The Office of the Inspector General (OIG) published a first audit of the Global Fund’s Grant Operating System (GOS) on 3 June 2020. Developed by external vendors, the GOS is a customized enterprise resource planning tool on a cloud-based platform that the Secretariat uses to manage and monitor grants. In 2016, the Secretariat created Project AIM (Accelerated Integration Management) to govern, oversee and support the development of the GOS; Project AIM was dismantled in 2019.
The GOS is comprised of modules that external parties, such as Local Fund Agents can access in order to share information and to collaborate in a structured manner. The GOS integrates grant management and financial systems and improves reporting required for decision making. In order for the system to function optimally it is necessary to regularly complete Systems Development Life Cycle (SDLC) activities. These are a sequence of phases that are necessary for the functioning and maintenance of the system. These include validating requirements, developing design documents, and testing, in order to translate business requirements into an IT system or application. Due to limited oversight of the system development process, user experience issues and deficiencies in testing, the efficiency and effectiveness of the GOS system has been impacted.
The Grant Operating System (GOS) is “partially effective”
The OIG rated the Secretariat’s governance structures and capacity to maintain the delivery and support of the GOS as “partially effective.” After the project AIM was dismantled, there was lack a of capacity and clarity on the roles and responsibility of existing Secretariat functions to take over the work that project AIM used to do.
The OIG has found the effectiveness and efficiency of the GOS “partially effective” because the system is functional. However, incident management “is still weak”. The responsibility for incidents is shared by different teams within the Secretariat. System issues such as “incorrect data” reported by the software have been reported. Other issues like “system bugs” are logged with the Information Technology (IT) department, but solved by external vendors.
The OIG used a four-tier rating as follows: ineffective, needs significant improvement, partially effective, and effective.
Agreed Management Actions (AMA)
The OIG and the Secretariat agreed on several management actions that will focus on:
- The development of a clear Systems Development Life Cycle operational methodology
- The provision of comprehensive guidance and the establishment of targets for incident management and resolution
- The development of key policies on user access management, disaster recovery and backup
The audit report Audit of the Global Fund’s Grant Operating System (GF-OIG-20-014) 3 June 2020 Geneva, Switzerland