Audit Announcements, Reports, Open Recommendations, and Correspondence
The OIG conducts and supervises audits of DFC’s programs and operations around the world. These include audits mandated by law (e.g., Data Act, Payment Integrity Information Act (PIIA), Federal Information Security Modernization Act (FISMA), charge card, and annual financial statements), as well as performance audits determined by the IG. At the end of each audit, the OIG issues a report to the appropriate DFC management official detailing the findings and recommendations to address their causes. These recommendations are intended to improve the efficiency and effectiveness of DFC programs and operations. DFC management has an opportunity to comment on OIG findings and recommendations. Recommendations are considered closed when DFC has implemented corrective action. Open recommendations may be resolved or unresolved:
- An open recommendation is resolved when the OIG agrees with the agency's plan of action.
- An open recommendation is unresolved when the agency has yet to share a plan of action, or the OIG disagrees with the plan.
- Audit Announcements
- Audit Reports
- Open Recommendations
Report Title Report Number Date of Report Recommendation Number Recommendation OPIC Implemented Controls in Support of FISMA for Fiscal Year 2017 but Improvements Are Needed A-OPC-17-007-C 9/28/2017 1 OPIC's chief information officer remediate network vulnerabilities identified by the Office of Inspector General's contractor, as appropriate, or document acceptance of the risks of those vulnerabilities. OPIC Has Generally Implemented Controls in Support of FISMA for Fiscal Year 2018 A-OPC-19-006-C 1/30/2019 2 OPIC chief information officer remediate patch and configuration vulnerabilities in the network identified by the OIG, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities. 3 OPIC chief information officer document and implement a process to verify that patches are applied in a timely manner. DFC Generally Implemented an Effective Information Security Program for Fiscal Year 2020 in Support of FISMA A-DFC-21-005-C 1/28/2021 3 Implement multifactor authentication for network access for privileged accounts. DFC Generally Complied with the Digital Accountability and Transparency Act in Fiscal Year 2021 DFC-22-001-C 3/8/2022 1 Require business process owners to populate LegalEntityZIPLast4 information in source systems at the time of the transaction. 2 Design and implement policies and procedures that require the agency to report financial assistance awards to FABS within 30 days after an award is issued. 3 Continue to work with Treasury and OMB to clarify the procedure to report subsidy modifications. DFC Generally Implemented an Effective Government Charge Card Program for Fiscal Years 2020 and 2021 DFC-22-002-C 3/8/2022 2 Amend applicable policies and procedures to include steps to ensure the recovery of employee debts including those incurred as a result of any illegal, improper, or erroneous purchases or payments. These steps should also specify the roles and responsibilities of personnel involved in this process. DFC Made Significant Progress Implementing Provisions of the Better Utilization of Investments Leading to Development Act DFC-22-005-C 9/22/2022 1 Review the roles, responsibilities, and authorities of the CDO and CRO. 2 Develop and communicate a clear methodology for categorizing income level classifications for projects operating in multiple countries in internal reporting systems and ensure a consistent methodology is used to track progress towards the LIC/LMIC project goal throughout the year and at fiscal year-end. 4 Finalize the approval and communication of financial performance standards. 5 Develop procedures and report performance metrics on DFC’s portfolio and development impact on a country-by-country basis. Fiscal Year 2022 DFC Federal Information Security Modernization Act of 2014 Audit DFC-23-001-C 11/9/2022 1 Update Authorization to Operate and system-level Security Assessment Reports annually. 2 Implement a plan to replace or upgrade the unsupported software within DFC's network. 3 Document and implement lessons learned to enhance the continuous monitoring process to instruct employees to record, analyze, and revise control activities on a cyclical basis to continuously improve DFC security posture as defined in the Security Continuous Monitoring Plan. 5 Develop a methodology and implement a tool to track the timely review of periodic updates for BIAs and contingency tests.