Financial Management: DOD Needs to Implement Comprehensive Plans to Improve Its Systems Environment
Fast Facts
Department of Defense financial management has been on our High Risk List since 1995 in part because of deficiencies found in its supporting information systems. DOD uses these systems to report its spending and assets.
DOD's Inspector General and other auditors found the data used for the military services' FY 2019 financial statements unreliable. They identified new and ongoing deficiencies in 2,100 audit findings.
DOD doesn't track how much it spends on the systems. But we calculated it could be at least $2.8 billion in FY 2020.
We made 6 recommendations, including that DOD develop a road map for implementing its improvement strategy.
Highlights
What GAO Found
Data supporting the Department of Defense's (DOD) fiscal year 2019 financial statements are not reliable, according to the DOD Office of Inspector General (OIG) and independent auditors. In January 2020, the OIG reported that the department had wide-ranging weaknesses in its financial management systems that prevented it from collecting and reporting financial and performance information that was accurate, reliable, and timely. Specifically, the OIG reported 25 material weaknesses that impacted DOD's ability to achieve an unmodified audit opinion on its fiscal year 2019 department-wide financial statements. These material weaknesses are based, in large part, on identified deficiencies and corresponding recommendations, also known as notices of findings and recommendations (NFRs).
In fiscal year 2019, independent public accountants issued 2,100 new and reissued NFRs to the military services and DOD remediated 26 percent of the military services' NFRs from fiscal year 2018. Of the 2,100 fiscal year 2019 NFRs, 1,008 were related to information technology (IT) and cybersecurity issues. Of the 1,008 NFRs, 484 were new and 524 were reissued from previous years. (See figure.)
Figure: IT Notices of Findings and Recommendations Issued by Independent Public Accountants Based on Audits of Military Services' Fiscal Year 2019 Financial Statements
To address the NFRs and DOD's underlying financial management system weaknesses, the department has a strategy that fully addresses three requirements for a comprehensive and effective IT strategic plan; however, it does not include measures for tracking progress in achieving the strategy's goals. (See table on next page.)
Table: GAO Ratings of DOD's IT Financial Management Systems Strategy
|
IT Strategic Plan Requirementsa |
GAO Ratings |
|
Alignment with the agency's overall strategic plan |
● |
|
Results-oriented goals and performance measures |
◑ |
|
Strategies to achieve desired results, including a clear narrative of how IT is enabling agency goals |
● |
|
Descriptions of dependencies within and across projects |
● |
Legend:
● Fully addressed: DOD provided evidence that it fully addressed this requirement.
◑ Partially addressed: DOD provided evidence that it addressed some, but not all, of this requirement.
Source: GAO analysis of Department of Defense documentation. | GAO-20-252
aThe requirements for a comprehensive and effective IT strategic plan are based on Office of Management and Budget guidance and prior GAO research and reviews of federal agencies' IT strategic plans.
DOD has not developed an enterprise road map to implement its strategy, as called for by Office of Management and Budget guidance. Such a road map should document the current and future states of a systems environment that, among other things, describes business processes and rules, information needs and flows, and work locations and users; and a transition plan for moving from the current to the future. In response to recently enacted legislation requiring a comprehensive road map, DOD stated that it plans to develop one; however, it did not state by when.
DOD also does not have sufficiently detailed plans for migrating key military service legacy accounting systems to new systems. The Navy has developed a plan to migrate its system, but the plan is missing key elements consistent with Software Engineering Institute guidance. The Army and Air Force do not have detailed migration plans for their key accounting systems.
While DOD has developed a plan to address IT issues identified during annual audits, it has not established performance goals that include indicators, targets, and time frames. Officials said that it is challenging to develop such goals because issues identified by the IPAs vary widely. However, DOD has already grouped the issues by priority, facilitating the establishment of appropriate performance goals.
Moreover, DOD does not know how much it spends on the systems that support its financial statements because it does not have a way to reliably identify these systems in its systems inventory and budget data. GAO calculated that the department will spend at least $2.8 billion on those systems in fiscal year 2020. However, that amount is understated–GAO identified 45 systems that were missing from the list of significant systems that DOD provided to GAO.
As a result of these deficiencies, the department faces challenges in ensuring accountability over its extensive resources and in effectively managing its assets and budgets. DOD also risks wasting funds on short-term fixes that might not effectively and efficiently support longer-term department goals.
Why GAO Did This Study
DOD financial management has been on GAO's High Risk List since 1995 because of long-standing deficiencies found in, among other areas, its supporting information systems. DOD uses these systems to report its spending and assets.
GAO was requested to review DOD's financial management systems. The objectives of this review are to determine (1) to what extent the data produced by DOD financial management systems are reported to be reliable for presenting financial statements in accordance with generally accepted accounting principles, (2) to what extent DOD and the military departments have strategies and plans to address key information technology controls for their financial systems, and (3) how much money DOD reports spending on developing and maintaining its financial management systems.
To address these objectives, GAO analyzed (1) independent public auditors' findings resulting from the department's fiscal year 2019 audit; (2) DOD's financial management systems strategy and plans relative to OMB guidance and recent legislation; (3) data in DOD system and budget databases. GAO also interviewed relevant DOD and military service officials.
Recommendations
GAO made the following six recommendations to DOD:
- Establish performance measures for DOD's financial management systems strategy, including targets and time frames, and how it plans to measure values and verify and validate those values.
- Establish a specific time frame for developing an enterprise road map to implement DOD's financial management systems strategy and ensure that it is developed.
- Develop detailed migration plans for certain key accounting systems.
- Establish performance goals with performance indicators, targets and time frames, to monitor DOD's efforts to address IT-related audit findings.
- Implement a mechanism for identifying a complete list of financial management systems and related budget data.
- Limit investments in financial management systems to what is essential to maintain functional systems and help ensure system security until DOD implements the other recommendations.
DOD concurred with GAO's recommendations and described actions it plans to take to address them.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Defense | The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish measures to determine if the department is succeeding in achieving its goal to improve its financial management systems. Specifically, it should document targets and time frames to define the level of performance to be achieved. It should also document how DOD plans to measure expected outcomes by identifying data sources, how it plans to measure values, and how DOD plans to verify and validate measured values. (Recommendation 1) |
Open – Partially Addressed
As of March 2024, DOD has established one metric that includes targets and time frames to define the level of performance to be achieved and the data source. Specifically, DOD's Strategic Management Plan for fiscal years (FY) 2022-2026 documents a metric to track and count audit relevant legacy financial management system retirements. The measure documents targets for the number of legacy systems scheduled for retirement in each fiscal year and results for the most recent fiscal year. DOD also provided documentation describing how it plans to measure expected outcomes and values and the data source. In addition, DOD identified this metric in its Financial Management Strategy for FY 2022-2026. However, the department has not fully demonstrated how it plans to verify and validate measured values. DOD also identified a metric in its Financial Management Strategy for FY 2022-2026 associated with increasing system compliance with relevant audit and security regulations. However, for this metric, the department did not identify targets and time frames, document how DOD plans to measure expected outcomes by identifying data sources, how it plans to measure values, or how DOD plans to verify and validate measured values. DOD also provided additional information about related metrics. However, this information did not include details such as actual measures or how DOD plans to verify and validate measured values. Further, in August 2023, the department stated that it planned to issue updated guidance to define and document the mechanisms to identity financial and feeder systems in support of providing a complete inventory of systems. Without a mechanism to ensure a complete systems inventory, the department risks using incomplete information to prepare its metrics. In March 2024, officials from the Office of the Under Secretary of Defense (Comptroller) stated that they are considering addressing this recommendation along with related recommendations from a January 2024 DOD Inspector General report. As a result, they anticipate taking additional time to provide a response on steps they plan to take to fully address this recommendation. We will continue to follow-up with department on the status of its efforts to address this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish a specific time frame for developing an enterprise road map to implement its financial management systems strategy, and ensure that it is developed. The road map should document the current and future states at a high level, from an architecture perspective, and present a transition plan for moving from the current to the future in an efficient, effective manner. The road map should discuss performance gaps, resource requirements, and planned solutions, and it should map DOD's financial management systems strategy to projects and budget. The plan should also document the tasks, time frames, and milestones for implementing new solutions, and include an inventory of systems. (Recommendation 2) |
Open – Partially Addressed
As of February 2024, the Department of Defense (DOD) has partially addressed this recommendation. Specifically, DOD completed the initial roadmap in June 2022, with a Plan of Action and Milestones (POAM) to expand the initial roadmap finalized in November 2022. The POAM expansion addressed actions related to performance gaps using open auditor-issued notices of findings and recommendations and considered the end-to-end business activities and processes. It also outlined the capture and use of additional data and metrics for use in systems level business value decisions within or independent of the Planning, Programming, Budgeting, and Execution process. In February 2024, DOD stated that the department plans to complete an updated and redesigned roadmap by the third quarter of fiscal year 2024. Further, in March 2024, officials from the Office of the Under Secretary of Defense (Comptroller) stated that DOD will provide an updated date for when they expect to take steps sufficient for closing the recommendation, which may include considering complementary tools and information associated with the roadmap. We will continue to monitor the department's efforts to address this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to develop detailed migration plans for the Air Force's General Accounting and Finance System-Reengineered, Navy's Standard Accounting and Reporting System, and Army's Standard Finance System and the Standard Operation and Maintenance Army Research and Development System. (Recommendation 3) |
Open – Partially Addressed
As of March 2024 the Department of Defense (DOD) has not fully addressed this recommendation. In November 2023, the department submitted updated migration plans for the Army's Standard Finance System (STANFINS) and the Standard Operation and Maintenance Army Research and Development System (SOMARDS). While the department has made progress addressing our recommendation, more remains to be done. For example, the plans include information such as migration schedules and milestones. However, while the updated plans discuss training at a high-level, they do not provide sufficient details. Instead, they refer to a different entity that is responsible for identifying training and do not provide details about how that entity will identify needed training. In addition, the Army continued to state that an operational cutover to new systems is not needed. However, leading practices call for migration plans to include plans for operational cutover. We are no longer tracking migration plans for the Navy's Standard Accounting and Reporting System because it was retired in December 2022. In addition, we are tracking the Air Force's efforts to develop a migration plan for the Air Force's General Accounting and Finance System-Reengineered under an open recommendation associated with GAO-22-103636. In March 2024, DOD officials stated that they would provide additional information for STANFINS and SOMARDS in support of fully addressing this recommendation. We will continue to monitor the department's efforts to fully implement the remaining elements of this recommendation.
|
| Department of Defense | The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish performance goals that include performance indicators, targets and time frames, to monitor the status of efforts to address IT-related audit findings. (Recommendation 4) |
Closed – Implemented
DOD has established performance goals, including indicators, targets, and time frames to monitor the status of its efforts to address its high priority IT-related audit findings. Specifically, the department reported at its July 2021 and April 2022 Information Technology Functional Council meetings on the number of high priority IT-related notices of findings and recommendations that it expected to address in fiscal years 2021 through 2024. As a performance indicator, the department reported the percentage of corrective action plans intended to address the audit findings that would not be closed by their target completion dates (i.e. slippages).
|
| Department of Defense | The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to implement a mechanism for identifying financial management systems that support the preparation of the department's financial statements in the department's systems inventory and budget data, and identify a complete list of financial management systems. (Recommendation 5) |
Open – Partially Addressed
In August 2023, the department stated that it would issue updated guidance on identifying financial statement and audit relevant systems by December 2023. In February 2024, the department stated that it was drafting an updated closure package for this recommendation and expected to submit it in February 2024. However, as of March 2024, DOD has not submitted an updated closure package for this recommendation. According to the department, its guidance on identifying financial statement and audit relevant systems will define and document the logic and mechanisms to be used to identity and capture financial and feeder systems, including providing a complete inventory of systems. We will continue to follow-up with the department on the status of this recommendation.
|
| Department of Defense |
Priority Rec.
The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to ensure that the department limits investments in financial management systems to only what is essential to maintain functioning systems and help ensure system security until it implements the other recommendations in this report. (Recommendation 6) |
Open
As of March 2024, the Department of Defense (DOD) has not demonstrated that it has addressed this recommendation. According to the department, it executed its fiscal year (FY) 2023 systems review, and the results of this review informed the FY 2024 defense business systems certification investment decision memorandums. Further, in March 2024 officials from the office of the Under Secretary of Defense (Comptroller) stated that the department has institutional processes in place to constrain financial management system investments, such as applying conditions to annual funds certification decisions. However, as of March 2024, the department has not provided documentation substantiating that its actions are sufficient to address this recommendation. We will continue to follow up on the department's efforts to address this recommendation.
|