As part of its annual workplan, the Office of Internal
Audit audited WFP cooperating partners’ digital and data
processing risks. The audit focused on the adequacy,
efficiency and effectiveness of WFP governance, risk
management and internal controls to mitigate cooperating
partners’ digital and data processing risks. WFP routinely
relies on its cooperating partners’ processes and
technology to process and safeguard beneficiaries’
personally identifiable information. WFP’s cooperating
partners process a large amount of personally identifiable
information, including current and prospective
beneficiaries' personal data. Protecting this
information is a fundamental duty of care to those WFP
serves. Therefore, it is incumbent on WFP to ensure
beneficiaries' privacy rights and personal data are
safeguarded and processed by its cooperating partners in a
manner that does not compromise its confidentiality,
availability and integrity. Breaches in privacy could have
profound consequences for individual beneficiaries or
beneficiary communities and impact WFP's mission
objectives. Based on the results of the audit, the Office
of Internal Audit has come to an overall conclusion of
major improvement needed.