Foreign Assistance: USAID Should Strengthen Risk Management in Conflict Zones

What GAO Found

The U.S. Agency for International Development (USAID) has standard processes to assess risks to its delivery of assistance in countries worldwide. In countries affected by violent conflict, factors such as attacks on aid facilities can complicate delivery of assistance. Certain USAID processes target specific types of risk, including fiduciary risks such as fraud, counterterrorism- or sanctions-related risks, and security risks. However, GAO found that, contrary to leading practices, USAID did not comprehensively assess or document, in fraud risk profiles, the relevant fraud risks affecting its assistance in the three conflict-affected countries GAO selected for its review—Nigeria, Somalia, and Ukraine. As a result, USAID cannot ensure it has identified and is mitigating all relevant fraud risks in these countries.

Funding Obligated by Selected USAID Bureaus and Missions, Fiscal Year 2023

Note: Selected bureaus are the Bureau for Humanitarian Assistance and the Bureau for Conflict Prevention and Stabilization. Amounts shown have been rounded to the nearest million.

USAID bureaus and missions providing assistance overseas have controls to prevent and detect fiduciary, counterterrorism- or sanctions-related, and security risks, but their ability to conduct direct oversight in conflict zones is limited. Therefore, they rely largely on remote techniques, such as third-party monitoring for oversight. However, an absence of guidance for using third-party monitoring to detect risks has led to varying use and knowledge of this method. In addition, while the Nigeria and Ukraine missions conduct financial reviews to detect fiduciary risks, the Somalia mission has not. Additional oversight in conflict zones would strengthen USAID's ability to detect risks of misuse or diversion.

USAID's Bureaus for Humanitarian Assistance and for Conflict Prevention and Stabilization have formal mechanisms to share lessons learned about risk management in conflict zones, but USAID does not have such a mechanism for its missions in conflict-affected countries. The bureaus share these lessons through risk-focused groups, among other means. USAID missions primarily identify lessons learned from staff's prior experiences in conflict zones. Without a mechanism to systematically share lessons learned across conflict zones, conflict-affected missions will not benefit from valuable practices employed in other conflict zones and may unnecessarily make or repeat mistakes.

Why GAO Did This Study

In 2023, USAID obligated about $26 billion to assist 19 countries experiencing violent conflict. Limitations on USAID's ability to directly oversee its assistance in conflict-affected areas increase the risk of misuse or diversion. USAID has documented its commitment to protect the integrity of foreign assistance, steward taxpayer funds, and manage risks of fraud and corruption.

GAO was asked to review USAID's risk management in conflict zones. This report evaluates the extent to which USAID has processes for assessing risks to assistance delivery in conflict zones; controls to prevent and detect such risks; and mechanisms for sharing lessons learned about risk management in conflict zones.

GAO reviewed documents and interviewed agency officials. GAO also conducted site visits and reviewed a sample of USAID-funded awards for Nigeria, Somalia, and Ukraine. GAO based its selection of these countries on factors such as the prevalence of conflict. In addition, GAO compared USAID's processes and controls to guidance for fraud risk management in federal programs, USAID policies and guidance, and standards for internal control in the federal government.