have been implemented fully and effectively.

The Chief Information Officer document and implement a formal process to centrally review all USAID security assessment packages for proper selection, documentation, and evaluation of security controls before the packages are sent to the Chief Information Officer for approval.

The Chief Information Officer document and fully implement a plan to ensure that security assessments and authorizations for all USAID major and minor applications are updated to address requirements in National Institute of Standards and Technology Special Publication 800-53, Revision 4.

The Chief Information Officer update the AIDNet contingency plan to include all information required by the National Institute of Standards and Technology, including contingency roles and responsibilities, and activities associated with restoring the system after a disruption or failure, concurrent processing, testing, cleanup, documentation, business impact analysis, and to fully address operations at the Miami Terremark data center.

The Chief Information Officer document and implement a process to periodically review and update the AIDNet contingency plan in accordance with USAID policy.

The Chief Information Officer develop and implement a policy to retain results of backup tests in a central location to allow Agency
managers to verify that the testing is being performed in accordance with USAID policy.

The Chief Information Officer document and fully implement a process to include all weaknesses identified through continuous monitoring in the respective system's plan of action and milestones.

The Chief Information Officer, pending implementation of an automated solution, document and implement a temporary process to identify deviations from baseline configurations, and track and remediate them
appropriately.

The Chief Information Officer document and implement procedures to manage USAID access to the server room at Two Potomac Yards. At a minimum, procedures should cover approving, periodically reviewing, and revoking access to the room.

The Chief Financial Officer update Phoenix security settings to comply with Agency policy, or obtain written authorization from the Chief Information Officer for deviations.

The Chief Financial Officer implement automated controls when possible to ensure that inactive Phoenix accounts are disabled when they reach the inactivity threshold. If management determines that using such controls is not feasible, they should document this decision formally and ensure that mitigating manual controls are in place.

The Chief Information Officer update the existing security assessment and authorization policy to require that the authorizing official and system owner be different individuals.

The Chief Information Officer review and update all system security assessment and authorization packages to ensure that the authorizing official and system owner are different individuals.

The Director for the Office of Acquisition and
Assistance document and implement procedures to ensure that accounts are reviewed and disabled or deleted in accordance with USAID policy.

The Director for the Office of Acquisition and
Assistance review all accounts in GLAAS to determine whether any users have conflicting roles based on updated separation-of-duties guidance, and take action to remove any conflicting roles. If management determines that certain individuals require access in violation of the policy, these exceptions should be documented formally and approved by management. In addition, compensating controls should be identified and put in place to mitigate risks related to these exceptions.

The Director, Office of Education, document and implement formal procedures to review Visa Compliance System accounts periodically for appropriateness.

The Director, Office of Education, document and implement procedures for reviewing Visa Compliance System logs. Procedures should include confirming that logs are reviewed by an individual who does not have high-level administrator access.

The Chief Financial Officer update appropriate Payment Management System agreements with the Department of Health and Human Services to require it to provide information about account management to USAID upon request.

The Director of Management Services update E2 Travel Management Service User Guide to address the following account management activities and implement them accordingly:
- Requiring appropriate approvals for requests to establish accounts
- Activating, modifying, disabling, and removing accounts
- Authorizing and monitoring the use of guest/anonymous and temporary accounts
- Notifying account managers when temporary accounts are no longer required
- Deactivating accounts when required
- Granting access
- Reviewing accounts quarterly

The Director, Office of Human Resources, document and implement a process for verifying that all employees complete the employee exit process before leaving the Agency.

USAID/Afghanistan implement procedures to evaluate whether the Afghan Government has met its commitments, including audit requirements, before the Agency disburses funds to government-to-government projects.

USAID/Afghanistan modify the audit requirements within its government-to-government project documents to describe the Agency-contracted audit process, and communicate to these recipients that additional funding may not be disbursed until audits are completed.

USAID/Afghanistan issue a notice to relevant staff to remind them that the Office of Inspector General's country office should be notified each time the mission awards an audit of a government-to-government project.

USAID/Afghanistan implement procedures that require procurement officials to be included in the team responsible for individual government-to-government projects, as applicable.

USAID/Afghanistan update its on-budget assistance mission order to reflect its current practices.

USAID/Afghanistan schedule and document periodic training courses for officials designated to monitor on-budget assistance.

USAID/Afghanistan develop or update templates for its government-to-government implementation letters to include more clearly defined expectations based on the revised Automated Directives System 220 and lessons learned.

USAID/Afghanistan implement a procedure to confirm that Afghan Government officials responsible for implementing government-to-government projects understand the expectations described within project documents.

USAID/Afghanistan perform an evaluation of its newly implemented process to verify that government-to-government transactions are recorded correctly and promptly, make necessary adjustments, and document the final results.