Purpose and Mission
The Better Utilization of Investments Leading to Development (BUILD) Act of 2018 (P.L. 115-254), and the Inspector General Act of 1978 (P.L. 95-452), as amended, require the U.S. International Development Finance Corporation (DFC) to have an Inspector General (IG).
The Office of the Inspector General’s (OIG’s) mission is to provide independent oversight of DFC’s programs and operations. This involves:
- Ensuring DFC meets standards for IT security, regulatory compliance, and reporting accuracy
- Preventing waste, fraud, and abuse
- Promoting economy, effectiveness, and efficiency
- Keeping DFC’s Board of Directors, DFC’s CEO, and the U.S. Congress fully and currently informed
Accordingly, the IG Act requires the IG to independently and objectively:
- Conduct audits and investigations of DFC programs and operations
- Report OIG activities to the DFC Board of Directors, DFC Management, and Congress on a regular basis including through semiannual reports issued March 31 and September 30 each year
- Consult with DFC management on activities designed to promote economy, efficiency, and effectiveness or that combat fraud and abuse
- Authorities and Responsibilities
IGs are nonpartisan and are selected without regard to political affiliations. Although OIGs are located within their agencies, they must operate as independent entities to provide credible oversight.
Under the IG Act, IGs are given broad statutory authorities, including access to all agency records and information. IGs also have the authority to subpoena relevant documents and information from non-federal organizations and individuals. Among other powers, IGs are authorized to:
- Obtain access to information and documents within their agency in relation to any program or operations over which the IG has responsibility
- Request information or assistance from any federal, state, or local agency
- Subpoena records and documents from any non-federal entity or individual
- Take statements under oath
- Have direct and prompt access to the agency head for any purpose pertaining to the IG’s responsibilities
- Select, appoint, and employ officers and employees as necessary to carry out the functions, powers, and duties of the OIG
- OIG Reports, Correspondence, and Recommendations
The OIG communicates its work through a variety of written reports such as:
- Audit, investigative, and inspection/evaluation reports prepared in accordance with professional standards
- Semiannual reports to Congress that describe the work of the OIG within the reporting period
- Immediate correspondence to the agency head to report egregious and flagrant problems and/or abuses. The agency head then transmits this reporting, along with any comments by the agency head, to Congress within seven days.
The OIG also must report:
- Any unreasonable refusal within the agency to provide information to the agency head
- Suspected violations of federal criminal law to the Attorney General
The OIG makes recommendations in its reports to improve the efficiency and effectiveness of agency programs and help identify questioned costs and funds that could be put to better use. The aim is to spur audited agencies to take corrective actions, which allows the OIG to close the recommendations. Open recommendations may be resolved or unresolved:
- An open recommendation is resolved when the OIG agrees with the agency's plan of action
- An open recommendation is unresolved when the agency has yet to share a plan of action or the OIG disagrees with the plan
Recent Reports, Correspondence, and Recommendations
- Announcement Memo - Audit of DFC's FY21 Compliance with FISMA of 2014 - February 5, 2021
- DFC FY20 FISMA Final Report - January 28, 2021
- Response to Senator Warren - December 2, 2020
- DFC Semiannual Report to Congress - October 30, 2020
- Memo to DFC Staff Regarding the Role of DFC OIG - August 20, 2020
Report Title Report Number Date of Report Recommendation Number Recommendation OPIC Implemented Controls in Support of FISMA for Fiscal Year 2017 but Improvements Are Needed A-OPC-17-007-C 9/28/2017 1 OPIC's chief information officer remediate network vulnerabilities identified by the Office of Inspector General's contractor, as appropriate, or document acceptance of the risks of those vulnerabilities. OPIC Investments Increased Chile’s Energy Capacity, but Weak Processes and Internal Controls Diminish OPIC’s Ability To Gauge Project Effects and Risks 9-OPC-19-002-P 2/1/2019 5 OPIC implement a performance management framework that complies with the Government Performance and Results Modernization Act of 2010 and enables OPIC to fully capture its goals and report on progress in achieving its mission. 9-OPC-19-002-P 2/1/2019 6 OPIC implement a process with a sound methodology for validating data provided by borrowers in the self-monitoring questionnaire, and strengthen procedures for timely submissions. 9-OPC-19-002-P 2/1/2019 11 OPIC conduct and document a review of the Office of Investment Policy's guidance to identify any gaps and check for consistency among other offices' related guidance, and update as necessary. 9-OPC-19-002-P 2/1/2019 14 OPIC implement a system to track the receipt, review, and certification of all project deliverables, including third-party reports. 9-OPC-19-002-P 2/1/2019 15 OPIC develop and implement a borrower evaluation system that contains information on performance, including violations, repayment history, compliance, and development impact. Develop a policy requiring this information to be used in the review process for future deals with reoccurring borrowers. OPIC Has Generally Implemented Controls in Support of FISMA for Fiscal Year 2018 A-OPC-19-006-C 1/30/2019 1 OPIC's chief information officer document and implement a process to update its Privacy Impact Assessments for the Corporation's information systems. A-OPC-19-006-C 1/30/2019 2 OPIC's chief information officer remediate patch and configuration vulnerabilities in the network identified by the Office of Inspector General, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities. A-OPC-19-006-C 1/30/2019 3 OPIC's chief information officer document and implement a process to verify that patches are applied in a timely manner. A-OPC-19-006-C 1/30/2019 4 OPIC's chief information officer document and implement a process to verify (1) the account management system is updated promptly to support the management of information system accounts and (2) inactive accounts are promptly disabled after 30 days in accordance with the Corporation's access control procedures. A-OPC-19-006-C 1/30/2019 7 OPIC's chief information officer conduct (1) contingency training and (2) a test of the information system contingency plan in accordance with OPIC's policy. A-OPC-20-003-C 1/16/2020 2 Implement asset management procedures to include processes for_x000D_ ensuring information system assets are inventoried on an organization-defined frequency. DFC Generally Implemented an Effective Information Security Program for Fiscal Year 2020 in Support of FISMA
A-DFC-21-005-C 1/28/2021 1 Review and update privacy policies and breach response procedures to accurately reflect the Corporation’s operating environment. A-DFC-21-005-C 1/28/2021 2 Implement a process to validate completion of rules of behavior and security and privacy awareness training prior to providing system access. A-DFC-21-005-C 1/28/2021 3 Implement multifactor authentication for network access for privileged accounts. A-DFC-21-005-C 1/28/2021 4 Implement session disconnect for virtual private network connections to comply with DFC requirements
- Whistleblower Rights and Protections
Employees of DFC and their contractors, subcontractors, and borrowers may report what they reasonably believe to be evidence of wrongdoing, without reprisal for doing so.
Protections and remedies for whistleblowers vary by category:
- Federal Employees (Direct hires)
- Nonfederal Employees (Employees of contractors, subcontractors, and borrowers)
By law, most OIGs must designate a Whistleblower Protection Coordinator. The current Coordinator is based within USAID OIG. Duties include:
- Educating employees under DFC OIG’s oversight jurisdiction about prohibitions on retaliation for protected disclosures, as well as educating specific employees who have made or are contemplating making a protected disclosure about the rights and remedies against retaliation for protected disclosures
- Assisting the IG in promoting the timely and appropriate handling and consideration of protected disclosures and allegations of reprisal, to the extent practicable, by the IG
- Coordinating with the U.S. Office of Special Counsel, the Council of the Inspectors General on Integrity and Efficiency, DFC, Congress, and other relevant entities regarding the timely and appropriate handling of protected disclosures, allegations of reprisal, and general matters regarding the implementation of whistleblower protection laws, rules, and regulations
Please note that the Whistleblower Protection Coordinator is prohibited from acting as an employee’s or former employee’s legal representative, agent, or advocate.
Reports concerning wrongdoing by DFC employees or within DFC programs can always be submitted directly to the OIG Hotline.
The OIG Hotline is available for reporting complaints of fraud, waste, or abuse in our client agency's programs and operations. These infractions include mismanagement or violations of law, rules, or regulations by employees or program participants.
Office of the Inspector General
1100 New York Avenue, NW
Washington, DC 20527