INSPECTOR GENERAL’S OFFICE
The Office of Inspector General conducted an audit of USAID's Federal Information Security Management Act of 2002 Action Plan.
2014 · 3 pages

Abstract
The audit was performed in accordance with U.S. Government auditing standards by the independent certified public accounting firm of Cotton & Company LLP. The objective of the audit was to assess USAID's progress in implementing its Federal Information Management Security Act of 2002 (FISMA) action plan. The audit found that USAID had not fully implemented all activities and related milestones identified in the plan. As of the May 5, 2014, status report, USAID had completed 16 of 48 activities tracked in the report, with 5 more activities reported as late. Despite making progress in implementing the plan, several problems were identified. The Office of Inspector General made four recommendations to address these issues, and USAID made management decisions on each of the recommendations. The audit identified several areas of concern, including the need for improved risk management and the implementation of a comprehensive security awareness program. Additionally, the audit found that USAID's information security program lacked adequate documentation and oversight. The Office of Inspector General recommended that USAID take steps to address these issues, including developing a comprehensive risk management plan and implementing a security awareness program. The audit also found that USAID's information security program was not adequately funded, with insufficient resources allocated to support the implementation of the FISMA action plan. The Office of Inspector General recommended that USAID request additional funding to support the implementation of the plan. The audit concluded that USAID's progress in implementing the FISMA action plan was limited, and that additional efforts were needed to address the identified problems. The audit report was issued on November 5, 2014, and was intended to provide a comprehensive assessment of USAID's progress in implementing its FISMA action plan. The report was designed to provide recommendations to USAID management to improve the agency's information security program and to ensure compliance with FISMA requirements.
Classification

USAID DEC