The Government Accountability Office (GAO) flagged 13 open recommendations for improvement for the State Department as of May 2022 in an annual report on the agency, including recommendations for improving data quality and cybersecurity.
The new report, which is updated annually by GAO, identifies six new recommendations for the agency to go along with others made in May 2021. In the 2021 report, GAO made 11 priority recommendations, and the State Department has since implemented four of those recommendations.
According to GAO, action by the State Department to improve data quality will assist in determining whether programs are achieving their intended results, and improve reporting, analysis, and oversight.
To improve data quality, GAO recommends that State:
- Should “analyze available diplomatic cable data from overseas posts to identify posts at risk of improper payments for hardship pay, identify any improper payments, and take steps to recover and prevent them;”
- Direct the Bureau of International Narcotics Law Enforcement Affairs to identify and address factors affecting democracy assistance data reliability; and
- Ensure the U.S. Global AIDS Coordinator sets up standard, documented procedures for fully tracking and verifying the President’s Emergency Plan for AIDS Relief program-level budget data.
State agreed to these recommendations, and will take steps to fully implement them.
GAO also highlighted that recent high-profile cyberattacks in the public and private sectors amplify the need to address weaknesses in Federal cybersecurity programs.
“In March 2021, we reported that the Federal government needs to urgently pursue critical actions to address the nation’s major cybersecurity challenges, including fully implementing a national cyber strategy and clearly defining a central role for leading the implementation of the national strategy,” wrote GAO.
“State could improve efforts to identify critical IT and cyber-related workforce needs to better protect against cyber threats,” GAO added.
GAO’s recommendations to State for cybersecurity priorities include:
- Completing the appropriate assignment of codes to positions performing IT, cybersecurity, or cyber-related functions;
- Establishing and documenting a process for coordinating between cybersecurity risk management and enterprise risk management functions; and
- Ensuring State involves Federal agencies that contribute to cyber diplomacy to obtain their views and identify risks.
State fully agreed to these cyber recommendations, and will take steps to fully implement them.