Audit Announcements, Reports, Open Recommendations, and Correspondence
The OIG conducts and supervises audits of DFC’s programs and operations around the world. These include audits mandated by law (e.g., Data Act, Payment Integrity Information Act (PIIA), Federal Information Security Modernization Act (FISMA), charge card, and annual financial statements), as well as performance audits determined by the IG. At the end of each audit, the OIG issues a report to the appropriate DFC management official detailing the findings and recommendations to address their causes. These recommendations are intended to improve the efficiency and effectiveness of DFC programs and operations. DFC management has an opportunity to comment on OIG findings and recommendations. Recommendations are considered closed when DFC has implemented corrective action. Open recommendations may be resolved or unresolved:
- An open recommendation is resolved when the OIG agrees with the agency's plan of action.
- An open recommendation is unresolved when the agency has yet to share a plan of action, or the OIG disagrees with the plan.
- Audit Announcements
- Audit Reports
- Open Recommendations
Report Title Report Number Date of Report Recommendation Number Recommendation DFC Can Improve the Acquisition of Goods and Services DFC-25-002-C 12/17/2024 1 DFC CEO should determine and document what constitutes a major acquisition and major IT acquisition for the corporation. 2 DFC CEO should develop and formalize an integrated acquisitions review process to ensure effective collaboration between key stakeholders on acquisitions, including major acquisitions and major IT acquisitions. The process should identify key stakeholders and define the phases when stakeholders must coordinate approvals before moving forward with the acquisition. 7 DFC CEO should Develop and implement an agency-wide process for the development, review, and approval of the corporation’s policies and procedures. 8 DFC CEO should reassess the corporation’s position on adherence to OMB Circular No. A-130 and update the OIT Directive accordingly. 10 DFC CEO should approve a policy that clearly defines how The Clinger-Cohen Act applies to DFC, particularly the CIO’s reporting structure. DFC's Compliance with the Whistleblower Protection Enhancement Act of 2012 DFC-24-006-MA 9/27/2024 1 DFC CEO should ensure all settlement agreements that contain nondisclosure provisions are coordinated with OGC and contain the required WPEA anti-gag provision. 3 DFC CEO should ensure completed anti-gag provision is posted on the DFC website, along with a list of the controlling Executive orders and statutory provisions, as required by the WPEA. While DFC must post the provision to the external website, the OIG recommends that DFC post the required language on the internal website, as well. FY 2024 DFC FISMA Audit Report DFC-24-005-C 9/25/2024 1 DFC's Chief Information Officer fully implement event logging requirements in accordance with Office of Management and Budget, Memorandum M-21-31. DFC’s Fiscal Year 2023 Compliance with Payment Integrity Information Act of 2019 DFC-24-004-C 5/21/2024 1 Respond to the OMB Annual Data Call as required. 2 Revise DFC’s PIIA procedures to include more effective steps to respond to the OMB Annual Data Call. - Correspondence