State/OIG Audits CA’s Official and Diplomatic Passport Records

 

 

Via State/OIG:
(U) Treasury Inspector General for Tax Administration Concerns

(U) In September 2020, OIG received a referral from the Treasury Inspector General for Tax Administration (TIGTA). According to the referral, in 2019, during an audit of the Internal Revenue Service’s (IRS) passport management and security controls,19 TIGTA requested from CA information associated with diplomatic and official passports issued to IRS employees and appointees for the last 20 years, as of March 31, 2019. Specifically, for each passport issued, TIGTA requested the applicant’s name, passport number, passport type, issuance date, and passport status (e.g., cancelled, lost, or stolen).

(U) According to TIGTA officials, TIGTA received three separate passport datasets from CA. However, TIGTA found that the data provided in each dataset were incomplete. For example, some passport records had blank issuance and expiration date fields. Furthermore, the data identified onlyfive passports that were issued in 2016 and indicated that no passports were issued to IRS employees from 2017 through 2019. However, IRS records indicated that more than 200 official or diplomatic passports were issued to employees between 2016 and 2019. Lastly, one dataset included only Department of Treasury employees and not IRS employees. According to TIGTA officials, CA officials could not explain why the database was providing incomplete data. Based on the missing records and data fields, TIGTA deemed CA’s information as unreliable for use in its audit.
[…]
(U) In response to TIGTA’s concerns about receiving incomplete data from CA, OIG reviewed the  847,880 official and diplomatic passport records provided to OIG by CA and found that none of  the passport records had blank issuance or expiration date fields. Furthermore, the records  showed that CA issued 652 official and diplomatic passports to IRS employees and their family  members from FY 2017 through FY 2019 as opposed to the data provided to TIGTA, which showed that no passports were issued to IRS employees from FY 2017 through FY 2019.

The Special Issuance Agency (SIA) did not review the data!

(U) When asked about TIGTA’s concerns, CA officials stated that CA’s Office of Consular Systems and Technology ran a query in TDIS using sponsor codes28 that are associated with IRS to obtain the data requested by TIGTA. CA’s Office of Legal Affairs and Law Enforcement Liaison and the  Office of Passport Integrity and Internal Controls reviewed the data before the data were  released to TIGTA. SIA did not review the data. If SIA employees had reviewed the data, they  would have recognized that it was incomplete. SIA employees would know, because of  reimbursement data, the number of passports issued to IRS employees. CA officials also stated  that, although there are processes in place for reviewing and clearing data prior to release to Federal customers, there is not a formal written policy or standard operating procedures. CA officials are formalizing procedures to address this deficiency.

(U) CA officials indicated that requests for passport information from other agencies are infrequent—there have been none since TIGTA’s request in 2019. However, it is important that CA have effective internal control activities in place to ensure that quality data are provided to other Government agencies. Internal control is a process effected by an entity’s management that provides reasonable assurance that the objectives of an entity will be achieved.29 Management should establish control activities through policies and procedures to achieve objectives.30 Because CA had not implemented effective internal control activities to ensure that the data provided to TIGTA in response to its request were properly reviewed and validated, it failed to meet its objective of delivering a high level of customer service and earning customer trust, which consequently impacted TIGTA’s ability to conduct an audit of passport management and security at the IRS. Although OIG acknowledges that CA is developing internal control activities and associated procedures to help ensure that the incident with TIGTA is not repeated, OIG is making the following recommendation and will track its implementation through the audit compliance process to confirm that the identified deficiency has been fully addressed.

(U) Prior Office of Inspector General Reports

(U) During this audit, OIG was alerted that a former Department of State employee had  allegedly not surrendered their diplomatic passport upon separation from the Department.  Department employees’ entitlement to an official or diplomatic passport, in most instances,  ends when they separate from the Department, and the passport must be surrendered for  cancellation.

(U) OIG found that CA had not electronically cancelled one of the former employee’s diplomatic  passports. Based on that information, OIG performed additional steps to determine whether CA  had cancelled other diplomatic or official passports once an employee had separated from the  Department of State. OIG found that CA had not electronically cancelled 57 of 134 (43 percent)  passports tested.5 In addition, of these 57 passports, 47 (82 percent) had not expired as of  February 1, 2021, meaning they could still be valid. One reason for the deficiencies identified is  that bureaus and offices did not always maintain proper accountability of passports and could  not confirm whether separating employees had surrendered their passports for cancellation.  OIG made one recommendation that is intended to improve the accountability of official and  diplomatic passports of separating employees. As of June 2021, OIG considers the  recommendation resolved, pending further action.

US Embassy Iraq Contractor Gets $62 Million in @StateDept Contract Dispute Settlement

Updated 10/19/20 4:12 pm PST with the potential value for the design build construction contracts in Thailand and in Namibia. See below.

In October 2009, State/OIG issued its Audit of the Design and Construction of the New Embassy Compound in Baghdad, Iraq (PDF):

“…[W]e found that although the construction of the approximately $600 million NEC in a war zone in 34 months was a significant accomplishment, consid­erable construction deficiencies remained because designs for the facilities had not been completed and approved and quality control and commissioning procedures were inadequate.
[…]
We recommend the Department attempt to recover an estimated $43.2 million from First Kuwaiti to bring construction deficiencies to contract standards.
[…]
we estimated that approximately $33 million should attempt to be recovered from First Kuwaiti for incomplete and undocumented design work. Also, we identified that as a result of First Kuwaiti’s inadequate quality control program, it should be held accountable for additional maintenance charges of approximately $38 million that could carry over into future years. Further, we estimated recovering ap­proximately $3.8 million from First Kuwaiti because commissioning activities either were not performed or were performed incorrectly.

In it’s response, the State Department’s Bureau of Administration said:

“The Contracting Officer will prepare a letter to the Contractor, detailing each of [the OIG] recommendations and request consideration from the Contractor in each amount recommended by the OIG.” The A Bureau requested that OIG provide the Contracting Officer infor­mation detailing the basis for computing the $132 million in costs recommended for recovery from First Kuwaiti. The A Bureau also stated, “The formal process to recover any funds from the contractor will be assessed in terms of overall benefit to the government.”

At that time, State/OIG said:

“The A Bureau’s response meets the intent of OIG’s recommendations to recover $132 million from the contractor attributable to construction deficiencies; incom­plete and undocumented work; additional maintenance charges incurred because of inadequate quality control and commissioning procedures; and contract noncompli­ance, including liquidated damages and interest for an unauthorized advance. OIG and USACE will provide the contracting officer the requested support for the $132 million in questioned contract costs.”

We don’t know what happened to that recommendation for recovery of funds in 2009.
Fast forward to April 23, 2013, the Civilian Board of Contract Appeals (CBCA) issued a decision in First Kuwaiti Trading & Contracting W.L.L. v. Department of State contract dispute (CBCA 3069):
“Appellant, First Kuwaiti Trading & Contracting W.L.L. (First Kuwaiti), filed the instant appeal from a decision of a Department of State (State) contracting officer dated August 10, 2012, denying a claim by First Kuwaiti relating to two unpaid invoices for work performed for State under two contracts at the United States New Embassy Compound in Baghdad, Iraq, contract number SALMEC-06-0049, and its modifications, and contract number SALMEC-05-0020, and its modifications. The parties entered into a settlement agreement with respect to the appeal and filed with the Board a stipulation of settlement, reflecting their amicable resolution of the issues that are the subject of the appeal. The parties have jointly moved the Board to issue a judgment in favor of First Kuwaiti in the amount of $2,547,745.20, to be paid from the permanent indefinite judgment fund, 31 U.S.C. § 1304 (2006). Under their settlement agreement and stipulation, they have agreed that Contract Disputes Act (CDA) interest shall accrue on said judgment amount, beginning on March 23, 2012, and continuing until payment of the judgment is made, and that such interest shall be paid to First Kuwaiti together with payment of the judgment amount.
First Kuwaiti has waived any other claim to interest and/or for any attorney fees and expenses incurred in connection with the appeal. The parties, in their joint motion and under the terms of the stipulation, have agreed that neither party will seek reconsideration of, or relief from, this Board’s decision under Board Rules 26 and 27, respectively, and that neither party will appeal this Board’s decision.”
See the April 23, 2013 full decision (CBCA 3069) here.
Below are the New Embassy Compound Baghdad Contracts that the OIG audited in 2009. Note that the contract numbers cited by the CBCA decision are SALMEC-06-0049 and SALMEC-05-0020 for the New Embassy Compound in Baghdad. In the 2009 OIG audit, the two contracts are listed as SALMEC-06-C0049 and SALMEC-05-C0020; we note the appearance of the letter “C” in the two contracts listed in the 2009 OIG audit  of the New Embassy Compound in Baghdad. (If you know what that means, do let us know).
So that was 2013. For more litigative payments, see @StateDept’s Litigative Payments FY2018-FY2020 Via Judgment Fund-$72,634,701.57.
Five years later, on December 3, 2018, the CBCA issued a “Motion for Partial Summary Judgment Granted In Part” in the First Kuwaiti Trading & Contracting, W.L.L. v. Department of State new contract disputes  marked “CBCA 3506, 6167”:

“First Kuwaiti Trading & Contracting, W.L.L. (FKTC) appealed the denial of its claims by the Department of State (DOS) arising from the construction of the embassy compound in Baghdad, Iraq. FKTC presented approximately 200 cost claims that totaled $270 million. DOS moved for summary judgment on thirteen of those cost claims, challenging FKTC’s reliance upon the War Risks clause, the superior knowledge doctrine, the Changes clause, and the implied duty of good faith and fair dealing as the basis for these claims. DOS also asserts that actions underlying FKTC’s changes claims constitute sovereign acts, precluding liability pursuant to the sovereign acts doctrine.

We grant DOS’s motion regarding the scope of the War Risks clause and superior knowledge doctrine, thereby denying seven of FKTC’s claims that are premised solely upon these bases. We deny DOS’s motion regarding the claims that are also based upon the Changes clause or the implied duty of good faith and fair dealing, finding that there are disputed issues of fact. We also deny DOS’s motion regarding the sovereign acts doctrine, finding that DOS has not established the applicability of that doctrine on the current record. Six of the thirteen claims subject to the motion survive DOS’s challenge on this basis.”

The “Statement of Facts” include:
  • A. Contract Price and Provisions Allowing for Adjustment of Contract Price
  • B. War Risks Clause
  • C. Security Requirements and Warnings
II. FKTC’s Claims Challenged by DOS (it’s quite a read):
  • A. Duck and Cover Alarms
  • B. Rocket Attacks—Three claims
  • C. Equipment Repositioning
  • D. Extra Security
  • E. Retention Bonuses and Danger Pay
  • F. Air Transport—Labor Hours
  • G. Sand and Gravel Double-Handling
  • H. Truck Convoy Delays, Truck and Driver Protection Requirements, and Truck Convoy Support Requirements
  • I. Superior Knowledge Claims
The CBCA’s discussion includes:
  • I. War Risks Clause Does Not Provide for Recovery on the Thirteen Challenged Claims
  • II. FKTC Has Failed To Identify a Sufficient Basis for Its Superior Knowledge Claim
  • III. Disputed Issues of Fact Preclude Summary Judgment on FKTC’s Changes Claims

A. FKTC Has Shown Disputed Issues of Fact with Regard to Changes Clause on Six Claims

B. DOS Has Not Provided Evidence to Support a Sovereign Acts Defense

  • IV. Disputed Issues of Fact Preclude Summary Judgment on FKTC’s Implied Duty of Good Faith and Fair Dealing Claim
  • V. Purported Lack of Contemporaneous Documentation is not Grounds for Summary Judgment
The Board’s decision is that “Respondent’s motion for partial summary judgment is GRANTED IN PART. Appellant’s claims based solely upon the War Risks clause and the superior knowledge doctrine challenged by Respondent are denied. The hearing in this matter will commence on January 22, 2019.”
See the December 3, 2018 decision (CBCA 3506, 6167 ) here.
HOLD ON. We’re just getting to the best part.
On Monday, April 1, 2019. the Civilian Board of Contract Appeals issued “GRANTED IN PART: April 1, 2019” judgement in First Kuwaiti Trading & Contracting, W.L.L. v. Department of State (CBCA 3506, 6167) dispute:

“On March 28, 2019, the parties submitted to the Board a joint motion for judgment on a stipulated settlement. The parties requested that the Board enter judgment in the amount of $62,500,000, with payment to be made through the permanent indefinite judgment fund in accordance with 31 U.S.C. § 1304 (2012). The amount includes all the interest to which appellant is entitled under the Contract Disputes Act. 41 U.S.C. § 7109. The parties have agreed that they will not seek appeal of, reconsideration of, or relief from the Board’s decision.

Decision: The Board GRANTS IN PART these appeals. In accordance with the parties’ joint motion, the Board awards appellant, First Kuwaiti Trading & Contracting W.L.L., the stipulated judgment amount of $62,500,000.”

See the April 1, 2019 decision (CBCA 3506, 6167) here.
So the CBCA document says the contractor presented approximately 200 cost claims that totaled $270 million. It got $62,500,000.
We’re sure the government would argue that this is a win, yeah? On the other hand, $62.5 million is more than the expected US investment in the local economy for the construction of US Consulate General Chiang Mai in Thailand at $45 million plus change. Or three times the USG investment in the local economy for the construction of the US Embassy in Namibia at $17 million.
(Correction: The US Embassy Namibia design build construction contract has a potential value of $173.4million; the New Consulate Compound (NCC) design build construction contract in Chiang Mai, Thailand has a potential value of $156.8 million. Thanks A!).
Oh … what’s that?

 


State/OIG Work Plan 2020-2021: Reports of Interest to Look Forward To

State/OIG released its work plan for FY2020-2021. Below are some interesting audits/reviews coming our way in the next couple of years. This is not an exhaustive list. You may view the complete list here.

OBO/US Embassy Mexico City

Audit of the Bureau of Overseas Buildings Operations’ Contract Administration for the Design and Construction of the New Embassy Compound Mexico City
The New Embassy Compound (NEC) in Mexico City is being built as part of a larger overhaul of embassy facilities across the globe spurred by the Secure Embassy Construction and Counterterrorism Act of 1999. The new embassy complex will be built on 8 acres and will cost almost $895 million. The main building will be about 515,000 square feet, making it one of the largest embassies owned by the Department. Construction on the project began in February 2018 and is expected to reach substantial completion in April 2022. The objective of this audit is to determine whether the Department has administered the design and construction contract for NEC Mexico City in accordance with Federal acquisition regulations and whether the contractor has fulfilled the contract terms and conditions.

OBO, Consulate Erbil, Embassy Baghdad

Audit of the Bureau of Overseas Building Operations’ Construction of the New Consulate General in Erbil, Iraq
In September 2013, the Department and the head of the Department of Foreign Relations for the Kurdistan Regional Government signed an agreement allocating land for the construction of a new consulate general building and compound in Erbil. In March 2014, the Department issued a pre-solicitation notice for the design and construction of offices, housing, and support facilities. In June 2018, it awarded the contract, valued at $422.5 million, to B.L. Harbert International. The objectives of the audit are to determine 1) whether the Department administered the design and construction contract in accordance with Federal Acquisition Regulation and 2) whether B.L. Harbert fulfilled the contract terms and conditions.

OBO/Administration

Audit of Heritage Assets at Selected Overseas Posts
The Department maintains collections of arts and furnishings, known as heritage assets, that are held for public exhibition, education, and official functions. Items can be donated, loaned, or purchased (using donated or appropriated funds). The Department uses this property to promote national pride and the distinct cultural diversity of American artists, as well as to recognize the historical, architectural, and cultural significance of America’s holdings overseas. Although the Department does not report a value of these assets, one curator said that the value could be $500 million. Many pieces of heritage assets are placed overseas. The Department provides protection and preservation services to maintain all heritage assets. The objective of this audit is to determine whether selected posts protected and preserved heritage assets in accordance with Department requirements and whether the Department administered selected heritage asset programs in accordance with Federal and Department requirements

AQM

Audit of Use of Sole Source Contracts in Overseas Contingency Operations
In the last 3 fiscal years, the Department has used over $1 billion in sole source contracts in Iraq and Afghanistan. The Commission on Wartime Contracting reported that agencies have failed to set and meet goals for competition in Iraq and Afghanistan. In particular, agencies have awarded task orders for excessive durations without adequate competition, failed to set and meet goals for competition, and have repeatedly awarded long-term task orders that were not recompeted when competitive conditions improved and used cost-reimbursable contract types even though simpler, fixed-price contracts could expand the competitive pool. The objectives of the audit are to determine whether (1) acquisition policy was followed in awarding sole source contracts, (2) there were urgent and compelling needs to justify awarding sole source contracts, and (3) the Department is paying more by having sole source contracts than it would pay if contracts were competitively awarded.

Consular Affairs

Audit of IT Security Controls for the Passport Information and Electronic Records System
The Passport Information and Electronic Records System (PIERS) is a CA system housed on the Department’s network. PIERS is a suite of web and desktop applications that is used to manage passport records. These records include personally identifiable information, making the system a potential target for malicious actors, both internal and external. During a prior audit, OIG found control weaknesses—including a general lack of policies, procedures, guidance, and training—relating to the prevention and detection of unauthorized access to passport and applicant information and the subsequent response and disciplinary processes when a potential unauthorized access is substantiated. The objective of this audit is to determine whether the IT security controls that were designed and implemented for PIERS meet Federal and Department standards and are working as intended.

Embassy Baghdad, Embassy Kabul, Bureau of South Central Asian Affairs (SCA), Bureau of Near Eastern Affairs (NEA), M/PRI, DS

Audit of Rightsizing of U.S. Embassies Kabul and Baghdad
The U.S. Missions to Afghanistan and Iraq have undergone significant reconfiguration in recent years. In November 2018, the Department decided to decrease the U.S. footprint in Afghanistan because of the Administration’s shifting priorities; Embassy Kabul subsequently submitted a proposal to reduce embassy personnel by 50 percent. Similarly, in February 2019, the Department directed U.S. Embassy Baghdad to reduce its staffing profile by 30 percent. OIG issued the Audit of U.S. Mission Iraq Staffing Process (AUD-MERO-13-33) in 2013 that found that the Department did not fully consider U.S. priorities in Iraq as set forth in rightsizing frameworks developed by M/PRI and the Government Accountability Office. OIG also issued the Audit of the Department’s Implementation of Vital Presence Validation Process (AUD-SI-15-37) in 2015 that found that the Department periodically reviewed the balance between acceptable risk and expected outcomes in high-threat highrisk posts, but that the analysis did not explicitly address the attainability of the posts’ missions or goals. The objective of the audit is to determine whether the Department used established procedures, guidance, and best practices when undertaking its rightsizing approach and whether the approach takes into consideration the alignment of resources invested at these missions with U.S. priorities

Consular Affairs, Embassy Baghdad, Embassy Kabul

Audit of the Special Immigrant Visa Program for Iraq and Afghanistan
The Department’s authority to issue Special Immigrant Visas (SIV) to Afghan nationals falls under Section 602(b) of the Afghan Allies Protection Act of 2009, as amended. The act authorizes the issuances of SIVs to Afghan nationals who worked on behalf of the U.S. Government in Afghanistan or the International Security Assistance Force. The Consolidated Appropriations Act for FY 2019 authorized 4,000 additional visas for Afghan principal applicants. The act also created additional reporting requirements. Similarly, Section 1244 of the National Defense Authorization Act for Fiscal Year 2008 authorized the issuance of up to 5,000 SIVs annually through FY 2013 to Iraqi nationals who were employed by, or on behalf of, the U.S. government in Iraq and who meet certain requirements. The Department’s authority to issue SIVs to Iraqi nationals under the National Defense Authorization Act of 2008 was subsequently extended. The objective of the audit is to determine whether the Department is administering the SIV program in accordance with Federal law.

Selected Posts in Bureau of African Affairs (AF), Bureau of European and Eurasian Affairs (EUR), NEA

Audit of Remote Mission Operations in Contingency Environments
For security reasons, the Department operates a number of embassies and consulates outside the borders of the nation. For example, Mission Somalia operates remotely from Kenya, with the Department providing $275 million in foreign assistance to Somalia in FY 2017. Other examples include Mission Libya operating from Tunisia and programs for the stabilization of Syria from Turkey, Jordan, and Kuwait. The objectives of the audit are to determine the extent to which the Department 1) oversees its mission in locations where it does not have a permanent presence, 2) has policies and procedures in place for operating remotely, and 3) has assessed best practices that could be applied to other missions to reduce the number of personnel incountry and reduce the U.S. Government’s footprint.

Special Projects/Department

Evaluation of the Department of State Authorities Act Implementation
In 2016, Congress enacted the Department of State Authorities Act, which requires each Department head to report to OIG within 5 business days any allegations of: (1) waste, fraud, or abuse in a Department program or operation; (2) criminal or serious misconduct on the part of a senior employee; (3) criminal misconduct on the part of any employee; and (4) serious, noncriminal misconduct on the part of any law enforcement officer. The objective of this evaluation will be to review the Department’s compliance with this provision and will examine whether the Department is reporting all the required allegations and whether they are doing so in a timely fashion. OIG will also evaluate whether the Department’s guidance on this requirement is clear and whether the Department has sufficiently notified Department heads of their responsibilities.

 

 

State/OIG Reports Summarized in Classified Annex to the Semiannual Report to the Congress, 10/1/2017–3/31/2018

 

Via State/OIG:

AUD-MERO-18-29 page54image9152Audit of the Bureau of Diplomatic Security’s Management and Oversight of Explosives Detection Canine Services in Afghanistan | 2/2018

AUD-SI-18-23  Management Assistance Report: DynCorp Intelligence Analysts Supporting the Embassy Air Program Lack Access to Information Needed To Fully Identify Risks and Mitigate Threats | 1/2018

AUD-SI-18-22 Audit of the Bureau of Overseas Buildings Operations’ Management of page54image14736Construction Materials Destined for Controlled Access Areas |1/2018

AUD-IT-18-18 Management Assistance Report: The IT Network Supporting the Colombian page54image16808Aviation Program Requires Attention To Ensure Compliance With Federal Standards | 1/2018

AUD-MERO-18-11 Audit of Emergency Action Plan for U.S. Embassy Kyiv, Ukraine page54image19136 | 12/2017

AUD-IT-18-12 Audit of the Department of State Information Security Program page54image20832 | 10/2017

ISP-S-18-12 Classified Inspection of Embassy Managua, Nicaragua | 3/2018

ISP-S-18-09  Classified Inspection of Consulate General Curacao, Kingdom of the Netherlands page54image26120| 1/2018

ISP-S-18-04 Classified Inspection of Embassy Beijing and Constituent Posts, China page54image27808 | 12/2017

ISP-S-18-08 Inspection of Construction Security for New Embassy Compound Jakarta, page54image29496Indonesia | 11/2017

ISP-S-18-06 Classified Inspection of Consulate General Hong Kong, China page54image31288 | 11/2017

Four additional reports (titles classified) can be found in the Department of State Classified Annex to the Semiannual Report to the Congress.

#

.

Did USAID/OIG Retaliates Against an Auditor Alleging $120 Million Waste?

Posted: 12:18  am ET
[twitter-follow screen_name=’Diplopundit’ ]

 

The Foreign Service Grievance Board (FSGB) wants to know.

In December, it granted the unnamed auditor’s (the charged employee) Motion for Additional Discovery. USAID/OIG was ordered to produce the investigation files of both Mr. REDACTED and Ms. Lisa Mcclendon, the Deputy Assistant IG for Investigations at USAID OIG. Below is a quick summary of this case extracted from the publicly available records of the FSGB:

REDACTED, was employed by the United States Agency for International Development in the Office of the Inspector General (USAID OIG, agency) as a financial auditor in REDACTED from 2009 to 2011. During that time, she was assigned, inter alia, to audit two USAID programs (a REDACTED HIV/AIDs program in 2010 and a REDACTED Family Planning/Contraceptives program in 2011). The charged employee stated that she was prepared to make negative findings about both programs, alleging a waste of $120 million and $100 thousand dollars in each program, respectively. The OIG responded that the employee’s audit manager,REDACTED, and the Regional Inspector General, REDACTED, overruled her negative findings on grounds that they were erroneous and/or did not need to be included in the audit reports.

On June 9, 2011, an anonymous or confidential complaint was delivered to the REDACTED USAID OIG office, stating that the charged employee was submitting partially false vouchers for two-way education transportation reimbursement, because her husband was driving the children to school in the mornings. REDACTED, an investigator in REDACTED received the complaint and after consulting with an Assistant Special Agent in Charge in Washington, D.C., REDACTED, arranged for a Regional Security Officer (RSO) to follow Mr. REDACTED in the mornings to confirm that he was driving the children to school. The investigator also requested copies of the education transportation vouchers that showed that Ms. REDACTED had requested reimbursement for the cost of transporting the children to and from school.

Several weeks later, Lisa McClennon, the Deputy Assistant IG for Investigations, traveled to REDACTED allegedly for a routine site visit. When she arrived and reviewed the pending investigations, she testified that she concluded that REDACTED investigation “had not progressed.”2 She took over the investigation, interviewed more than a dozen witnesses and requested a large number of financial documents that Ms. REDACTED had submitted for reimbursement. Ms. McClennon stated that when she reviewed the documents and interviewed the witnesses, she concluded that the employee had submitted a number of false vouchers for reimbursement of educational travel expenses, a number of requests for cost of living allowance (COLA) payments to which she was allegedly not entitled, and a request for larger housing to which she was also allegedly not entitled.

(Note: WHOA! — requesting larger housing is against the rules? Isn’t that for the Housing Board to decide on entitlement? Active link and emphasis added above).

Ms. McClennon reported her findings to Mr. Carroll in Washington. He ordered Ms. REDACTED immediate curtailment, despite the fact that at that time she was away from post with her family. In addition, Mr. Carroll proposed to separate Ms. REDACTED from the Service for cause. After reviewing written and oral replies from the charged employee, Mr. Carroll recommended in a letter, dated August 3, 2012, that the employee be separated for cause.3  Ms. REDACTED responded to the recommendation by arguing that the investigation and the resultant charges were retaliatory based on her status as a whistleblower when she attempted to report negative findings in the REDACTED and REDACTED audits.
[…]
Before the Board was able to issue a final order,5 however, the employee filed a motion on November 14, 2014, advising the Board that Mr. Carroll had withdrawn his name from consideration for the position of IG and the President had formally withdrawn his name from consideration by Congress on November 12, 2014.6 The motion sought leave to file a supplemental pleading and to reopen discovery based on newspaper articles that reported that  Mr. Carroll was accused by OIG auditors (not including Ms. REDACTED of putting pressure on them to modify audit reports in order to delete negative findings about USAID. In addition, the charged employee requested the opportunity to depose Mssrs.REDACTED  and REDACTED.

The footnotes:

  • The Board initially came to the conclusion that Mr. Carroll did not have authority to prosecute this matter because his term as Acting IG expired before he recommended Ms. REDACTED for separation. The case was then dismissed. However, in 2013, Mr. Carroll was nominated to be the IG for USAID. Thus, he again became the Acting IG, pursuant to the Federal Vacancy Reform Act (FVRA) of 1998, 5 U.S.C. § 3345 et seq. As Acting IG, Mr. Carroll ratified his earlier recommendation to separate Ms. REDACTED for cause and the grievance appeal was reinstated.

#

Snapshot: State/INL’s Counternarcotics Program Afghanistan — $220 Million With Unclear Results

Posted: 1:04  am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

Via State/OIG:

Afghanistan produces three-quarters of the world’s illicit opium, with cultivation reaching a record high in 2013. To reduce, among other things, illicit opium revenue for the insurgency in Afghanistan, the Department of State (Department), Bureau of International Narcotics and Law Enforcement Affairs (INL), assists the Government of the Islamic Republic of Afghanistan (GIRoA) with initiatives aimed at reducing opium’s supply and demand. Since 2006, INL has expended $220 million on seven Counternarcotics (CN) initiatives in Afghanistan according to its Financial Management Activity Report (FMAR).
[…]
The degree to which INL’s CN program for Afghanistan has achieved desired results is unclear because INL has not fully developed or implemented Performance Measurement Plans (PMPs)2 to track progress for its CN initiatives and to allow for appropriate budgeting. As a result, INL cannot determine whether its Afghan CN initiatives are successful or should be revised, reduced, or canceled. Additionally, the long-term viability of CN initiatives is unclear because INL had not worked with the GIRoA to develop required sustainment plans that detail how CN initiatives will continue without U.S. assistance.

Screen Shot 2015-03-25

Click on image for larger view. (Click here for OIG report in pdf)

Above graphic extracted from State/OIG Audit of Bureau of International Narcotics and Law Enforcement Affairs Counternarcotics Assistance to Afghanistan, November 2014 (pdf).

Related to our blog post on Colombia, note that INL’s program in Afghanistan does not seem to include aerial eradication ( see State/INL: Anti-Drug Aerial Eradication in Colombia and the Cancer-Linked Herbicide, What Now?).

 #

 

State Department OIG – Published Reports, October 2014

via state.gov/oig

* * *

State Department’s Computer Systems Hacked, 5th Known Agency Breach This Year?

— Domani Spero
[twitter-follow screen_name=’Diplopundit’ ]

 

Just the bit of bad news you don’t need to start your Monday:

 

Below via WaPo:

The State Department did not seek to publicize that it had been hacked. On Friday, it announced that “maintenance” would be done to the unclassified network during a routine, scheduled outage. But on Sunday, after the Associated Press first reported the breach, officials acknowledged they had found traces of suspicious activity in their system and were updating security in the middle of a scheduled outage. In a sign of how complete the shutdown was, duty officers were using Gmail accounts.

A senior State Department official, who spoke on the condition of anonymity to discuss the breach, also told WaPo that “none of the department’s classified systems were compromised.”

Would State report publicly the classified intrusion if those systems were compromised?

This report follows the confirmation of a hack at the National Oceanic and Atmospheric Administration which reportedly forced cybersecurity teams to seal off data vital to disaster planning, aviation, shipping, etc. this past September, the reported breach of the computer networks of the United States Postal Service, compromising the data of more than 800,000 employees and a breach at the White House.  In June this year, the WSJ also reported the breach of computer systems at the Office of Personnel Management, which stores data on federal employees.

An unnamed official told nextgov.com that State is bolstering the security “of its main unclassified network during a scheduled outage of some Internet-linked systems.” The site, nextgov.com says it is “unclear why officials waited until this weekend to disconnect potentially infected systems at State.”

As of this writing, the State Department’s mobile access (go.state.gov) is down with the following notice: “The Department is currently experiencing an ongoing, planned outage to upgrade our network.  during this event, mobile access (GO) will be unavialable.  We apologize for any inconvenience this may cause you.  For questions or more information, please contact the IT Service Center at 202-647-2000.”

We understand that GO will be down until further notice and may need to be rebuilt. A mobile copy is currently live at http://m.state.gov.

* * *

In totally unrelated news, and nothing/nothing whatsoever to do with this reported hack — State/OIG on November 7, published its Audit of Department of State Information Security Program.  The report is readable if you don’t mind the redacted parts:

Screen Shot 2014-11-15 at 11.11.19 AM

Below is an excerpt:

Information technology security controls are important to protect confidentiality, integrity, and availability of information and information systems. When they are absent or deficient, information becomes vulnerable to compromise.[REDACTED]
[…]
Although we acknowledge the Department’s actions to improve its information security program, we continue to find security control deficiencies in multiple information security program areas that were previously reported in FY 2010, FY 2011, FY 2012, and FY 2013. Over this period, we consistently identified similar control deficiencies in more than 100 different systems. As a result, the OIG issued a Management Alert in November 2013 titled “OIG Findings of Significant and Recurring Weaknesses in the Department of State Information System Security Program” that discussed significant and recurring control weaknesses in the Department’s Information System Security Program [REDACTED B(5)]

The FY 2013 FISMA audit report contained 29 recommendations intended to address identified security deficiencies. During this audit, we reviewed corrective actions taken by the Department to address the deficiencies reported in the FY 2013 FISMA report. Based on the actions taken by the Department, OIG closed 4 of 29 recommendations from the FY 2013 report.
[…]
We identified control deficiencies in all [Redacted] (b) (5)  of the information security program areas used to evaluate the Department’s information security program. Although we recognize that the Department has made progress in the areas of risk management, configuration management, and POA&M since FY 2013, we concluded that the Department is not in compliance with FISMA, OMB, and NIST requirements. Collectively, the control deficiencies we identified during this audit represent a significant deficiency to enterprise-wide security, as defined by OMB Memorandum M-14-04.
[…]
Although we found the Department’s Computer Incident Response Team (CIRT) Standard Operating Procedures aligned with NIST SP 800-61, Revision 2,39 procedures do not clearly state all the bureaus, offices, and organizations that require notification prior to closing an incident. As a result, DS/SI/CS did not report all incidents to the U.S. Computer Emergency Readiness Team (US-CERT) as required. Specifically, 1 out of 22 (5 percent) security incidents we tested was not reported to the US-CERT, even though it was a Category 4 incident and involved potential classified spillage. If the Department does not report data spillage incidents (potential or confirmed) to US-CERT within the established timeframes, US-CERT may not be able to help contain the incident and notify appropriate officials within the allotted timeframe.

According to State/OIG, Category 4 incidents are incidents involving improper usage of Department systems or networks (that is, a person that violates acceptable computing use policies).

According to OMB Memorandum M-14-04, a significant deficiency is defined as a weakness in an agency’s overall information systems security program or management control structure, or within one or more information systems that significantly restricts the capability of the agency to carry out its mission or compromises the security of its information, information systems, personnel, or other resources, operations, or assets. via

 * * *

Related item:

Audit of Department of State Information Security Program; Published On: November 07, 2014; Report Date: November 2014; Report Number: AUD-IT-15-17; View Report: aud-it-15-17.pdf