An official website of the United States Government Here's how you know

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Comments on Office of Inspector General Semiannual Report to The Congress

Report

Office of Management Strategy and Solutions

May 1, 2017

Department of State’s Comments on Office of Inspector General Semiannual Report to the Congress
April 1, 2016 To September 30, 2016

Executive Summary

Protection of People and Facilities

The protection of people and facilities remains a top priority for the Department of State. The Quadrennial Diplomacy and Development Review 2015 recognized the need to balance our values and interests with the inherent risks of 21st century diplomacy and development. Threats to our people and facilities will continue to evolve and require constant focus and risk mitigation. To manage risk, the Department has published a new risk-management policy, annually revises the Security Environment Threat List, conducts High Threat Post Review Boards, utilizes the Vital Presence Validation Process, and enhanced the qualitatively improved Foreign Affairs Counter Threat training for all Foreign Service personnel. Despite these and other efforts, the challenge of eliminating risk and preventing attacks will continue given the nature of diplomacy and the environment. The Department has a robust program for ensuring personnel and facilities are well prepared to respond to emergencies. Those plans are tested regularly in response to real world crises, and in most cases they prove effective.

The Department has taken a number of steps to improve the safety of personnel overseas. For example:

  • The Department expanded its Foreign Affairs Counter-Threat (FACT) training, a program in which diplomats learn anti-terrorism and defensive driving, how to recognize an improvised explosive device, firearms familiarization, tactical medical skills, fire as a weapon and surveillance detection. This training is now mandatory for all high threat high risk posts, border posts in Mexico, and all posts in Africa. By FY 2019, FACT will be mandatory for all posts regardless of geographic region.
  • The Department’s Foreign Affairs Security Training Center (FASTC) will be partially complete in February 2017 and classes will be phased in over time. FASTC is scheduled to be fully operational by March 2019. This is a purpose built, centralized facility that will consolidate hard skills training and will enhance the ability of the Department to provide security training to its diplomats.
  • The Department moved 2,485 personnel into more secure, safe, and functional facilities in Fiscal Year 2015 under the Capital Security Construction Program.
  • The Department conducted a worldwide survey to solicit specifics on chief of mission (COM) and principal officer (PO) protective details to ensure adequate security for all COMs and POs at U.S. Diplomatic and Consular missions. An in-depth analysis was conducted of the security and protective details of all COMs. The Department made it a requirement for all posts to convene an annual Emergency Action Committee (EAC) meeting to discuss COM security and protective details.

Below is additional information about specific issues raised by the OIG:

The OIG reported that 60 percent of armored vehicle mishaps at U.S. missions overseas between January 2010 and September 2015 were preventable. It recommended mandatory training for drivers who operate armored vehicles.

The Department responded that there is no data showing that the armored vehicle mishaps stemmed from driver behavior. Nonetheless, the Department is implementing an ongoing armored vehicle drivers training program, beyond the existing program for COM drivers. Between Fiscal Year 2012- Fiscal Year 2016, DS trained 2,385 locally employed staff drivers in armored vehicle driving techniques. Over half of these were trained overseas and included posts such as Algiers, Ankara, Baghdad, Bujumbura, Cairo, and Kabul.

In an audit of local guard force contractors at critical- and high-threat posts, the OIG identified deficiencies in the performance of a number of contractually required duties.

The Department of State is making use of the OIG’s information to address the vulnerabilities identified at these posts but notes that only a small subset of posts was reviewed. The examples of deficiencies are exceptions, rather than the rule, in the Department’s security infrastructure.

Managing Posts and Programs in Conflict Areas

The Department gives significant attention to operations in unstable environments. The continued operation of our posts and programs in such complex working environments generally without serious incident is in itself a testament to the Department’s effectiveness. Still, the Department must continually improve its posture. Recent accomplishments include:

  • The Department published a policy on contracting in critical risk environments and created an office with responsibility for developing, coordinating, and implementing risk assessments and mitigation plans. A number of risk mitigation plans have been approved and implemented.
  • The Department implemented an innovative model for diplomacy and program management via the Syria Transition Assistance and Response Team (START) in Turkey.
  • After the 2012 attack in Libya, DS and the U.S. Marine Corps accelerated the activation of new security guard detachments at 23 posts around the world including Beirut, Lebanon; Erbil, Iraq; and Lahore, Pakistan. As of October 2016, 16 new detachments were being planned, and the Department increased the number of Marines in 121 existing detachments. In addition, DS and the Marine Corps Embassy Security Group established the Marine Security Augmentation Unit (MSAU) to provide RSOs and Emergency Action Committees with the option of a readily available and scalable supplementary protective force to keep pace with evolving threats. In Fiscal Year 2016, MSAU deployed 16 security augmentation missions to diplomatic facilities during periods of increased threats, deployed 46 VIP support missions, and conducted 35 pre-deployment surveys.
  • The Department continued to implement the Vital Presence Validation Process, which ensures that the Department’s most senior officials consider annually the risks of operating at each high threat post. The OIG audited this process and found it worked efficiently.
  • In response to an OIG audit, the Bureau of Near Eastern Affairs (NEA), Office of Assistance Coordination has updated its Management Policies and Procedures Manual to enable NEA to obtain reasonable assurance that award recipients have adequate financial management controls in place.

Below is additional information about specific issues raised by the OIG:

The OIG identified, during this reporting period, inventory control and safety deficiencies in fuel storage and refueling operations at Embassy Kabul.

Embassy Kabul made significant improvements to its monitoring of fuel storage and refueling operations. Among them, it implemented procedures to regularly update and review inventory systems and brought a new vehicle maintenance facility and fuel point online. The OIG considered all recommendations in this report resolved based on the actions taken by the embassy.

The OIG also identified some electrical currents on ground conductors that could have posed life, health, and safety risks to occupants of a new office building and apartment building at Embassy Kabul.

Upon receiving the OIG’s draft report on this topic, the Department formed a team of experts to re-audit the buildings; deployed a specialized grounding team to Kabul to evaluate and further remediate any hazards found; and had an independent third party conduct a review of the building’s grounding system.

Both teams that investigated the situation confirmed that the areas exhibiting significant levels of such current were limited to only locked and restricted mechanical and electrical spaces, which are not accessible to the general public. In addition, neither the building occupants nor surrounding areas were in danger from these currents, due to the lack of voltage present. Measurements of voltage consistently have been significantly below .02 volts, both before and after occupancy of buildings on the compound. Circulating current without the presence of measurable voltage does not present a danger.

Additional signage was posted in the restricted mechanical and electrical rooms experiencing higher levels of current on ground conductors, recommending all workers in these spaces utilize appropriate electrical safety equipment and precautions. In addition, Post communicated the situation to all staff via two Management Notices, alerting them of the potentially hazardous current and advising them to stay out of restricted areas.

The International Maintenance Assistance Program Power Systems Support team mitigated the risk to workers accessing locked mechanical and electrical rooms by reducing the measured current in the mechanical and electrical rooms in the affected buildings to levels at or below the 3 ampere threshold. Amperage readings at these levels paired with insignificant voltage measurements have never been a danger to building occupants.

Information Security and Management

The Department recognizes the significant threats that exist to its information systems and is constantly taking actions to reinforce its defenses against those threats. The CIO meets with the Deputy Secretary for Management and Resources on a bi-weekly basis to discuss the Department’s cybersecurity posture and initiatives.

For example, IRM has implemented enhanced safeguards to protect the Department’s network. Domestically, users and administrators are required to logon to the unclassified network with a personal identity verification card. Overseas, users and administrators are required to logon to the unclassified network with a Secure Network Access using a public key infrastructure smartcard or a personal identity verification card.

The Department has taken further steps in strengthening the preservation and management of records at many levels of the Department.

  • The Department established policies and systems that will put it in compliance with National Archives and Records Administration (NARA) requirements for managing email records electronically by the end of calendar year 2016. The new policies and systems greatly enhance the Departments records-keeping and FOIA capabilities.
  • Among other steps, the Department is now permanently archiving all of the email of its highest-ranking senior officials. The Department created the position of a Transparency Coordinator. That office is tasked with leading efforts to meet the President’s Managing Government Records directive, responding to the OIG’s recommendations, and working with other agencies and the private sector to explore best practices and new technologies. The Department has requested additional resources in FY 2017 to help address its historically underfunded Freedom of Information Act program.

Oversight of Contracts and Grants

The Department of State continues to take steps to address and improve proper management oversight, and accountability of Department contract and grants.

For example:

  • Embassy Cairo developed an annual acquisition plan to identify the best contract method for competition and possible cost savings, in response to an OIG 2015 inspection.
  • The Department is establishing management and monitoring procedures for grantees for Embassy Cairo and other embassies, in response to OIG inspections in 2015 and 2016.
  • The Department prepared a Federal Assistance Human Capital Plan to ensure that it had acquired the appropriate number of trained personnel to conduct grants management and monitoring procedures of grantees at Embassy Cairo and other embassies in response to OIG inspections in 2015 and 2016.

Financial Management

The Semiannual report states that “the Department manages one of the U.S. Government’s most complex financial operations” and notes that the Department received an unmodified (“clean”) audit opinion on its 2014 and 2015 financial statements. Department officials at all levels, both at home and abroad, dedicate substantial time and effort to ensuring effective management controls and oversight.

For example, the Department issued expanded guidance on management controls in 2015 and 2016. The expanded guidance defined the procedures for reporting deficiencies. It required the chief of mission to designate a management control coordinator at the beginning of each fiscal year and clarified that the full range of Department activity (including programs) was required to be evaluated. The expanded guidance also added a section that identified areas that need heightened attention by posts and bureaus. For Fiscal Year 2016, the guidance continued to emphasize contract files, grants management and IT security, and it added the purchase card programs. The expanded guidance also revised the Statements of Assurance (SoA) coming from posts and required that deputy chiefs of mission sign the annex, in addition to the chiefs of mission. The expanded guidance emphasized that conducting management control reviews should be a year round activity. As a result of actions taken, all of the corresponding OIG recommendations were closed.

Oversight of Department of State Programs and Operations

Office of Audits

The Department of State gives significant attention to physical security at overseas posts and to improving management and oversight of personnel overseas. Summaries of the Department’s responses to the following audits listed in the OIG’s Semiannual Report appear above in the Executive Summary.

Audit of Local Guard Force Contractors at Critical- and High-Threat Posts (AUD-SI-16-33, 4/2016).

Management Alert: Hazardous Electrical Current in Office and Residential Buildings Presents Life, Health, and Safety Risks at U.S. Embassy Kabul, Afghanistan (MA-16-01, 4/2016).

Improvements Needed To Strengthen Vehicle-Fueling Controls and Operations and Maintenance Contract at Embassy Kabul, Afghanistan (AUD-MERO-16-35, 4/2016).

Below are updates on the other Audit reports cited in the Semiannual Report:

Audit of the Department of State Travel Card Program (AUD-CGI-16-48, 9/2016).

The OIG identified cases of misuse of travel cards and unauthorized cash advances. The Department made use of this information. The Bureau of the Comptroller and Global Financial Services consistently investigate suspected misuse of travel cards. If the charges do not appear to be authorized, they contact HR’s Office of Conduct Suitability and Discipline Division to review the case and proceed with disciplinary action if appropriate. In accordance with the Department’s procedures for disciplinary action, employees have an opportunity to respond before a final decision is made by senior officials. .

Audit of the Aeromedical Biological Containment Evacuation Contracts Within the Bureau of Medical Services (AUD-CGI-16-40, 8/2016).

The OIG found the Department’s quality assurance surveillance plans of the aeromedical biocontainment evacuation contracts lacked a methodology for measuring and documenting the contractor’s performance.

For the plan that was referenced in the OIG’s recommendation, the Department executed a bilateral modification with the contractor to update the quality assurance surveillance plan (QASP). As a result, the QASP must now include information on the “Method of Surveillance,” and the contractor must submit quarterly Quality Assurance Compliance Reports.

Audit of Department of State Strategic Sourcing Efforts (AUD-FM-16-47, 9/2016)

The OIG reported that the Department did not fulfill the OMB goal for strategic sourcing, which required agencies to reduce the costs of acquiring common products and services by the strategic sourcing of new commodities or services.

A charter to implement strategic sourcing program activities will be drafted in the second quarter of Fiscal Year 2017. The charter will identify members, roles, responsibilities, and operations.

Additional Actions Are Needed To Fully Comply With Section 846 of the National Defense Authorization Act for Fiscal Year 2013 Concerning Critical Environment Contracting (AUD-MERO-16-50, 9/2016).

The Department created the Critical Environment Contracting Analytics Staff (CECAS) to develop, coordinate and implement risk assessments and mitigation plans whenever contractors are involved in supporting overseas contingency operations for identified high-risk areas. Section 846 of the Fiscal Year 2013 National Defense Authorization Act requires that each risk mitigation plan include measurable implementation milestones and an oversight process for monitoring, measuring, and documenting the progress of each mitigating action. The OIG found that, although the CECAS and the stakeholders conducted comprehensive risk assessments, they did not always develop mitigating actions. In addition, the OIG found that none of the mitigation plans reviewed had measurable milestones or identified oversight processes.

CECAS will complete an analysis of its processes in Fiscal Year 2017. Among issues for consideration in the analysis are those raised by the OIG. Based on the findings and analysis of the research, CECAS will develop any necessary recommendations to revise the current process, update 14 FAM 240, and/or modify the risk assessment template.

Audit of the Bureau of Near Eastern Affairs (NEA) Financial Management of Grants and Cooperative Agreements Supporting the Middle East Partnership Initiative (AUD-MERO-16-42, 7/2016).

The Middle East Partnership Initiative (MEPI) is the U.S. Government’s primary tool for supporting civil society in the Middle East and North Africa, awarding grants and cooperative agreements to non-governmental organizations, private-sector organizations, academic institutions, and government institutions in the United States and abroad.

An independent auditor reviewed 20 MEPI grants and cooperative agreements awarded in Fiscal Years 2012 – 2014, and questioned $1.5 million in expenditures because of concerns about financial and management controls.

NEA adopted two updated versions of the Grants Management Policies and Procedures Manual following the conclusion of this audit. The updated policies and procedures were applied to NEA/Assistance Coordination programming, including MEPI. Grants officers now complete a risk assessment and monitoring plan based on the risks identified for each award issued. Based on the risk designation, desk reviews or site visits are conducted. Documentation detailing the results of the review conducted, as well as any necessary follow-up actions, is saved to the award’s files.

NEA/AC grants officers review all supporting documentation for the awards, including the awards that had questioned costs, and determine whether any are unallowable, un-allocable or unreasonable. Recipients receive detailed instructions for returning funding to the Department should their costs be determined to be unallowable.

Compliance Follow-up Review of the Department of State’s Implementation of Executive Order 13526, Classified National Security Information (AUD-SI-16-43, 9/2016).

The OIG reported that security-cleared employees were not completing the required training within the timeframe considered in the review, and the Department was failing to suspend employees’ classification authority until their training was completed. It also reported that the Bureau of Administration had not captured all classified documents during its annual count of classification decisions.

The Department is working to implement a program that meets the requirements of E.O. 13526. It will include guidelines on the criteria bureaus should use to identify staff members who require classification training and the frequency with which bureaus should update those lists. It will also outline procedures that each bureau must follow to sanction security-cleared individuals who do not take the required training.

A Department memo was distributed requesting reports on all classification decisions and directing the bureaus to make the documents available for inspection and data validation. This process is currently being codified in a revision to 5 FAM 480.

Office of Inspections:

The Department dedicates significant time and effort to ensuring effective policy implementation and management operations at overseas posts.

A summary of the Department’s response to the following report appears above in the Executive Summary.

MAR: Armored Vehicle Training (ISP-16-17, 4/2016; updated and reissued 7/2016).

Below is additional information about the Department’s responses to other reports.

Inspection of Embassy Port of Spain, Trinidad (ISP-I-16-29A, 9/2016).

The OIG reported that the Consular Section did not comply with Department procedures on processing visa referral cases, nor did the embassy comply with Department and Federal regulations on records management.

To address these findings:

  • Embassy Port of Spain’s political-economic section organized its files by year and subject to facilitate archiving, retrieval, and retirement.
  • Post rewrote its operating procedure for nonimmigrant visa referral cases. Only qualified embassy staff members who have completed the relevant training and signed the appropriate compliance agreements may submit or authorize a referral or priority appointment request. In addition, post implemented specific training solutions and conducted a self-audit to correct historical mistakes.

Inspection of Embassy Quito, Ecuador (ISP-I-16-27, 9/2016).

The OIG found that Public Affairs Section grants files did not comply with Department guidance on the administration of Federal assistance awards, and the mission lacked an effective records management program. Embassy Quito’s end-use monitoring rate in 2015 was low. An imbalance in the allocation of Public Affairs resources limited outreach capacity at Consulate General Guayaquil.

The Public Affairs Sections (PAS) in Quito and Guayaquil took corrective action.

  • The appropriate staff obtained Grants Officer Representative (GOR) certificates and/or training. PAS developed a Standard Operating Procedure document for all grants. Newly-arrived officers obtained Grants Officer warrants.
  • As locally employed staff position descriptions are updated through the Office of Public Diplomacy’s global position description initiative, post will ensure that GOR responsibilities are reflected in relevant position descriptions. Post will also follow best practices in posting grant information on its new mission website platform. PAS includes risk assessments in all new grants, and the SF-270 “Request for Advance or Reimbursement” form is also being utilized as mandated by the Federal Assistance Policy Directive.
  • Mission Ecuador completed the destruction/and or archiving of appropriate classified hard copy documents. A directory infrastructure was designed and put in place for several offices, and post will continue to design directory infrastructures for all offices. The mission plans to implement a training program on record emails for all employees in the first quarter of 2017 and has requested guidance from the Department for structuring an overall records management program. All required property records and documentation were uploaded to the Real Property Application System.
  • PAS in Quito and Guayaquil have worked actively to ensure resources are strategically directed to mission-wide public diplomacy programming and staffing. The Public Affairs Officer (PAO) in Quito, in consultation with the PAO in Guayaquil and with Management, included additional line items in the PAS Guayaquil budget. The PAO in Guayaquil is now invited to monthly budget discussions and has been given expanded authority for budgetary decisions.

The OIG found that termination process for locally employed staff members was not in accordance with local labor law.

  • Post corrected this situation. It issued mission policies regarding the employee termination process, the employee grievance process, and position classifications.

Inspection of Consulate General Curacao, Kingdom of the Netherlands (ISP-I-16-26A, 9/2016).

The OIG recommended that the Department of State evaluate and revise the local compensation plan (LCP) in Consulate General (CG) Curacao.

The Department will review the outstanding items related to the LCP in 2017 in conjunction with its annual review. It will work with a specialized human resources consulting firm to conduct a comprehensive salary and monetized benefits survey of comparator companies to evaluate the validity of the CG Curacao LCP.

Inspection of Embassy Belmopan, Belize (ISP-I-16-25, 9/2016).

The OIG recommended that the Department of State evaluate and revise the local compensation plan (LCP) in Embassy Belmopan.

Human Resources in Washington and Embassy Belmopan have been working together to resolve the proposed changes to the LCP to ensure compliance with local labor law and prevailing practice.

The OIG found that the Bureau of Information Resource Management canceled a planned Global Information Technology Modernization (GITM) upgrade without warning as part of a worldwide suspension of installation activities.

The Department restored the GITM refresh schedule, and updates were completed at post.

Compliance Follow-up Review of the Inspection of the Bureau of Diplomatic Security, High Threat Programs Directorate (ISP-C-16-18, 5/2016).

The OIG reported that the Department had not established memoranda of understanding (MOU) with U.S. military commands for three liaison officer positions, as required by Department policy. The Bureau of Diplomatic Security (DS) had not incorporated into the appropriate Foreign Affairs Manual section the changes in the Post Security Program Reviews specific to high threat posts. The Bureau of Human Resources (HR) had made considerable progress but had not yet completed a comprehensive review of the structure, management, and manpower needs of DS’s High Threat Programs Directorate (HTP).

The Department took the following steps in compliance:

  • The Department developed templates for liaison officer MOUs to ensure future agreements are executed expeditiously.
  • A revision to the Foreign Affairs Manual will ensure high threat posts undergo the Post Security Program Review process annually.
  • HR and DS completed a data collection process as part of their overall assessment of the structure, management, and manpower needs of DS/HTP. The final product will include findings and recommendations.

The OIG found that the Directorate’s decision to shift to a proactive approach to threat management expanded its mission and workload without a commensurate increase in human resources. As a result, senior managers did not communicate consistently with mid-level staff.

  • The OIG and the Directorate discussed these concerns and agreed that holding more frequent town hall and staff meetings would improve communication.

Inspection of Embassy Ankara, Turkey (ISP-I-16-24A, 9/2016)

The OIG asserted that Embassy Ankara had the fourth longest backlog worldwide in processing Iranian immigrant visas.

  • In August 2016, Embassy Ankara reported eliminating the backlog.

Inspection of Embassy Cairo, Egypt (ISP-I-16-15A, 4/2016)

The OIG reported that Embassy Cairo had not fully coordinated and integrated its crisis planning nor ensured that crisis training tests cross-functional aspects of its emergency plans. The OIG identified $133,200 in funds that could be put to better use by terminating leases for vacant residences in Alexandria.

  • Embassy Cairo addressed this matter. It determined that, on a quarterly basis, all American and designated locally employed staff would participate in training on resources and materials relevant to crisis response. In addition to the annual mission-wide crisis management drill, post planned to conduct two crisis management table-top exercises each year; one would be internal involving all consular staff, and another would be conducted with wardens and consular personnel from other embassies. Embassy Cairo published “The Crisis Preparedness Standard Operating Procedure” on its SharePoint site.
  • Embassy Cairo reported that it terminated several leases in Alexandria in 2015. Consulate General offices, however, have re-opened and leases have been signed for six U.S. staff resident in Alexandria.

Inspection of Embassy Montevideo, Uruguay (ISP-I-16-22A, 9/2016)

The OIG found that Embassy Montevideo did not use record emails.

  • Embassy Montevideo created a policy outlining when mission personnel should use record emails in place of regular email communication. The OIG closed this recommendation.

Inspection of Embassy Tegucigalpa, Honduras (ISP-I-16-21A, 8/2016)

The OIG found that the embassy did not conduct risk assessments or develop monitoring plans for its Public Affairs Section’s (PAS) Federal assistance

Awards; the International Narcotics and Law Enforcement Affairs Section (INL) was not appropriately staffed at post; the embassy lacked sufficient internal controls related to travel advances, overtime, night differential, and the duty officer program; the Political and Economic Sections did not archive non-reporting cable information.

Post and the Department have taken the following steps:

  • PAS instituted a standard operating procedure that formalized the use of standardized risk assessments for all federal grants. Staff members now ensure that grant monitoring is planned in advance and that all monitoring is documented in grant files as required.
  • Significant increases in INL staff were already in the works in coordination with INL Washington when the inspection took place. Some new positions have been filled, and others are in process.
  • The Financial Management Officer began tracking all post-created bills of collection on a spreadsheet in which only Certifying Officers have the authority to mark bills as paid. FMO implemented a procedure to remind debtors of the amounts they owe and, when necessary, take action to collect outstanding debts. FMO examined the outstanding travel-related bills of collection and pending vouchers and made significant progress on closing them.
  • Post issued a management notice reminding all employees that overtime must be approved in advance. The FMO is now auditing time and attendance records periodically and contacting supervisors when there appear to be problems with authorization of overtime.
  • The OIG was concerned that too much responsibility for the duty officer program was falling to the Consular Section and that duty officers did not have sufficient training. Human Resources assumed responsibility for scheduling duty officers and published a comprehensive Duty Officer Guide. Post reminded staff of the requirement for mandatory on-line duty officer training in management notices and reminders issued before an officer’s duty week.
  • Embassy sections examined previous correspondence to identify and convert key substantive emails into record emails. Post disseminated guidance and planned to offer additional classroom instruction on preparation of record e-mails.

Compliance Follow-up Review of the Review of the Department of State Disciplinary Process (ISP-C-16-16, 4/2016).

The OIG found that the Bureau of Human Resources had not updated the Civil Service and Foreign Service guidebooks to add the latest guidance and information on disciplinary issues.

The Department took corrective action. Only one recommendation remains open, but it is resolved. The Department awarded a contract for completion of the Supervisor Guides, which provide guidance on managing employees’ performance and conduct. The expected date of completion is September 20, 2017.

Office of Evaluations and Special Projects

Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements (ESP-16-03, 5/2016)

The OIG found that management weaknesses at the Department have contributed to the loss or removal of email records, particularly records created by the Office of the Secretary. These weaknesses include a limited ability to retrieve email records, inaccessibility of electronic files, failure to comply with requirements for departing employees, and a general lack of oversight. OIG also determined that email usage and preservation practices varied across the tenures of the five most recent Secretaries and that, accordingly, compliance with statutory, regulatory, and internal requirements varied as well.

The Department developed new policies and systems for managing and preserving email, which greatly enhance the Department’s records-keeping and Freedom of Information Act capabilities. The new policies and procedures were designed to comply with National Archives and Records Administration (NARA) requirements for managing email records electronically by the end of calendar year 2016. The Department will meet that deadline. In a November meeting, NARA officials commended the Department’s processes and progress.

Among other steps, the Department is now permanently archiving all of the email of its highest-ranking senior officials. The Department created the position of a Transparency Coordinator. That office was tasked with leading efforts to meet the President’s Managing Government Records directive, responding to the OIG’s recommendations, and working with other agencies and the private sector to explore best practices and new technologies. The Department conducted extensive outreach to employees to explain their obligations for records management upon concluding their employment at State. The Department requested additional resources in FY 2017 to help address its historically underfunded Freedom of Information Act program.

Compliance

The Department is committed to taking prompt corrective actions. Below are summaries of the Department’s responses to recommendations listed in Table 10.1 of the OIG’s Semiannual Report.

Audit of the Department of State Process To Select and Approve Information Technology Investments (AUD-FM-16-31, 3/2016).

The OIG stated that, “The Bureau of Information Resources Management provided no new or compelling evidence showing that the CIO has the authority to delegate blanket approval to approve the portfolio data for all IT investments prior to submission of these reports to the OMB.”

The Department did not concur with the recommendation. OMB A-11 guidance only specifies that, “Consistent with the Federal Information Technology Acquisition Reform Act of 2014 (Pub. L. No. 113– 291) and related OMB guidance, Chief Information Officers (CIOs), Chief Financial Officers (CFOs), and budget officers must coordinate to ensure that IT budget data is consistent with the agency’s budget submission, and must complete ‘IT Resources Statements’ described in section 51.3.”

The Department will provide the following statements along with its Fiscal Year 2018 budget submission:

  • a statement from the CIO affirming that the CIO has reviewed and approved the major IT investments portion;
  • a statement from the CFO and CIO affirming that the CIO had a significant role in reviewing planned IT support for major program objectives and significant increases and decreases in IT resources; and
  • a statement from the CIO and CFO that the IT Portfolio includes appropriate estimates of all IT resources included in the budget request.

Audit of Emergency Action Plans for U.S. Mission Pakistan (AUD-MERO-14-08) and Evaluation of Emergency Action Plans for U.S. Mission Afghanistan (AUD-MERO-13-20).

Recommendations for these audits are listed as unresolved in the most recent compliance analysis from OIG. The Department met with the audit team twice in recent months to discuss these recommendations. In addition, DS recently released cable 16 STATE 113534 (Improving Emergency Preparedness), which further addresses the issues. DS is actively working to update the process for reviewing Emergency Action Plans (EAP) and to establish formal standards for reviewing and approving EAP sections. DS is actively working with the OIG audit team to resolve and close these recommendations.

Compliance Follow-up Audit of the Process to Request and Prioritize Physical Security-Related Activities at Overseas Posts (AUD-ACF-16-20).

The OIG recommended that the Bureau of Overseas Building Operations (OBO) develop and implement a method to track the funding status of every physical security deficiency identified by DS in the Deficiencies Database. It also recommended that OBO develop and implement a process to respond to posts’ formal requests for physical security related funding, which should include commitments to respond within certain timeframes.

OBO tracks requirements and projects in the Buildings Management Integrated System (BMIS). Like the Deficiencies Database, BMIS tracks requirements by facility and includes additional information related to costs and schedules. Deficiencies will be entered into BMIS as requirements, which will generate an individual BMIS requirement number. When funding for a specific need is identified, the requirement is converted into a project and receives a project number. To cross-reference the status of individual deficiencies, OBO will provide DS a requirement number when first entered and a project number when funded.

Formal requests for physical security funding are received via cable from posts. OBO tracks incoming cables and produces a response via cable within 2 weeks. In those cases where the incoming request requires further evaluation, determination of funding availability, or additional information, an interim cable response is sent.

U.S. Department of State

The Lessons of 1989: Freedom and Our Future