Audit of Department of State FY 2022 Compliance With the Geospatial Data Act of 2018

What OIG Audited
The Geospatial Data Act of 2018 (GDA) requires Federal agencies that collect, produce, acquire, maintain, distribute, use, or preserve geospatial data to comply with certain requirements. GDA is designed to promote geospatial data sharing, and to encourage the use of existing geospatial data when possible. Among other things, GDA requires covered agencies, including the Department of State (Department), to (1) comply with geospatial data standards developed by the Federal Geographic Data Committee, (2) comply with 13 responsibilities, and (3) limit use of federal funds associated with geospatial data that do not comply with applicable standards. GDA also requires inspectors general to audit covered agencies’ compliance with GDA every 2 years.

The Office of Inspector General (OIG) conducted this audit to determine whether the Department, defined as a covered agency in GDA, complied with the 13 covered agency responsibilities in accordance with Section 759(a) of GDA, codified at 43 U.S. Code § 2808(a).

What OIG Recommends
OIG made four recommendations to address the internal control deficiencies identified. On the basis of the Bureau of Intelligence and Research’s (INR) response to a draft of this report, OIG considers the four recommendations resolved, pending further action. A synopsis of INR’s responses to the recommendations offered and OIG’s reply follow each recommendation in the Audit Results section of this report. INR’s response to a draft of this report is included in its entirety in Appendix C.

What OIG Found
The Department has partially complied with the 12 applicable covered agency responsibilities required by Section 759(a) of the GDA, codified at 43 U.S. Code § 2808(a). While there are 13 responsibilities, one responsibility related to declassifying geospatial data does not apply to the Department. Specifically, OIG found that the Department is fully compliant with 6 of 12 applicable covered agency responsibilities and is making progress in complying with the remaining 6 responsibilities. Since the first OIG audit issued in FY 2020, the Department developed a Geospatial Data Strategy, established the GeoState portal, facilitated data sharing with federal and non-federal entities, supported internal and external partnerships, promoted application of geospatial assets to support various activities, and appointed the Department’s Geographer with the authority to lead GDA implementation efforts. However, the Department was not in compliance with the remaining responsibilities in the GDA, which include records retention, resource allocation, use of data standards, privacy protections, non-duplication of data, and data quality.

The Department has not fully complied with all responsibilities, in part, because of an inadequate internal control environment. Specifically, the Department lacks dedicated funding to facilitate compliance with its GDA responsibilities. Additionally, the Department does not have adequate control activities in place, such as documented policies and procedures. Instead, bureaus follow informal or general practices to carry out many of the GDA responsibilities. The Department also has not approved existing procedures for the geospatial processing of its key dataset. Finally, the Department needs to improve controls around its information-sharing and communication practices. Specifically, it lacks a comprehensive plan to maximize information that it obtains about geospatial data and related activities.

Until all applicable GDA responsibilities are fulfilled, the Department will not be fully prepared to provide timely, accurate, and high-quality geospatial data to both internal and external stakeholders as envisioned.