Skip to main content

Foreign Assistance: USAID Should Strengthen Risk Management in Conflict Zones

GAO-24-106192 Published: Apr 30, 2024. Publicly Released: Apr 30, 2024.
Jump To:

Fast Facts

The U.S. Agency for International Development has standard processes to manage risks to its delivery of assistance in countries worldwide. But in countries affected by violent conflict, dangerous conditions can limit USAID's ability to directly oversee its assistance—increasing the risk of fraud or corruption.

We reviewed how USAID manages risks, particularly in 3 countries currently experiencing violent conflict: Nigeria, Somalia, and Ukraine. We found that USAID didn't comprehensively assess and document relevant fraud risks in these countries. Doing so can help safeguard assistance.

We recommended that USAID take these and other actions.

Food Deliveries in Ukraine

Skip to Highlights

Highlights

What GAO Found

The U.S. Agency for International Development (USAID) has standard processes to assess risks to its delivery of assistance in countries worldwide. In countries affected by violent conflict, factors such as attacks on aid facilities can complicate delivery of assistance. Certain USAID processes target specific types of risk, including fiduciary risks such as fraud, counterterrorism- or sanctions-related risks, and security risks. However, GAO found that, contrary to leading practices, USAID did not comprehensively assess or document, in fraud risk profiles, the relevant fraud risks affecting its assistance in the three conflict-affected countries GAO selected for its review—Nigeria, Somalia, and Ukraine. As a result, USAID cannot ensure it has identified and is mitigating all relevant fraud risks in these countries.

Funding Obligated by Selected USAID Bureaus and Missions, Fiscal Year 2023

Funding Obligated by Selected USAID Bureaus and Missions, Fiscal Year 2023

Note: Selected bureaus are the Bureau for Humanitarian Assistance and the Bureau for Conflict Prevention and Stabilization. Amounts shown have been rounded to the nearest million.

USAID bureaus and missions providing assistance overseas have controls to prevent and detect fiduciary, counterterrorism- or sanctions-related, and security risks, but their ability to conduct direct oversight in conflict zones is limited. Therefore, they rely largely on remote techniques, such as third-party monitoring for oversight. However, an absence of guidance for using third-party monitoring to detect risks has led to varying use and knowledge of this method. In addition, while the Nigeria and Ukraine missions conduct financial reviews to detect fiduciary risks, the Somalia mission has not. Additional oversight in conflict zones would strengthen USAID's ability to detect risks of misuse or diversion.

USAID's Bureaus for Humanitarian Assistance and for Conflict Prevention and Stabilization have formal mechanisms to share lessons learned about risk management in conflict zones, but USAID does not have such a mechanism for its missions in conflict-affected countries. The bureaus share these lessons through risk-focused groups, among other means. USAID missions primarily identify lessons learned from staff's prior experiences in conflict zones. Without a mechanism to systematically share lessons learned across conflict zones, conflict-affected missions will not benefit from valuable practices employed in other conflict zones and may unnecessarily make or repeat mistakes.

Why GAO Did This Study

In 2023, USAID obligated about $26 billion to assist 19 countries experiencing violent conflict. Limitations on USAID's ability to directly oversee its assistance in conflict-affected areas increase the risk of misuse or diversion. USAID has documented its commitment to protect the integrity of foreign assistance, steward taxpayer funds, and manage risks of fraud and corruption.

GAO was asked to review USAID's risk management in conflict zones. This report evaluates the extent to which USAID has processes for assessing risks to assistance delivery in conflict zones; controls to prevent and detect such risks; and mechanisms for sharing lessons learned about risk management in conflict zones.

GAO reviewed documents and interviewed agency officials. GAO also conducted site visits and reviewed a sample of USAID-funded awards for Nigeria, Somalia, and Ukraine. GAO based its selection of these countries on factors such as the prevalence of conflict. In addition, GAO compared USAID's processes and controls to guidance for fraud risk management in federal programs, USAID policies and guidance, and standards for internal control in the federal government.

Recommendations

GAO is making nine recommendations to USAID, including that it comprehensively assess and document fraud risks, provide guidance on third-party monitoring of risks, and develop a mechanism for systematically sharing risk-related lessons learned for use in conflict zones. USAID concurred with these recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
U.S. Agency for International Development The USAID Administrator should ensure that BHA conducts comprehensive assessments of fraud risks relevant to its responses in Nigeria, Somalia, and Ukraine and develops response-specific fraud risk profiles based on those assessments. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
U.S. Agency for International Development The USAID Administrator should ensure that CPS conducts a comprehensive assessment of fraud risks relevant to its program in Ukraine and develops a program-specific fraud risk profile based on that assessment. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
U.S. Agency for International Development The USAID Administrator should ensure that the USAID Nigeria mission conducts comprehensive assessments of fraud risks relevant to its programs and develops program-specific fraud risk profiles based on those assessments. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
U.S. Agency for International Development The USAID Administrator should ensure that the USAID Somalia mission conducts comprehensive assessments of fraud risks relevant to its programs and develops program-specific fraud risk profiles based on those assessments. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
U.S. Agency for International Development The USAID Administrator should ensure that the USAID Ukraine mission conducts comprehensive assessments of fraud risks relevant to its programs and develops program-specific fraud risk profiles based on those assessments. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
U.S. Agency for International Development The USAID Administrator should ensure that the USAID Somalia mission develops a risk-based process for conducting financial reviews. (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
U.S. Agency for International Development The USAID Administrator should ensure that the Assistant to the Administrator of the Bureau for Planning, Learning, and Resource Management updates its third-party monitoring guidance to incorporate methods for detecting fiduciary, counterterrorism- or sanctions-related, and security risks into third-party monitoring contracts. (Recommendation 7)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
U.S. Agency for International Development The USAID Administrator should ensure that the Assistant to the Administrator of the Bureau for Planning, Learning, and Resource Management creates guidance based on a review of available remote monitoring tools for USAID missions to detect fiduciary, counterterrorism- or sanctions-related, and security risks in nonpermissive environments. (Recommendation 8)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
U.S. Agency for International Development The USAID Administrator should develop a mechanism for systematically sharing lessons learned among conflict-affected missions related to the management of risks that are common across conflict zones. (Recommendation 9)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Full Report

GAO Contacts

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Topics

Compliance oversightCorruptionCounterterrorismForeign assistanceInternational organizationsLessons learnedPerformance monitoringRisk managementSecurity risksTerrorists