Recommendation Dashboard

The Inter-American Foundation's Chief Information Officer remediate, as appropriate, vulnerabilities in the network identified by
the Office of Inspector General's contractor and document the results, or document acceptance of the risks of those vulnerabilities.

The Inter-American Foundation's Chief Information Officer develop and implement a documented process to confirm that all devices under the Foundation's control are included in its vulnerability scans.

The Inter-American Foundation's Chief Information Officer document and implement configuration management policies and procedures for the Enterprise Network to confirm that all changes and supporting test results are documented.

The Inter-American Foundation's Chief Information Officer update the privacy impact assessment for the Enterprise Network to reflect the current environment, including that the Foundation collects, maintains, and disseminates personal information in an identifiable form.

The Inter-American Foundation's Chief Information Officer document and implement an incident response plan that requires all security incidents to be reported to the U.S. Computer Emergency Readiness Team.

We recommend that the Millennium Challenge Corporation's Chief Information Officer remediate, as appropriate, vulnerabilities on the network identified by the Office of Inspector General's contractor and document the results or document acceptance of the risks of those vulnerabilities.

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement a process to conduct periodic, as defined by the Corporation, reviews of MCCNet users to verify that appropriate access privileges have been assigned.

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement an updated service account review process that includes follow-up and verification of actions taken after the reviews.

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement a process for confirming that contractor systems are continuously monitored and assessed in accordance with the Corporation's policies.

We recommend that the Millennium Challenge Corporation's Chief Information Officer update the Corporation's Information Systems Security Policy to include requirements in National Institute of Standards and Technology Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.

We recommend that the Millennium Challenge Corporation's Chief Information Officer complete and implement Post Phase 2 (enterprise architecture use and maintenance) of the Corporation's plan to establish its enterprise architecture program.

We recommend that the Millennium Challenge Corporation's Chief Information Officer update the MCCNet System Security Plan to document the system's security controls.

USAID/Indonesia conduct a comprehensive review of the strategy for the Strengthening Integrity and Accountability Program I, and use the results of the review to align objectives and performance targets with activities.

USAID/Indonesia obtain a written commitment signed by the highest decision-making authority in a beneficiary organization to implement an activity before approving and funding it under the Strengthening Integrity and Accountability Program I.

USAID/Indonesia require Management Systems International to report on sustainability in all remaining annual reports of the Strengthening Integrity and Accountability Program I. In addition, USAID/Indonesia should instruct Management Systems International in writing to identify in the program's final report which results are sustainable and why.

USAID/Indonesia report on sustainability in remaining portfolio reviews of the Strengthening Integrity and Accountability Program I.

USAID/Indonesia conduct a final evaluation, focusing on sustainability, of the Strengthening Integrity and Accountability Program I.

The Overseas Private Investment Corporation Chief Information Officer implement account recertification procedures to conduct periodic, as defined by the Corporation, reviews of OPICNet group memberships to verify that appropriate access privileges have been assigned and document the results.

The the Overseas Private Investment Corporation Chief Information Officer implement account recertification procedures for verifying actions taken after reviews of inactive accounts and document the results.

The Overseas Private Investment Corporation Chief Information Officer implement approved configuration baselines for the following software platforms used by OPICNet and document the results: Windows Server (all versions); Microsoft SQL Server (all versions); Oracle 9; Microsoft Internet Information Server

The Overseas Private Investment Corporation Chief Information Officer conduct configuration baseline monitoring over the following software platforms in accordance with organizational policies and procedures and document the results: Windows Server (all versions); Microsoft SQL Server (all versions); Oracle 9; Microsoft Internet Information Server

The Overseas Private Investment Corporation Chief Information Officer document and implement a process to monitor OPICNet password configuration settings for compliance with the Corporation's policy.

The Overseas Private Investment Corporation Chief Information Officer implement its Risk Management Committee Charter to support its risk management strategy and document the results.

The Overseas Private Investment Corporation Chief Information Officer implement a system to confirm that corrective actions have been fully and effectively completed prior to closing audit recommendations and document the results.

USAID/Sri Lanka direct Land O'Lakes to document its strategy for implementing the Biz Plus Program during its remaining period and work with each grantee to implement a work plan, taking into account its achievements, the status of activities, and the funding remaining, to achieve the program's intended results and maximize its impact.

USAID/Sri Lanka require Land O'Lakes to adjust to realistic levels targets for the number of jobs to be created by all grantees.

USAID/Sri Lanka direct Land O'Lakes to perform an evaluation of all grants covering the remainder of the Biz Plus Program, look at accomplishments, and analyze the reasonableness and validity of the business idea in the grant proposals to confirm the grants comply with the program objective.

USAID/Sri Lanka conduct a cost-benefit analysis of the Biz Plus Program to determine whether it should continue.

USAID/Sri Lanka work with Land O'Lakes to implement a plan to comply with the leveraging requirement of the agreement.

USAID/Sri Lanka require Land O'Lakes to review and correct the reported cost-sharing and leveraging amounts to comply with the agreement requirements.

USAID/Afghanistan request that the Department of Defense (DoD) amend its Economy Act order for the Regak and Oshay Bridges to formalize the agreement between USAID and DoD to construct the Regak Bridge only.

USAID/Afghanistan examine the difference between the amount deobligated and the amount returned to the Department of Defense (DoD) to determine whether additional funds should be returned to DoD based on the amount DoD paid USAID.

The Chief Financial Officer conduct an investigation of USAID/Afghanistan's subobligation of $0.7 million in Commander's Emergency Response Program funds for "emergency and urgent works to be performed" to see if this subobligation resulted in an Antideficiency Act violation.

USAID/Afghanistan obtain ratification of its use of $8.9 million for community development projects or return these funds to the Department of Defense.

The Chief Financial Officer conduct an investigation of USAID/Afghanistan's subobligation of $8.9 million in Commander's Emergency Response Program funds for community development projects to see if this subobligation resulted in an Antideficiency Act violation.

USAID/Regional Development Mission for Asia reassess its manageable interest in the CAP-3D project and amend the goal in the cooperative agreement as appropriate so that it is realistic, achievable, and measurable.

USAID/Regional Development Mission for Asia conduct a cost-benefit analysis of the remaining budget for the project and make adjustments as necessary.

USAID/Regional Development Mission for Asia implement a plan to strengthen the project's monitoring and reporting system and train local partners in its use.

USAID/Regional Development Mission for Asia review project data previously reported to Washington and correct any errors found.

USAID/Regional Development Mission for Asia implement a plan to make building capacity and sustainability of local partners a priority. The plan should consider conducting a mapping exercise and the preaward surveys of local partners described in the Additional Help for Automated Directives System 303 to qualify them to receive direct funding from USAID.

USAID/Regional Development Mission for Asia work with Population Services International to include fraud awareness briefings as part of the project's sharing of lessons learned and best practices.

USAID/Regional Development Mission for Asia implement formal agreements with the Ministries of Health in Laos and Thailand.

USAID's Chief Human Capital Officer revise NFC User Access Request Process to fully include written procedures for requesting and granting access to National Finance Center payroll applications. At a minimum, the procedures should describe a formal access authorization form, limiting access based on the principle of least privilege, training users, and maintaining access authorization records.

USAID's Chief Human Capital Officer revalidate the access and access rights for each individual with access to National Finance Center's payroll applications to verify that their access has been authorized properly and their access rights are based on the principle of least privilege.

USAID's Chief Human Capital Officer implement a written records management system to maintain and readily locate evidence of approved access to National Finance Center's payroll applications.

USAID's Chief Human Capital Officer designate an information system security officer for National Finance Center payroll applications in accordance with Automated Directives System 545.3.3.1.

USAID's Chief Human Capital Officer develop and formalize written procedures for proactively reviewing National Finance Center payroll applications' user account activity, which include modifying, disabling, and terminating actions. At a minimum, the procedures should specify a time frame for considering user accounts to be inactive, steps for following up on inactive accounts, and documenting a determination as to whether an account should be disabled.

USAID's Chief Human Capital Officer issue guidance to supervisors of the Agency's users of National Finance Center payroll applications on the need to notify within an Agency-established time frame the Agency's applications' system administrator when a user's access privileges to the applications need to be changed or deleted.

The Office of Development Credit revise loan portfolio guarantee target utilization rates to reflect historical data, and incorporate them into its operations manual and portfolio monitoring guide.

The Office of Development Credit implement an action plan to encourage banks to meet loan portfolio guarantee target utilization rates and require them to include utilization guidelines in on-boarding documents for bank partners.

The Office of Development Credit confirm and document that partner banks have clear and acceptable utilization strategies before finalizing guarantees.

The Office of Development Credit establish guidelines on when to amend, modify, or terminate a guarantee for insufficient use.

The Office of Development Credit coordinate with missions to define what constitutes a micro, small, and medium-size enterprise in the host country and consistently insert those definitions into its legal agreements directed at such enterprises.

The Office of Development Credit revise its operations manual and portfolio monitoring guide to require that it or the mission conduct on-site reviews and/or commission an independent auditor, when warranted.

The Office of Development Credit implement a procedure to clearly document the weighting of the risk factors in guarantees packages and the bases for adjusting or not adjusting those risk weightings.

USAID/Tanzania implement a plan to strengthen internal controls over antiretroviral drugs at USAID-supported facilities.

USAID/Tanzania update its standard site visit checklist to include a section on monitoring implementers' compliance with branding and marking requirements.

USAID/Tanzania implement a plan for the health team to verify that its agreement officer's representatives conduct site visits quarterly, review all elements outlined on the standard site visit checklist, understand how to verify data, and document the results of their site visits as required.

USAID/Tanzania require Baylor, Selian Lutheran Hospital, and Deloitte Consulting Limited to submit Environmental Mitigation and Monitoring Plans for USAID approval.

USAID/Tanzania implement a plan to verify that agreement officer's representatives monitor implementers' adherence to approved environmental monitoring plans.

USAID/Tanzania determine the allowability of $38,510 in questioned costs ($37,752 unsupported and $758 ineligible) and recover from Selian Lutheran Hospital any amounts deemed unallowable.

USAID/Tanzania verify that Selian Lutheran Hospital corrects the three instances of material noncompliance-expenses not adequately documented, time sheets not correctly recorded and maintained, and value-added tax inappropriately paid-and document the results.

USAID/Tanzania implement a plan to strengthen financial monitoring during site visits, including adding a section to the standard site visit checklist on financial items and providing training for agreement officer's representatives on how to review those items during site visits.

USAID/Tanzania implement a plan to verify that administrative costs charged by Deloitte Consulting Limited's subrecipients meet Office of Management and Budget Circular A-122 cost principles.