Fast Facts

Department of Defense financial management has been on our High Risk List since 1995 in part because of deficiencies found in its supporting information systems. DOD uses these systems to report its spending and assets.

DOD's Inspector General and other auditors found the data used for the military services' FY 2019 financial statements unreliable. They identified new and ongoing deficiencies in 2,100 audit findings.

DOD doesn't track how much it spends on the systems. But we calculated it could be at least $2.8 billion in FY 2020.

We made 6 recommendations, including that DOD develop a road map for implementing its improvement strategy.

A person reviews a financial spreadsheet while holding a magnifying glass in one hand and pen in the other.

Skip to Highlights
Highlights

What GAO Found

Data supporting the Department of Defense's (DOD) fiscal year 2019 financial statements are not reliable, according to the DOD Office of Inspector General (OIG) and independent auditors. In January 2020, the OIG reported that the department had wide-ranging weaknesses in its financial management systems that prevented it from collecting and reporting financial and performance information that was accurate, reliable, and timely. Specifically, the OIG reported 25 material weaknesses that impacted DOD's ability to achieve an unmodified audit opinion on its fiscal year 2019 department-wide financial statements. These material weaknesses are based, in large part, on identified deficiencies and corresponding recommendations, also known as notices of findings and recommendations (NFRs).

In fiscal year 2019, independent public accountants issued 2,100 new and reissued NFRs to the military services and DOD remediated 26 percent of the military services' NFRs from fiscal year 2018. Of the 2,100 fiscal year 2019 NFRs, 1,008 were related to information technology (IT) and cybersecurity issues. Of the 1,008 NFRs, 484 were new and 524 were reissued from previous years. (See figure.)

Figure: IT Notices of Findings and Recommendations Issued by Independent Public Accountants Based on Audits of Military Services' Fiscal Year 2019 Financial Statements

Figure: IT Notices of Findings and Recommendations Issued by Independent Public Accountants Based on Audits of Military Services' Fiscal Year 2019 Financial Statements

To address the NFRs and DOD's underlying financial management system weaknesses, the department has a strategy that fully addresses three requirements for a comprehensive and effective IT strategic plan; however, it does not include measures for tracking progress in achieving the strategy's goals. (See table on next page.)

Table: GAO Ratings of DOD's IT Financial Management Systems Strategy

IT Strategic Plan Requirementsa

GAO Ratings

Alignment with the agency's overall strategic plan

Results-oriented goals and performance measures

Strategies to achieve desired results, including a clear narrative of how IT is enabling agency goals

Descriptions of dependencies within and across projects

Legend:

● Fully addressed: DOD provided evidence that it fully addressed this requirement.

◑ Partially addressed: DOD provided evidence that it addressed some, but not all, of this requirement.

Source: GAO analysis of Department of Defense documentation. | GAO-20-252

aThe requirements for a comprehensive and effective IT strategic plan are based on Office of Management and Budget guidance and prior GAO research and reviews of federal agencies' IT strategic plans.

DOD has not developed an enterprise road map to implement its strategy, as called for by Office of Management and Budget guidance. Such a road map should document the current and future states of a systems environment that, among other things, describes business processes and rules, information needs and flows, and work locations and users; and a transition plan for moving from the current to the future. In response to recently enacted legislation requiring a comprehensive road map, DOD stated that it plans to develop one; however, it did not state by when.

DOD also does not have sufficiently detailed plans for migrating key military service legacy accounting systems to new systems. The Navy has developed a plan to migrate its system, but the plan is missing key elements consistent with Software Engineering Institute guidance. The Army and Air Force do not have detailed migration plans for their key accounting systems.

While DOD has developed a plan to address IT issues identified during annual audits, it has not established performance goals that include indicators, targets, and time frames. Officials said that it is challenging to develop such goals because issues identified by the IPAs vary widely. However, DOD has already grouped the issues by priority, facilitating the establishment of appropriate performance goals.

Moreover, DOD does not know how much it spends on the systems that support its financial statements because it does not have a way to reliably identify these systems in its systems inventory and budget data. GAO calculated that the department will spend at least $2.8 billion on those systems in fiscal year 2020. However, that amount is understated–GAO identified 45 systems that were missing from the list of significant systems that DOD provided to GAO.

As a result of these deficiencies, the department faces challenges in ensuring accountability over its extensive resources and in effectively managing its assets and budgets. DOD also risks wasting funds on short-term fixes that might not effectively and efficiently support longer-term department goals.

Why GAO Did This Study

DOD financial management has been on GAO's High Risk List since 1995 because of long-standing deficiencies found in, among other areas, its supporting information systems. DOD uses these systems to report its spending and assets.

GAO was requested to review DOD's financial management systems. The objectives of this review are to determine (1) to what extent the data produced by DOD financial management systems are reported to be reliable for presenting financial statements in accordance with generally accepted accounting principles, (2) to what extent DOD and the military departments have strategies and plans to address key information technology controls for their financial systems, and (3) how much money DOD reports spending on developing and maintaining its financial management systems.

To address these objectives, GAO analyzed (1) independent public auditors' findings resulting from the department's fiscal year 2019 audit; (2) DOD's financial management systems strategy and plans relative to OMB guidance and recent legislation; (3) data in DOD system and budget databases. GAO also interviewed relevant DOD and military service officials.

Skip to Recommendations

Recommendations

GAO made the following six recommendations to DOD:

  1. Establish performance measures for DOD's financial management systems strategy, including targets and time frames, and how it plans to measure values and verify and validate those values.
  2. Establish a specific time frame for developing an enterprise road map to implement DOD's financial management systems strategy and ensure that it is developed.
  3. Develop detailed migration plans for certain key accounting systems.
  4. Establish performance goals with performance indicators, targets and time frames, to monitor DOD's efforts to address IT-related audit findings.
  5. Implement a mechanism for identifying a complete list of financial management systems and related budget data.
  6. Limit investments in financial management systems to what is essential to maintain functional systems and help ensure system security until DOD implements the other recommendations.

DOD concurred with GAO's recommendations and described actions it plans to take to address them.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Defense 1. The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish measures to determine if the department is succeeding in achieving its goal to improve its financial management systems. Specifically, it should document targets and time frames to define the level of performance to be achieved. It should also document how DOD plans to measure expected outcomes by identifying data sources, how it plans to measure values, and how DOD plans to verify and validate measured values. (Recommendation 1)
Open
The department concurred with this recommendation and, in January and April 2021, described actions it planned to take to address it. Specifically, the department stated that its financial management functional strategy documents the goals and objectives for the financial management domain. Further, according to the department, while the functional strategy describes specific initiatives, the document does not include targets and timeframes with associated performance measures. The department added that the Office of the Undersecretary for Defense (Comptroller) needs to define the mechanisms by which these measures will be captured and monitored and provided an estimated completion date of October 2021. We will continue to follow-up on the status of this recommendation, as appropriate.
Department of Defense 2. The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish a specific time frame for developing an enterprise road map to implement its financial management systems strategy, and ensure that it is developed. The road map should document the current and future states at a high level, from an architecture perspective, and present a transition plan for moving from the current to the future in an efficient, effective manner. The road map should discuss performance gaps, resource requirements, and planned solutions, and it should map DOD's financial management systems strategy to projects and budget. The plan should also document the tasks, time frames, and milestones for implementing new solutions, and include an inventory of systems. (Recommendation 2)
Open
The department concurred with this recommendation and, in January and April 2021, described actions it planned to take to address it. Specifically, the department stated that it has an effort underway to develop enterprise transition plans by leveraging the business enterprise architecture to document the transition from the current to the future environment for the business mission area. The department provided an estimated completion date of October 2021 for this recommendation. This recommendation remains open and we will continue to follow-up with the department as appropriate.
Department of Defense 3. The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to develop detailed migration plans for the Air Force's General Accounting and Finance System-Reengineered, Navy's Standard Accounting and Reporting System, and Army's Standard Finance System and the Standard Operation and Maintenance Army Research and Development System. (Recommendation 3)
Open
The department concurred with this recommendation and, in January and April 2021, described actions it planned to take to address it. Specifically, the department stated that it will review the guidance cited by GAO to develop a standard migration template and that military departments will report their status using a standard migration template. The department provided an estimated completion date of October 2021 for this recommendation. This recommendation remains open and we will continue to follow-up with the department as appropriate.
Department of Defense 4. The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish performance goals that include performance indicators, targets and time frames, to monitor the status of efforts to address IT-related audit findings. (Recommendation 4)
Open
The department concurred with this recommendation and, in January and April 2021, described actions it planned to take to address it. Specifically, the department stated that it uses a tool to monitor and respond to information technology audit performance indicators. These include indicators such as notice of findings and recommendations issued and closed, corrective action plan development through validation, milestone performance, recurring issues, and high priority area remediation tracking. According to the department, it also needs to define performance goals for these indicators. The department provided an estimated completion date of July 2021 for this recommendation. The recommendation remains open and we will continue to follow-up with the department as appropriate.
Department of Defense 5. The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to implement a mechanism for identifying financial management systems that support the preparation of the department's financial statements in the department's systems inventory and budget data, and identify a complete list of financial management systems. (Recommendation 5)
Open
The department concurred with this recommendation and, in January and April 2021, described actions it planned to take to address it. Specifically, the department stated that efforts are underway to consolidate the financial management systems inventory by leveraging the department's information technology repository. In addition, according to the department, it implemented new requirements associated with financial improvement and audit readiness audit remediation costs for the fiscal year 2022 budget execution submission in its information technology budgeting system, and it will continue to refine those requirements. Nevertheless, the department agreed that it needs to do more work to capture an accurate systems inventory for systems that support the preparation of the department's financial statements. The department provided an estimated completion date of July 2021 for this recommendation. This recommendation remains open and we will continue to follow-up as appropriate.
Department of Defense 6. The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to ensure that the department limits investments in financial management systems to only what is essential to maintain functioning systems and help ensure system security until it implements the other recommendations in this report. (Recommendation 6)
Open
The department concurred with this recommendation and, in January and April 2021, described actions it planned to take to address it. The department stated that a team within the Defense Business Operations and Enterprise Business Operations Directorate within the Office of the DOD Chief Management Officer (CMO) was planning to evaluate the current defense business systems review and certification process in order to include additional criteria to ensure that investments align with the financial management systems strategy and enterprise roadmap. However, the department has not demonstrated how it will limit investments in financial management systems to only what is essential to maintain functioning systems and help ensure system security until it implements the other recommendations in this report. Further, the National Defense Authorization Act for Fiscal Year 2021 repealed the CMO position and the department needs to implement new statutory requirements regarding the future of the roles and responsibilities previously assigned to the CMO. These roles and responsibilities include, among other things, roles and responsibilities associated with the defense business systems review and certification process. The department provided an estimated completion date of October 2021 for this recommendation. This recommendation remains open and we will continue to follow-up with the department as appropriate.

Full Report

GAO Contacts