Summary of Internal Control Issues Over the Peace Corps Financial Reporting FY 2020
RecommendationsDisclaimer: Open/Closed recommendations are updated semiannually.
We recommend that the OCIO fully implement an ISCM strategy that includes policies and procedures, defined roles and responsibilities, and security metrics to measure effectiveness.
We recommend that the Peace Corps Director and Agency Risk Executive, in coordination with the Peace Corps senior leadership, identify the agency’s information security risk profile and define the agency’s risk appetite and risk tolerance.
We recommend that the Agency Risk Executive, in coordination with the Peace Corps senior leadership, develop and implement an enterprise-wide risk management strategy to address how to identify, assess, respond to, and monitor information security related risks in a holistic approach across the organization, business process, and information system levels.
We recommend that the OCIO perform all components of the Security Assessment and Authorization on all FISMA-reportable systems in accordance with the risk management strategy.
We recommend that the OCIO develop an information security architecture that is integrated with the risk