Every year, USAID's Office of Inspector General (OIG) identifies management challenges that affect the ability of the Agency to deliver foreign assistance. The FY 2011 challenges relate to working in critical priority countries, managing for results, acquisition and assistance, and IT management. The Agency takes immediate remedial actions in response to OIG recommendations, which are summarized below. See the FY 2011 USAID Agency Financial Report (p. 131) for the OIG's memorandum on this subject, and the full Agency response.
|Challenge||Program Implementation. USAID continues to face enormous challenges in implementing its programs and activities in Afghanistan, Pakistan, Iraq, Sudan, and Haiti. Security concerns, weaknesses in governance, and corruption are persistent problems. Moreover, as USAID provides more of its assistance directly to host-country institutions to help build capacity at the national, provincial, and local levels, questions concerning accountability for those funds may arise.|
|Actions Taken||USAID has taken a number of concrete actions to address this challenge including: a) approved a new policy on September 7, 2011 to address violent extremism and insurgency through development efforts; b) improved its monitoring and evaluation (M&E) capability through two new evaluation training courses, created a planning and learning services center to provide on-call support to USAID staff, and developed related guidance documents on M&E; c) augmented its civilian response capability to staff priority counties and disaster areas; d) expanded its suite of training for operating in complex environments; and e) established Partner Security Liaison Offices in High Threat Environments (HTEs) to support the mission and the implementing partners' security.|
|Actions Remaining||Responsibility for specific operations and management strategies action plan were finalized on December 31, 2011. This included proposals for revised policies, protocols, and frameworks to address deficiencies in the implementation and monitoring of USAID programs in HTEs.|
|Challenge||Assistance Planning. Of the 80 performance audits OIG conducted in FY 2011, 25 disclosed problems with assistance planning: (1) program performance indicators and targets were not established, updated, or were not very closely related to USAID activities; (2) performance targets were inconsistent in performance management plans, contracts and grants, and annual work plans or were not appropriate; and (3) performance indicators were not adequately defined, or data collection procedures were not uniform amount partners. These deficiencies make it difficult for program implementers-USAID, partner-governments, contractors, and grantees-to track progress toward and achieve program objectives and results.|
|Actions Taken||In June 2010, the Administrator established a Bureau for Policy Planning and Learning (PPL), which is leading USAID's efforts to enhance strategic and program planning and implementation as well as monitoring and evaluation processes. In January 2011, PPL began to implement its new Evaluation Policy and in September 2011, it launched new guidance on developing Country Development Cooperation Strategies (CDCS). This guidance includes requirements for indicator selection to ensure that indicators are directly related to strategic objectives. Nine missions in three regions (Africa, Europe and Eurasia, and Asia) are now implementing an approved CDCS, including country-level performance measures.|
|Actions Remaining||Following issuance of the CDCS guidance, PPL is developing new project design guidance which emphasizes the importance of establishing performance indicator targets that directly relate to USAID activities. New USAID Program Cycle Guidance including policy, strategy, project design and implementation, monitoring and evaluation and performance management phases is being drafted. Each phase in the program cycle requires that USAID staff and program implementers consistently track progress toward achievement of strategy and program goals and expected results in partnership with relevant stakeholders. Additional training is planned in Washington and regional hubs in FY 2011 to continue staff skill building in planning, performance management and target setting. Nine additional countries have a CDCS under review and a total of 76 countries and regions are on schedule to have completed CDCS by the end of FY 2013. Training will be emphasized for new Foreign Service officers under the Development Leadership Initiative.|
|Challenge||Performance Management. For programs audited in FY 2011, a significant portion of program performance targets were not met, or performance lagged behind targets in key areas. OIG reported this finding in 17 performance audit reports. Also, 35 performance reports documented instances of inadequate contract or program management.|
|Actions Taken||The Agency continued efforts to build its capacity in planning and performance management by delivering 10 Managing for Results (MfR) workshops in FY 2011. Over 462 people have been trained to date and have improved their MfR skills and indicator selection. Out of the 462 people trained, more than two-thirds work in Missions currently preparing a Country Development Cooperation Strategy. The remaining participants are members of the Development Leadership Initiative. Four lessons of the MfR workshop focus specifically on indicator selection, data quality, setting baselines, targets and program development with hands-on exercises that allow participants to apply what they learn to real life development assistance scenarios. As of FY 2011, the MfR workshop has become an institutionalized part of the Agency's capacity building efforts to support ongoing improvement in the areas of planning and performance management. The Management Bureau's Office of Management Policy, Budget and Performance updated the FY 2011 curriculum to include monitoring and evaluation in high threat environments in accordance with current USAID policy.|
|Actions Remaining||An additional 275 staff are targeted for training in MfR in Washington and regional hubs in FY 2012. In addition to the MfR training, two critical phases of the program cycle-Strategic Planning and Evaluation-have become an institutionalized part of the Agency's process for achieving development results. Improved guidance for Project Design and Implementation as well as for Performance Management will be fully implemented in FY 2012. To strengthen the role of Contracting Officer Technical Representatives' (COTR) in overseeing performance management, a new course for mid-level COTRs is being piloted in February 2012.|
|Challenge||Results Reporting. OIG audits have identified inaccurate or unsupported reported results. In 37 of the audit reports OIG issued in FY 2011, OIG noted that data reported by USAID operating units or their partners were misstated, not supported, or not validated.|
USAID and the Department of State, along with other federal agency partners undertook a review and revision of the Foreign Assistance Standard Performance Indicators as part of the streamlining Initiative in FY 2011. These indicators are used by all USAID operating units (OUs) to report on program performance. As a result of the review, major revisions were made to the indicator set, including elimination of some indicators, revisions to other indicators to improve the clarity and focus of the indicators, and creation of new indicators. A large component of this effort was the development of new indicator reference sheets which provide detailed definitions of the indicators, parameters for and limitations on data collection, and instructions to clarify the type of data expected to be submitted for each indicator. The FY 2011 Performance Plan and Report guidance also includes specific instructions to OUs on the standards for Data Quality Assessments. These actions are designed to emphasize the importance of accurate data collection and reporting at the mission level, and provide additional tools for OUs to use to improve data collection and reporting.
In addition, USAID is elevating the importance of program reporting and has strengthened the use and selection of indicators and targets in strategy and project development.
|Actions Remaining||In FY 2012, Automated Directives Systems (ADS) 203 Assessing and Learning will be revised to incorporate new guidance and underscore the importance of selecting indicators that directly relate to the activities undertaken and the importance of accurate reporting.|
|Challenge||Sustainability. Sustainability is the capacity of a host-country organization to achieve long-term success and stability and to serve its clients and consumers without interruption and without reducing the quality of services after external funding ends. OIG audits have identified obstacles to project sustainability, with 11 audit reports disclosing sustainability weaknesses in FY 2011.|
Under the USAID Forward reform, USAID is focusing on strengthening the capacity of host country and local institutions by contracting with and providing grants to more varied local partners to ultimately create conditions where aid is no longer necessary. USAID realizes that enhancing local sustainability through foreign assistance is a long-term undertaking.
USAID is also building capabilities by providing Local Capacity Development trainings. In FY 2011, USAID trained 190 people in 26 different operating units.
More specifically, in addressing OIG's audit findings that India did not have a sustainability plan, the India Mission stated that in collaboration with the Government of Uttar Pradesh and Family Planning Services Agency (SIFPSA), the Mission is currently developing a transition/sustainability plan for the state society in Uttar Pradesh to ensure that USAID maintains influence over how the $40.1 million in accumulated savings is spent and ensures they are spent for purposes consistent with the original program. The Mission is continuing a dialogue with SIFPSA begun in October 2011. They are currently taking the following actions:
|Actions Remaining||As part of the new project design guidance that will be rolled out in FY 2012, a sustainability assessment will be mandatory. To address the OIG's findings in India, the Mission provided the third version of the draft PWC report to the Executive Director of SIFPSA, the Government of Uttar Pradesh Health Secretary. They have planned several meetings with SIFPSA to discuss the report and its recommendations, as well as other transition actions. These meetings have been delayed slightly due to elections in the state and related travel restrictions on U.S. Government staff. The Mission is currently seeking a one-year, unfunded extension to the IFPS bilateral, in part to ensure smooth and comprehensive transition of SIFPSA.|
|Challenge||Strategic Procurement Reforms. Current strategies emphasize the importance of using partner country systems and strengthening local capacity and institutions. To assess the partner country systems, USAID established a Public Financial Management Risk Assessment Framework (PFMRAF). Use of the framework will discharge USAID's fiduciary duties, advance USAID's broad development goals, and achieve measurable results jointly identified and agreed on with the partner country government. If USAID intends to use a partner country's supreme audit institution (SAI), USAID needs to coordinate with the USAID OIG to ensure that the SAI can conduct audits in accordance with U.S. Government Auditing Standards.|
|Actions Taken||These broad strategic procurement reforms are intended to develop and use local country systems that are consistent with international standards of public financial management-not with U.S. standards, per se. In accordance with international agreements reached in Paris and Accra (2005 Paris Declaration and 2008 Accra Agenda for Action), USAID's reform effort is designed to generally recognize (developed-world) international standards, as implemented locally. While USAID would expect there to be substantial overlap between U.S. Government Auditing Standards and those of the international community, these would not necessarily be identical in all respects.|
|Actions Remaining||Subject to the above clarification, coordination with the USAID OIG on the Agency's strategic procurement reforms is welcome, and the Agency looks forward to the OIG's review and input. In accordance with Agency policy on the PFMRAF, there are many opportunities to consult with the OIG before conclusions are reached on the capacity of partner-country systems to manage U.S. Government funds. This falls solidly within the OIG's statutory duty to coordinate and recommend policies designed to "promote economy, efficiency and effectiveness" in the administration of the Agency's programs and operations (Inspector General Act of 1978, as amended, Sec. 2) as well as within its oversight and enforcement functions.|
|Challenge||Cost-Reimbursement Contracts. USAID commonly uses cost-reimbursement contracts, which allow for payment of allowable incurred costs. However, these types of contracts place a heavy burden on USAID operating units to provide the monitoring necessary to provide assurances that U.S. taxpayer funds are used efficiently and effectively.|
|Actions Taken||In April 2011, USAID reported in its Acquisition Savings Plan to the Office of Management and Budget (OMB) a 21 percent reduction of total new awards in high-risk contracting mechanisms. In August 2011, a permanent chair was named for the new Acquisition and Assistance Review Board (AARB), formerly Contract Review Board. The Agency has begun developing guidance for the new AARB.|
|Actions Remaining||The Agency will continue to monitor and reduce the number of cost-reimbursement type contracts whenever feasible. The guidance for the new AARB will be issued in October 2012, with initial applicability to acquisition actions. During the following six months, the Agency will assess the effectiveness of the new procedures and make decisions on including assistance actions in future AARB reviews.|
|Challenge||Implementing Homeland Security Presidential Directive-12 (HSPD-12). The OIG reported that USAID lacked the resources to comply with this U.S. Government-wide directive. Although USAID has since met the requirements for credentials that allow access to the buildings at headquarters, it has not yet met the requirement for credentials that enable access to information systems. Future challenges in this area include tailoring an implementation plan for USAID/Washington and overseas posts.|
|Actions Taken||Under OMB's policy on continued implementation of HSPD-12 for a common identification standard for Federal employees and contractors, the Office of the Chief Information Officer, in coordination with the Office of Security, formed a HSPD-12 Steering Committee to assure continuity of physical and logical access. An analysis of vendors was completed in the fourth quarter of FY 2011.|
|Actions Remaining||During the first quarter of FY 2012, USAID will begin the pilot to implement logical access to the Agency's information technology (IT) infrastructure. USAID's intent is to issue Federal Personal Identity Verification (PIV) and PIV-I cards to USAID employees ahead of OMB's scheduled time line.|
|Challenge||Consolidating IT Personnel and Infrastructure with the Department of State. In FY 2010, USAID and State consolidated their IT personnel and infrastructure in Afghanistan and shifted USAID personnel to State's network, OpenNet. Subsequently, USAID conducted a business study for consolidating USAID and State IT infrastructure at approximately 70 locations where both USAID and State have operations. The approach chosen as a result of this study invokes total integration of hardware, software, and support personnel. USAID is planning to conduct pilots at three locations starting in October 2011. USAID's study identified potential critical risks associated with the consolidation effort-including weakening of system security and not attaining projected savings-that will require management attention.|
|Actions Taken||USAID and State are in the process of jointly (1) implementing pilots at three mission locations-Lima, Guatemala, and San Salvador-to validate the findings of the study and architecture, and (2) developing architecture for the Foreign Area Network as well as developing an overall governance structure for the solution.|
|Actions Remaining||Pending the results of pilots, USAID and State may decide to extend it to all USAID missions.|
|Challenge||Safeguarding Classified Material. In response to a November 2010 OMB memorandum that noted the "significant damage to our national security" caused by WikiLeaks disclosures, USAID conducted: (1) a self-assessment of the Agency's handling of classified material; (2) an external review by the Information Security Oversight Office and the Office of the National Counterintelligence Executive (ONCE); and (3) a review by the OIG. All three of these efforts noted areas for improvement in safeguarding classified material.|
Policy. The recommendations of the ONCE to improve the policy, standards, operating procedures, processes and guidelines for classified operations were embraced by USAID. As a result USAID drafted new management policies for classified operations, communications security, cable room operations, conducting secure meetings and conferences, and personal electronic device management.
Safeguard and Protection. To assure secure system baselines, USAID re-imaged 131 classified system hard drives to the latest DOS ClassNet operating system baseline, between July and October 2011. Further, all system hard drive antivirus signatures were validated and current. The software was validated to ensure it actively monitors ClassNet systems. USAID performed an internal assessment of current infrastructure against future requirements. This assessment spanned user-classified processing systems, secure video telecommunications, secure voice, and controlled, secure print capability and protected distribution systems at future planned secure operations locations to harden protective capabilities of physical connections. USAID planned, researched, and invested in thin client infrastructure, personal identification number (PIN)-secured networked print devices, TEMPEST-certified secure video teleconference with TEMPEST-certified secure Voice Over Internet Phone (VOIP) for both Secret and Top Secret-Sensitive Compartmented Information environments. USAID also purchased encryption device upgrades with appropriate administrative training packages to reinforce proper administrative capability within the Agency. USAID plans to be fully migrated to a thin client-managed environment by June 2012. In addition, USAID is developing a local model that adopts and mirrors the Defense Information System Agency safeguard and protective measures, to include implementation of minimum required, limited, designated Agency "trusted agents," who will be authorized to reproduce classified documentation, and will be accountable for tracking, documenting, transferring to internal and external bureaus and/or agencies, and dispositioning media on behalf of USAID.
Continuity of Operations Program. USAID has initiated actions to fully implement thin client infrastructure to support classified computer processing and upgrade to Internet Protocol-based secure video telecommunications and voice capability no later than March 2012. The protected distribution systems will be installed to protect classified computing connections during non-operations hours.
Accountability. USAID developed a local inventory and labeling mechanism that resulted in 100 percent accountability of classified hardware, printers, and hard disk drives. All stand-alone computing devices were removed from the operational environment in July 2011.
Training and Awareness. The Chief Information Security Office and the Office of Security training coordinators jointly revamped initial and annual refresher training and tracking mechanisms. A baseline, automated training program will be developed, customized and implemented throughout the Agency, aimed at increasing awareness, automating annual training, and tracking and sending training reminders to users.
Information Security. Under Executive Order 13526, training has been developed for Original Classification Authorities (OCA). The training is designed to ensure OCAs are familiar with their roles and responsibilities in the classification, safeguarding, and declassification of classified national security information. Individuals authorized to hand-carry classified materials must carry with them a Form AID500-7, and a Courier Authorization Card. To ensure the safeguarding, control, and accountability of classified material and courier cards, effectively October 15, 2011, the Office of Security is the only office authorized to issue Courier Authorization Cards to USAID-designated couriers.
Portable Electronic Devices (PED). USAID developed a new policy which encompasses a risk-management approach that combines the use of security technology products with user awareness and procedural controls and measures to minimize the vulnerabilities inherent with PEDs.
Counterintelligence and Insider Threat. As outlined in Executive Order 13587, USAID developed an Insider Threat program called Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.
Culture. In response to assessments by the Office of the Director of National Intelligence and OIG, USAID formed a steering committee to oversee, recommend, and guide the Agency's unified activities to address, direct and improve protection, safeguard, administration, accountability, inventory, and effective use of classified information and systems. The target completion date is June 2012.
Capability. USAID is soliciting expertise and input from all Agency security offices, business units, and bureaus to assure policies, culture, and activities support Agency business goals and objectives, encompass all 10 security domains, and result in well-rounded, vetted, and unified actions across the Agency.
Competency. USAID is reviewing strategy to align with Department of Defense 8570 Information Assurance training requirements to increase, train, and retain well-qualified, knowledgeable information assurance and IT staff. Classified equipment issue, safeguard, and protection responsibility will be assigned at the highest level in each USAID bureau. The target implementation date is June 2012. Agency policies related to personnel, physical, and industrial security programs; counterintelligence program; and PEDs are under technical review. USAID expects to formally approve them by June 2012. In addition, USAID will implement an Insider Threat Detection and Prevention program under Executive Order 13587.