Insufficient Oversight of Public International Organizations Puts U.S. Foreign Assistance Programs at Risk

Audit Report
Report Number
8‐000‐18‐003‐P

The Syrian civil war and the rise of ISIS left 23.5 million people in the surrounding areas in need of humanitarian assistance at the end of 2016. Providing this assistance presented substantial access, security, program implementation, and oversight challenges, and USAID provided a reported $2.6 billion between January 2012 and March 2018 to large multilateral public international organizations (PIOs) to help implement programs, coordinate the international response to the crisis, and collect data on the needs of people on the ground. In 2016, USAID’s Inspector General testified that implementers and vendors in the region were subject to major fraud schemes. As of January 2018, OIG investigations in the region have resulted in the suspension or debarment of several dozen individuals and organizations, 20 personnel actions, and the suspension of $239 million in program funds under investigation. USAID’s use of PIOs extends beyond the Iraq and Syria region, with the Agency relying on PIOs to advance its humanitarian assistance and development goals throughout the world.

Unique provisions of Federal law and international arrangements enable PIOs to receive Federal funds with less oversight or fewer restrictions than nongovernmental organizations and contractors. However, USAID’s approach to overseeing PIOs has not included comprehensively identifying, assessing, and managing risks related to working with PIOs, such as risks posed by terrorist groups that seek to benefit from USAID assistance. Further, USAID’s PIO policy and accompanying processes and guidance do not align with Federal internal control standards. These policy weaknesses exacerbate the challenges of overseeing PIOs working in nonpermissive, long‐term crisis environments such as Syria and Iraq where PIO awards can continue for multiple years. In such cases, USAID exposes foreign assistance funds to increased risk of fraud, waste, and abuse because the awards were not designed with the internal control standards appropriate for these contexts.

We made, and USAID agreed with, six recommendations for the Agency to establish comprehensive PIO policies that codify and clarify the processes for risk management and strengthen oversight of these awards.

Recommendations

Recommendation 1

USAID develop a comprehensive risk management policy for assessing and mitigating risk for PIO awards. The policy should inform staff on risk tolerances and risk categories; provide a framework and guidance on how and when to assess risks, develop risk responses, and assign mitigating controls based on risks; and clearly communicate roles and responsibilities for carrying out risk management across the Agency.

Questioned Cost:
$0
Recommendation 2

USAID establish a dedicated, centralized entity with the authority and resources to assess and address (1) PIO performance, (2) PIO internal oversight effectiveness, (3) other crosscutting PIO oversight methods, and (4) oversight units operating across multiple organizations, using information from across the Agency.

Questioned Cost:
$0
Recommendation 3

USAID develop a comprehensive policy that outlines (1) what authority—for example, other transaction authority—will be used to make each PIO award and (2) what corresponding rules and regulations apply, to include the roles and responsibilities for individuals and offices responsible for award management.

Questioned Cost:
$0
Recommendation 4

USAID direct the Office of Foreign Disaster Assistance to (1) review and define its processes for making awards to PIOs to carry out work in long-term crisis environments and (2) update policies to ensure they include standards of internal control related to documenting the internal control system, analyzing risks, designing control activities, and documenting transactions by retaining records.

Questioned Cost:
$0
Recommendation 5

USAID direct the Office of Food for Peace to (1) review and define its processes for making awards to PIOs to carry out work in long-term crisis environments and (2) update policies to ensure they include standards of internal control related to documenting the internal control system, analyzing risks, designing control activities, and documenting transactions by retaining records.

Questioned Cost:
$0
Recommendation 6

USAID Establish requirements for PIOs to notify USAID of suspected and identified serious criminal misconduct in activities funded by USAID to include unlawful actions taken by employees, subpartners, subcontractors, vendors, or other parties. The requirements should specify the process for reporting and criteria for what to report.

Questioned Cost:
$0