Recommendation Dashboard

USAID/Afghanistan complete and implement a plan for sustaining the benefits derived from the Kandahar Helmand Power Project.

USAID/Afghanistan ascertain and document Black & Veatch's compliance with the Kandahar Helmand Power Project's final amended initial environmental examination.

USAID/Afghanistan determine the allowability
and recover, as appropriate, questioned costs of $164,157 in first- and business-class travel that were identified in Black & Veatch's invoices for the Kandahar Helmand Power Project.

USAID/El Salvador review the Regional Program for the Management of Aquatic Resources and Economic Alternatives contract and implement a plan for the completion of the program's objectives and targets, or terminate activities that cannot be completed and adjust the payment of the fixed fee to reflect actual accomplishments and document their decision.

USAID/El Salvador establish and implement, in conjunction with Chemonics, data collection and review procedures to correct errors identified in this report and to confirm that the data used in reporting progress are accurate.

USAID/El Salvador prepare a written site visit schedule for the remaining contract period.

USAID/El Salvador review the Regional Program for the Management of Aquatic Resources and Economic Alternatives contract, and develop performance indicators and targets for all of the program's expected results.

USAID/El Salvador revise the performance indicators identified in the audit as vague so they represent the intended results clearly and adequately.

USAID/El Salvador require in writing that the contractor provide an annual budget by activity and report on actual expenses compared with that budget.

USAID/El Salvador develop a list and submit all required documents in English to the Development Experience Clearinghouse.

USAID/El Salvador require Chemonics to conduct and document gender case studies as required by the contract.

We recommend that the Millennium Challenge Corporation Chief Information Officer reopen Recommendation 1 in Office of Inspector General Audit Report No. M-000-13-001-P.

We recommend that the Millennium Challenge Corporation Chief Information Officer determine and document why the Corporation's vulnerability management tool is not identifying vulnerabilities identified by the Office of Inspector General's contractor.

After taking final action for Recommendation 2, we recommend that the Millennium Challenge Corporation Chief Information Officer remediate vulnerabilities on the network identified by the Office of Inspector General's contractor as appropriate, or document acceptance of the risks of those vulnerabilities.

We recommend that the Millennium Challenge Corporation Chief Information Officer reopen Recommendation 3 in Office of Inspector General Audit Report No. M-000-13-001-P.

We recommend that the Millennium Challenge Corporation Chief Information Officer implement a written process to review active service accounts that have not logged in over a specified period of time, as defined by the Corporation, or that have never logged into the system to determine whether accounts are necessary.

We recommend that the Millennium Challenge Corporation Chief Information Officer conduct and document a full system authorization for the Millennium Challenge Corporation Management Information System in accordance with the Corporation's policy.

We recommend that the Millennium Challenge Corporation Chief Information Officer conduct and document a system reauthorization for MCC Integrated Data Analysis System in accordance with the Corporation's policy.

We recommend that the Millennium Challenge Corporation Chief Information Officer reopen Recommendation 9 in Office of Inspector General Audit Report No. M-000-13-001-P.

We recommend that the Millennium Challenge Corporation Chief Information Officer document and implement audit and accountability procedures to include monitoring, reviewing, and analyzing event logs for indications of inappropriate or unusual activity.

We recommend that the Millennium Challenge Corporation Chief Information Officer document and implement a process to make sure changes are tested and test results are reviewed before the changes are implemented when appropriate.

We recommend that the Millennium Challenge Corporation Chief Information Officer reopen Recommendation 9 in Office of Inspector General Audit Report No. M-000-11-004-P.

We recommend that the Millennium Challenge Corporation Vice President of Administration and Finance document its relationships with its third-party service providers, then take actions to get appropriate agreements in place with them.

We recommend that the Millennium Challenge Corporation Chief Information Officer implement a documented process to make sure the disaster recovery plan is updated annually to reflect lessons learned from the disaster recovery testing.

We recommend that the Millennium Challenge Corporation's Chief Information Officer ask that two-factor authentication, as required by Office of Management and Budget Memorandum M-06-16, be implemented for the Corporation's travel system. If it is not, document the Corporation's acceptance of the risk of not implementing the control as part of the security review of the system and obtain a written waiver from the Office of Management and Budget to exempt the Corporation from implementing two-factor authentication for its travel system.

We recommend that the Millennium Challenge Corporation's Chief Information Officer ask the senior advisory board to make a written determination whether the Corporation should report, track, and monitor its information security program as a material weakness or reportable condition pursuant to the Federal Managers' Financial Integrity Act of 1982.

USAID's Office of Acquisition and Assistance evaluate cost-effective alternatives to the present system of administering and complying with the Defense Base Act insurance program, including the option to self-insure with congressional approval, and document the results.

USAID's Office of Acquisition and Assistance modify its follow-on contract with the selected Defense Base Act insurance provider to place adjustable limits on the amount of overseas employee remuneration used to determine premiums, so that remuneration does not exceed current Department of Labor benefit levels.

USAID's Office of Acquisition and Assistance evaluate and document with USAID management whether to transfer responsibilities for Defense Base Act insurance management to another division within the Office or to a more appropriate USAID Office with expertise in matters related to workers' compensation insurance.

USAID's Office of Acquisition and Assistance issue written guidance to its contracting officers to increase oversight of its contractors and of implementing partners that purchase DBA insurance, including obtaining before contract closeout a copy of the insurance provider's final invoice showing adjusted premium amounts.

USAID's Office of Acquisition and Assistance determine the allowability of $6,586,427 in ineligible questioned costs arising from Defense Base Act insurance premium refunds issued to USAID contracting organizations and recover from them any amounts determined to be unallowable.

USAID/East Africa revise the Somalia due diligence clauses in its development awards to contain a statement on the discretion partners have in establishing their own procedures, direct partners to available guidance, and require submission of a due diligence implementation plan.

USAID's Bureau for Democracy, Conflict and Humanitarian Assistance, in coordination with other stakeholders, document and promote a strategy to standardize and improve due diligence procedures its partners use when implementing humanitarian assistance activities in Somalia.

USAID's Bureau for Democracy, Conflict and Humanitarian Assistance submit a written request to the Department of State to appeal to the Department of the Treasury for an amendment to the license granted by the Office of Foreign Assets Control to allow hiring of third-party monitors in Somalia.

USAID's Chief Information Officer implement formal written procedures for reviewing excessive mobile device charges, including the frequency of those reviews and a determination of whether users should be changed to another mobile device plan with features that accommodated the mobile
needs and/or use alternate solutions to meet Agency mobile needs.

USAID's Chief Information Officer implement formal written procedures for reviewing unused mobile devices with responsible Agency officials. At a minimum, the procedures should include an acceptable level for the number and cost of unused devices and the frequency of the reviews (no less than quarterly).

USAID's Chief Information Officer implement documented procedures for mobile devices that define policy violations and describe monitoring for and reporting on those violations (other than when the device is on the network and violates those policies).

USAID's Chief Information Officer implement documented policies that define the conditions for remotely wiping mobile devices if the device is lost or stolen and is at risk of having its data recovered by an unauthorized individual or entity and for failed password attempts.

USAID's Chief Information Officer implement documented policies that define the conditions for remotely locking devices suspected of being left unlocked in an unsecured location.

USAID's Chief Information Officer implement documented procedures for digitally signing USAID-developed applications.

USAID's Chief Information Officer implement documented procedures that describe how policies will be managed on BlackBerry Enterprise Servers.

USAID's Chief Information Officer implement
documented policies that define which types of mobile devices are permitted to access the Agency's resources.

USAID's Chief Information Officer implement
documented policies that define the degree of access that various classes of mobile devices (e.g., organization-issued devices versus those that are personally owned) can have to Agency resources.

USAID's Chief Information Officer revise Mobile Computing Standards: A Mandatory Reference for ADS Chapter 545 to be consistent with the requirements regarding encryption of information stored on mobile devices in Automated Directives System 545.3.6.6, "Mobile Computing Devices,"
(November 9, 2012).

USAID's Chief Information Officer revise Automated Directives System 549.3.4.3, "Electronic Mail (E-Mail)," to reflect the Agency's current policy regarding e-mail usage for sensitive but unclassified information.

USAID's Chief Information Officer revise the
following documents, as appropriate, to make clear policy statements regarding requirements for antivirus software and firewalls on mobile devices: Automated Directives System 545.3.6.6 "Mobile Computing Devices;" Mobile Computing Standards: A Mandatory Reference for ADS Chapter 545.

USAID's Chief Information Security Officer document a risk assessment for the 'Agency for International Development Network.'

After implementing Recommendation 13, we recommend that USAID's Chief Information Security Officer incorporate necessary updates to the risk assessments for iPads, iPad2s, iPad3s, and iOS 6.

USAID's Chief Information Security Officer include the following plans in the Agency's written plan of action and milestones, as required by National Institute of Standards and Technology's Recommended Security Controls for Federal Information Systems and Organizations:
Establish usage restrictions and implementation guidance for acceptable mobile code and mobile code technologies. Create tools and applications for mobile devices. Develop, test, and document sanitization procedures for mobile devices.

USAID's Chief Information Security Officer either finalize the risk assessment for the Agency's BlackBerry mobile devices or, if the devices will be phased out in the next year, formally document and accept the risk of not completing the risk assessment for them.

USAID's Chief Information Security Officer update the security policy for Agency BlackBerrys if USAID finalizes the risk assessment for Agency BlackBerrys detailed in Recommendation 16.

USAID's Chief Information Security Officer implement and require two-factor authentication for access to Agency e-mail with one factor separate from the device, as required, and document the results.

USAID's Chief Information Officer implement the Agency's strong password policy to unlock iPhones and BlackBerry mobile devices, as required, and document the results.
USAID Did Not Configure Its BlackBerry Mobile

After implementing Recommendation 15, USAID's Chief Information Officer configure the servers for mobile devices to restrict the ability to download applications to the devices, as appropriate.

After implementing Recommendation 20, USAID's Chief Information Officer, remove unapproved applications from Agency mobile devices and document their removal.

USAID's Chief Information Officer implement written procedures to maintain a centralized inventory of mobile devices on a comprehensive basis and require updating it as devices are purchased, exchanged, and returned.

USAID's Chief Information Officer implement written procedures to verify whether mobile devices on the monthly invoices are included in the Office of the Chief Information Officer's inventory and include the investigation of discrepancies.

USAID's Chief Information Officer implement written procedures to review mobile device user agreements for completeness and return all incomplete forms before approving mobile device services.

USAID's Chief Information Officer implement a written records management process to maintain and readily locate Agency user agreement forms for mobile devices.

USAID's Chief Information Officer revise Mobile Device Additional Charge Procedures to designate a time frame by when bureaus and offices must pay for additional charges and remedial action will be
taken for past due additional charges.

USAID/Pakistan implement a funding plan for the Small Grants Program that incorporates ownership from the technical offices.

USAID/Pakistan implement a plan for technical offices to monitor the Small Grants Program for development impact and sustainability.

USAID/Pakistan update its Small Grants Program guidance to comply with Mission Order 300.2, detailing steps for the technical offices to review and approve small grant concept papers and full applications and prescribing time frames for completing each step.

USAID/Haiti agreement officer determine the reasonableness of $148,754 in questioned costs incurred for consultants and collect any disallowed amounts from the Rural Justice Center.

USAID/Haiti agreement officer determine the allowability of $161,315 in questioned unsupported costs and collect any disallowed amounts from the Rural Justice Center.

USAID/Haiti agreement officer determine the allowability of $40,000 in questioned costs incurred for legal services and collect any disallowed amounts from the Rural Justice Center.

USAID/Haiti agreement officer determine the allowability of $23,007 in ineligible questioned costs and collect any disallowed amounts from the Rural Justice Center.

USAID/Haiti agreement officer determine the allowability of $10,978 in ineligible questioned costs and collect any disallowed amounts from the Rural Justice Center.

USAID/Haiti agreement officer determine the allowability of the $93,555 in questioned actual cost over budget and collect any disallowed amounts from the Rural Justice Center.

USAID/Haiti agreement officer determine the allowability of the $16,291 in questioned costs incurred for grant funds received in excess of costs reported and collect any disallowed amounts from the Rural Justice Center.

USAID/Haiti mission director verify that the Rural Justice Center has taken the necessary steps to become familiar with the requirements of subsequent federal awards, and implement written policies and procedures to govern its procurement of goods and services.

USAID/Haiti mission director verify that the Rural Justice Center establishes controls and implements policies to make sure support is obtained and maintained for all expenditures.

USAID/Haiti mission director verify that the Rural Justice Center establishes and implements policies and procedures for financial reporting to make sure contracted services that the Agency has paid for are rendered.

USAID/Haiti mission director verify that the Rural Justice Center implements internal control processes and procedures to make sure transactions are reported within the accounting period, are eligible, and charged to the federal funding source within the period of availability of funds.

USAID/Haiti mission director verify that the Rural Justice Center implements internal controls over its cash management process to make sure costs are incurred before they are recorded.

USAID/Haiti mission director verify that the Rural Justice Center implements policies and procedures to make sure grant expenditures are tracked against the respective budget line items and that appropriate steps are taken in the event of a potential budget overrun to obtain the necessary approval from the cognizant USAID official.

USAID/Haiti mission director verify that the Rural Justice Center implements a better system of accounting to make sure all transactions related to its federal grants are recorded appropriately and that adequate supporting documentation of the transactions are obtained and maintained.

USAID/Haiti mission director verify that the Rural Justice Center implements an approved electronic system of financial management that allows for effective, efficient financial reporting of federal expenditures, internal control policies and procedures to make sure that issues such as the lack of segregation of duties are mitigated by compensating controls, and a process to make sure bank reconciliations are prepared and consistently reviewed.

USAID/Haiti mission director verify that the Rural Justice Center implements written policies and procedures to address the various operational objectives and desktop processes and a system of internal control that is modeled after the Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control integrated framework.

USAID/Haiti mission director verify that the Rural Justice Center implements internal control processes and procedures to confirm that the required reports are prepared, reviewed, and submitted in a timely manner, and improves its communication with the mission regarding to the need for modification of the scope of work when significant events occurred to ensure that the grantee is not being evaluated against criterion that is no longer applicable.

USAID/West Bank and Gaza implement procedures describing how it intends to incorporate the conflict and mitigation management guidance in its Peace and Reconciliation Program starting in fiscal year 2014.

USAID/West Bank and Gaza implement its plan to hire an accounting firm to conduct and follow up on preaward surveys and build the financial capacity of organizations.

USAID/West Bank and Gaza implement a capacity-building plan for the implementers of its Peace and Reconciliation Program.

USAID/West Bank and Gaza implement and document mission-specific procedures that include requiring agreement officer's representatives to perform and document reviews of reported results in the mission's data reporting system, and periodically validating agreement officer's representatives' compliance with these procedures.

USAID/West Bank and Gaza issue guidance to implementers on how to calculate reported results for the program's indicators.

USAID/West Bank and Gaza coordinate with the implementers of the Peace and Reconciliation Program to correct errors in data reported in Geo-MIS data reporting system and document the results.

USAID/West Bank and Gaza review access rights for implementers within the mission's data reporting system and restrict their access to the prior year's data.

USAID/Albania implement a written plan to help make sure the Albanian Government has an adequate, predictable flow of funds to sustain the court information technology infrastructure on which digital audio recording depends.

USAID/Albania implement a written plan to work with the Albanian Government to resolve the impasse within the Chamber of Mediators and to establish it as a functioning organization.

USAID/Albania develop a written plan for the National Chamber of Advocates to create a training department capable of managing a nationwide continuing legal education program. That plan should set clear milestones and condition future USAID support on achieving those milestones.

USAID/Albania implement a performance management plan by the fall of 2013.