State/OIG Honored With CIGIE Awards — Congratulations!

Posted: 12:37 am EDT


Via State/OIG:

On October 22, 2015, the Council of Inspectors General on Integrity and Efficiency (CIGIE)  held their 18th annual inspector general community awards ceremony, with Attorney General Loretta Lynch as the keynote speaker.

In fiscal year 2014, the IG community identified potential savings of over $46.5 billion as well as program efficiencies and enhancements. Offices of Inspectors Generals (OIGs) successfully investigated individuals and entities who threatened government integrity and the public trust. Cumulatively, these efforts resulted in $13.8 billion in potential savings from audit recommendations; $32.7 billion in potential savings from investigative recoveries and receivables; over 5,500 indictments and criminal information; over 5,800 successful prosecutions; over 5,100 suspensions and debarments; and over 547,000 hotline complaints processed.

Here are the State/OIG awardees:


Screen Shot 2015-11-02 at 4.26.53 PM


Screen Shot 2015-11-02 at 4.25.40 PM


Screen Shot 2015-11-02 at 4.27.44 PM


Several representatives from OIG were recognized as members of the Interagency International Ebola Response and Preparedness Oversight Team “In recognition of the distinguished achievements of the OIGs of USAID, DoD, DOS, and HHS for oversight of the U.S. Government’s international response and preparedness efforts associated with the Ebola outbreak in West Africa.” They included Tinh Nguyen/MERO, Carol E. Hare/AUD, Melissa A. Bauer/AUD, Upeksha Peramune/AUD and William Stapleton.


Click the 2015 Award Ceremony Booklet for a complete list of awardees.




Ann Calvaresi Barr: USAID Gets a New Inspector General Nominee After Vacancy of 1,310 Days

Posted: 12:15 am EDT


On May 8, President Obama announced his intent to nominate Ann Calvaresi Barr, as the next Inspector General for the United States Agency for International Development (USAID). The WH released the following brief bio:

Ann Calvaresi Barr is the Deputy Inspector General of the Department of Transportation, a position she has held since 2010.  Ms. Calvaresi Barr joined the Department of Transportation as Principal Assistant Inspector General for Audits and Evaluations in 2009.  She served at the Government Accountability Office (GAO) as Director of Acquisition and Sourcing Management from 2004 to 2009, Assistant Director for Strategic Issues from 2002 to 2004, and Assistant Director for Health Care Issues from 1998 to 2002.  Ms. Calvaresi Barr held several roles as an analyst and senior analyst at GAO from 1984 to 1998, including a five year tour in GAO’s former European Office.

Ms. Calvaresi Barr received a B.A. from Dickinson College and an M.P.A. from American University.

Screen capture from c-span

Screen capture from c-span

Click here for a video of Ms. Calvaresi Barr during a congressional hearing on Amtrak in 2012. If confirmed, she would succeed Donald A. Gambatesa who resigned three and a half years ago after a five year tenure. The OIG position at USAID has been vacant for 1,310 days according to the OIG Tracker put together by POGO (see Where Are All the Watchdogs?)


Related posts:


Citizens United Files Lawsuit Against State Dept For Harold Geisel’s Records and OIG Report on Diplomatic Security

Posted: 11:16 am PDT
Updated: 8:37 om PDT


Via Bloomberg:

Citizens United filed its fourth lawsuit against the State Department on Thursday, this time seeking documents related to the agency’s Office of Inspector General during former Secretary of State Hillary Clinton’s tenure. In the suit, filed in the U.S. District Court for the District of Columbia, the conservative advocacy group complains that the State Department has not responded to two of its Freedom of Information Act requests in more than six months, beyond acknowledging receiving them. The statutory requirement is 20 business days.

In its court filing, Citizens United argues that “when left to their own devices State Department bureaucrats have taken over three years to respond to Citizens United’s FOIA requests” and that “Such extensive delays are in clear violation of both the letter and the spirit of the Freedom of Information Act.”

This latest lawsuit, asked for two specific records related the Office of the Inspector General of the State Department: the first one related to former acting IG Harold Geisel, and the second one related to inspection report ISP-I-13-18 released in March 2013. This is the inspection report (pdf) on Diplomatic Security where the inspectors concluded that Diplomatic Security’s Special Investigations Division (SID) lack independence. The OIG recommended that “The Office of the Deputy Secretary should restructure the investigative responsibilities currently assigned to the Special Investigations Division. The outcome should include safeguards to prevent any Department of State or Diplomatic Security official from improperly influencing the commencement, course, or outcome of any investigation.” We don’t know if anything happened in that front but in any case, Citizens United wanted to see all the details, potentially messy, generated by that report. We should also note that this specific report previously made a cameo appearance in another lawsuit in Texas and attracted congressional interest.

Below excerpted from court records:


11. On September 16, 2014 Citizens United submitted a FOIA request, online, to Defendant. See Exhibit B (FOIA Request Letter). The request sought:

On April 25, 2011, The Washington Post reported on the vacant State Department’s Inspector General position. The Washington Post reported that: “One high-ranking official familiar with the selection process said the State Department’s current leadership had opposed filling the top slot because it prefers the office to remain under Geisel’s supervision.” On April 5, 2011 the Government Accountability Office (GAO) released a report titled State Department Inspector General, Actions To Address Independence And Effectiveness Concerns Are Under Way, (GAO-11-382T). The records I request can be described as follows: Any and all records, correspondence, and memos, in any and all formats, that mention, discuss, or reference the performance of Harold W. Geisel as acting State Department inspector general, the nomination of an inspector general, potential candidates for inspector general, a preference or desire to retain Harold W. Geisel as acting State Department inspector general, the aforementioned GAO report, and/or the vacant inspector general position in any context that were sent to and/or sent from any of the following individuals: Secretary of State Hillary Clinton, Office Manager Claire Coleman, Counselor and Chief of Staff Cheryl Mills, Deputy Chief Of Staff for Operations Huma Abedin, Deputy Chief of Staff for Policy Jacob Sullivan, Executive Assistant Alice Wells, Senior Advisor Jeannemarie E. Smith, Special Assistant Lona Valmoro, Special Assistant Nima Abbaszadeh, Special Assistant Bernadette Meehan, Deputy Secretary Thomas Nides, Deputy Secretary William J. Burns, Under Secretary Patrick F. Kennedy, Under Secretary Wendy R. Sherman, and Acting Deputy Department Spokesman Mark C. Toner.


16. On September 16, 2014 Citizens United submitted a FOIA request, online, to Defendant. See Exhibit D (FOIA Request Letter). The request sought:

Any and all correspondence, memos, or records, in any format, that mention, reference, or discuss the State Department Office of Inspector General report The Bureau Of Diplomatic Security, Office Of Investigations And Counterintelligence, Divisions Of Special Investigations, Criminal Investigations, And Computer Investigations And Forensics (ISP-I-13-18), and/or any previous drafts of the report, and that were sent to, or sent from, the following individuals: Hillary Rodham Clinton, Cheryl D. Mills, Huma Mahmood Abedin, Jennemaire E. Smith, Lona Valmoro, Joanne Laszczych, Monica Hanley, Robert V. Russo, and Nora F. Toiv.

This should be interesting unless everything get Sharpied out.  The case is  Citizens United v. United States Department of State, Civil Action No. 15-cv-441 (pdf).

Also this:



Inspection Report on US Embassy Eritrea Now Classified? Plus State/OIG FY2015 Inspection Schedule

Posted: 1:19 am EDT


State/OIG has posted its schedule of FY2015 inspections.  Something we can look forward to reading, although it will probably take months before these reports will be available online.  Unless, of course, these reports are designated “classified” like the inspection report on the U.S. Embassy in Asmara, Eritrea (pdf). Some OIG reports have classified annexes. This is the first one we’ve seen in recent memory where the entire report has been designated classified.

Screen Shot 2015-03-22

click image for larger view


According to, the United States recognized the Republic of Eritrea on April 27, 1993, when the American consulate at Asmara informed Eritrean authorities of this decision on the same date Eritrea declared its independence. Eritrea previously had been under Ethiopian sovereignty. Diplomatic relations were established on June 11, 1993, when the American consulate at Asmara was raised to Embassy status with Joseph P. O’Neill as Chargé d’Affaires ad interim.

There currently is no U.S. Ambassador to Eritrea; the U.S. Chargé d’Affaires is Louis Mazel,  career Foreign Service Officer who arrived in Eritrea to take up his posting as Charge d’Affaires on July 10, 2014.


The upcoming inspection schedule via Office of Inspector General Work Plan 2015:

Fall Cycle: October–November 2014 

Post inspections of Astana and Dushanbe, including BBG operations

Post inspections of Riga and Tallinn

Post inspections of Antananarivo and Port Louis

Inspection of the Office of Civil Rights (S/OCR)

Inspection of BBG operations in Kabul

Compliance Follow-up Review of the Bureau of Conflict and Stabilization Operations (CSO)

Winter Cycle: February–March 2015

Post inspection of Amman

Post inspection of Tokyo and constituent posts

Post inspections of Muscat and Tunis, including BBG operations

Inspection of the Bureau of Political-Military Affairs

Compliance Follow-up Review of the Accountability Review Board Process

Spring Cycle: May–June 2015

Inspection of the Bureau of International Organization Affairs (IO)

Inspection of the Office of Management Policy, Rightsizing and Innovation (M/PRI)

Inspection of the Bureau of Diplomatic Security, International Programs Directorate (DS/IP)

Inspection of the Bureau of Information Resource Management, Vendor Management Office (IRM/OPS/VMO)

Inspection of the Bureau of Energy Resources (ENR)

Inspection of the Bureau of the Comptroller and Global Financial Services (CGFS)


OIG: Only 41,749 State Dept Record Emails Preserved Out Of Over a Billion Emails Sent

Posted: 4:29 pm EDT
Updated: March 12, 9:29 pm PST

State Department deputy spokeswoman Marie Harf told CNN that since the inspector general is independent from the department “they will have to speak to the timing and details of releasing this report, which they control.”

So we asked the IG and we’re told that “the timing of the release of this report (ISP-I-15-15) was purely coincidental to the recent email issue.”


State/OIG did a review (pdf) of the Department’s State Messaging and Archive Retrieval Toolset (SMART) and Record Email in Washington, DC, between January 24 and March 15, 2014. According to the OIG, in 2013, Department employees created 41,749 record emails. These statistics are similar to numbers from 2011, when Department employees created 61,156 record emails out of more than a billion emails sent. Department officials have noted that many emails that qualify as records are not being saved as record emails.

Below are the highlights of the OIG review:

  • A 2009 upgrade in the Department of State’s system facilitated the preservation of emails as official records. However, Department of State employees have not received adequate training or guidance on their responsibilities for using those systems to preserve “record emails.” In 2011, employees created 61,156 record emails out of more than a billion emails sent. Employees created 41,749 record emails in 2013.
  • Record email usage varies widely across bureaus and missions. The Bureau of Administration needs to exercise central oversight of the use of the record email function.
  • Some employees do not create record emails because they do not want to make the email available in searches or fear that this availability would inhibit debate about pending decisions.
  • System designers in the Bureau of Information Resource Management need more understanding and knowledge of the needs of their customers to make the system more useful. A new procedure for monitoring the needs of customers would facilitate making those adjustments.

Additional details from the OIG report:

The need for official records

The Department of State (Department) and its employees need official records for many purposes: reference in conducting ongoing operations; orientation of successors; defending the U.S. Government’s position in disputes or misunderstandings; holding individuals accountable; recording policies, practices, and accomplishments; responding to congressional and other enquiries; and documenting U.S. diplomatic history. Record preservation is particularly important in the Department because Foreign Service officers rotate into new positions every 2 or 3 years. Federal law requires departments, agencies, and their employees to create records of their more significant actions and to preserve records according to Governmentwide standards.

Who has responsibility for the preservation of official records?

Every employee in the Department has the responsibility of preserving emails that should be retained as official records.3 The Office of Information Programs and Services in the Bureau of Administration’s Office of Global Information Services (A/GIS/IPS) is responsible for the Department’s records management program, including providing guidance on the preservation of records for the Department and ensuring compliance. IRM administers the enterprise email system, including SMART, and therefore provides the technical infrastructure for sending and receiving emails and preserving some as record email.

What constitute official records? 

If an employee puts down on paper or in electronic form information about “the organization, functions, policies, decisions, procedures, operations, or other activities of the Government,” the information may be appropriate for preservation and therefore a record according to law, whether or not the author recognizes this fact. Whether the written information creates a record is a matter of content, not form. Federal statutes, regulations, presidential executive orders, the Foreign Affairs Manual (FAM), Department notices, cables, and the SMART Messaging Guidebook contain the criteria for creating and maintaining official records and associated employee responsibilities.

Which email messages should be saved as records?

According to Department guidance referenced above, email messages should be saved as records if they document the formulation and execution of basic policies and actions or important meetings; if they facilitate action by agency officials and their successors in office; if they help Department officials answer congressional questions; or if they protect the financial, legal, and other rights of the government or persons the government’s actions directly affect. Guidance also provides a series of questions prompting employees to consider whether the information should be shared, whether the successor would find the email helpful, whether it is an email that would ordinarily be saved in the employee’s own records, whether it contains historically important information, whether it preserves the employee’s position on an issue, or whether it documents important actions that affect financial or legal rights of the government or the public.


The OIG report notes that it has previously examined the Department’s records management, including electronic records management, in its 2012 inspection of A/GIS/IPS. OIG found that A/GIS/IPS was not meeting statutory and regulatory records management requirements because, although the office developed policy and issued guidance on records management, it did not ensure proper implementation, monitor performance, or enforce compliance. OIG also noted that, although SMART users can save emails as records using the record email function, they save only a fraction of the numbers sent. OIG recommended that the Bureau of Administration implement a plan to increase the number of record emails saved in SMART.

That was in 2012.

The OIG team also found that “several major conditions impede the use of record emails: an absence of centralized oversight; a lack of understanding and knowledge of record-keeping requirements; a reluctance to use record email because of possible consequences; a lack of understanding of SMART features; and impediments in the software that prevent easy use.”

To show how misunderstood is the requirement to save record emails, see the following chart. The U.S. Embassy in Hanoi had 993 record emails compared to US Embassy Islamabad that only had 121 record emails preserved. The US Consulate General in Guangzhou had 2 record emails while  USCG Ho Chi Minh City had 539. It looks like the US Embassy in Singapore with 1,047 record emails had the highest record emails preserved in 2013. The frontline posts like Baghdad had 303, Kabul had 61, Sana’a had 142 and Tripoli had 10 record emails in 2013. The only explanation here is that the folks in Singapore had a better understanding of record email requirements than the folks in our frontline posts. Given that the turn-over of personnel at these frontline posts is more frequent, this can have consequential outcome not just in the public’s right to know but in continuity of operations.

Screen Shot 2015-03-11

Again, via the OIG:

Many inspections of embassies and bureaus have found that the use of SMART and the record email function are poorly understood. This lack of understanding is one of the principal causes of the failure of U.S. embassies to use record email more often. The inspections show that many employees do not know what types of emails should be saved as record emails. The employees typically need more and clearer guidance and more training. OIG has made formal and informal recommendations to increase the use of record email, to write and distribute formal embassy or bureau guidance on record email, and to arrange for training.

The A/GIS/IPS office is under the Assistant Secretary for the Bureau of Administration, an office that reports to the Under Secretary for Management (M). The Bureau of Information Resource Management (IRM) also reports to M.


Rabbit Hole News: State Dept’s Private Email Usage Policy, Plus Attn: State/OIG – Firecracker Coming Your Way

Posted: 01:47 EST
Updated: 11:19 EST
Updated 15:14 EST


Shortly after the NYT broke the story about the former secretary of state’s exclusive used of a personal email account to conduct government business, we sent an inquiry to the State Department’s Office of Inspector General. We don’t know if they could comment about it but we wanted to ask anyway.  We’ve looked at the regs but the FAM is silent on the use of private email, or at least we thought it was. It almost seem as if the rule makers presumed that all employees will be using official email, thus, the rules only spell out the requirement for the preservation of records.

If Secretary Clinton was using a private email account and if her close advisers were also using private email accounts, we wanted to know how is this reconciled with the ability of individuals to FOIA government documents. We were also interested how this would keep other senior or even regular employees from using Yahoo or Gmail to conduct official business.

State/OIG’s response was, “we are not in a position to comment at this time.”

Actually, we asked the wrong questions.

In 2012, we blogged about the OIG inspection report of the U.S. Embassy in Kenya. (See State/OIG Releases Ambassador Scott Gration’s Embassy Report Card – And Look, No Redactions!). We mentioned in passing the ambassador’s use of commercial email for official government business. In light of these news reports that Secretary Clinton exclusively used nongovernment email during her four year tenure as secretary of state, the old 2012 report is getting some legs again.


Below is an excerpt from that 2012 report specifically addressing the ambassador’s use of commercial email for daily communication of official government business. The ambassador was also slammed for using “a government-owned laptop that is not physically or electronically connected to the Department’s OpenNet network.”  

Mission Leadership Challenge 

Very soon after the Ambassador’s arrival in May 2011, he broadcast his lack of confidence in the information management staff. Because the information management office could not change the Department’s policy for handling Sensitive But Unclassified material, he assumed charge of the mission’s information management operations. He ordered a commercial Internet connection installed in his embassy office bathroom so he could work there on a laptop not connected to the Department email system. He drafted and distributed a mission policy authorizing himself and other mission personnel to use commercial email for daily communication of official government business. During the inspection, the Ambassador continued to use commercial email for official government business. The Department email system provides automatic security, record-keeping, and backup functions as required. The Ambassador’s requirements for use of commercial email in the office and his flouting of direct instructions to adhere to Department policy have placed the information management staff in a conundrum: balancing the desire to be responsive to their mission leader and the need to adhere to Department regulations and government information security standards. The Ambassador compounded the problem on several occasions by publicly berating members of the staff, attacking them personally, loudly questioning their competence, and threatening career-ending disciplinary actions. These actions have sapped the resources and morale of a busy and understaffed information management staff as it supports the largest embassy in sub-Saharan Africa.

Authorized Automated Information Systems 

The Ambassador uses a government-owned laptop that is not physically or electronically connected to the Department’s OpenNet network. Authorized Department OpenNet email systems are available on the Ambassador’s office desktop. According to 12 FAM 544.3 and 11 State 73417 (from the Assistant Secretary for Diplomatic Security to the Ambassador), it is the Department’s general policy that normal day-to-day operations be conducted on an authorized information system, which has the proper level of security controls. The use of unauthorized information systems increases the risk for data loss, phishing, and spoofing of email accounts, as well as inadequate protections for personally identifiable information. The use of unauthorized information systems can also result in the loss of official public records as these systems do not have approved record preservation or backup functions. Conducting official business on non-Department automated information systems must be limited to only maintaining communications during emergencies.

Recommendation 57: Embassy Nairobi should cease using commercial email to process Department information and use authorized Department automated information systems for conducting official business. (Action: Embassy Nairobi)

Source:  Inspection of Embassy Nairobi, Kenya | Report Number ISP-I-12-38A, August 2012 | pdf


We should point out that the 2012 report was issued prior to the tenure of IG Steve Linick and Secretary Clinton tenure at the State Department ended in February 2013.  But with 2016 just around the corner, this email debacle will not die a quiet death.

The unclassified cable  STATE 065111 on securing email accounts sent to all overseas posts on June 28, 2011 only says “avoid conducting official Department business from your personal email accounts.”

See the magic word there? It did not say you can’t, only that you shouldn’t.

So for the second day in a row, the subject of the Clinton emails was featured in the Daily Press Briefing. The State Department’s deputy spox, Marie Harf was impressive when she said that “There was no prohibition” on the use of personal email.  She emphasized that “There was not then and there is not now a prohibition on using a personal email for official business, and at the time she was in office, there was no time requirement for when those needed to be preserved as records.”

Entertainment value? High.

In any case, the question that we probably should have asked the OIG is this — if an ambassador was “hammered” for his use of nongovernment, private email, can we presume that ordinary bureaucrats would get a similar treatment? And if this is so  — don’t we then have a set of rules that applied to everyone but the head of the agency?   We originally cited 5 FAM 440 (pdf) as the rules governing  Electronic Records, Facsimile Records, and Electronic Mail Records in the State Department.  But wait —  the 2012 OIG report on Kenya cited 12 FAM 544.3 Electronic Transmission Via the Internet (pdf), a section of the FAM that has been in the rules books since 2005. It says in part:

It is the Department’s general policy that normal day-to-day operations be conducted on an authorized AIS [automated information system], which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information. The Department’s authorized telework solution(s) are designed in a manner that meet these requirements and are not considered end points outside of the Department’s management control.
c. Employees should be aware that transmissions from the Department’s OpenNet to and from non-U.S. Government Internet addresses, and other .gov or .mil addresses, unless specifically directed through an approved secure means, traverse the Internet unencrypted. Therefore, employees must be cognizant of the sensitivity of the information and mandated security controls, and evaluate the possible security risks and then decide whether a more secure means of transmission is warranted (i.e., secure fax, mail or network, etc.)

d. In the absence of a Department-provided secure method, employees with a valid business need may transmit SBU information over the Internet unencrypted after carefully considering that:

(1) SBU information within the category in 12 FAM 541b(7)(a) and (b) must never be sent unencrypted via the Internet;

(2) Unencrypted information transmitted via the Internet is susceptible to access by unauthorized personnel;

(3) Email transmissions via the Internet generally consist of multipoint communications that are routed to their destination through the path of least resistance, which may include multiple foreign and U.S. controlled Internet service providers (ISP);

(4) Once resident on an ISP server, the SBU information remains until it is overwritten;

(5) Unencrypted email transmissions are subject to a risk of compromise of information confidentiality or integrity;

(6) SBU information resident on personally owned computers connected to the Internet is generally more susceptible to cyber attacks and/or compromise than information on government owned computers connected to the Internet;

(7) The Internet is globally accessed (i.e., there are no physical or traditional territorial boundaries). Transmissions through foreign ISPs or servers can magnify these risks; and

(8) Current technology can target specific email addresses or suffixes and content of unencrypted messages.


General policies, of course, can have exceptions and if that’s what happened here, wouldn’t it be nice to know who were granted exceptions to use private email accounts besides the secretary of state and why? And did the Legal Advisor or somebody else signed off on those exceptions? Was the server an authorized AIS [automated information system] of the State Department, and if so, who authorized it?

We cannot predict where this email controversy is going to end, but some Internet sleuth is digging up Dubai, Denmark, Luxembourg in what seems to be an already convoluted matter.  If you read the link below there is an interesting question whether the Clinton e-mail server was hosted for some period of time by an outside hosting firm.  If the hosting firm was based overseas at an external location in Texas or elsewhere,  wouldn’t this be an added headache for cybersecurity and something the OIG’s new Office of Evaluations and Special Projects (ESP) might be interested in?



While the Inspector General of the State Department might not be in a position to comment about this issue publicly at this time, or might not want to wade into the rabbit hole with this political firecracker, it may not have much of a choice.  Even our apolitical neighbors were dismayed by this.  The perception that the rules may have been applied selectively, based on rank undermines the Service.  That in itself is an excellent excuse to review the entire practice and determine to what extent exceptions were made.  The Republican National Committee has reportedly already asked the Office of Inspector General to look into whether Clinton’s practices led her or the department to violate the Federal Records Act.

It’s only a matter of time before there is a formal congressional request. Heads up State/OIG, this firecracker is heading your way.

* * *

Related post:
So wait — Hillary Clinton never got a email? What does the FAM say?

Related items:

State Department June 28, 2011 Unclassified Cable 065111 on Securing Email Accounts via (foxnews)

NARA Bulletin 2014-06 | September 15, 2014 – Guidance on Managing Email

NARA Bulletin 2013-03 | September 9, 2013 – Guidance for agency employees on the management of Federal records, including email accounts, and the protection of Federal records from unauthorized removal

NARA Bulletin 2011-03 | December 22, 2010 – Guidance Concerning the use of E-mail Archiving Applications to Store E-mail

OMB | Managing Government Records Directive requires that Federal agencies manage all their email electronically by December 31, 2016.




State/OIG Challenges: Access and OIG Network Vulnerabilities

Posted: 01:42 EST
Updated: 3/3/2015 @1051 PST

Update: In response to our inquiry, State/OIG informed us that the 128 debarment and suspension referrals it made to the State Department “were accepted by the Department and action was taken.” However, we were also informed that the OIG actually “made more referrals, but no action has been taken by the Department to date.”*

As to the issue of OIG’s IT independence and integrity, “a memorandums of understanding have been executed in which the Department has agreed to obtain prior approval from OIG before accessing its network. In addition, we are engaging a third party to explore options to enhance the independence of our network system.”**


* * *

Last week, the State Department Inspector General Steve Linick appeared before the Committee on Homeland Security and Government Affairs on the Senate panel’s hearing on improving the efficiency, effectiveness and independence of inspector generals.  State/OIG has oversight of an agency with more than 72,000 employees (includes locally employed staff) in over 280 overseas missions and domestic entities, the BBG and the U.S. Section of the International Boundary and Water Commission. These agencies’ total annual appropriated funding includes approximately $15 billion, nearly $7 billion in consular fees and other earned income, and full or partial oversight of an additional $17 billion in Department-managed foreign assistance.

Some highlights:

  • Although the Department has made improvements on overseas security, challenges remain. Through our inspection and audit work, OIG continues to find security deficiencies that put our people at risk. Those deficiencies include failing to observe set-back and perimeter requirements and to identify and neutralize weapons of opportunity. Our teams also uncover posts that use warehouse space and other sub-standard facilities for offices, another security deficiency. Our audit of the Local Guard Program found that firms providing security services for embassy compounds were not fully vetting local guards they hired abroad, placing at risk our posts and their personnel. In other audits, we found that the Bureau of Diplomatic Security (responsible for setting standards) and the Bureau of Overseas Buildings Operations (responsible for constructing facilities to meet those standards) often do not coordinate adequately to timely address important security needs.
  • We found that follow-through on long-term security program improvements involving physical security, training, and intelligence-sharing lacked sustained oversight by Department principals. Over time, the implementation of recommended improvements slows. The lack of follow-through explains, in part, why a number of Benghazi ARB recommendations mirror previous ARB recommendations.
  • The Department’s obligations in FY 2014 equaled approximately $9 billion in contractual services and $1.5 billion in grants, totaling approximately $10.5 billion. However, the Department faces challenges managing its contracts, grants, and cooperative agreements. These challenges have come to light repeatedly in OIG audits, inspections, and investigations over the years. […]In FY 2014, more than 50 percent of post or bureau inspections contained formal recommendations to strengthen controls and improve administration of grants.
  • OIG’s assessments of the Department’s cybersecurity programs have found recurring weaknesses and noncompliance with the Federal Information Security Management Act (FISMA) with respect to its unclassified systems.[…] Our work in the information security area is ongoing. Since my arrival, OIG has arranged for penetration testing of the Department’s unclassified networks in order to better assess their vulnerability to attack.

What’s happening in FY2015? The following were specifically identified in IG Linick’s testimony (pdf):

  • Planned FY 2015 security audits include an audit of the approval and certification process used to determine employment suitability for locally employed staff and contracted employees, an audit of emergency action plans for U.S. Missions in the Sahel region of Africa, and an audit of the Vital Presence Validation Process (VP2) implementation. VP2 is the Department’s formal process for assessing the costs and benefits of maintaining its presence in dangerous locations around the world. Note: The VP2 is a result of the tragedy in Benghazi.
  • The DS/International Programs Directorate of the Bureau of Diplomatic Security is up for inspection. Note: This is  one of the main bureaus in aftermath of the Benghazi attack that came under congressional scrutiny. Charlene Lamb has now been succeeded by Christian J. Schurman who was named Deputy Assistant Secretary of State and Assistant Director for International Programs on September 15, 2014. DAS Schurman is a Diplomatic Security (DS) Special Agent with 27 years of service who was recently promoted to the rank of Minister Counselor in April 2014.
  • In FY 2015, OIG plans on issuing, among others, audits involving non-lethal aid and humanitarian assistance in response to the Syrian crisis, the Iraq Medical Services Contract, and the Bureau of International Narcotics and Law Enforcement’s Embassy Air Wing Contract in Iraq.
  • ESP is conducting a joint review with the Department of Justice’s OIG of the handling of the use of lethal force during a counternarcotics operation in Honduras in 2012.


IG Linick also highlighted new OIG initiatives to enhance the effectiveness and efficiency of OIG’s independent oversight of the Department’s programs and operations including:

  • the issuance of issue Management Alerts and Management Assistance Reports
  • the creation of the Office of Evaluations and Special Projects (ESP), and using ESP to improve OIG’s capabilities to meet statutory requirements of the Whistleblower Protection Enhancement Act of 2012
  • new oversight of overseas contingency operations specifically for Operation Inherent Resolve (OIR)—the U.S.-led overseas contingency operation directed against the Islamic State of Iraq and the Levant (ISIL),
  • data and technology enhancements
  • suspension and debarment:  between 2011 and 2014, OIG referred 128 cases to the Department for action *
  • new offices in Charleston, South Carolina, where one of the Department’s Global Financial Services Center resides, and in Frankfurt, Germany, the site of one of the Department’s Regional Procurement Support Office.
  • co-locating an OIG attorney-investigator as a full-time Special Assistant U.S. Attorneys (SAUSAs) in the U.S. Attorney Office for the Eastern District of Virginia in order to prosecute more quickly and effectively cases involving fraud against the Department of State


This hearing followed a well -publicized accessibility issues the Peace Corps and EPA OIG had with their own agencies. In his prepared testimony, IG Linick stated that “unfettered and complete access to information is the linchpin that ensures independence and objectivity for the entire OIG community.

He was careful to note “the importance of forging productive relationships with Department leadership and decision-makers” and cited the Department notice issued by Secretary Kerry at the start of his tenure over a year ago “outlining OIG authorities and obligations under the IG Act and advising staff of our need for prompt access to all records and employees.”  He then shared with Congress the OIG’s two main challenges:

  • Access: Generally, most of our work is conducted with the Department’s full cooperation and with timely production of material. However, there have been occasions when the Department has imposed burdensome administrative conditions on our ability to access documents and employees. At other times, Department officials have initially denied access on the mistaken assumption that OIG was not entitled to confidential agency documents. In these instances, OIG ultimately was able to secure compliance but only after delays and sometimes with appeals to senior leadership. These impediments have at times adversely affected the timeliness of our oversight work, resulting in increased costs for taxpayers.Delays in responding to document requests also occur because the requested information has not been maintained at all or in a manner to allow timely retrieval. Such disorganization of information may negatively impact not only OIG audits, inspections, evaluations, and investigations but also the integrity of Department programs and operations. For example, an OIG Management Alert identified missing or incomplete files for contracts and grants with a combined value of $6 billion.
  • OIG Network Vulnerabilities:  Vulnerabilities in the Department’s unclassified network also affect OIG’s IT infrastructure, which is part of the same network. We noted in our November 2013 information security Management Alert that there are literally thousands of administrators who have access to Department databases. That access runs freely to OIG’s IT infrastructure and creates risk to OIG operations. Indeed, a large number of Department administrators have the ability to read, modify, or delete any information on OIG’s network including sensitive investigative information and email traffic, without OIG’s knowledge. OIG has no evidence that administrators have actually compromised OIG’s network. However, the fact that the contents of our unclassified network may easily be accessed and potentially compromised unnecessarily places our independence at risk. We have begun assessing the best course of action to address these vulnerabilities. **

* * *

State OIG Appoints Whistleblower Ombudsman, Releases “Know Your Rights” Video


The Whistleblower Protection Enhancement Act of 2012, requires every IG to appoint an Ombudsman.  The Act requires that an ombudsman educate employees about the rights and protections available to whistleblowers.

The State Department IG Steve Linick has appointed Jeff McDermott as Ombudsman for the Department of State and the BBG. Mr. McDermott is a career appointee and his ombudsman duties are in addition to his duties as a senior investigative counsel.  He also serves as the OIG’s representative to the Justice Department’s whistleblower protection committee and counsels individual whistleblowers.  Within OIG, he works with the Office of Investigations to investigate allegations of retaliation by contractor and grantee employees.  He is available to discuss the protections against retaliation and how to make a protected disclosure, but he cannot act as your legal representative or advocate.  You may contact him at at Read more here. The “Know Your Rights” video is here. We asked the OIG a couple of questions:

Q: What protection is there for whistleblowers?

The law protects individuals from reprisal for reporting potential misconduct or alleged criminal activities. Reprisal can come in the form of a prohibited personnel practice which occurs when a person with authority takes, fails to take or threatens to take a personnel action against an employee because of the employee’s protected disclosure and can include details, transfers, reassignments, and significant changes in duties, responsibilities, or working conditions.

Q: Are hotline callers automatically considered whistleblowers? 

No, whether or not a hotline caller is considered a whistleblower depends first on whether the hotline caller has made a protected disclosure. The caller may be entitled to whistleblower protection if he or she indicates that a personnel action was taken because of the protected disclosure. Under the Whistleblower Protection Act, the Office of Special Counsel may receive and investigate claims for whistleblower protection from federal employees, former federal employees, and applicants for federal employment. In addition, OIG offers confidentiality or anonymity to any individual who contacts the hotline and fears retaliation because of the disclosure. In 2013, Congress created a pilot program whereby employees of contractors and grantees who allege they are retaliated against for whistleblowing can request an investigation by the OIG, and in these cases, OIG does determine whether a complainant qualifies as a whistleblower and whether retaliation occurred because of the whistleblowing activity.

We were told by State/OIG that in 2014, the office processed 1,278 Hotline complaints for the calendar year.  We understand that this is generally in line with the amount of complaints the OIG processed in 2013.  However, a significant portion of the OIG complaints reportedly pertain to visa issues, and those complaints are sent to Consular Affairs for appropriate response and action.  Occasionally, the office also receive complaints that do not pertain to Department of State or Broadcasting Board of Governors matters – i.e. Veteran’s Affairs, Department of Justice, Health and Human Services, etc. Those submissions are referred to the appropriate Office of Inspector General and are not counted in State/OIG’s tally of “processed Hotline complaints”.

Some notable whistleblowers have been brought to life on the big screen.  Check out the top 10 whistleblower movies via

[grabpress_video guid=”2e5ae090f8e0e63adb2b155a5f98a0f150bf36f7″]
Come visit again, bookmark da blog!



“A Concerned FS Officer” sent us the following for your consideration, appended to this post on 2/9/15 at 15:47 PST:

While “retaliation” is officially forbidden, it is close to impossible to prove. Assignments, for example, are at the Dept’s discretion, needs of the service, etc. and it can just be a coincidence that your whistleblowing and your assignment to the butthole of the world coincide. Same of course for the black hole of promotions.

Once you are a troublemaker, er, whistleblower, be prepared for a non-retaliatory “routine” deep dive into your life. Suddenly there’s a need to audit your travel vouchers back to the Dulles era, DS needs to update your clearance based on info received you can’t see, that sort of thing. All of those moves are well-within the Dept’s routine responsibilities and you’ll never prove they’re connected to your talking to the OIG.

If you are contemplating blowing the whistle, speak to a qualified, outside lawyer first. AFSA has its place, but you need serious advice from someone familiar with the real-world case law, not just Dept practices.


Related items:



Snapshot: Top 30 State Department Contractors (Based on Highest Dollar Amounts)

— Domani Spero


According to State/OIG, after several media reports were written about the use of confidentiality agreements that limit the ability of contractor employees to report fraud, waste, or abuse to Inspectors General or other oversight entities, it sent a letter in August 2014 requesting information from the thirty companies which have the highest dollar amount of contracts with the Department of State. The list does not indicate their rank in any particular order:

Screen Shot 2014-09-21

Screen Shot 2014-09-21








State Department/USAID OIG Published Reports — August 2014

— Domani Spero


All reports in pdf files hosted at and A very short August list from State/OIG:

USAID/OIG August reports:


* * *