DOD finishes second audit
IT remains a focal point as the Pentagon works to improve on last year's results.
The Defense Department has completed its second organization-wide financial audit. And while IT infrastructure and services remain a concern, DOD is making incremental progress, according to a Nov. 15 release announcing the report.
The report comes days before David Norquist, deputy defense secretary and former DOD comptroller, is set to testify before the Senate Armed Services Committee on the audit results. IT infrastructure and management services comprised the foundation of last year’s failed audit results, but the department is keen on rapidly improving.
The report boasts progress in completing assessments for 14 Fourth Estate agencies and 800 of their applications for data migration and center closures, and in moving networks to a single service provider. The result: DOD migrated 244 systems to enterprise-level hosting environments and closed 17 Fourth Estate data centers.
IT made up 46% of the DOD’s notices of findings and recommendations (NFRs) issued across the department in fiscal 2018. Overall, the fiscal 2019 audit report found that 23 percent of the overall findings from fiscal 2018 had been resolved.
Defense components were instructed via a joint memo in July to remediate those with a high audit or cybersecurity impact, the report states. However, the status of those corrective actions is unknown; DOD simply states they are being “actively monitored.”
The Army seemed to have standout results by addressing 65% of its NFRs for IT general controls for enterprise resource planning, legacy financial and non-financial systems by the end of fiscal 2019.
DOD also highlighted automation's potential to improve the audit’s effectiveness in the 2019 report. Fredrick Carr, associate deputy assistant secretary for the Air Force, told FCW in August that his service was looking into robotics to help correct military personnel’s leave balances “instead of having a person go in and see” when an airmen came back from leave or correct an error if someone didn’t clock in.
In the 2019 report, DOD wrote that it picked an automated solution for components to assist auditors with “provisioning and managing access to audit-impacting applications” while it looks for permanent identity and credential management capabilities.