Inspector General's Statement on the Department's Major Management and Performance Challenges
Steve A. Linick
The Reports Consolidation Act of 2000 (Public Law No. 106–531) requires that inspectors general summarize and assess the most serious management and performance challenges facing Federal agencies and the agencies’ progress in addressing them. The Reports Consolidation Act also requires that the Department of State place the final version of this statement in its annual Agency Financial Report.
In FY 2016, the Office of Inspector General considers the most serious management challenges for the Department to be in the following areas:
- Protection of People and Facilities
- Managing Posts and Programs in Conflict Areas
- Information Security and Management
- Oversight of Contracts and Grants
- Financial Management
These management and performance challenges are discussed below. OIG will continue to assist the Department in identifying the wide range of management issues it faces and recommend solutions to improve performance and accountability.
1. Protection of People and Facilities
The protection of people and facilities overseas remains a significant management challenge for the Department of State (Department). Although the Department is committed to protecting its personnel and property (including information), the Office of Inspector General (OIG) continues to find deficiencies related to personnel safety overseas and emergency planning and preparedness. We list examples below of OIG work addressing these issues.
Personnel Safety Overseas
OIG determined that, despite recent improvements, the Department’s management and oversight of security personnel is still lacking at posts overseas. For example, local guard forces failed to perform contractually required duties, such as conducting access control, delivery, and mail screening.1
OIG found deficiencies in seismic risk mitigation in embassy residences2 and occupational safety and health approvals in overseas housing agreements.3 During an audit of the vehicle-fueling controls and operations and maintenance contract, OIG determined that, in violation of Bureau of Overseas Buildings Operations (OBO) safety standards, the fuel station building had only one exit, located directly above the bulk fuel storage for the fueling station.4
OIG also identified inconsistencies in motor vehicle policies that resulted in a lack of proper training for personnel serving in countries with an elevated risk of car accidents and fatalities.5 OBO statistics show that of the 773 armored vehicle mishaps that have occurred at overseas posts within the last 5 years, 469 (about 60 percent) were deemed preventable. The Department has recognized that driver behavior contributes to vehicle fatalities and that “solutions must center on … providing an effective initial and refresher training program.”6 OIG recommended that the Department establish a mandatory training requirement on armored vehicle safe-driving techniques for all overseas professional chauffeurs and incidental drivers who operate such vehicles.7
Maintaining sufficient physical security at overseas facilities is a fundamental component of protecting U.S. Government employees. Physical security relates to physical measures—such as locked doors, perimeter fences, and other barriers—to protect against unauthorized access (including attackers or intruders) and to safeguard personnel working in those facilities.8 In recent years, the Department has developed new tools to identify and track physical security deficiencies overseas but still needs to take additional actions. For example, OIG concluded in a December 2015 report that, until the Department fully implements OIG’s recommendations intended to improve the process to request and prioritize physical security needs, it will be unable to identify and address all physical security-related deficiencies.9
Emergency Action Planning and Preparedness
During FY 2016, OIG identified several issues with the Department’s emergency action planning and preparedness. For example, OIG found that chiefs of mission were unaware of the U.S. military assets available during emergency situations.10 OIG also identified shortcomings in the Department’s crisis management training and emergency action plans, including at embassies in the Middle East and Africa. For example, OIG found that consular sections in several posts were unfamiliar with their roles and responsibilities leading up to and during a crisis.11 OIG also found that emergency action plans were out of date, lacked key information, included erroneous points of contact, or were improperly certified by leadership.12
2. Managing Posts and Programs in Conflict Areas
In addition to the overall challenge of protecting its people and facilities, the Department faces a much more specific challenge in managing its posts and programs that are located in conflict areas, including areas affected by overseas contingency operations. The Department’s FY 2017 congressional budget justification requested $14.9 billion in overseas contingency operations funds to address a number of continuing and emerging challenges, including response to the crisis in Syria, efforts to counter the Islamic State in Iraq and the Levant (ISIL), and operations in Afghanistan and Pakistan. Given both the ongoing challenge and the resources involved, OIG continues to focus closely on Department operations in unstable environments. Again, we list below several examples of OIG’s work on this subject.
Conflict areas are typically marked by violence, humanitarian crises, political instability, physical insecurity, weak governance, and rampant corruption. As a result, programs and posts operating in these areas must adapt to constant change, pervasive security concerns, dramatic swings in personnel and funding, and widespread reliance on contractors and grantees. Recognizing the particular difficulties of managing posts and programs in conflict areas as well as the fact that the Department has invested billions of dollars to do so, OIG continues to focus closely on the complex issues affecting Department operations in unstable environments.
Post Infrastructure and Logistical Support
OIG identified during this reporting period inventory control and safety deficiencies in fuel storage and refueling operations at Embassy Kabul.13 OIG issued a management assistance report to alert the Department to a potential safety risk that could result in severe injury or death involving electrical current; this issue was identified by the U.S. Army Corps of Engineers during the course of an ongoing audit of construction of the new office and residential apartment buildings at Embassy Kabul.14
Managing Contracts, Grants, and Cooperative Agreements in Conflict Areas
Conflict areas present unique obstacles to effective management of contracts and grants that go beyond those identified in the separate management challenge discussed subsequently. Although the problems that occur in conflict areas are often substantively similar to those that occur elsewhere, the ramifications of those problems may be amplified because of stresses particular to conflict areas (for example, the quick turnover of government personnel or the increased cost of operations). In recent years, the Department has focused efforts on improving management of contracts, grants, and cooperative agreements in these areas, but heavy reliance on contractors and grantees remains a necessity in conflict areas, and OIG continues to find instances of insufficient oversight. We include examples of these issues below.
OIG inspected the Bureau of Diplomatic Security’s (DS) Directorate of International Programs, which is responsible for the oversight of more than $1.6 billion in 90 local guard contracts around the world (including conflict areas), approximately 80 personal services agreements for local guard forces, and 8 task orders for the Worldwide Protective Services contract that provides security for Embassy Baghdad and consulates throughout Iraq. OIG found that the Department’s efforts to provide DS with contract administration assistance were hampered by the lack of service-level agreements and uniform operating procedures. This led to misunderstandings about staff roles and responsibilities.15
Audits of contracts in Iraq revealed over $20 million in questioned and unsupported costs and unallowable fees. An audit of task orders awarded under the Operations and Maintenance Support Services contract found that Department officials did not prepare comprehensive planning documents, formally assign oversight personnel, or ensure that oversight personnel adequately documented the contractor’s performance. In addition, the Department did not comply with statutory and Department requirements for timely agreement on contract terms, specifications, and the price of the task orders, resulting in the contractor being paid more than $500,000 in unallowable fees.16
In an audit of the Baghdad Life Support Services contract, OIG found that the Department acted contrary to the Federal Acquisitions Regulations (FAR) by awarding four task orders that provided overtime or incentive pay to contractors whose labor costs were established as firm-fixed-price in the contract. The Department’s decision to award these task orders was not accompanied by a cost-benefit analysis, validated need, or written justification. As a result, OIG found that the Department paid the contractor $184,400 for overtime that was contrary to the FAR and questioned $2.8 million paid to the contractor in incentive fees without a documented benefit for the Department.17
Audits of security services contracts for Embassy Baghdad and Consulate Erbil identified insufficient review of supporting documentation for contractor invoices by contracting officer representatives (CORs), leading to over $17 million in questioned and unsupported costs.18
OIG’s inspection of the Bureau of Democracy, Human Rights, and Labor (DRL) programs in Iraq noted all 12 grants that were active between October and November 2015 (with a total award value of more than $42 million) had the necessary monitoring plans, performance indicators, and risk assessment or contingency plans.19 However, given security restrictions, neither DRL employees nor Embassy Baghdad employees had conducted site visits to Iraq grant recipients since 2013.
Section 846 of the National Defense Authorization Act for Fiscal Year 2013 requires the Department to conduct comprehensive risk assessments whenever contractors are involved in supporting overseas contingency operations. OIG reviewed the Department’s risk assessment for Afghanistan and Iraq and found that the Department had not prepared mitigation plans for 14 of 32 high-risk areas in Afghanistan and 32 of 52 in Iraq.20 OIG was particularly concerned with the absence of mitigating action plans for high-risk areas concerning oversight of contractor operations. In the last 2 years, OIG has issued four other reports identifying problems related to the high-risk areas of insufficient program managers, contracting officers, CORs, and acquisition workforce personnel.21
In Afghanistan, OIG found that contractors were accepting fuel delivered on behalf of the embassy and thus effectively authorizing payment, which is an inherently governmental function and contrary to the Department’s Foreign Affairs Manual (FAM) regulations. In Iraq, contractors were serving as grants officer’s representatives for one-third (4 out of 12) of the active grants.22
In a review of the Department’s cooperative agreement with Southern Methodist University to support the enhancement of the Department of Psychology at a university in Peshawar, OIG found that the embassy had not properly monitored the award because security concerns prevented Embassy Islamabad’s Public Affairs Section from making required site visits. In addition, one of the objectives had not been completed, and materials and equipment purchased in January 2014 remained unused. The Department deobligated more than $300,000 and focused attention on meeting the agreed-upon objectives.
During an inspection of Embassy Ankara, OIG found that the CORs’ files in Embassy Ankara and Consulate Adana were incomplete.23
Coordination of Programs
A 2016 OIG inspection of Embassy Baghdad’s implementation of Line of Effort 6 in the President’s comprehensive strategy to defeat ISIL found that the post’s public diplomacy activities were not fully integrated with the government-wide effort to “expose ISIL’s true nature” and also operated without formal post-level strategic planning or goals.24 The Department and its interagency partners have made recent changes to improve government-wide implementation of Line of Effort 6 and countering violent extremism efforts in general. The White House established the Global Engagement Center within the Department on March 14, 2016 to coordinate U.S. counterterrorism messaging to foreign audiences.25
OIG also found a lack of coordination of foreign assistance efforts during its inspection of Embassy Cairo. The Department had funded a program in Egypt without the Ambassador’s written approval, and several sections and agencies at the embassy were generally unaware of a standard procedure for obtaining written Chief of Mission approval.26
3. Information Security and Management
The Department depends on information systems and electronic data to carry out essential mission-related functions. These information systems are subject to serious threats that can have adverse effects on organizational operations, assets, individuals, and the nation. Although the Department has spent substantial resources in this area, IT security and management continues to be a significant management challenge. We provide examples below of our work on this topic.
In FY 2016, OIG reported significant weaknesses in the Department’s cybersecurity incident response and reporting program.27 The Department’s efforts to respond to incidents (including denial-of-service, malicious code, and unauthorized access) showed that it had not complied with its own information security policies in more than 55 percent of the incidents that OIG reviewed.
In its management assistance report on the Department’s Active Directory (AD), OIG determined that 74 percent of more than 2,500 inactive accounts were inactive for more than 1 year, and the remaining accounts were inactive for greater than 90 days.28 This occurred, in part, because the Department does not have a centralized process for AD account management.
OIG continued to find deficiencies in Department IT contingency planning at overseas posts, identifying a lack of IT contingency planning in 69 percent (20 out of 29) of overseas inspections performed during FYs 2014 and 2015.29
Additionally, OIG found that the Department’s Chief Information Officer (CIO), who is the head of the Bureau of Information Resource Management (IRM), is not properly positioned to ensure that the Department’s information security program is effective. Under the Department’s current organizational reporting structure, the CIO reports to the Under Secretary for Management. DS reports separately to the Under Secretary for Management. Under this reporting structure, DS and any other bureau or office reporting to the Under Secretary for Management are not required to communicate information security risks to IRM.30
Electronic Records Management
In FY 2016 OIG identified records management deficiencies at many levels of the Department. In addition to issues in the Office of the Secretary, two domestic bureaus were found to have noncompliant records management programs,31 and several posts overseas inconsistently employed the Department’s official record email tool.32
During its review of issues associated with records preservation and the use of personal hardware and software by five Secretaries of State, OIG determined that email usage and preservation practices varied across the tenures of the five most recent Secretaries and that compliance with statutory, regulatory, and internal requirements varied as well.33
OIG’s 2016 evaluation of the Department’s Freedom of Information Act (FOIA) processes found that searches performed by the Office of the Secretary did not consistently meet statutory and regulatory requirements for completeness, rarely met requirements for timeliness, and were occasionally found to be inaccurate.34 A lack of management oversight, an absence of written policies and procedures, and a lack of training appeared to contribute to these deficiencies.
IT Investment Planning and Management
IT investments can have a dramatic effect on an organization’s performance. Well-managed IT investments that are selected carefully and focus on meeting mission needs can propel an organization forward, dramatically improving performance while reducing costs.35
In FY 2016, OIG reported on the Department’s process for selecting and approving IT investments and found that the Department did not require bureaus to assess the potential duplication of planned IT acquisitions.36 Also, the Department generally did not select IT investments in accordance with the process it had designed or with Office of Management and Budget (OMB) requirements, resulting in duplicative IT investments and a lack of visibility into the Department’s IT portfolio.
OIG also reported that the Department did not always report to OMB accurate and complete information on its IT investments. This occurred primarily because the process to prepare the reports is manual and involves numerous users across the Department; insufficient IRM oversight of the reporting process further exacerbated the problem.37
OIG’s annual assessment of the Department’s Information Security Program identified numerous control weaknesses that significantly affected program effectiveness and increased the Department’s vulnerability to cyberattacks and threats.38 In an inspection of IRM’s Vendor Management Office (VMO), OIG found a lack of consistent implementation of iSchedule, a system that provides the framework for integrating IT project schedules. This inconsistent use of iSchedule results in inadequate bureau coordination and incomplete project data and limits visibility on projects, activities, and risk.
4. Oversight of Contracts and Grants
For FY 2016, the Department spent approximately $22 billion on contracts, grants, and cooperative agreements. For FY 2016, OIG issued four management assistance reports addressing the Department oversight of contracts and grants, and OIG’s Office of Investigations opened 31 cases related to contract and procurement fraud. As the Department engages in increasingly complex acquisitions to procure needed services and supplies and awards grants to support U.S. foreign policy goals, the Department continues to face challenges in the proper management, oversight, and accountability of these instruments around the globe.
An OIG inspection of IRM’s VMO found that it was difficult for the office to compel some of the CORs and government technical monitors (GTMs) to follow its procedures and processes. The inspection and a subsequent audit also concluded that the processes used by IRM employees to calculate and validate contractor qualifications and the amount of performance incentive payments were inconsistent, time consuming, and manual.39 These inconsistent reviews by GTMs resulted in the Department paying performance incentive fees to Vanguard contractors without complete validation of their performance metrics.40 The VMO also performed some contract administration duties for the $3.5 billion Vanguard acquisition without formal delegation from the contracting officer or an adequate document retention policy.
OIG identified several lapses in internal contract management controls. For example, inspectors in Cairo found that the embassy did not prepare an annual acquisition plan, neglecting to incorporate market research to identify the best contract method for competition and possible cost savings. In addition, embassy procurement files did not comply with Federal regulations requiring documentation of sole source justifications.41 Management lapses also significantly contributed to incidents of contract fraud at several posts overseas. For example, a joint investigation by OIG and DS uncovered a large-scale theft of approximately $2.3 million in diesel fuel from Embassy Tbilisi.
Grants management also remains a challenge for the Department. In FY 2016 OIG published 9 reports concerning grants and included 14 formal recommendations to improve monitoring, reporting, documentation, and overall grants coordination.
Monitoring of Grantee Performance and Financial Management
Monitoring is a key component of performance management. It helps measure progress against goals and indicators of performance, reveals whether desired results are occurring, and confirms whether implementation is on track.42 Financial monitoring should include site visits to review recipients’ financial policies and procedures, financial management controls, and supporting documentation.43 OIG audits and inspections of Department grants identified the need for improved management and monitoring of grantees.
During its inspection of Embassy Tashkent, OIG found that the embassy did not document its risk management actions on grants it awarded, did not create performance monitoring plans, and did not document grant performance reporting. Similarly, OIG found that embassies Ashgabat and Tegucigalpa did not have performance monitoring plans or did not document performance for all grants. In Embassy Ashgabat, the grants officer and grants officer representatives told OIG that the embassy monitored grantee performance but did not document that monitoring.44
An audit of the financial management grants and cooperative agreements supporting the Middle East Partnership Initiative found that the Bureau of Near Eastern Affairs’ grant monitoring process was not designed to prevent or detect unallowable or unsupported costs. In a final example, an audit of the Bureau of Political-Military Affairs found that the lack of grantee oversight made it difficult for the Bureau to ensure that award recipients were using funds to support its overall mission and programs.45
5. Financial Management
The Department manages one of the U.S. Government’s most complex financial operations and, to its credit, received an unmodified (“clean”) audit opinion on its FY 2014 and FY 2015 financial. Accordingly, OIG’s efforts with respect to this management challenge focused on helping the Department identify remaining vulnerabilities to fraud, waste, and abuse.
Shortcomings in Processes Used to Identify Management Control Deficiencies
Effective management control systems play a key role in ensuring that the Department produces accurate financial statements and is able to achieve its objectives through effective stewardship of public resources. In FY 2016, OIG identified deficiencies in processes used to identify management control deficiencies.
During an inspection of the Bureau of International Organizations, OIG found that it had not analyzed management controls related to all of its programs and activities before reporting, through the statement of assurance process, that no material weaknesses or significant deficiencies existed.46 OIG found that guidance sent to bureaus and embassies on the statement of assurance process was insufficient, that coordination between and among bureaus on management control deficiencies was lacking, and that areas of significant risk were not shared with bureaus and missions.47 Similarly, OIG’s review of the Bureau of Consular Affairs’ process for identifying control weaknesses at overseas missions found that it was not designed to meet governing management control standards.48 Data collected was not aggregated or analyzed to help mitigate risk, data was not shared with higher-level management, and data did not allow for continuous monitoring of consular operations.
Lapses in Management Controls
The Independent Auditor’s Report on Internal Control Over Financial Reporting noted the following significant deficiencies: financial reporting, property and equipment, budgetary accounting, validity and accuracy of unliquidated obligations (ULOs), and information technology.49 The independent auditor’s report on the Department’s 2014 and 2015 financial statements noted that the Department’s internal controls were not effective to ensure that ULOs were consistently and systematically evaluated for validity and deobligation. In addition, funds that could have been used for other purposes may have remained in unneeded obligations.50
In addition, OIG found that the efforts of the Bureau of International Organization Affairs to evaluate $340 million in foreign assistance voluntary contributions paid to international organizations were insufficient.51 This follows an earlier OIG review that determined that 16 of 39 bureaus had not conducted program evaluations as required and that some bureaus did not consistently incorporate evaluation findings into the budget and strategic planning processes.52
OIG found consular sections that did not comply with the Department’s line of sight standards.53 In addition, the Department had not yet complied with a 2015 OIG recommendation that the Department revise decision criteria for tenure and promotion in the Foreign Service to ensure that mid- and senior-level Foreign Service Officers address misconduct by their subordinates.
Vulnerabilities in the Purchase Card Program
In an assessment of the Department’s purchase card program, OIG concluded that the risk of illegal, improper, or erroneous use in the program is “high” based on a variety of factors, including the large size of the program, the absence of internal controls, a lack of training, results from previous audits, OIG’s Office of Investigations observations, and violation reports.54
OIG’s management assistance report on the Department’s annual purchase card program reviews found that 53 percent of overseas purchase card coordinators in FY 2014 either failed to perform mandatory annual reviews of their purchase card programs or did not respond to a request for that information.55 In FY 2016, OIG also found a lack of enforcement in advance-approval of purchase card actions56 and an absence of annual purchase card reviews and card holder training.57 The Department’s Bureau of Administration does not monitor bureau and post compliance with the annual purchase card review requirement.
1 OIG, Audit of Local Guard Force Contractors at Critical- and High-Threat Posts (AUD-SI-16-33, April 2016). (back to text)
2 OIG, Inspection of Embassy Tashkent (ISP-I-16-12A, March 2016); OIG, Inspection of Embassy Ashgabat (ISP-I-16-13A, March 2016). (back to text)
3 OIG, Inspection of Embassy Kinshasa (ISP-I-16-19A, June 2016). (back to text)
4 OIG, Improvements Needed to Strengthen Vehicle-Fueling Controls and Operations and Maintenance Contract at Embassy Kabul, Afghanistan (AUD-MERO-16-35, April 2016). (back to text)
5 OIG, Inspection of Embassy Ashgabat (ISP-I-16-13A, March 2016). (back to text)
6 OIG, Management Assistance Report: Armored Vehicle Training (ISP-16-17, July 2016). (back to text)
7 Ibid. (back to text)
8 OIG, Compliance Follow-up Audit of the Process to Request and Prioritize Physical Security-Related Activities at Overseas Posts (AUD-ACF-16-20, December 2015). (back to text)
9 OIG, Compliance Follow-up Audit of the Process to Request and Prioritize Security-Related Activities at Overseas Posts (AUD-ACF-16-20, December 2015). (back to text)
10 OIG, Inspection of Bureau of Diplomatic Security, Directorate of International Programs (ISP-I-16-07, February 2016). (back to text)
11 OIG, Inspection of Embassy Kinshasa (ISP-I-16-19A, June 2016); OIG, Inspection of Embassy Cairo (ISP-I-16-15A, April 2016). (back to text)
12 OIG, Inspection of Embassy Kinshasa (ISP-I-16-19A, June 2016); OIG, Inspection of Embassy Cairo (ISP-I-16-15A, April 2016); OIG, Inspection of Bureau of Energy Resources (ISP-I-16-06, February 2016). (back to text)
13 OIG, Improvements Needed to Strengthen Vehicle-Fueling Controls and Operations and Maintenance Contract at Embassy Kabul, Afghanistan (AUD-MERO-16-35, April 2016). (back to text)
14 OIG, Management Alert: Hazardous Electrical Current in Office and Residential Buildings Presents Life, Health, and Safety Risks at U.S. Embassy Kabul, Afghanistan (MA-16-01, April 2016). (back to text)
15 OIG, Inspection of the Bureau of Diplomatic Security, Directorate of International Programs (ISP-I-16-07, February 2016). (back to text)
16 OIG, Audit of Task Orders for the Union III Compound Awarded Under the Operations and Maintenance Support Services Contract (AUD-MERO-16-41, July 2016). (back to text)
17 OIG, Management Assistance Report: Improper Use of Overtime and Incentive Fees under the Department of State Baghdad Life Support Services (BLiSS) Contract (AUD-MERO-16-08, November 2015). (back to text)
18 OIG, Audit of Bureau of Diplomatic Security Worldwide Protective Services Contract Task Order 3—Baghdad Embassy Security Force (AUD-MERO-16-28, February 2016); OIG, Audit of Bureau of Diplomatic Security Worldwide Protective Services Contract Task Order 8 – Security Services at U.S. Consulate Erbil (AUD-MERO-16-30, March 2016). (back to text)
19 OIG, Evaluation of Bureau of Democracy, Human Rights, and Labor Iraq Programs in Support of Line of Effort 1 of the President’s Counter-ISIL Strategy (ISP-16-09, March 2016). (back to text)
20 OIG, Additional Actions are Needed to Fully Comply with Section 846 of the National Defense Authorization Act for Fiscal Year 2013 Concerning Critical Environment Contracting (AUD-MERO-16-50, September 2016). (back to text)
21 OIG, Audit of the Bureau of Diplomatic Security Worldwide Protective Services Contract Task Order 3—Baghdad Embassy Security Force (AUD-MERO-16-28, February 2016); OIG, Audit of the Bureau of International Narcotics and Law Enforcement Affairs Aviation Support Services Contract in Iraq (AUD-MERO-15-35, July 2015); OIG, Audit of the U.S. Mission Iraq Medical Services Contract (AUD-MERO-15-25, May 2015); OIG, Audit of Vehicle-Fueling Controls and Operations and Maintenance Contract at Embassy Kabul, Afghanistan (AUD-MERO-16-35, April 2016). (back to text)
22 OIG, Improvements Needed to Strengthen Vehicle-Fueling Controls and Operations and Maintenance Contract at Embassy Kabul, Afghanistan (AUD-MERO-16-35, April 2016); OIG, Evaluation of Bureau of Democracy, Human Rights, and Labor Iraq Programs in Support of Line of Effort 1 of the President’s Counter-ISIL Strategy (ISP-16-09, March 2016). (back to text)
23 OIG, Inspection of Embassy Ankara, Turkey (ISP-I-16-24A, September 2016). (back to text)
24 OIG, Evaluation of Embassy Baghdad’s Implementation of Line of Effort 6 in the President’s Strategy to Counter ISIL: Exposing ISIL’s True Nature (ISP-I-16-10, March 2016). (back to text)
25 Executive Order 13721, “Developing an Integrated Global Engagement Center to Support Government-wide Counterterrorism Communications Activities Directed Abroad and Revoking Executive Order 13584” (March 14, 2016). (back to text)
26 OIG, Inspection of Embassy Cairo (ISP-I-16-15A, April 2016). (back to text)
27 OIG, Management Assistance Report: Department of State Incident Response and Reporting Program (AUD-IT-16-26, February 2016). (back to text)
28 OIG, Management Assistance Report: Inactive Accounts Within the Department of State’s Active Directory (AUD-IT-16-37, June 2016). (back to text)
29 OIG, Management Assistance Report: Continued Deficiencies Identified in Information Technology Contingency Planning (ISP-I-16-05, February 2016). (back to text)
30 OIG, Audit of the Department of State Information Security Program (AUD-IT-16-16, November 2015). (back to text)
31 OIG, Inspection of the Bureau of International Organization Affairs (ISP-I-16-02, October 2015); OIG, Inspection of the Bureau of Energy Resources (ISP-I-16-06, February 2016). (back to text)
32 OIG, Inspection of Embassy Tashkent (ISP-I-16-12A, March 2016); OIG, Inspection of Embassy Cairo (ISP-I-16-15A, April 2016); OIG, Inspection of Embassy Tegucigalpa (ISP-I-16-21A, August 2016); OIG, Inspection of Kinshasa (ISP-I-16-19A, June 2016). (back to text)
33 OIG, Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements (ESP-16-03, May 2016). (back to text)
34 OIG, Evaluation of the Department of State’s FOIA Processes for Requests Involving the Office of the Secretary (ESP-16-01, January 2016). (back to text)
35 OIG, Audit of the Department of State Process to Select and Approve Information Technology Investments (AUD-FM-16-31, March 2016). (back to text)
36 Ibid. (back to text)
37 Ibid. (back to text)
38 OIG, Audit of the Department of State Information Security Program (AUD-IT-16-16, November 2015). (back to text)
39 OIG, Audit of Time and Material Expenses and Performance Incentive Payments under the Bureau of Information Resource Management, Vendor Management Office Vanguard Program (AUD-CGI-16-34, May 2016). (back to text)
40 OIG, Inspection of the Bureau of Information Resource, Management, Operations, Vendor Management Office (ISP-I-16-03, October 2015). (back to text)
41 OIG, Inspection of Embassy Cairo (ISP-I-16-15A, April 2016). (back to text)
42 Department of State, Evaluation Policy, January, 2015, p.2. (back to text)
43 OMB, Circular A-110, Subpart C, Section 21 (b)(1) and (3). (back to text)
44 OIG, Inspection of Embassy Ashgabat (ISP-I-16-13A, March 2016). (back to text)
45 OIG, Audit of the Bureau of Political-Military Affairs Federal Assistance Awards (AUD-SI-16-49, September 2016). (back to text)
46 OIG, Inspection of the Bureau of International Organizations (ISP-I-16-02, October 2015). (back to text)
47 OIG, Review of Statements of Assurance Process (ISP-I-15-37, September 2015). (back to text)
48 OIG, Review of the Consular Annual Certification of Management Controls Process (ISP-I-16-01, October 2015). (back to text)
49 OIG, Independent Auditor’s Report on Internal Control Over Financial Reporting (AUD-FM-16-09, November 2015). (back to text)
50 OIG, Independent Auditor’s Report on Closing Package Financial Statements (AUD-FM-16-10, November 2015). (back to text)
51 OIG, Inspection of the Bureau of International Organization Affairs (ISP-I-16-02, October 2015). (back to text)
52 OIG, Review of Department of State Compliance with Program Evaluation Requirements (ISP-I-15-36, September 2015). (back to text)
53 OIG, Inspection of Embassy Tashkent (ISP-I-16-12A, March 2016); OIG, Inspection of Embassy Ashgabat (ISP-I-16-13A, March 2016). (back to text)
54 OIG, Information Report: Department of State 2015 Purchase Card Risk Assessment (AUD-FM-16-23, December 2015). (back to text)
55 OIG, Management Assistance Report: Annual Purchase Card Program Reviews (ISP-I-16-04, January 2016). (back to text)
56 OIG, Inspection of the Bureau of International Organizations (ISP-I-16-02, October 2015). (back to text)
57 OIG, Inspection of Embassy Cairo (ISP-I-16-15A, April 2016). (back to text)