This is the accessible text file for GAO report number GAO-14-635 entitled 'State Department: Implementation of Grants Policies Needs Better Oversight' which was released on July 21, 2014. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to the Chairman, Subcommittee on Financial and Contracting Oversight, Committee on Homeland Security and Governmental Affairs, U.S. Senate: July 2014: State Department: Implementation of Grants Policies Needs Better Oversight: GAO-14-635: GAO Highlights: Highlights of GAO-14-635, a report to the Chairman, Subcommittee on Financial and Contracting Oversight, Committee on Homeland Security and Governmental Affairs, U.S. Senate. Why GAO Did This Study: Grants are key tools that State uses to conduct foreign assistance. In fiscal year 2012, State obligated over $1.6 billion worldwide for around 14,000 grants to individuals and organizations for a variety of purposes, such as fostering cultural exchange and facilitating refugee resettlement. However, recent GAO and Inspectors General reports have identified challenges with State's management of these funds. This report examines (1) the policies and guidance that State has established to administer and oversee grants, and (2) the extent to which the implementation of those policies and guidance provides reasonable assurance that funds are being used as intended. GAO analyzed State's policies and guidance, and interviewed cognizant grants officials at 14 bureaus headquartered in Washington, D.C., and three overseas missions (Afghanistan, Cambodia, and Turkey). GAO also conducted file reviews for a sample of 61 grants totaling approximately $172 million. Selection criteria included total dollar value of grants in a country, geographic diversity, and balance among bureaus. What GAO Found: The Department of State (State) has established policies and guidance that provide a supportive environment for managing grants and cooperative agreements (grants). In addition, State provides its grants officials mandatory training on these policies and guidance, and routinely identifies and shares best practices. State's policies are based on federal regulations, reflect internal control standards, and cover topics such as risk assessment and monitoring procedures. State's policies also delineate specific internal control activities that grants officials are required to both implement and document in the grant files as a way of promoting accountability (see figure). Figure: Key Internal Control Activities Required through the Grants Life Cycle: [Refer to PDF for image: illustration] Preaward: * Select and vet potential recipients; * Identify potential risks. Award: * Develop risk mitigation/monitoring plan; * Establish performance measures and indicators. Postaward: * Review activities and performance; * Mitigate identified risks and performance issues. Closeout: * Assess final reports and results; * Reconcile finances. Source: GAO analysis of Department of State data. GAO-14-635. [End of figure] GAO found that inconsistent implementation of policies and guidance weakens State's assurance that grant funds are used as intended. * Inadequate risk analysis. In most of the files GAO reviewed, grants officials did not fully identify, assess, and mitigate risks, as required. For example, officials conducted a risk identification process for 45 of the 61 grants that GAO reviewed. While grants officials identified risk in 28 of those 45 grants, they mitigated risks in only 11. * Poor documentation. Grants officials generally did not adhere to State policies and procedures relating to documenting internal control activities. For example, 32 of the 61 files reviewed did not contain the required monitoring plan. Considerable turnover among grants officials makes documenting internal control activities particularly important. State's periodic management reviews of selected bureaus' and overseas missions' grant operations have also found that key documentation was frequently missing or incomplete and made recommendations to address the problem. However, State has not consistently followed up to ensure the implementation of these recommendations, as internal control standards require. State does not have processes for ensuring compliance with risk analysis and documentation requirements. Without the proper implementation of its internal control policies for grants management, State cannot be certain that its oversight is adequate or that it is using its limited oversight resources effectively. What GAO Recommends: GAO recommends that the Secretary of State develop processes for ensuring that (1) bureaus and missions conduct appropriate risk assessments and (2) grants officials complete required documentation. GAO also recommends that the Secretary of State (3) follow up systematically on recommendations from State's internal reviews of its grants management. State concurred with GAO's recommendations. Contents: Letter: Background: State Has Established Policies and Guidance That Provide a Supportive Environment for Administering and Overseeing Grants: Inconsistent Implementation of State Policies and Guidance Weakens Assurance That Grant Funds Are Used as Intended: Conclusions: Recommendations for Executive Action: Agency Comments: Appendix I: Objectives, Scope, and Methodology: Appendix II: Internal Control Standards as Designed and Implemented in State's Grants Management: Appendix III: Agency Comments: Appendix IV: GAO Contacts and Staff Acknowledgments: Related GAO Products: Tables: Table 1: Top 10 U.S. Department of State Grant-Making Bureaus and Posts by Total Federal Financial Assistance Obligated in Fiscal Year 2012: Table 2: Department of State's Grants Policy Directives (GPD) as of April 2, 2014 and Related Internal Controls: Table 3: Overall Results Relating to Risk Management from GAO File Reviews: Table 4: Control Activities: Overall Results Relating to Monitoring Approach from GAO File Reviews: Table 5: Control Activities: Results Relating to Closeout Activities from GAO File Reviews: Table 6: Results Relating to Information and Communications from GAO File Reviews: Basic Documentation: Table 7: Results Relating to Information and Communications from GAO File Reviews: Justifying Competitive Selection Decisions: Table 8: Results Relating to Information and Communications from GAO File Reviews: Justifying and Documenting Sole-Source Decisions: Table 9: State's Internal Monitoring: Findings from A/OPE's GMRs and GREATs for Bureaus and Posts within GAO's Sample: Figures: Figure 1: Key Internal Control Activities Required Through a Grant's Life Cycle: Figure 2: Grant Sample Compliance with the Various Steps of a Risk Analysis: Figure 3: Key Documentation at Each Phase of a Grant's Life Cycle: Abbreviations: A/OPE: Office of the Procurement Executive: AQM: Bureau of Administration, Office of Acquisitions Management: CFR: Code of Federal Regulations: ECA: Bureau of Educational and Cultural Affairs: GMR: Grant Management Review: GO: grants officer: GOR: grants officer representative: GPD: grant policy directive: GREAT: Grants Review Evaluation and Assistance Trainings: INL: Bureau of International Narcotics and Law Enforcement: ISN: Bureau of International Security and Nonproliferation: NEA/MEPI: Bureau of Near East Affairs, U.S.-Middle East Partnership Initiative: OMB: Office of Management and Budget: PM/WRA: Bureau of Political-Military Affairs, Office of Weapons Removal and Abatement: PRM: Bureau of Population, Refugees, and Migration: [End of section] United States Government Accountability Office: GAO: 441 G St. N.W. Washington, DC 20548: July 21, 2014: The Honorable Claire McCaskill: Chairman: Subcommittee on Financial and Contracting Oversight: Committee on Homeland Security and Governmental Affairs: United States Senate: Dear Madam Chairman: Grants and cooperative agreements are key tools that the U.S. Department of State (State) uses to conduct foreign assistance. State uses them to award assistance to individuals and organizations for a variety of purposes, such as fostering educational and cultural exchanges with citizens of other countries, facilitating refugee resettlement, and developing U.S. allies' law enforcement capacity. In fiscal year 2012, State obligated over $1.6 billion for approximately 14,000 grants and cooperative agreements worldwide. State's Office of the Inspector General and the Special Inspector General for Afghanistan Reconstruction recently reported that State faced challenges overseeing its grants and ensuring that funds were being used as intended.[Footnote 1] In particular, they found deficiencies in certain internal control activities as well as financial reporting. We have also identified challenges and lessons learned for grants management across the federal government in a body of work spanning several decades.[Footnote 2] You asked us to review issues related to State's management and oversight of grants and cooperative agreements. This report examines (1) the policies and guidance that State has established to administer and oversee grants and cooperative agreements, and (2) the extent to which the implementation of those policies and guidance provides reasonable assurance that funds are being used as intended. To address these objectives, we analyzed federal regulations and State's policies and guidance. We interviewed State officials from the Office of the Procurement Executive (A/OPE); the Office of the Deputy Chief Financial Officer, and various functional and regional bureaus and offices headquartered in Washington, D.C.; and three overseas missions to determine how State both designs and implements department- wide internal control policies on grants performance and financial management.[Footnote 3] To further determine how State implements these policies, we selected three case study countries--Afghanistan, Cambodia, and Turkey--based on criteria that included total dollar value of grants in a country, geographic diversity, and balance among the bureaus involved in managing the awards. For these countries we examined a nongeneralizable sample of 48 grants and cooperative agreements by award size and bureau that had obligations in fiscal year 2012.[Footnote 4] In addition, we used the same criteria to draw another nongeneralizable sample of 13 grants managed in Washington, D.C.[Footnote 5] Overall, the 61 grants we reviewed ranged in value from just over $25,000 to $28,000,000, and totaled approximately $172 million.[Footnote 6] Collectively, the grants in our samples were managed by 3 posts and 14 of the 27 grant-making bureaus and offices in State, and included grants by 6 of the top 10 bureaus and posts in terms of total dollar amount obligated for federal financial assistance in fiscal year 2012.[Footnote 7] We developed a data collection instrument that we used to conduct file reviews for the 61 grants. Our file review assessed grants officials' implementation of a selection of State's required internal control activities for grants management, including risk assessment, monitoring of recipients, and documentation of key activities. We also conducted interviews with cognizant grants officials for each of the grants to learn how they implemented grants management policies. To identify any internal control deficiency patterns or trends, we analyzed and compared the data we collected from our file reviews and interviews, and also compared them to the findings from State's internal inspections of grant-making operations. We conducted this performance audit from May 2013 to July 2014 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. A more detailed description of our scope and methodology can be found in appendix I. Background: State Grants Management: Definitions and Key Roles and Responsibilities: Grants and cooperative agreements are assistance instruments used to transfer money, property, or services to accomplish a public purpose. The difference between the two instruments relates to the amount of involvement between the agency and the recipient during performance: when substantial involvement is not anticipated, State uses a grant; otherwise, it uses a cooperative agreement. For the purposes of this report, the term "grants" refers to both grants and cooperative agreements.[Footnote 8] State's grants vary greatly by size and recipient--from grants of less than $100 to help cover an individual's travel expenses, to multi- million dollar grants to, for example, international nongovernmental organizations for democracy-building programs. A/OPE sets department- wide policies related to grants management, and individual bureaus may also develop their own specific policies to supplement those from A/OPE.[Footnote 9] Managing a grant involves a variety of State officials, often from multiple bureaus and posts. The principal grants officials include the following: * The grants officer (GO), who is ultimately responsible for overseeing the grant. * The grants officer representative (GOR), who often has program implementation expertise and assists the GO in overseeing a grant. * The program officer, who, if the GO is from a different bureau, may provide programmatic expertise, primarily during the preaward phase. For example, a program officer may design the grant announcement and assist in selecting recipients. In some cases, the program officer may be designated as the GOR once the grant is awarded to a recipient. * The budget officer, who is responsible for ensuring that the appropriated funds are drawn down correctly. Some GOs and GORs also reported using a grants management specialist or other staff, such as interns, to help them manage certain aspects of their portfolios. The various grants officials involved in the management of a grant may be from different bureaus as well as different locations. Twenty-seven bureaus and offices within State, including the U.S. Mission to the United Nations, have grant-making authority or grant oversight responsibilities. Posts, including embassies and consulates overseas, may also make grants. Ten bureaus and posts accounted for the majority of federal assistance obligations that State made in fiscal year 2012 (see table 1). For those GOs located in Washington, D.C., the GOR is usually located in the principal place of performance, which may be at State headquarters in Washington, D.C.--for cultural exchange programs, for example--or overseas. Eighteen of the 27 bureaus with grant-making authority have their own GOs. Those that do not have GOs or whose GOs do not have a high enough grant-making authority rely on the Office of Acquisitions Management to fulfill the GO role. This office provides a full range of grant management services, including planning, negotiations, cost and price analysis, and administration.[Footnote 10] In those instances, the bureau requesting the grant then generally provides the GOR, program officer, or both to supply program-specific expertise. As of May 2014, there were 571 GOs worldwide, with 503 of them based overseas. Most GOs at posts are Foreign Service Officers with multiple other duties. In addition, Foreign Service Officers usually rotate to another post within 1-3 years, per State's normal operating procedures. This considerable turnover rate means that a single grant may have multiple GOs over its life cycle.[Footnote 11] Table 1: Top 10 U.S. Department of State Grant-Making Bureaus and Posts by Total Federal Financial Assistance Obligated in Fiscal Year 2012: Bureau, office, or post: Bureau of Educational and Cultural Affairs (ECA); Total obligated amount (in U.S. dollars): $397,283,825. Bureau, office, or post: Bureau of Administration, Office of Acquisitions Management (AQM); Total obligated amount (in U.S. dollars): $393,229,481. Bureau, office, or post: Bureau of Population, Refugees, and Migration (PRM); Total obligated amount (in U.S. dollars): $352,658,294. Bureau, office, or post: Bureau of Political-Military Affairs, Office of Weapons Removal and Abatement (PM/WRA); Total obligated amount (in U.S. dollars): $129,243,899. Bureau, office, or post: Bureau of Near East Affairs, U.S.-Middle East Partnership Initiative (NEA/MEPI); Total obligated amount (in U.S. dollars): $90,472,412. Bureau, office, or post: Bureau of International Narcotics and Law Enforcement (INL); Total obligated amount (in U.S. dollars): $69,890,738. Bureau, office, or post: Kabul, Afghanistan; Total obligated amount (in U.S. dollars): $56,381,107. Bureau, office, or post: Islamabad, Pakistan; Total obligated amount (in U.S. dollars): $27,999,681. Bureau, office, or post: Bureau of Near East Affairs, Iraq (NEA/Iraq); Total obligated amount (in U.S. dollars): $16,840,547. Bureau, office, or post: Office to Monitor and Combat Trafficking in Persons; Total obligated amount (in U.S. dollars): $15,850,928. Bureau, office, or post: Total; Total obligated amount (in U.S. dollars): $1,549,850,912. Source: GAO analysis of data from the Department of State. GAO-14-635. Notes: Federal financial assistance includes all grants and cooperative agreements. Our sample of 61 grants included grants managed by ECA, AQM, PRM, INL, PM/WRA, and Kabul. [End of table] State's grants generally follow a life cycle that consists of four phases--preaward, award, postaward, and closeout. In the preaward phase, grants officials develop the program idea, evaluate proposals, and select a recipient. The GO then negotiates the costs of the grant with the recipient and drafts the award document during the award phase. In the postaward phase, grants officials monitor the recipient's progress and disburse payments as appropriate. Finally, in the closeout phase, grants officials assess final programmatic and financial reports and determine any final payments or reimbursements that are necessary. Internal Control Standards Applicable to State Grants Management: Side bar: The Five Standards for internal control: 1. Control environment; 2. Risk assessment; 3. Control activities; 4. Information and communications; 5. Monitoring. Source: GAO. GAO-14-635. [End of side bar] As we have noted in prior reports, effective oversight and internal control are important when awarding and managing federal grants to provide reasonable assurance to federal managers and taxpayers that grants are awarded properly, recipients are eligible, and federal grant funds are used as intended and in accordance with applicable laws and regulations.[Footnote 12] The Standards for Internal Control in the Federal Government (the federal standards) sets forth the standards that provide the overall framework for establishing and maintaining internal control and for identifying and addressing major performance and management challenges and areas at greatest risk of fraud, waste, abuse, and mismanagement.[Footnote 13] * Control environment: Management and employees should establish and maintain an environment that sets a positive and supportive attitude toward internal control and conscientious management. A positive control environment is the foundation for all other standards. * Risk assessment: Internal control should provide for an assessment of the risks the agency faces from both external and internal sources. Risk assessment is the identification and analysis of relevant risks associated with achieving the agency's objectives and forming a basis for determining how risks should be managed. * Control activities: Internal control activities help ensure that management's directives are carried out. Control activities are the policies, procedures, techniques, and mechanisms that enforce management's directives. They help ensure that actions are taken to address risks, and they are integral to the stewardship of government resources and achieving effective results. * Information and communications: Information should be recorded and communicated to management in a form and within a time frame that enables management to carry out its internal control and other responsibilities. * Monitoring: Internal control monitoring should assess the quality of performance over time and ensure that any issues are promptly resolved. State Has Established Policies and Guidance That Provide a Supportive Environment for Administering and Overseeing Grants: State has established a core set of policies and guidance incorporating federal regulations for administering and overseeing grants. A/OPE has established policies and training to further assist grants officials as they implement the department's policies and to reduce wasteful spending in government. A/OPE has taken steps to improve its policies, revising many of them since their issuance. State has provided these policies, as well as training and other support, to staff to encourage effective grant management throughout the life cycle of a grant. State's Policies Incorporate Federal Regulations: State's grant management policies incorporate requirements established in federal regulations and guidance, which are codified in the Code of Federal Regulations (CFR).[Footnote 14] These regulations are based on Office of Management and Budget (OMB) circulars on grants and cooperative agreements with nongovernmental organizations and institutions of higher education as well as with state and local governments. OMB circulars provide guidance to grants officials for implementing rules regarding allowable costs, program purposes, and financial management procedures.[Footnote 15] In addition, the authorities for specific assistance programs may provide requirements for associated grants.[Footnote 16] OMB guidance and regulations contained in the CFR inform State's policies for grants management. State collects and articulates the department's policies in the Foreign Affairs Manual and its associated handbooks. This manual assigns A/OPE the authority to prescribe acquisition and assistance policies, regulations and procedures for State.[Footnote 17] State officials told us that A/OPE also works closely with the Office of the Deputy Chief Financial Officer to develop policies related to the financial management of grants. Since 1992, A/OPE has issued 59 grants policy directives to provide additional guidance specific to State's staff explaining how they should conduct grants management in accordance with federal regulations.[Footnote 18] A/OPE has issued or revised more than half of these policies since 2008, creating at least two of them in response to concerns from its Inspector General and us about State's internal controls for grants management.[Footnote 19] State's Policies and Guidance Establish Internal Controls throughout the Grant Life Cycle: Side bar: The Five Standards for Internal Control: 1. Control environment: sets a positive and supportive attitude; toward internal control and conscientious management; 2. Risk assessment; 3. Control activities; 4. Information and communications; 5. Monitoring. Source: GAO. GAO-14-635. [End of side bar] State's policies and guidance help establish a control environment framework for grants management. Two of the directives related to risk assessment, for example, directly cite the federal standards, which call on federal agencies to identify risks as part of a positive internal control environment. State's policies also provide guidance for implementing key internal control activities throughout the life cycle of a grant, such as approval of the monitoring plan or review of quarterly or annual reports (see fig. 1). Figure 1: Key Internal Control Activities Required Through a Grant's Life Cycle: [Refer to PDF for image: illustration] Preaward: Key required internal control activities: * Select and vet potential recipients; * Identify potential risks. Award: Key required internal control activities: * Develop risk mitigation/monitoring plan; * Establish performance measures and indicators. Postaward: Key required internal control activities: * Review activities and performance; * Mitigate identified risks and performance issues. Closeout: Key required internal control activities: * Assess final reports and results; * Reconcile finances. Source: GAO analysis of Department of State data. GAO-14-635. [End of figure] State's control environment also includes a variety of additional guidance, including mandatory training, "best practices" dissemination, and online resources. * Training: State offers its staff several grants management courses, covering such topics as monitoring and evaluation, cost principles, and ethics. GOs must take at least 24 hours of grants management training, and GORs must take both an introduction and a monitoring course to obtain certification.[Footnote 20] Both must update their training with at least 16 hours of courses every 3 years. Some courses are also available online, and A/OPE has worked with several bureaus to hold training focused on their specific needs. In addition, A/OPE occasionally offers regional or post training in the field, depending on resources, and has recently begun holding webinars to train and answer questions from grants officials overseas.[Footnote 21] * Best practices dissemination: According to State officials, A/OPE began holding quarterly meetings in 2004 for grants officials throughout the department to both raise issues and share best practices. More recently, A/OPE has begun to offer a 2-day course twice a year in lieu of the quarterly meetings. The course offers an update on trends and regulation changes as well as a refresher on grants administration and policy. * Online resources: Finally, State has a number of Intranet resources available for grants officials. Beyond distance learning courses, A/OPE also has sample templates for a variety of grant documentation, including a preaward survey, financial management survey, risk assessment tool, and several types of monitoring reports. An A/OPE official told us A/OPE is currently updating the Federal Assistance Policy Manual, which will provide additional guidance for the entire grant life cycle.[Footnote 22] Furthermore, bureaus and posts are allowed to design guidance appropriate to the varying circumstances surrounding their grants. For example, three of the bureaus and two of the posts in our sample have developed their own risk assessment checklists. State guidance also directs grants officials to document key internal control activities throughout the life cycle of a grant, including the use of funds, the recipient's progress, and the grants officials' assessment of that progress. State has several policies either dedicated to documentation or requiring documentation. For example, one policy describes the roles and responsibilities for both the GOs and the GORs, listing what information they must document as well as where and at what phase in the grant life cycle they should document it.[Footnote 23] For certain internal control activities, State has created additional policies with detailed documentation and reporting requirements. The policies cover topics such as competition versus sole source decisions, risk identification and assessment processes, and developing monitoring plans. These policies also include sample templates outlining various approaches to documenting these activities. Under State guidance, bureaus and posts may tailor these policies to their specific needs. Given the considerable turnover rate of GOs who are Foreign Service Officers, as well as the fact that grants management is not often their primary task, a strong internal controls environment is essential for accountability. Inconsistent Implementation of State Policies and Guidance Weakens Assurance That Grant Funds Are Used as Intended: State has not consistently implemented the risk analysis and documentation of internal controls required by grants management policies and guidance, a fact that weakens assurance that grant funds are used as intended. In particular, grants officials have not adhered consistently to State's policies about identifying, assessing, and mitigating risks associated with the grants we reviewed. Furthermore, grants officials do not always document the implementation of key internal controls activities as required. State has established procedures for assessing grants officials' implementation of its internal controls. In conducting these reviews, A/OPE found insufficient documentation in the grant files at all 10 of the bureaus and posts that were also in our review and recommended solutions, but did not systematically follow up to ensure that the bureaus and posts had implemented them. Grants Officials Often Did Not Conduct Required Risk Analysis: Side bar: The Five Standards for internal control: 1. Control environment; 2. Risk assessment: the identification and analysis of relevant risks associated with achieving the agency's objectives and forming a basis for determining how risks should be managed; 3. Control activities; 4. Information and communications; 5. Monitoring. Source: GAO. GAO-14-635. [End of side bar] Grants officials responsible for the files in our sample often did not adhere to State's policies on risk assessment. Federal standards define risk assessment as "the identification and analysis of relevant risks associated with achieving the [agency's] objectives." A risk analysis helps ensure that grants officials undertake the necessary control activities and use oversight resources appropriately. State's policy on risk management further elaborates that risk assessment should begin in the preaward phase and continue throughout the grant life cycle. Furthermore, it states that a risk management plan must include identification, assessment, and monitoring and mitigation of risk. In most of the files we reviewed, however, we did not find evidence that grants officials had fulfilled these requirements, as described below. * Risk identification: State's policies require grants officials to carry out a comprehensive review of potential recipients to identify risks. Risk factors could include a lack of stable financial infrastructure or experience in managing a U.S. government grant, past performance problems, an unusual or difficult environment, responsibility for a large amount of funds, and concern the organization might be involved in terrorist activities. Of the 61 grant files we reviewed, 45 showed that grants officials had at least partially undertaken a risk identification process.[Footnote 24] However, 33 of these were missing key elements of a risk identification process, such as a review of the recipient's financial systems and internal controls. * Risk assessment: State policy requires grants officials to exercise a greater level of oversight for high-risk versus low-risk grants; however, we found in our file reviews that grants officials often did not assess identified risks to determine the grants' risk level. Of the 45 grants that underwent a risk identification process, 28 had risks identified. However, only 15 of those 28 grants that identified risks also included at least a partial assessment of risks, such as a preaward checklist at one post that included some questions about prior federal grant management experience and other past performance issues. In addition, while State has established a variety of guidance on risk assessment, the wording of the guidance is not consistent in certain aspects, such as assessment of external risk factors. For example, while one of the grants policy directives lists Transparency International's Corruption Perception Index as a risk assessment resource, none of A/OPE's sample risk assessment templates mention the index or corruption in general.[Footnote 25] In another example, we found that a grant to support civil society had received a "low-risk" determination, based on calculations from a risk assessment checklist, although grants officials remarked in the notes section of the checklist that corruption was rampant in that country. Since corruption was not an element of the checklist itself, it did not factor into the overall risk-level determination--nor was it reflected anywhere else in the grant file documentation.[Footnote 26] * Risk mitigation: State policies require grants officials to document how they will mitigate, or address, identified risks, including by preparing and implementing a monitoring plan. Of the 15 grants that showed both identification and assessment of risks, 11 showed at least partial mitigation of those risks (see fig. 2). Of the remaining 4 grants that showed no risk mitigation, 1 included an audit report identifying significant financial management risks, such as noncompliance with allowable costs, on the part of the grant recipient.[Footnote 27] The grants officials, however, did not reflect these risks in a risk mitigation or monitoring plan. In two other grant files we reviewed, grants officials identified allegations of prior financial mismanagement, but awarded the grant without addressing how the risk would be mitigated. Furthermore, State's various risk-related guidance does not clearly emphasize the importance of linking risk assessment to monitoring. Federal standards state that risk analysis generally includes deciding how to manage the risk and what actions should be taken. Of the five sample monitoring templates that A/OPE has developed, however, three do not mention risk.[Footnote 28] Grants officials who use these templates, therefore, may not make the link between monitoring and risk. For example, of the 13 grants from two bureaus in our sample that had developed their own risk assessment checklists based on A/OPE's templates, we found that 7 did not reflect risks identified in a monitoring plan. Moreover, of the 23 grants in our sample overall that had assessed risks and had a monitoring plan, only 10 reflected the risks in the plan. Figure 2: Grant Sample Compliance with the Various Steps of a Risk Analysis: [Refer to PDF for image: stacked vertical bar graph] Universe of 61 grants: Undertook required risk identification process: At least partially compliant: 45; Noncompliant: 16. Identified risks: At least partially compliant: 28; No risks identified: 17. Completed required assessment of risks identified: At least partially compliant: 15; Noncompliant: 13. Completed required mitigation of risk: At least partially compliant: 11; Noncompliant: 4. Source: GAO analysis of Department of State data. GAO-14-635. [End of figure] Without identifying and assessing risks, it may be difficult for State to determine whether there are any observable impediments to the recipient's effective management of State funds that would need to be mitigated. Determining which grants warrant greater oversight and which require less helps managers ensure the appropriate allocation of resources for safeguarding grant funds. Grants Officials Often Did Not Document Control Activities: Side bar: The Five Standards for internal control: 1. Control environment; 2. Risk assessment; 3. Control activities: the policies, procedures, techniques, and mechanisms that enforce management's directives; 4. Information and communications: Information should be recorded and communicated to management in a form and within a time frame that enables them to carry out their internal control and other responsibilities; 5. Monitoring. Source: GAO. GAO-14-635. [End of side bar] Grants officials in the sample of grants we reviewed generally did not adhere to State policies and procedures relating to documenting control activities. Federal standards call for the clear, prompt, and accurate documentation of internal control and all other significant events, including risk assessments and monitoring activities, and state that this documentation should be readily available for examination. State guidance directs grants officials to document key internal control activities throughout the life cycle of a grant, including the use of funds, the recipient's progress, and the grants officials' assessment of that progress (see fig. 3). To support officials as they implement this guidance, State has created multiple systems for organizing, retaining, and sharing information about grants, whether the files are in electronic or hard copy form. Documenting grant management activities is particularly important because of grants officials' considerable turnover rate, which can leave newly assigned grants officials dependent on files to determine what control activities are required and which have been conducted. Figure 3: Key Documentation at Each Phase of a Grant's Life Cycle: [Refer to PDF for image: illustration] Preaward: Key required internal control activities: * Select and vet potential recipients; * Identify potential risks; Key documentation requirements: * Internal control checklist; * Competition announcement or sole source justification; * Document risk assessment. Award: Key required internal control activities: * Develop risk mitigation/monitoring plan; * Establish performance measures and indicators; Key documentation requirements: * Internal control checklist; * Notice of Award; * Monitoring plan. Postaward: Key required internal control activities: * Review activities and performance; * Mitigate identified risks and performance issues; Key documentation requirements: * Internal control checklist; * Document review of progress reports; * Site visit reports; * Key correspondence; * Document risk assessment. Closeout: Key required internal control activities: * Assess final reports and results; * Reconcile finances; Key documentation requirements: * Internal control checklist; * Document review of final reports; * Closeout memo. Source: GAO analysis of Department of State data. GAO-14-635. [End of figure] However, the grant files we reviewed did not consistently document key grant activities as required, to demonstrate that internal controls had been implemented. In many of the files we reviewed, required documents were missing from the official file or incomplete, as described below. * Internal control checklist: State requires each grant file to contain a checklist, which grants officials are supposed to use to document the completion of many internal control activities throughout the grant's life cycle. These activities include vetting recipients, identifying the amount of funds and project duration, identifying key contacts at State and the recipient organization, and tracking receipt of information from the recipient about progress made and costs incurred. State's training further emphasizes the importance of keeping all sections of this checklist current to assist managers in monitoring grants and ensure that they fulfill the U.S. government's obligation to grant recipients. However, 17 out of the 61 files we reviewed did not contain this checklist, and only about 11 percent (5 out of 44) of the forms that did exist were completely filled out. [Footnote 29] * Grant award justification: State requires grant files to contain a justification for awarding any grants without a full and open competition.[Footnote 30] However, for the 24 grants in our sample that were sole-sourced, 7 did not contain this justification. * Monitoring plans: State policies require grants officials to prepare a monitoring plan to measure the recipient's progress toward achieving the grant's goals and objectives and ensure that the recipient complies with the grant agreement. The grants officials must use the plan to indicate the type and frequency of monitoring they will conduct given the risks involved and the resources available for these activities. However, about half of the files we reviewed (32 of the 61) did not contain a monitoring plan. Furthermore, some of the 29 plans that were documented did not address key aspects of monitoring the terms and conditions of the grant agreement, such as risk analysis and evaluation. For example, 3 of the 29 documented plans we reviewed did not describe how the GO planned to monitor progress toward the grant's specific goals and objectives. * Monitoring activities conducted: While most of the files contained evidence of some monitoring activities, such as e-mail communication with recipients, this monitoring did not completely adhere to State's guidance. Of the 29 documented monitoring plans, the evidence showed that grants officials had fully executed 8 of them and partially executed an additional 10. For example, some of the partially executed plans indicated that the grants officials were to conduct site visits and review recipient reports, but the grant files showed that the grants officials had closed the grants without documenting any evidence of these planned monitoring activities. Regardless of whether grants had monitoring plans, we found that only 16 of the 61 files contained evidence that the grants officials had completed the required review of all the recipient's financial and programmatic reports to monitor for key information--including verifying timely progress toward the goals, as well as identifying and addressing any delays or inappropriate expenditures. Another 24 of the 61 files contained evidence that grants officials had done partial reviews of these reports. These reviews, as well as reviews of the final recipient reports, are required to close an award, but we found four awards that GOs had closed without evidence that they had reviewed the recipient's final reports. On more than one occasion, State had difficulty providing required internal control documentation to us, either because a grants official was on leave or had moved on to another post. For example, we identified incomplete documentation in some award files at one post, including missing final financial and programmatic reports. Three months after our site visit, the GO still could not produce the documents, because the grants management specialist whose computer's hard drive contained the documents was on extended leave. Two other GOs we interviewed said the files they inherited did not contain required documents, such as the approval forms from bureau headquarters for awards exceeding $25,000. Without documentation such as the internal control checklist, the grant award justification, monitoring plans, and monitoring reports, State cannot provide adequate oversight to ensure grant funds are being used as intended. Without the required checklist, for example, managers cannot readily ensure that the required documentation supporting the management of each grant is present and complete. State also cannot determine whether the GO's decision not to award a grant through open competition was justifiable according to State's guidance unless the GO documents that decision. Furthermore, while grants officials told us they do conduct monitoring, absent adequate monitoring plans and reports, it is difficult for managers to determine whether grants officials are effectively allocating resources or conducting monitoring, or that a grant accomplished its intended goals. Grants Officials Cited Several Reasons for Nonadherence to Risk Analysis and Documentation Requirements, and State Does Not Have Processes for Ensuring Compliance: GOs and GORs we interviewed cited a variety of reasons for not conducting the required risk analysis and documentation, including a misunderstanding of State policies and guidance, a heavy workload, and a lack of staff expertise. For example, several of these grants officials told us they did not do a risk analysis either because the recipient was well known or they knew intuitively that the risk level was low--particularly if the grant was relatively small or funded a short-term project such as a 2-day photography exhibit. State policies, however, do not preclude well-known organizations from risk analysis. Moreover, we found an example where the GO assumed the grant was low-risk without doing a full risk analysis, even though it was the first time that State had awarded a grant to the recipient. The grant files contained evidence that as the grant progressed, the recipient had a variety of performance issues, including trying to use the grant funds for activities other than what was intended. The amount of time and resources dedicated to an appropriate risk analysis may vary for lower dollar value grants, well-known recipients, or other factors; nonetheless, according to an A/OPE official, a risk analysis is still required in these circumstances. State, however, does not have a process in place for ensuring that grants officials conduct a risk analysis. According to State officials and the files we reviewed, multiple responsibilities and large portfolios limited the oversight they conducted to ensure that required documentation was in place. Grants officials reported having high numbers of grants to manage and multiple responsibilities beyond managing grants. At bureaus with GOs based in Washington, D.C., workloads tended to be higher, according to an A/OPE official.[Footnote 31] This official reported that the average number of grant transactions undertaken by these domestic GOs in fiscal year 2013 was 46, and two Washington, D.C.-based GOs we interviewed reported having portfolios of 110 and 200 active grants, respectively. At two posts we visited, the GOs were responsible for managing portfolios of about 56 to 66 grants in fiscal year 2012, in addition to their primary responsibilities as public affairs officers for the embassies. Both GOs reported relying on GORs and others to complete the award documentation. They reported conducting occasional spot checks of the files compiled by the GORs. At both posts, however, we found that each grant file in our sample managed by these GOs was missing required internal control documents. Furthermore, we brought oversight issues to the attention of the GOs of which they had previously been unaware, such as unexpended funds from a closed-out grant.[Footnote 32] Some grants officials told us that State's systems for documenting key management activities are not easy to use. A/OPE officials told us they are working to improve the main electronic management systems used by grants officials (the Grants Database Management System and the State Assistance Management System),[Footnote 33] but the accuracy of some information will still depend on the person inputting it, and State does not have a process for ensuring that all of the required documentation is included. Three grants officials we interviewed reported that interns and grant assistants update the paper and electronic files and that the grants officials do not check their work. In addition, some grants officials told us that while official files might be missing required documentation, the information was stored elsewhere and could be retrieved upon request. While some grants officials eventually produced the requested information, others did not. Some grants officials told us that they kept information about recipient performance on their computer's hard drive, a fact that may limit other grants officials' access to this information. Furthermore, the official files did not indicate where this information could be found. State Has Assessed Implementation of Internal Controls at Bureaus and Posts, but Has Not Followed Up on Most Recommendations for Improvement: State has assessed the implementation of internal controls at several bureaus and posts and has recommended improvements; however, it has not followed up to ensure the implementation of its recommendations. According to the federal standards, successful monitoring should include policies and procedures for regularly assessing the effectiveness of the internal controls in place and for ensuring that the findings of audits and other reviews are promptly resolved. In 2008, A/OPE issued a policy to systematically review grants management at posts and bureaus.[Footnote 34] The policy stated that the number and extent of the reviews conducted each year would be dependent on A/OPE's available resources.[Footnote 35] Side bar: The Five Standards for internal control: 1. Control environment; 2. Risk assessment; 3. Control activities; 4. Information and communications; 5. Monitoring: Internal control monitoring should assess the quality of performance over time and ensure that any issues are promptly resolved. Source: GAO. GAO-14-635. [End of section] A/OPE has assessed compliance with grant management policies at some bureaus in Washington, D.C., and overseas posts and found some deficiencies in grants officials' implementation of those policies. In 2008, State created a Grants Management Review (GMR) program with guidelines and a checklist for reviews. The bureaus and posts are to be selected for review based on weaknesses identified by the Inspector General, dollar amount and volume of grants processed, informal risk assessments, public visibility of the grants, and bureau or post requests to be reviewed. In addition to the GMRs and other reviews of grant-making bureaus headquartered in Washington, D.C., A/OPE has conducted less formal reviews at grant-making posts overseas, combining file reviews with training. These reviews--called Grants Review Evaluation and Assistance Trainings (GREAT)--are initiated in response to requests for training or when A/OPE becomes aware of challenges faced at certain posts, including considerable turnover. According to officials, A/OPE tries to select posts for review if they are located at or near destinations where A/OPE staff have other reasons to travel, so as to conserve resources. A/OPE officials said their method for conducting GREATs was similar to that used for GMRs, but less in-depth. As a result, unlike the formal GMRs--which State officials said can take 2 to 3 months to conduct--these informal GREATs take 2 to 3 days and result in shorter reports. Between 2001 and February 2014, A/OPE completed 13 GMRs and other reviews at 12 bureaus and offices headquartered in Washington, D.C., and 42 GREATs at 37 posts around the world.[Footnote 36] These assessments of grants officials' implementation of grants management policy at bureaus and posts have found insufficient documentation, among other deficiencies, and recommended solutions. Specifically, 52 of the 55 reviews found insufficient documentation in grant files, affecting 47 bureaus and posts. Ten of the bureaus and posts where A/OPE had conducted GMRs, GREATs, and other reviews were included in our review samples.[Footnote 37] At all 10 bureaus and posts, State found challenges with documentation similar to those we identified. For example, in 5 of the 10 bureaus and posts, A/OPE found that grants officials did not consistently document monitoring reports or site visit reports, and in one case the post had no monitoring plans in its award files. A/OPE found insufficient documentation in the other 4 bureaus as well, such as incomplete internal control checklists or inadequate documentation of sole source justification. One bureau in Washington, D.C., kept its monitoring reports on an electronic shared drive, but the award files did not indicate where to find the reports. A/OPE has made many recommendations to bureaus and posts aimed at correcting the deficiencies it identified. These recommendations have included the establishment of standard operating procedures and more effective use of electronic systems for documentation, among others. However, State has not systematically followed up to ensure the implementation of these recommendations. State's system for tracking compliance with its grants management policies has yielded recommendations for improvement at 48 of the 49 bureaus and posts it has reviewed, but State has conducted follow-up with only 6 of those 48 bureaus and posts to ensure that these recommendations were implemented. State's policy for GMRs outlines how State will select and conduct a review, but does not provide a procedure for ensuring that corrective action has been taken and no further management action is needed. However, A/OPE officials report that they have limited staff, with currently only one individual leading both the GMR and GREAT reviews. In addition, they report having a limited travel budget for conducting follow-up reviews. A senior A/OPE official said it is necessary to be vigilant about regularly sending messages regarding important grant-related tasks, particularly when there is considerable turnover among personnel at posts. Because State does not track or report on the implementation of recommendations, State cannot determine whether its grants management reviews and training are achieving their purpose of strengthening the management and oversight of assistance agreements. Conclusions: Given the relatively large amount of funding for grants and the widespread use of these instruments to achieve foreign policy goals, it is important for State to ensure that grant funds are used as intended. State has made progress toward establishing the internal controls it needs to gain this assurance. For example, State has outlined its expectations for grants management in detailed policies and guidance that should be clear for all grants officials. In particular, the requirements to conduct a risk analysis and document the implementation of required control activities conform to the federal standards for internal control. However, we found that most of the grant files we reviewed did not contain evidence of an appropriate risk analysis or were missing other required internal control documentation, and State has not developed processes for ensuring that grants officials implement these requirements. Therefore, State's assurance that grant funds are used as intended is weakened. Recommendations made in State's internal reviews of grant-making practices reinforce expectations concerning documentation. However, State management does not systematically follow up to ensure that grants officials throughout the department consistently implement these required control activities or act upon recommendations made. As a result, State cannot be certain that its oversight of grants management is adequate or that it is using its limited oversight resources effectively. Recommendations for Executive Action: To help ensure that State's grants officials fully implement grants management policies and internal controls that are in place, and that grant funds are used as intended, we recommend that the Secretary of State take the following two actions: Develop processes to help ensure that: * bureaus and missions conduct appropriate risk assessments, and: * grants officials complete required documentation for all grants. Such a process could include systematic inspections of grant files, with the results shared among A/OPE, the appropriate bureaus and missions, and the grants officials themselves, so as to promote accountability. In addition, we recommend that the Secretary of State take the following action: * follow up systematically on recommendations from State's internal reviews of its grants management. Agency Comments: We provided a draft of this report to State for its review and comment. State provided written comments, which we have reprinted in appendix III, as well as technical comments, which we incorporated, as appropriate. State provided additional information about its efforts to establish policies and guidance to provide a supportive environment for administering and overseeing grants. In particular, State noted that, in addition to the policies and guidance described in our report, the department has implemented processes regarding grant-making authority and certification for grants officials and has cooperated with the Office of Management and Budget on governmentwide foreign assistance management issues. State concurred with our recommendations to develop processes for ensuring that bureaus and missions conduct appropriate risk assessments and that grants officials complete required documentation. Specifically, State indicated that it will modify risk assessment guidance to include suggestions from our report, provide additional training focused on risk assessment, and specifically evaluate compliance with risk assessment requirements in State's own assessments of internal controls at bureaus and posts. State also indicated that it will increase the emphasis on file documentation and expand the extent of file reviews during these assessments at bureaus and posts to help ensure that grants officials complete required documentation for all grants. In addition, State concurred with our recommendation to follow up systematically on recommendations from State's internal reviews of its grants management. Specifically, it said that it will require formal responses to recommendations from its grant management assessments at bureaus and posts, to include recommendation implementation status updates. We are sending copies of this report to the appropriate congressional committee and the Secretary of State. In addition, the report is available at no charge on GAO's website at hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please contact me at (202) 512-3149 or GootnickD@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix IV. Sincerely yours, Signed by: David Gootnick: Director, International Affairs and Trade: [End of section] Appendix I: Objectives, Scope, and Methodology: Our objectives were to examine (1) the policies and guidance that the Department of State (State) has established to administer and oversee grants and cooperative agreements, and (2) the extent to which the implementation of those policies and guidance provides reasonable assurance that funds are being used as intended. To define grants and cooperative agreements (grants) and to describe the roles and responsibilities of those involved in managing State's grants and the key activities grants officials must conduct during each phase, we reviewed State's grants policy directives (GPD) and State's required grants officials training, and interviewed State officials.[Footnote 38] To describe the internal control standards applicable to State grants management, we reviewed the Standards for Internal Control in the Federal Government (the federal standards). [Footnote 39] To describe the policies and guidance that State has established to administer and oversee grants, we reviewed federal regulations, Office of Management and Budget (OMB) circulars, and State's GPDs, as well as training and other resources the department provides its grants officials. We collected and analyzed all 54 active GPDs issued by State's Office of the Procurement Executive (A/OPE).[Footnote 40] We reviewed State Department training regarding State's incorporation of federal regulations into its grants policies and interviewed A/OPE officials regarding this topic. We interviewed officials from A/OPE and the Office of the Deputy Chief Financial Officer, who set department-wide policies on grant performance and financial management, and bureau and post officials regarding any additional policies and guidance they provide that is specific to the programs they manage. To describe the extent to which State's GPDs establish internal controls throughout the phases of a grant's life cycle, we compared the key activities the grants officials must conduct at each phase, as well as the additional training and guidance A/OPE provides to grants officials, with the federal standards and with federal regulations for grants management. To assess the extent to which State's policies and guidance provide reasonable assurance that funds are being used as intended, we assessed State's policies and guidance for grants management against the implementation of those policies, as well as reviewing State's own process for conducting internal assessments of the implementation of those policies. We interviewed State officials from A/OPE, the Office of the Deputy Chief Financial Officer, and various functional and regional bureaus and offices headquartered in Washington, D.C., and three overseas missions to determine how State both designs and implements department-wide internal control policies on grants performance and financial management.[Footnote 41] To further determine how State implements these policies, we selected three case study countries--Afghanistan, Cambodia, and Turkey--based on criteria that included total dollar value of grants in a country, geographic diversity, and balance among the bureaus involved in managing the awards. For these countries we examined a nongeneralizable sample of 48 grants by award size and bureau that had obligations in fiscal year 2012.[Footnote 42] In addition, we used the same criteria to draw another nongeneralizable sample of 13 grants managed in the United States, Washington, D.C.[Footnote 43] Overall, the 61 grants we reviewed ranged in value from just over $25,000 to $28,000,000, and totaled approximately $172 million.[Footnote 44] To arrive at these 61 grants, we included all grants over $25,000 with obligations in fiscal year 2012 in Cambodia and Turkey, which had 15 and 21 such grants respectively, and selected 20 such grants managed in the other two countries, for a total of 76 files. We excluded grants where multiple places of performance were listed and selected only those grants where our four countries were listed as the only place of performance. However, once we began conducting interviews regarding these grants, we discovered that some of the grants had been mislabeled in State's Grants Database Management System. Specifically, 2 were managed in countries other than the ones listed in the database; another grant was listed in the database as being managed in Cambodia alone, but was in fact managed from Washington, D.C., and implemented worldwide; and a fourth grant was a duplicate of a grant already in our sample. Correcting for these errors and adjustments, our sample was reduced to 72 grants. Three bureaus each managed 10 or more of these, accounting for 39 of the 72 grants. We determined that we had obtained sufficient coverage of grants from the three bureaus in question by reviewing 28 of their 39 grants. This determination further reduced our overall sample size from 72 to 61 grants. The final sample of 61 grants we conducted file reviews for included 19 in Afghanistan, 10 in Cambodia, 19 in Turkey, and 13 in the United States.[Footnote 45] Collectively, the grants in our samples were managed by 3 posts and 14 bureaus of the 27 grant-making bureaus and offices in State.[Footnote 46] Our sample included grants by 6 of the top 10 bureaus and posts in terms of State's total federal financial assistance obligations in fiscal year 2012.[Footnote 47] Our sample was nongeneralizable and did not allow us to determine whether there were any statistically significant differences by factors such as bureau or award size. In this report, we presented the overall results of the data on internal control activities for all 61 grants that we selected for data collection instrument review. During our analysis, we also looked for any overall patterns or differences by bureau and award size in terms of dollar value, but did not note any. We identified examples of concerns about controls that we reported on, such as incomplete documentation and absence of a risk assessment, in awards with high and low dollar values across the bureaus in our sample.[Footnote 48] To examine how grants officials implemented grants management policies, we conducted file reviews for 61 grants using a data collection instrument and interviews regarding those 61 grants using a standard set of questions. We developed the data collection instrument to assess grants officials' implementation of a selection of State's required internal control activities for grants management, including risk assessment, monitoring of recipients, and documentation of key activities. To identify these required internal control activities, we analyzed federal regulations and State policies and guidance related to management of grants across their life cycle and compared them against the federal standards.[Footnote 49] The data collection instrument asked a series of questions about critical elements of these internal control activities. During our reviews, we examined the files that State provided for each grant to determine whether they contained sufficient evidence to indicate whether the control activities had been performed. Our file review guidance indicated that while State policy requires the complete official file to be located in at least one place, analysts completing the reviews were directed to contact grants officials responsible for the files to request missing information where possible. Comments sections in the data collection instrument allowed the reviewers to document these requests and other notes they had about each question in the file. Two analysts reviewed each file, with the second analyst verifying the first analyst's review. The focus of our analysis was the degree to which the grants officials had performed the required control activities for the grants in our sample. As noted above, we also considered whether there were any patterns or differences by award size in dollars or by bureau, but did not find any. In addition, the interview questions asked grants officials to identify training and guidance they found helpful, as well as any challenges they encountered as they implemented these policies. We pretested both the data collection instrument and interview questions in Kabul, and tested revised versions in Washington, D.C. Our file review and interview questions covered each phase of the grant life cycle, from preaward to closeout. We then compared the file review results for control activities against responses collected using the standard interview questions to provide a more complete picture of how the grants officials implemented the policies and identify reasons these officials cited for instances of noncompliance, as well as any State policies and guidance they found helpful. We conducted interviews using the standard set of questions with at least one grants officer (GO) for each of the 61 grants in our sample, ultimately interviewing more than 50 GOs and grants officer representatives (GOR), as well as some program officers.[Footnote 50] To identify any internal control deficiency patterns or trends, we analyzed and compared the data we collected from our file reviews and interviews and also compared them to the findings from State's internal inspections of grant-making operations. To describe State's assessment of grants officials' implementation of its internal controls, we reviewed State's guidance for conducting these reviews, interviewed A/OPE officials regarding the review process, and reviewed 55 assessment reports A/OPE issued between 2001 and February 2014. These 55 included the assessment reports A/OPE conducted in 12 grant-making bureaus, including 10 Grants Management Reviews and 3 other reviews, and reports from the 42 Grants Review Evaluation and Assistance Trainings A/OPE conducted at 37 posts around the world. Of the 55 assessment reports, 10 covered 10 of the 17 bureaus and posts included in our review. We analyzed those 10 reports to identify any findings related to the federal standards.[Footnote 51] We also reviewed all 55 reports to identify any instances where A/OPE either made recommendations and then returned to the bureaus and posts to follow up, or documented receiving recommendation implementation progress reports from those bureaus and posts. We conducted this performance audit from May 2013 to July 2014 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. [End of section] Appendix II: Internal Control Standards as Designed and Implemented in State's Grants Management: We analyzed State's grants policy directives (GPD) as well as its own grants management reviews, and we conducted file reviews for 61 grants in our sample to help determine both the policies State established for internal controls in grants management as well as how grants officials implemented those policies. To conduct the file reviews, we developed a data collection instrument that focused on basic documentation, decisions about competitive selections, risk management approach, monitoring approach, and closeout activities. For a full description of the methodology for the file reviews, see appendix I. The following tables reflect our overall analysis of State's policies and management reviews as well as selected results from our file reviews that correspond to the five internal control standards of control environment, risk assessment, control activities, information and communication, and monitoring.[Footnote 52] We analyzed A/OPE's GPDs against each internal control standard to describe the control environment (see table 2). For risk assessment, control activities, and information and communications, we selected results from our 61 file reviews using a data collection instrument we developed to analyze these three internal control standards in particular (see tables 3-8). Finally, for monitoring, we analyzed A/OPE's findings from its internal reviews assessing the implementation of the internal control activities at eight bureaus and two posts included in our sample (see table 9). We selected these results because they add additional detail to the information summarized in the report. Control Environment: As shown in Table 2, we analyzed all 54 of A/OPE's active GPDs against each internal control standard to help describe the control environment.[Footnote 53] Table 2: Department of State's Grants Policy Directives (GPD) as of April 2, 2014 and Related Internal Controls: GPD: GPD 1 Revision 6; Subject: Grants Officer Appointments; Related internal control standard(s): Control environment and control activities. GPD: GPD 2 Revision 3; Subject: Liability and Enforcement Actions for Unauthorized Commitments; Related internal control standard(s): Control activities. GPD: GPD 3 Revision 3; Subject: Grants Management Forms; Related internal control standard(s): Control activities. GPD: GPD 5 Revision 4; Subject: Competition Requirements for Assistance Awards; Related internal control standard(s): Control environment, control activities, and information and communications. GPD: GPD 8 Revision 3; Subject: Signatory Authority for Overseas Awards; Related internal control standard(s): Control activities. GPD: GPD 9 Revision 1; Subject: Audit Appeals; Related internal control standard(s): Monitoring. GPD: GPD 11 Revision 3; Subject: Regional Bureau Notification/Approval Process for Awards Issued by Overseas Posts; Related internal control standard(s): Control activities. GPD: GPD 12 Revision 1; Subject: Congressional Notification Requirements for Public Diplomacy Awards; Related internal control standard(s): Information and communications. GPD: GPD 14 Revision 4; Subject: Standardized Assistance Instrument Identification System; Related internal control standard(s): Control activities. GPD: GPD 16 Revision 3; Subject: Designation Of Grants Officer Representatives; Related internal control standard(s): Control environment and control activities. GPD: GPD 19 Revision 1; Subject: Excluded Parties List System Preaward Due-Diligence Requirement; Related internal control standard(s): Risk assessment. GPD: GPD 20 Revision 3; Subject: Federal Assistance Awards To Commercial For-Profit Firms; Related internal control standard(s): Control activities. GPD: GPD 21 Revision 3; Subject: Grants Database Management System (GDMS) Requirements; Related internal control standard(s): Control activities and information and communications. GPD: GPD 22 Revision 1; Subject: Indirect Costs; Related internal control standard(s): Monitoring. GPD: GPD 23 Revision 2; Subject: Federal Assistance File Folder, Form DS-4012; Related internal control standard(s): Control activities. GPD: GPD 24 Revision 3; Subject: Catalog of Federal Domestic Assistance; Related internal control standard(s): Information and communications. GPD: GPD 25; Subject: Intellectual Property Infringement and Responsibility Determinations; Related internal control standard(s): Risk assessment. GPD: GPD 26 Revision 1; Subject: Grants.gov and other Announcement Methods; Related internal control standard(s): Information and communications. GPD: GPD 27; Subject: Methods of Competition; Related internal control standard(s): Information and communications. GPD: GPD 28 Revision 1; Subject: Roles and Responsibilities For The Award And Administration Of Federal Assistance; Related internal control standard(s): Control environment. GPD: GPD 29 Revision 3; Subject: Mandatory Collection of the Data Universal Numbering System (DUNS) and Central Contractor Registration; Related internal control standard(s): Control activities. GPD: GPD 30 Revision 2; Subject: Property Grants And Requirements For The Disposal Of Property Through Federal Assistance Awards; Related internal control standard(s): Control activities. GPD: GPD 31 Revision 1; Subject: Standardized Federal Assistance Award formats; Related internal control standard(s): Control Activities. GPD: GPD 34; Subject: Grants Management Reviews; Related internal control standard(s): Monitoring. GPD: GPD 36; Subject: Conflict Of Interest And Non-Disclosure Requirements; Related internal control standard(s): Control environment. GPD: GPD 37; Subject: Risk assessment for Terrorism Finance Federal Assistance Awards; Related internal control standard(s): Risk assessment. GPD: GPD 38; Subject: The State Assistance Management System (SAMS): Policy Deviations for Grantsolutions.gov Users; Related internal control standard(s): Information and communications. GPD: GPD 39; Subject: Standards for Proposal Review Panels; Related internal control standard(s): Control environment. GPD: GPD 41 Revision 2; Subject: Close-Out of Federal Assistance Awards; Related internal control standard(s): Control activities, information and communications, and monitoring. GPD: GPD 42; Subject: Monitoring Assistance Awards; Related internal control standard(s): Control environment, control activities, risk assessment, and monitoring. GPD: GPD 43; Subject: Preaward Responsibility Determination; Related internal control standard(s): Control activities and risk assessment. GPD: GPD 45; Subject: Retention, Retrieval, and Disposal of Records; Related internal control standard(s): Control activities. GPD: GPD 48; Subject: Debarment and Suspension; Related internal control standard(s): Control environment, control activities. GPD: GPD 51; Subject: Federal Awardee Performance and Integrity Information System; Related internal control standard(s): Control activities, information and communications, and monitoring. GPD: GPD 52; Subject: Improper Payments; Related internal control standard(s): Control environment and risk assessment. GPD: GPD 53 Revision 1; Subject: Corrective Action Plan (CAP); Related internal control standard(s): Control environment, control activities, risk assessment, and monitoring. GPD: GPD 57; Subject: Risk Management; Related internal control standard(s): Control environment, control activities, and risk assessment. GPD: GPD 58; Subject: High-Risk recipients; Related internal control standard(s): Control activities, risk assessment, and monitoring. GPD: GPD 59; Subject: Management of Contractors Supporting Grant Administration; Related internal control standard(s): Monitoring. GPD: GPD 62; Subject: Vetting of Afghanistan and Five-Country Pilot Program for the Prevention of Terrorist Financing; Related internal control standard(s): Monitoring. GPD: GPD 65; Subject: Audits of Foreign Recipient Organizations; Related internal control standard(s): Monitoring. Source: GAO analysis of Department of State policies. GAO-14-635. Notes: The GPD numbers do not run sequentially, given that A/OPE has retired five of them and did not always number them consecutively. Furthermore, some GPDs did not directly relate to any of the five internal control standards. [End of table] Risk Assessment: Risk Management Approach: To determine the extent to which overall risk management was conducted for each grant, each file reviewer first answered a series of questions in our data collection instrument about key elements of risk management, including the risk identification process, review of financial and systems controls, consideration of external risks, risk identification, risk assessment, and risk mitigation. On the basis of the responses to those questions, the reviewers made a final determination on overall risk management (see table 3). Table 3: Overall Results Relating to Risk Management from GAO File Reviews: Data collection instrument statement: The risk management approach adheres to State guidance; Generally agree: 5; Partially agree: 38; Do not agree: 18. Source: GAO. GAO-14-635. [End of table] Control Activities: Monitoring Approach and Closeout: To determine the extent to which overall monitoring (see table 4) and closeout activities (see table 5) were conducted for each grant, each file reviewer first answered a series of questions in our data collection instrument about key elements of monitoring and closeout, including whether there was a monitoring plan, and if so, whether it reflected risks, whether monitoring mechanisms were described in the plan, whether the plan had been executed, and whether monitoring had been carried out in the absence of a plan.[Footnote 54] On the basis of the responses to those questions, the reviewers made a final determination about overall monitoring. Table 4: Control Activities: Overall Results Relating to Monitoring Approach from GAO File Reviews: Data Collection Instrument statement: The monitoring approach adheres to State guidance; Generally agree: 11; Partially agree: 41; Do not agree: 9. Source: GAO. GAO-14-635. [End of table] Table 5: Control Activities: Results Relating to Closeout Activities from GAO File Reviews: Data collection instrument questions: If the award end date was more than 120 days ago, has the award been closed out? Yes: 16; No: 9; Not applicable: 36. Data collection instrument questions: * If yes, did the Grants Officer Representative provide the Grants Officer with a written evaluation of the recipient's performance? Yes: 12; No: 4; Not applicable: [Empty]. Source: GAO. GAO-14-635. [End of table] Information and Communications: The data collection instrument we used to conduct the 61 file reviews also contained questions related to information and communications. For example, it contained questions and statements to verify whether required documentation was present and if so, whether it was complete. The documentation we looked for included the required internal control checklist, or DS-4012 (see table 6); overall documentation of competitive selection decisions (see table 7); and the required justification for awarding any grants without a full and open competition (sole-sourcing) (see table 8). To determine the extent to which overall competitive selection decisions were justified for each grant, each file reviewer first answered a series of questions about key elements of that justification, including--but not limited to-- whether the award was sole-sourced, and if so, whether the decision to sole-source was justified in writing. On the basis of the responses to those and other questions, the reviewers made a final determination about the overall documentation of justification of competitive selection decisions (see table 7). Table 6: Results Relating to Information and Communications from GAO File Reviews: Basic Documentation: Data collection instrument questions: Is the DS-4012 included?[A] Yes: 44; No: 17. Data collection instrument questions: * If so, is the cover sheet of the DS-4012 Section 1 Summary Information completely filled out? Yes: 5; No: 39. Source: GAO. GAO-14-635. [A] The DS-4012 is the required internal control checklist. [End of table] Table 7: Results Relating to Information and Communications from GAO File Reviews: Justifying Competitive Selection Decisions: Data collection instrument statement: Decisions about competitive selection are justified; Generally agree: 45; Partially agree: 7; Do not agree: 9. Source: GAO. GAO-14-635. [End of table] Table 8: Results Relating to Information and Communications from GAO File Reviews: Justifying and Documenting Sole-Source Decisions: Data collection instrument questions: Was the award sole-sourced? Yes: 24. Data collection instrument questions: * If yes, is there documented written justification of this decision? Yes: 16. Source: GAO. GAO-14-635. [End of table] Monitoring: A/OPE has assessed compliance with grant management policies at some bureaus in Washington, D.C., and overseas posts using its Grants Management Reviews (GMR) and Grants Review Evaluation and Assistance Trainings (GREAT) and other reviews. The 55 reviews State conducted between 2001 and February 2014 found some deficiencies in grants officials' implementation of State's grant management policies. Eight of the bureaus and two of the posts where State conducted there reviews were included in our sample of grants. We analyzed those 10 reports to identify any findings related to the federal standards (see table 9). Table 9: State's Internal Monitoring: Findings from A/OPE's GMRs and GREATs for Bureaus and Posts within GAO's Sample: Type of review: GMR; Bureau or post: Bureau of Administration, Office of Acquisitions Management; Findings by internal control standard: Control environment, control activities, information and communications,and monitoring. Type of review: GMR; Bureau or post: Bureau of Democracy, Human Rights, and Labor; Findings by internal control standard: Control environment, control activities, and information and communications. Type of review: GMR; Bureau or post: Bureau of Educational and Cultural Affairs; Findings by internal control standard: Control environment, control activities, information and communications, and risk assessment. Type of review: GMR; Bureau or post: Bureau of International Narcotics and Law Enforcement; Findings by internal control standard: Control environment, control activities, information and communications, and monitoring. Type of review: GMR; Bureau or post: Bureau of International Security and Nonproliferation (ISN)[A]; Findings by internal control standard: Control environment, control activities, and information and communications. Type of review: GMR; Bureau or post: Office of Overseas Schools; Findings by internal control standard: Control environment and control activities. Type of review: GMR; Bureau or post: Bureau of Population, Refugees, and Migration; Findings by internal control standard: Control environment, control activities, and information and communications. Type of review: GMR; Bureau or post: Bureau of Political-Military Affairs (PM)[B]; Findings by internal control standard: Control environment, control activities, and information and communications. Type of review: GREAT; Bureau or post: Ankara, Turkey; Findings by internal control standard: Control environment, control activities, information and communications, and risk assessment. Type of review: GREAT; Bureau or post: Kabul, Afghanistan; Findings by internal control standard: Control environment, control activities, and information and communications. Source: GAO analysis of State data. GAO-14-635. Notes: The internal control standard of monitoring includes management and supervisory activities, including the oversight that a GO has of GOR activities or that State management has of a GO's activities: [A] This GMR reviewed the Office of Export Control Cooperation within ISN. [B] This GMR reviewed the Office of Weapons Removal and Abatement within PM. [End of table] [End of section] Appendix III: Agency Comments: United States Department of State: Comptroller: P.o. Box 150008: Charleston, SC 29415-5008: June 30, 2014: Dr. Loren Yager: Managing Director: International Affairs and Trade: Government Accountability Office: 441 G Street, N.W. Washington, D.C. 20548-0001: Dear Dr. Yager: We appreciate the opportunity to review your draft report, "State Department: Implementation of Grants Policies Needs Better Oversight" GAO Job Code 320978. The enclosed Department of State comments are provided for incorporation with this letter as an appendix to the final report. If you have any questions concerning this response, please contact Jeffrey Johnson, Director, Federal Assistance Division, Bureau of Administration at (703) 812-2526. Sincerely, Signed by: Christopher H. Flaggs, Acting: Enclosure: as stated. cc: GAO - David Gootnick; A - Joyce A. Barr; State/OIG - Norman Brown. Department of State Comments on GAO Draft Report: State Department: Implementation of Grants Policies Needs Better Oversight (GAO-14-635, GAO Code 320978): The Department of State appreciates the opportunity to comment on the draft GAO report "State Department: Implementation of Grants Policies Needs Better Oversight." The Department appreciates GAO acknowledgment of our efforts to ensure appropriate management of our grants portfolio. As the report notes, the Department issued guidance, created and conducted training, disseminated best practices, created and executed a grants operation review process at both domestic and overseas locations and otherwise created an appropriate internal controls environment. The report did not identify that we also created a Grants Officer's Representative (GOR) certification program and that we implemented a Grants Officer Warrant and GOR certification tracking database to identify and track GOs and GORs across the Department. The program has resulted in the certification of 1,256 GORs since January 2013. The Department's Director of Federal Assistance created and chairs an International Federal Assistance Working Group that worked with the Office of Management and Budget (OMB) on government-wide federal assistance management issues. The Department of State was, also, recently appointed by OMB as the at-large member to the Council on Financial Assistance Reform. The Council coordinates and advises OMB on policies and actions necessary to effectively deliver, oversee, and report on federal assistance government-wide. These relationships strengthen our ability to ensure State policies reflect government- wide requirements as noted positively in your report. The Department uses GAO and other oversight organization recommendations to improve our management of grants. 1) Develop processes to help ensure that bureaus and missions conduct appropriate risk assessments. The Department concurs with the GAO recommendation and notes that they speak to government-wide efforts already underway by OMB to strengthen guidance for federal assistance with an emphasis on risk assessment. The Department will modify the risk assessment guidance to include suggestions from the report such as evaluating corruption factors, determining an overall risk level, and linking monitoring more closely to the risk assessment and mitigation plan. Additional training of Department personnel will focus on the risk assessment process. Grants Management Reviews (GMRs) and Grant Review Evaluation and Assistance Trainings (GREATs) will also specifically evaluate compliance with risk assessment requirements. 2) Develop processes to help ensure that grants officials complete required documentation for all grants. Such a process could include systematic inspections of grants files, with the results shared among A/OPE, the appropriate bureaus and missions, and the grants officials themselves, so as to promote accountability. The Department concurs with the GAO recommendation. The Department currently conducts GMRs and GREATs to assess bureaus, office and posts compliance with the Departments policies and procedures. As noted in the report, these reviews have identified documentation deficiencies and the Department's Grants Policy Directives provide checklists of required documentation for files. The Department will increase the emphasis on file documentation and will expand the extent of file reviews. 3) Develop processes to help ensure follow up systematically on recommendations from State's internal reviews of its grants management. The Department concurs with the GAO recommendation. The Department will require a formal response to all GMR and GREAT recommendations and will require status updates on resolution. The Department will conduct follow up reviews as resources permit. [End of section] Appendix IV: GAO Contacts and Staff Acknowledgments: GAO Contact: David Gootnick, (202) 512-3149 or GootnickD@gao.gov: Staff Acknowledgments: In addition to the contact named above, James B. Michels (Assistant Director), Judith Williams, Katherine Forsyth, Jacob Beier, Debbie Chung, Oliver Culley, Martin De Alteriis, Jon Fremont, Farhanaz Kermalli, Anne McDonough-Hughes, Kimberly McGatlin, Shakira O'Neil, and Justin Fisher made key contributions to this report. Etana Finkler, Ernie Jackson, Julia Jebo Grant, and Cristina Ruggiero provided technical assistance. [End of section] Related GAO Products: Grant Workforce: Agency Training Practices Should Inform Future Government-wide Efforts. [hyperlink, ]http://www.gao.gov/products/GAO-13-591. Washington, D.C.: June 28, 2013. Cuba Democracy Assistance: USAID's Program Is Improved, but State Could Better Monitor Its Implementing Partners. [hyperlink, http://www.gao.gov/products/GAO-13-285]. Washington, D.C.: January 25, 2013. Grants to State and Local Governments: An Overview of Federal Funding Levels and Selected Challenges. [hyperlink, http://www.gao.gov/products/GAO-12-1016]. Washington, D.C.: September 25, 2012. Grants Management: Action Needed to Improve the Timeliness of Grant Closeouts by Federal Agencies. [hyperlink, http://www.gao.gov/products/GAO-12-360]. Washington, D.C.: April 16, 2012. Improper Payments: Remaining Challenges and Strategies for Government- wide Reduction Efforts. [hyperlink, http://www.gao.gov/products/GAO-12-573T]. Washington, D.C.: March 28, 2012. 2012 Annual Report: Opportunities to Reduce Duplication, Overlap and Fragmentation, Achieve Savings, and Enhance Revenue. [hyperlink, http://www.gao.gov/products/GAO-12-342SP]. Washington, D.C.: February 28, 2012. Federal Grants: Improvements Needed in Oversight and Accountability Processes. [hyperlink, http://www.gao.gov/products/GAO-11-773T]. Washington, D.C.: June 23, 2011. Grants.gov: Additional Action Needed to Address Persistent Governance and Funding Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-478]. Washington, D.C.: May 6, 2011. Government Performance: GPRA Modernization Act Provides Opportunities to Help Address Fiscal, Performance, and Management Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-466T]. Washington, D.C.: March 16, 2011. Iraq and Afghanistan: DOD, State, and USAID Face Continued Challenges in Tracking Contracts, Assistance Instruments, and Associated Personnel. [hyperlink, http://www.gao.gov/products/GAO-11-1]. Washington, D.C.: October 1, 2010. Contingency Contracting: Improvements Needed in Management of Contractors Supporting Contract and Grant Administration in Iraq and Afghanistan, [hyperlink, http://www.gao.gov/products/GAO-10-357]. Washington, D.C.: April 12, 2010. Iraq and Afghanistan: Agencies Face Challenges in Tracking Contracts, Grants, Cooperative Agreements, and Associated Personnel. [hyperlink, http://www.gao.gov/products/GAO-10-509T]. Washington, D.C.: March 23, 2010. Electronic Government: Implementation of the Federal Funding Accountability and Transparency Act of 2006. [hyperlink, http://www.gao.gov/products/GAO-10-365]. Washington, D.C.: March 12, 2010. Grants Management: Grants.gov Has Systemic Weaknesses That Require Attention. [hyperlink, http://www.gao.gov/products/GAO-09-589]. Washington, D.C.: July 15, 2009. Single Audit: Opportunities Exist to Improve the Single Audit Process and Oversight. [hyperlink, http://www.gao.gov/products/GAO-09-307R]. Washington, D.C.: March 13, 2009. Grants Management: Attention Needed to Address Undisbursed Balances in Expired Grant Accounts. [hyperlink, http://www.gao.gov/products/GAO-08-432]. Washington, D.C.: August 29, 2008. Department of State: Human Capital Strategy Does Not Recognize Foreign Assistance Responsibilities. [hyperlink, http://www.gao.gov/products/GAO-07-1153]. Washington, D.C: September 28, 2007. Foreign Assistance: U.S. Democracy Assistance for Cuba Needs Better Management and Oversight. [hyperlink, http://www.gao.gov/products/GAO-07-147]. Washington, D.C.: November 15, 2006. Grants Management: Enhancing Performance Accountability Provisions Could Lead to Better Results. [hyperlink, http://www.gao.gov/products/GAO-06-1046]. Washington, D.C.: September 29, 2006. Grants Management: Grantees' Concerns with Efforts to Streamline and Simplify Processes. [hyperlink, http://www.gao.gov/products/GAO-06-566]. Washington, D.C.: July 28, 2006. Auditing and Financial Management: Standards for Internal Control in the Federal Government. [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. Washington, D.C.: November 1, 1999. [End of section] Footnotes: [1] See, for example, Special Inspector General for Afghanistan Reconstruction, Selected Public Diplomacy Awards Mostly Achieved Objectives but Embassy Can Take Steps to Enhance Grant Management and Oversight, Audit 12-13 (Washington, D.C.: July 30, 2012); Department of State Office of Inspector General, Audit of Grant Closeout Processes for Selected Department of State Bureaus, AUD-CG-13-31 (Washington, D.C.: June 2013); and Department of State Office of Inspector General, Audit of Bureau of Population, Refugees and Migration Oversight of Selected Cooperative Agreements in Support of Colombian Refugees in Ecuador, AUD-CG-13-35 (Washington, D.C.: July 2013). [2] See GAO, Grants to State and Local Governments: An Overview of Federal Funding Levels and Selected Challenges, [hyperlink, http://www.gao.gov/products/GAO-12-1016] (Washington, D.C.: Sept. 25, 2012), which highlights and summarizes some of the grants management challenges GAO has identified over the years. In addition, see our more recent report--Cuba Democracy Assistance: USAID's Program Is Improved, but State Could Better Monitor Its Implementing Partners, [hyperlink, http://www.gao.gov/products/GAO-13-285] (Washington, D.C: Jan. 25, 2013). [3] U.S. overseas missions can encompass multiple locations, or posts, within a country. For example, the U.S. mission to Turkey comprises three posts, including an embassy in Ankara, and consulates in Istanbul and Adana. [4] We selected our sample in June 2013, when fiscal year 2012 data were the most complete data available. [5] The principal place of performance of these grants is the United States. The types of activities funded include the resettlement of refugees and the placement of foreign exchange students in schools and universities across the country. [6] For those grants of less than $25,000 where the program is short- term and the cost can reasonably be determined at the time of the award, State uses a special assistance instrument called a fixed obligation grant. This type of assistance award has different, often less stringent, reporting and other requirements than grants and cooperative agreements. [7] These 27 bureaus and offices include the U.S. Mission to the United Nations. Regional and functional bureaus oversee the grant making at the three overseas missions in our sample. [8] As defined in the Federal Financial Assistance Management Improvement Act of 1999, "federal financial assistance" includes grants, cooperative agreements, loans, loan guarantees, insurance, interest subsidies, and other forms of assistance. Pub. L. No. 106- 107, §4(3), 113 Stat. 1486 at 1487 (Nov. 20, 1999), citing §31 U.S.C. 7501(a)(5). In our evaluation, we have limited our assessment to grants and cooperative agreements and, for simplicity, refer to them as grants. [9] One bureau has established a bureau-specific grants assistance center, which serves as a repository of resources and grants- management-related information. In addition, the Public Affairs Section in the embassy in Kabul, Afghanistan, has established a Comptroller's Office that has dedicated responsibility for assisting with grants oversight and management. The office has created standard operating procedures for grants management for all public affairs offices and provides training and financial management functions. [10] According to State officials, the Office of Acquisitions Management works on a fee-for-service basis, charging 1 percent of any dollar obligated. The office currently services about 16 bureaus and offices. [11] As grants officials change assignments and locations in State and around the world, they may shift management responsibility for the awards under their oversight to new grants officials. For 23 of the 61 grant files we reviewed, grants officials transferred responsibility to new officers at least once during the life of the grant. [12] See, for example, [hyperlink, http://www.gao.gov/products/GAO-12-1016] and GAO, Iraq and Afghanistan: Agencies Face Challenges in Tracking Contracts, Grants, Cooperative Agreements, and Associated Personnel, [hyperlink, http://www.gao.gov/products/GAO-10-509T] (Washington, D.C.: Mar. 23, 2010). [13] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [14] 22 CFR Parts 135 and 145. [15] In December 2013, OMB issued new guidance for all federal assistance, including State's grants. A/OPE is required to update its regulations to reflect these changes by June 2014 and implement the changes by December 2014. According to State officials, these changes will include a greater emphasis on risk assessment. The guidance can be found at 78 Federal Register 78, 590 (Dec. 26, 2013), as well as at 2 CFR Chapter I, Chapter II, Parts 200, 215, 220, 225, and 230. This guidance supersedes and streamlines requirements from OMB Circulars A- 21, A-87, A-110, and A-122; Circulars A-89, A-102, and A-133; and the guidance in Circular A-50 on Single Audit Act follow-up. [16] For example, the Smith-Mundt Act authorizes assistance awards involving press, publications, radio, Internet, and other technology projects (see 22 U.S.C. § 1461(a)), and the Mutual Educational and Cultural Exchange Act of 1961 (22 U.S.C. § 2451 et seq.) authorizes exchange programs, such as the Fulbright Program, that increase mutual understanding between Americans and people of other countries. [17] While A/OPE's authority derives from the Foreign Affairs Manual, A/OPE articulates its guidance, procedures, and policy in its grants policy directives, its handbook, and the CFR. [18] A/OPE has issued 59 in total, but has retired 5 of them for a total of 54 active Grants Policy Directives. [19] Grants Policy Directive 59 (effective January 2012) provides guidance for Management of Contractors Supporting Grants Administration, citing our recommendation in our report GAO, Improvements Needed in Management of Contractors Supporting Contract and Grant Administration in Iraq and Afghanistan, [hyperlink, http://www.gao.gov/products/GAO-10-357] (Washington, D.C.: Apr. 2010) as the impetus for the policy. Grants Policy Directive 34 (effective October 2008) provides guidance for State's Grants Management Review program, stating that the program was initiated in response to a collection of recommendations made by us, State's Inspector General, and OMB. [20] Grant-making authorities range from level 1, for grants under $100,000, to level 7, which provides unlimited grant-making authority. Training requirements for GOs increase with each higher level of grant- making authority, reaching 120 hours of required grant management training for level 7. [21] See GAO, Grant Workforce: Agency Training Practices Should Inform Future Government-wide Efforts, [hyperlink, http://www.gao.gov/products/GAO-13-591] (Washington, D.C: June 28, 2013) for more information about State's grants management training. [22] A/OPE's Federal Assistance Policy Manual contains internal guidance, policies and standards for the award and management of State's assistance awards. [23] State's Office of the Procurement Executive, Grants Policy Directive Number 28, Revision 1. Subject: Roles and Responsibilities for the Award and Administration of Federal Assistance. Effective Sept. 21, 2010. [24] Our sample is nongeneralizable and did not allow us to determine whether there were any statistically significant differences by factors such as bureau and award size. [25] The Corruption Perception Index ranks countries around the world according to the degree of corruption that is perceived to exist among public officials and politicians on an annual basis. [26] Risk-level determination is one way to assess risks, but State has little guidance on how to determine any risk level other than high. Furthermore, the web-based grants management system that State has begun using for grants management does not require GOs to document the risk level they have assigned to a grant. The paper-based checklist that the web-based system is replacing in part also does not require GOs to document a risk-level determination. Only 12 of the 61 grant files we reviewed included a risk-level determination: 4 grants had a high-risk recipient, 3 had a high-risk project, and 5 had a low- or relatively low-risk recipient. Three additional grants were marked "Not a high risk recipient" although they did not include any final risk-level determination. Of the 49 grants without a final risk-level determination, we found that some had risk factors present, including a lack of experience in managing a U.S. government grant. [27] The Single Audit Act, as amended, requires each reporting entity that expends $500,000 or more in federal awards, including grants, in a fiscal year to obtain an annual "single audit," which includes an audit of the entity's financial statements, a schedule of the expenditure of federal awards, and a review of related internal controls. The report is prepared in accordance with OMB's implementing guidance in OMB Circular No. A-133, Audits of States, Local Governments, and Non-Profit Organizations, which provides guidance to auditors on selecting federal programs for audit and the related internal control and compliance audit procedures to be performed. This circular does not apply to non-U.S.-based entities expending federal awards received either directly as a recipient or indirectly as a subrecipient (OMB Cir. A-133 rev. 2007). [28] State's Grant Policy Directive Number 42: Monitoring Assistance Awards indicates that the monitoring plan templates are illustrative and may be tailored for use. [29] Our file review did not assess the accuracy of the information in the checklist. However, we made note of any required information that was missing, such as the grant purpose, grant amount, or project period. [30] State's Grant Policy Directive Number 5: Competition Requirements for Assistance Awards encourages competition in awarding grants and cooperative agreements and lists permitted exceptions to this rule. It also provides a blank copy of the required memos for documenting decisions to use limited or no competition in certain circumstances. [31] See GAO, Department of State: Human Capital Strategy Does Not Recognize Foreign Assistance Responsibilities, [hyperlink, http://www.gao.gov/products/GAO-07-1153] (Washington, D.C: September 2007) for more information about grants officers' workloads. [32] In March 2014, State's Office of Inspector General (IG) issued a Management Alert on contract file management deficiencies. Through recent audits, investigations, and inspections, the IG has found that contract files also lack required documentation. To hold contracting officials accountable and require them to update contract files in accordance with federal and department policies, the Management Alert recommends that A/OPE develop and implement a process to randomly sample and verify the completeness of contract files, as well as provide the results of these reviews to the appropriate bureaus and offices. See Department of State and the Broadcasting Board of Governors, Office of Inspector General, Management Alert (Contract File Management Deficiencies), MA-A-0002 (Washington, D.C.: Mar. 20, 2014). [33] The State Assistance Management System is a Department of Health and Human Services system, but State officials told us that State has created a steering committee to provide suggestions for improvements to the system. [34] Office of the Procurement Executive, Grants Policy Directive Number 34. Subject: Grants Management Reviews. Effective October 28, 2008. [35] According to a senior A/OPE Office of Federal Assistance official, the office consists of nine staff and, in addition to conducting these compliance reviews, those nine staff are responsible for developing policies and guidance for all of State's grant programs, ensuring compliance with this guidance, implementing training for grants management officials, and appointing warranted grants officers to approve grants. [36] The two bureaus A/OPE reviewed prior to establishing the GMR program--between 2001 and 2008--were AQM and PRM. The 10 bureaus and offices at which A/OPE completed GMRs between 2008 and February 2014 were: the Bureau of Democracy, Human Rights, and Labor; the Bureau of Diplomatic Security; ECA; INL; the Bureau of International Security and Nonproliferation (ISN), Office of Exports Control Cooperation; Office to Monitor and Combat Trafficking in Persons; NEA/MEPI; the Office of Overseas Schools; the Bureau of International Information Programs; and PM/WRA. As of March 2014, A/OPE had completed GREATs in: Accra, Addis Ababa, Ankara, Baghdad, Bangkok, Berlin, Bucharest, Buenos Aires, Cairo, Dushanbe, Frankfurt, Guatemala City, Jerusalem, Kabul, Kinshasa, Kuwait City, London, Luxembourg, Mexico City, Montevideo, Moscow, Nairobi, New Delhi, Ottawa, Panama City, Paris, Quito, Rome and the Holy See, San Salvador, Santo Domingo, Sarajevo, Sofia, Tel Aviv, Tunis, Warsaw, Yerevan, and Zagreb. There were 44 bureaus and posts covered by 50 reviews because A/OPE conducted 6 follow-up reviews. Specifically, A/OPE conducted two GMRs at AQM, and two GREATs in each of the following: Moscow, Mexico City, San Salvador, Panama City, and Paris. [37] For a summary of findings in these 10 bureaus and posts, see app. II. [38] For the purposes of this report, the term "grants" refers to both grants and cooperative agreements. [39] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] Washington, D.C.: November 1999). [40] State issued 59 in total, but retired 5 of them. [41] U.S. overseas missions can encompass multiple locations, or posts, within a country. For example, the U.S. mission to Turkey comprises three posts, including an embassy in Ankara, and consulates in Istanbul and Adana. [42] We selected our sample in June 2013 when fiscal year 2012 data were the most complete data available. [43] The principal place of performance of these grants is the United States. The types of activities funded include the resettlement of refugees and the placement of foreign exchange students in schools and universities across the country. [44] For those grants less than $25,000 where the program is short- term and the cost can reasonably be determined at the time of the award, State uses a special assistance instrument called a fixed obligation grant. This type of assistance award has different, often less stringent, reporting and other requirements than grants and cooperative agreements. [45] There were 14 bureaus involved in the management of the 61 grants in our sample, as well as three posts in Afghanistan, Cambodia, and Turkey. The 19 grants in Afghanistan involved the Kabul post; the Bureau of International Narcotics and Law Enforcement (INL); the Bureau of South and Central Asian Affairs; the Bureau of Political- Military Affairs, Office of Weapons Removal and Abatement (PM/WRA); and the Office of Acquisitions Management (AQM) managing on behalf of the Bureau of International Security and Nonproliferation's (ISN) Office of Cooperative Threat Reduction. The 10 grants in Cambodia involved the Office of Overseas Schools; PM/WRA; the Bureau of East Asian and Pacific Affairs; and AQM managing grants for the Bureau of Counterterrorism and the Bureau of Democracy, Human Rights, and Labor. The 19 grants in Turkey involved the Bureau of European and Eurasian Affairs; the Bureau of Population, Refugees, and Migration (PRM); and AQM managing grants for the Bureau of Conflict and Stabilization Operations; Bureau of Counterterrorism; and the Bureau of Oceans and International Environmental and Scientific Affairs. And the 13 grants in the United States involved the Bureau of Educational and Cultural Affairs (ECA); PRM; and AQM managing for the Bureau of Democracy, Human Rights, and Labor and the Bureau of African Affairs. AQM and the Office of Overseas Schools are in the Bureau of Administration. [46] Regional and functional bureaus oversee the grant making at the three overseas missions in our sample. The 27 bureaus and offices are: the Bureau of African Affairs; the Bureau of Conflict and Stabilization Operations; the Bureau of Counterterrorism; the Bureau of Democracy, Human Rights, and Labor; the Bureau of Diplomatic Security; the Bureau of East Asian and Pacific Affairs; the Bureau of Economic and Business Affairs; ECA; the Bureau of Energy Resources; Bureau of European and Eurasian Affairs; the Bureau of Human Resources; the Bureau of Intelligence and Research; INL; the Bureau of International Organization Affairs; ISN; the Bureau of Near East Affairs (NEA); the Bureau of Oceans and International Environmental and Scientific Affairs; the Bureau of Overseas Building Operations; PM/WRA; PRM; the Bureau of Public Affairs; the Bureau of South and Central Asian Affairs; the Bureau of Western Hemisphere Affairs; the Bureau of Administration, which includes AQM, the Office of Overseas Schools, and A/OPE; the Office of the Secretary; the Office to Monitor and Combat Trafficking in Persons; and the U.S. Mission to the United Nations. [47] See table 1. [48] One bureau in our sample had multiple grants that we reviewed. Each grant had a monitoring plan, although most of those plans did not fully adhere to State's guidance on risk mitigation and monitoring. [49] For an overview of some of our file review findings, see app. II. [50] Some grants in our sample did not have a GOR or a program officer. [51] See appendix II for a summary of this analysis of the 10 reports. [52] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. [53] State issued 59 in total, but retired 5 of them. [54] Control activities include establishment and review of performance measures and indicators-the monitoring that grants officials conduct on recipients. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO's actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO's website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]