Audit Announcements, Reports, Open Recommendations, and Correspondence
The OIG conducts and supervises audits of DFC’s programs and operations around the world. These include audits mandated by law (e.g., Data Act, Payment Integrity Information Act (PIIA), Federal Information Security Modernization Act (FISMA), charge card, and annual financial statements), as well as performance audits determined by the IG. At the end of each audit, the OIG issues a report to the appropriate DFC management official detailing the findings and recommendations to address their causes. These recommendations are intended to improve the efficiency and effectiveness of DFC programs and operations. DFC management has an opportunity to comment on OIG findings and recommendations. Recommendations are considered closed when DFC has implemented corrective action. Open recommendations may be resolved or unresolved:
- An open recommendation is resolved when the OIG agrees with the agency's plan of action.
- An open recommendation is unresolved when the agency has yet to share a plan of action, or the OIG disagrees with the plan.
- Audit Announcements
- Audit Reports
- Open Recommendations
Report Title Report Number Date of Report Recommendation Number Recommendation OPIC Implemented Controls in Support of FISMA for Fiscal Year 2017 but Improvements Are Needed A-OPC-17-007-C 9/28/2017 1 OPIC's chief information officer remediate network vulnerabilities identified by the Office of Inspector General's contractor, as appropriate, or document acceptance of the risks of those vulnerabilities. OPIC Has Generally Implemented Controls in Support of FISMA for Fiscal Year 2018 A-OPC-19-006-C 1/30/2019 2 OPIC chief information officer remediate patch and configuration vulnerabilities in the network identified by the OIG, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities. 3 OPIC chief information officer document and implement a process to verify that patches are applied in a timely manner. DFC Generally Implemented an Effective Information Security Program for Fiscal Year 2020 in Support of FISMA A-DFC-21-005-C 1/28/2021 3 Implement multifactor authentication for network access for privileged accounts. DFC Generally Implemented an Effective Information Security Program for Fiscal Year 2021 in Support of FISMA A-DFC-22-003-C 12/1/2021 1 Develop and implement a process to include compensating controls to mitigate risk when accepting the risk of known vulnerabilities. 2 Document and implement a process to verify that laptops are encrypted and remediate instances of nonencrypted laptops. 3 Document and implement a strategy, policy, and procedures to manage supply chain risks with suppliers, contractors, and systems. DFC Generally Complied with the Digital Accountability and Transparency Act in Fiscal Year 2021 DFC-22-001-C 3/8/2022 1 Require business process owners to populate LegalEntityZIPLast4 information in source systems at the time of the transaction. 2 Design and implement policies and procedures that require the agency to report financial assistance awards to FABS within 30 days after an award is issued. 3 Continue to work with Treasury and OMB to clarify the procedure to report subsidy modifications. DFC Generally Implemented an Effective Government Charge Card Program for Fiscal Years 2020 and 2021 DFC-22-002-C 3/8/2022 2 Amend applicable policies and procedures to include steps to ensure the recovery of employee debts including those incurred as a result of any illegal, improper, or erroneous purchases or payments. These steps should also specify the roles and responsibilities of personnel involved in this process.