State/OIG Work Plan 2020-2021: Reports of Interest to Look Forward To

State/OIG released its work plan for FY2020-2021. Below are some interesting audits/reviews coming our way in the next couple of years. This is not an exhaustive list. You may view the complete list here.

OBO/US Embassy Mexico City

Audit of the Bureau of Overseas Buildings Operations’ Contract Administration for the Design and Construction of the New Embassy Compound Mexico City
The New Embassy Compound (NEC) in Mexico City is being built as part of a larger overhaul of embassy facilities across the globe spurred by the Secure Embassy Construction and Counterterrorism Act of 1999. The new embassy complex will be built on 8 acres and will cost almost $895 million. The main building will be about 515,000 square feet, making it one of the largest embassies owned by the Department. Construction on the project began in February 2018 and is expected to reach substantial completion in April 2022. The objective of this audit is to determine whether the Department has administered the design and construction contract for NEC Mexico City in accordance with Federal acquisition regulations and whether the contractor has fulfilled the contract terms and conditions.

OBO, Consulate Erbil, Embassy Baghdad

Audit of the Bureau of Overseas Building Operations’ Construction of the New Consulate General in Erbil, Iraq
In September 2013, the Department and the head of the Department of Foreign Relations for the Kurdistan Regional Government signed an agreement allocating land for the construction of a new consulate general building and compound in Erbil. In March 2014, the Department issued a pre-solicitation notice for the design and construction of offices, housing, and support facilities. In June 2018, it awarded the contract, valued at $422.5 million, to B.L. Harbert International. The objectives of the audit are to determine 1) whether the Department administered the design and construction contract in accordance with Federal Acquisition Regulation and 2) whether B.L. Harbert fulfilled the contract terms and conditions.

OBO/Administration

Audit of Heritage Assets at Selected Overseas Posts
The Department maintains collections of arts and furnishings, known as heritage assets, that are held for public exhibition, education, and official functions. Items can be donated, loaned, or purchased (using donated or appropriated funds). The Department uses this property to promote national pride and the distinct cultural diversity of American artists, as well as to recognize the historical, architectural, and cultural significance of America’s holdings overseas. Although the Department does not report a value of these assets, one curator said that the value could be $500 million. Many pieces of heritage assets are placed overseas. The Department provides protection and preservation services to maintain all heritage assets. The objective of this audit is to determine whether selected posts protected and preserved heritage assets in accordance with Department requirements and whether the Department administered selected heritage asset programs in accordance with Federal and Department requirements

AQM

Audit of Use of Sole Source Contracts in Overseas Contingency Operations
In the last 3 fiscal years, the Department has used over $1 billion in sole source contracts in Iraq and Afghanistan. The Commission on Wartime Contracting reported that agencies have failed to set and meet goals for competition in Iraq and Afghanistan. In particular, agencies have awarded task orders for excessive durations without adequate competition, failed to set and meet goals for competition, and have repeatedly awarded long-term task orders that were not recompeted when competitive conditions improved and used cost-reimbursable contract types even though simpler, fixed-price contracts could expand the competitive pool. The objectives of the audit are to determine whether (1) acquisition policy was followed in awarding sole source contracts, (2) there were urgent and compelling needs to justify awarding sole source contracts, and (3) the Department is paying more by having sole source contracts than it would pay if contracts were competitively awarded.

Consular Affairs

Audit of IT Security Controls for the Passport Information and Electronic Records System
The Passport Information and Electronic Records System (PIERS) is a CA system housed on the Department’s network. PIERS is a suite of web and desktop applications that is used to manage passport records. These records include personally identifiable information, making the system a potential target for malicious actors, both internal and external. During a prior audit, OIG found control weaknesses—including a general lack of policies, procedures, guidance, and training—relating to the prevention and detection of unauthorized access to passport and applicant information and the subsequent response and disciplinary processes when a potential unauthorized access is substantiated. The objective of this audit is to determine whether the IT security controls that were designed and implemented for PIERS meet Federal and Department standards and are working as intended.

Embassy Baghdad, Embassy Kabul, Bureau of South Central Asian Affairs (SCA), Bureau of Near Eastern Affairs (NEA), M/PRI, DS

Audit of Rightsizing of U.S. Embassies Kabul and Baghdad
The U.S. Missions to Afghanistan and Iraq have undergone significant reconfiguration in recent years. In November 2018, the Department decided to decrease the U.S. footprint in Afghanistan because of the Administration’s shifting priorities; Embassy Kabul subsequently submitted a proposal to reduce embassy personnel by 50 percent. Similarly, in February 2019, the Department directed U.S. Embassy Baghdad to reduce its staffing profile by 30 percent. OIG issued the Audit of U.S. Mission Iraq Staffing Process (AUD-MERO-13-33) in 2013 that found that the Department did not fully consider U.S. priorities in Iraq as set forth in rightsizing frameworks developed by M/PRI and the Government Accountability Office. OIG also issued the Audit of the Department’s Implementation of Vital Presence Validation Process (AUD-SI-15-37) in 2015 that found that the Department periodically reviewed the balance between acceptable risk and expected outcomes in high-threat highrisk posts, but that the analysis did not explicitly address the attainability of the posts’ missions or goals. The objective of the audit is to determine whether the Department used established procedures, guidance, and best practices when undertaking its rightsizing approach and whether the approach takes into consideration the alignment of resources invested at these missions with U.S. priorities

Consular Affairs, Embassy Baghdad, Embassy Kabul

Audit of the Special Immigrant Visa Program for Iraq and Afghanistan
The Department’s authority to issue Special Immigrant Visas (SIV) to Afghan nationals falls under Section 602(b) of the Afghan Allies Protection Act of 2009, as amended. The act authorizes the issuances of SIVs to Afghan nationals who worked on behalf of the U.S. Government in Afghanistan or the International Security Assistance Force. The Consolidated Appropriations Act for FY 2019 authorized 4,000 additional visas for Afghan principal applicants. The act also created additional reporting requirements. Similarly, Section 1244 of the National Defense Authorization Act for Fiscal Year 2008 authorized the issuance of up to 5,000 SIVs annually through FY 2013 to Iraqi nationals who were employed by, or on behalf of, the U.S. government in Iraq and who meet certain requirements. The Department’s authority to issue SIVs to Iraqi nationals under the National Defense Authorization Act of 2008 was subsequently extended. The objective of the audit is to determine whether the Department is administering the SIV program in accordance with Federal law.

Selected Posts in Bureau of African Affairs (AF), Bureau of European and Eurasian Affairs (EUR), NEA

Audit of Remote Mission Operations in Contingency Environments
For security reasons, the Department operates a number of embassies and consulates outside the borders of the nation. For example, Mission Somalia operates remotely from Kenya, with the Department providing $275 million in foreign assistance to Somalia in FY 2017. Other examples include Mission Libya operating from Tunisia and programs for the stabilization of Syria from Turkey, Jordan, and Kuwait. The objectives of the audit are to determine the extent to which the Department 1) oversees its mission in locations where it does not have a permanent presence, 2) has policies and procedures in place for operating remotely, and 3) has assessed best practices that could be applied to other missions to reduce the number of personnel incountry and reduce the U.S. Government’s footprint.

Special Projects/Department

Evaluation of the Department of State Authorities Act Implementation
In 2016, Congress enacted the Department of State Authorities Act, which requires each Department head to report to OIG within 5 business days any allegations of: (1) waste, fraud, or abuse in a Department program or operation; (2) criminal or serious misconduct on the part of a senior employee; (3) criminal misconduct on the part of any employee; and (4) serious, noncriminal misconduct on the part of any law enforcement officer. The objective of this evaluation will be to review the Department’s compliance with this provision and will examine whether the Department is reporting all the required allegations and whether they are doing so in a timely fashion. OIG will also evaluate whether the Department’s guidance on this requirement is clear and whether the Department has sufficiently notified Department heads of their responsibilities.

 

 

Advertisements

State/OIG Reports Summarized in Classified Annex to the Semiannual Report to the Congress, 10/1/2017–3/31/2018

 

Via State/OIG:

AUD-MERO-18-29 page54image9152Audit of the Bureau of Diplomatic Security’s Management and Oversight of Explosives Detection Canine Services in Afghanistan | 2/2018

AUD-SI-18-23  Management Assistance Report: DynCorp Intelligence Analysts Supporting the Embassy Air Program Lack Access to Information Needed To Fully Identify Risks and Mitigate Threats | 1/2018

AUD-SI-18-22 Audit of the Bureau of Overseas Buildings Operations’ Management of page54image14736Construction Materials Destined for Controlled Access Areas |1/2018

AUD-IT-18-18 Management Assistance Report: The IT Network Supporting the Colombian page54image16808Aviation Program Requires Attention To Ensure Compliance With Federal Standards | 1/2018

AUD-MERO-18-11 Audit of Emergency Action Plan for U.S. Embassy Kyiv, Ukraine page54image19136 | 12/2017

AUD-IT-18-12 Audit of the Department of State Information Security Program page54image20832 | 10/2017

ISP-S-18-12 Classified Inspection of Embassy Managua, Nicaragua | 3/2018

ISP-S-18-09  Classified Inspection of Consulate General Curacao, Kingdom of the Netherlands page54image26120| 1/2018

ISP-S-18-04 Classified Inspection of Embassy Beijing and Constituent Posts, China page54image27808 | 12/2017

ISP-S-18-08 Inspection of Construction Security for New Embassy Compound Jakarta, page54image29496Indonesia | 11/2017

ISP-S-18-06 Classified Inspection of Consulate General Hong Kong, China page54image31288 | 11/2017

Four additional reports (titles classified) can be found in the Department of State Classified Annex to the Semiannual Report to the Congress.

#

.

Did USAID/OIG Retaliates Against an Auditor Alleging $120 Million Waste?

Posted: 12:18  am ET
[twitter-follow screen_name=’Diplopundit’ ]

 

The Foreign Service Grievance Board (FSGB) wants to know.

In December, it granted the unnamed auditor’s (the charged employee) Motion for Additional Discovery. USAID/OIG was ordered to produce the investigation files of both Mr. REDACTED and Ms. Lisa Mcclendon, the Deputy Assistant IG for Investigations at USAID OIG. Below is a quick summary of this case extracted from the publicly available records of the FSGB:

REDACTED, was employed by the United States Agency for International Development in the Office of the Inspector General (USAID OIG, agency) as a financial auditor in REDACTED from 2009 to 2011. During that time, she was assigned, inter alia, to audit two USAID programs (a REDACTED HIV/AIDs program in 2010 and a REDACTED Family Planning/Contraceptives program in 2011). The charged employee stated that she was prepared to make negative findings about both programs, alleging a waste of $120 million and $100 thousand dollars in each program, respectively. The OIG responded that the employee’s audit manager,REDACTED, and the Regional Inspector General, REDACTED, overruled her negative findings on grounds that they were erroneous and/or did not need to be included in the audit reports.

On June 9, 2011, an anonymous or confidential complaint was delivered to the REDACTED USAID OIG office, stating that the charged employee was submitting partially false vouchers for two-way education transportation reimbursement, because her husband was driving the children to school in the mornings. REDACTED, an investigator in REDACTED received the complaint and after consulting with an Assistant Special Agent in Charge in Washington, D.C., REDACTED, arranged for a Regional Security Officer (RSO) to follow Mr. REDACTED in the mornings to confirm that he was driving the children to school. The investigator also requested copies of the education transportation vouchers that showed that Ms. REDACTED had requested reimbursement for the cost of transporting the children to and from school.

Several weeks later, Lisa McClennon, the Deputy Assistant IG for Investigations, traveled to REDACTED allegedly for a routine site visit. When she arrived and reviewed the pending investigations, she testified that she concluded that REDACTED investigation “had not progressed.”2 She took over the investigation, interviewed more than a dozen witnesses and requested a large number of financial documents that Ms. REDACTED had submitted for reimbursement. Ms. McClennon stated that when she reviewed the documents and interviewed the witnesses, she concluded that the employee had submitted a number of false vouchers for reimbursement of educational travel expenses, a number of requests for cost of living allowance (COLA) payments to which she was allegedly not entitled, and a request for larger housing to which she was also allegedly not entitled.

(Note: WHOA! — requesting larger housing is against the rules? Isn’t that for the Housing Board to decide on entitlement? Active link and emphasis added above).

Ms. McClennon reported her findings to Mr. Carroll in Washington. He ordered Ms. REDACTED immediate curtailment, despite the fact that at that time she was away from post with her family. In addition, Mr. Carroll proposed to separate Ms. REDACTED from the Service for cause. After reviewing written and oral replies from the charged employee, Mr. Carroll recommended in a letter, dated August 3, 2012, that the employee be separated for cause.3  Ms. REDACTED responded to the recommendation by arguing that the investigation and the resultant charges were retaliatory based on her status as a whistleblower when she attempted to report negative findings in the REDACTED and REDACTED audits.
[…]
Before the Board was able to issue a final order,5 however, the employee filed a motion on November 14, 2014, advising the Board that Mr. Carroll had withdrawn his name from consideration for the position of IG and the President had formally withdrawn his name from consideration by Congress on November 12, 2014.6 The motion sought leave to file a supplemental pleading and to reopen discovery based on newspaper articles that reported that  Mr. Carroll was accused by OIG auditors (not including Ms. REDACTED of putting pressure on them to modify audit reports in order to delete negative findings about USAID. In addition, the charged employee requested the opportunity to depose Mssrs.REDACTED  and REDACTED.

The footnotes:

  • The Board initially came to the conclusion that Mr. Carroll did not have authority to prosecute this matter because his term as Acting IG expired before he recommended Ms. REDACTED for separation. The case was then dismissed. However, in 2013, Mr. Carroll was nominated to be the IG for USAID. Thus, he again became the Acting IG, pursuant to the Federal Vacancy Reform Act (FVRA) of 1998, 5 U.S.C. § 3345 et seq. As Acting IG, Mr. Carroll ratified his earlier recommendation to separate Ms. REDACTED for cause and the grievance appeal was reinstated.

#

Snapshot: State/INL’s Counternarcotics Program Afghanistan — $220 Million With Unclear Results

Posted: 1:04  am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

Via State/OIG:

Afghanistan produces three-quarters of the world’s illicit opium, with cultivation reaching a record high in 2013. To reduce, among other things, illicit opium revenue for the insurgency in Afghanistan, the Department of State (Department), Bureau of International Narcotics and Law Enforcement Affairs (INL), assists the Government of the Islamic Republic of Afghanistan (GIRoA) with initiatives aimed at reducing opium’s supply and demand. Since 2006, INL has expended $220 million on seven Counternarcotics (CN) initiatives in Afghanistan according to its Financial Management Activity Report (FMAR).
[…]
The degree to which INL’s CN program for Afghanistan has achieved desired results is unclear because INL has not fully developed or implemented Performance Measurement Plans (PMPs)2 to track progress for its CN initiatives and to allow for appropriate budgeting. As a result, INL cannot determine whether its Afghan CN initiatives are successful or should be revised, reduced, or canceled. Additionally, the long-term viability of CN initiatives is unclear because INL had not worked with the GIRoA to develop required sustainment plans that detail how CN initiatives will continue without U.S. assistance.

Screen Shot 2015-03-25

Click on image for larger view. (Click here for OIG report in pdf)

Above graphic extracted from State/OIG Audit of Bureau of International Narcotics and Law Enforcement Affairs Counternarcotics Assistance to Afghanistan, November 2014 (pdf).

Related to our blog post on Colombia, note that INL’s program in Afghanistan does not seem to include aerial eradication ( see State/INL: Anti-Drug Aerial Eradication in Colombia and the Cancer-Linked Herbicide, What Now?).

 #

 

State Department OIG – Published Reports, October 2014

via state.gov/oig

* * *

State Department’s Computer Systems Hacked, 5th Known Agency Breach This Year?

— Domani Spero
[twitter-follow screen_name=’Diplopundit’ ]

 

Just the bit of bad news you don’t need to start your Monday:

 

Below via WaPo:

The State Department did not seek to publicize that it had been hacked. On Friday, it announced that “maintenance” would be done to the unclassified network during a routine, scheduled outage. But on Sunday, after the Associated Press first reported the breach, officials acknowledged they had found traces of suspicious activity in their system and were updating security in the middle of a scheduled outage. In a sign of how complete the shutdown was, duty officers were using Gmail accounts.

A senior State Department official, who spoke on the condition of anonymity to discuss the breach, also told WaPo that “none of the department’s classified systems were compromised.”

Would State report publicly the classified intrusion if those systems were compromised?

This report follows the confirmation of a hack at the National Oceanic and Atmospheric Administration which reportedly forced cybersecurity teams to seal off data vital to disaster planning, aviation, shipping, etc. this past September, the reported breach of the computer networks of the United States Postal Service, compromising the data of more than 800,000 employees and a breach at the White House.  In June this year, the WSJ also reported the breach of computer systems at the Office of Personnel Management, which stores data on federal employees.

An unnamed official told nextgov.com that State is bolstering the security “of its main unclassified network during a scheduled outage of some Internet-linked systems.” The site, nextgov.com says it is “unclear why officials waited until this weekend to disconnect potentially infected systems at State.”

As of this writing, the State Department’s mobile access (go.state.gov) is down with the following notice: “The Department is currently experiencing an ongoing, planned outage to upgrade our network.  during this event, mobile access (GO) will be unavialable.  We apologize for any inconvenience this may cause you.  For questions or more information, please contact the IT Service Center at 202-647-2000.”

We understand that GO will be down until further notice and may need to be rebuilt. A mobile copy is currently live at http://m.state.gov.

* * *

In totally unrelated news, and nothing/nothing whatsoever to do with this reported hack — State/OIG on November 7, published its Audit of Department of State Information Security Program.  The report is readable if you don’t mind the redacted parts:

Screen Shot 2014-11-15 at 11.11.19 AM

Below is an excerpt:

Information technology security controls are important to protect confidentiality, integrity, and availability of information and information systems. When they are absent or deficient, information becomes vulnerable to compromise.[REDACTED]
[…]
Although we acknowledge the Department’s actions to improve its information security program, we continue to find security control deficiencies in multiple information security program areas that were previously reported in FY 2010, FY 2011, FY 2012, and FY 2013. Over this period, we consistently identified similar control deficiencies in more than 100 different systems. As a result, the OIG issued a Management Alert in November 2013 titled “OIG Findings of Significant and Recurring Weaknesses in the Department of State Information System Security Program” that discussed significant and recurring control weaknesses in the Department’s Information System Security Program [REDACTED B(5)]

The FY 2013 FISMA audit report contained 29 recommendations intended to address identified security deficiencies. During this audit, we reviewed corrective actions taken by the Department to address the deficiencies reported in the FY 2013 FISMA report. Based on the actions taken by the Department, OIG closed 4 of 29 recommendations from the FY 2013 report.
[…]
We identified control deficiencies in all [Redacted] (b) (5)  of the information security program areas used to evaluate the Department’s information security program. Although we recognize that the Department has made progress in the areas of risk management, configuration management, and POA&M since FY 2013, we concluded that the Department is not in compliance with FISMA, OMB, and NIST requirements. Collectively, the control deficiencies we identified during this audit represent a significant deficiency to enterprise-wide security, as defined by OMB Memorandum M-14-04.
[…]
Although we found the Department’s Computer Incident Response Team (CIRT) Standard Operating Procedures aligned with NIST SP 800-61, Revision 2,39 procedures do not clearly state all the bureaus, offices, and organizations that require notification prior to closing an incident. As a result, DS/SI/CS did not report all incidents to the U.S. Computer Emergency Readiness Team (US-CERT) as required. Specifically, 1 out of 22 (5 percent) security incidents we tested was not reported to the US-CERT, even though it was a Category 4 incident and involved potential classified spillage. If the Department does not report data spillage incidents (potential or confirmed) to US-CERT within the established timeframes, US-CERT may not be able to help contain the incident and notify appropriate officials within the allotted timeframe.

According to State/OIG, Category 4 incidents are incidents involving improper usage of Department systems or networks (that is, a person that violates acceptable computing use policies).

According to OMB Memorandum M-14-04, a significant deficiency is defined as a weakness in an agency’s overall information systems security program or management control structure, or within one or more information systems that significantly restricts the capability of the agency to carry out its mission or compromises the security of its information, information systems, personnel, or other resources, operations, or assets. via

 * * *

Related item:

Audit of Department of State Information Security Program; Published On: November 07, 2014; Report Date: November 2014; Report Number: AUD-IT-15-17; View Report: aud-it-15-17.pdf