DoD’s Financial Audit – IT Issues and Opportunities

Federal agencies are required to conduct audits of their financial statements under the Chief Financial Officers Act of 1990, but the DoD has been a long-term holdout to comply, sighting their size and complexity. Congress has kept up the pressure, including mandates in the FY 2010 National Defense Authorization Act (NDAA.) With the release of their Agency Financial Report (AFR) for Fiscal Year (FY) 2018 the DoD has finally completed their first department-wide audit.

Under the effort more than 1,200 auditors conducted over 900 site visits at over 600 locations across the DoD and examined hundreds of thousands of items, according to the media release from the DoD. The Department-wide report consolidates twenty-one individual audits spanning defense agencies, military department, combatant commands and other DoD components.

The results show that five organizations – the U.S. Army Corps of Engineers – Civil Works; the Military Retirement Fund; Defense Health Agency – Contract Resource Management; Defense Contract Audit Agency; and the Defense Finance and Accounting Services Working Capital Fund – received clean audits, i.e. they passed. Two others – the Medicare-Eligible Retiree Health Care Fund and the Defense Commissary Agency – received modified opinions, i.e. they don’t follow all the accounting rules, but there was no fraud detected.

The FY 2018 audit determined that the DoD owns and manages $2.8 trillion in assets. The Department’s FY 2018 total budgetary resources reached nearly $1.3 trillion, including $863.6 billion in discretionary and mandatory budget appropriations and $388.8 billion in unobligated funds from prior year budgets, offsetting collections, etc.

Given that only five of twenty-one organizations passed the audit has led most to conclude that the DoD gets an overall failing grade. But DoD officials were quick to point out the merits of successfully completing their first-ever department-wide audit amidst skepticism and that no one expected them to actually pass, given the size, scope and complexity of the enterprise. They assert that this audit will serve as a baseline for future improvements across multiple areas.

Implications

The whole DoD audit process has brought persistent IT issues to the forefront, several of which have been challenges within their IT portfolio for years, including enterprise business systems, cybersecurity and cloud infrastructure. Strengthening security and standardizing their cloud approach, i.e. the Joint Enterprise Defense Infrastructure (JEDI) effort, are two high priorities underscored by the whole audit process, according to Deputy Secretary of Defense Patrick Shanahan.

The audit is also driving DoD to use new and improved data systems which opens up opportunities for data analytics. The audit forced the department to switch to systems that produce transaction-level activity in order to get to reliable information, rather than relying on summary reports as in the past. The more granular data opens up possibilities for data analytics to enable better decision-making, capabilities that the DoD will continue to explore, according to DoD Comptroller David Norquist.

Norquist has also noted that they are looking hard at any cybersecurity vulnerabilities that come to light in the audit. “If you fielded one of those systems that is vulnerable to cyber intrusions, that is filled with errors in the way it is set up, we need to talk,” Norquist said, "because you’re one of the reasons we’re not passing the audit, and we need you to fix it.”