U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Summary of Internal Control Issues Over the Peace Corps Financial Reporting FY 2021

Report Information

Date Issued
Report Type
Agency Wide
Yes (agency-wide)
Questioned Costs
Funds for Better Use


Disclaimer: Open/Closed recommendations are updated semiannually.

We recommend the OCIO fully implement an ISCM strategy that includes policies and procedures, defined
roles and responsibilities, and security metrics to measure effectiveness.

We recommend the Peace Corps Director and Agency Risk Executive, in coordination with the Peace
Corps senior leadership, identify the agency’s information security risk profile and define
the agency’s risk appetite and risk tolerance

We recommend that the Agency Risk Executive, in coordination with the Peace Corps senior leadership, develop and implement an enterprise-wide risk management strategy to address how to identify, assess, respond to, and monitor information security related risks in a holistic
approach across the organization, business process, and information system levels.

We recommend the OCIO perform all components of the Security Assessment and Authorization on all
FISMA-reportable systems in accordance with the risk management strategy.

We recommend the OCIO develop an information security architecture that is integrated with the risk
management strategy.