Inside the Pentagon’s scaled back audit expectations
A memorandum issued in 2011 by former Defense Secretary Leon Panetta gave the military services until Sept. 30 of this year to get their Statement of Budgetary Resources ready for audit. But the Pentagon has changed its game plan and is now working toward a significantly scaled-back set of expectations.
A FedScoop review of the Pentagon Comptroller’s Financial Improvement and Audit Readiness updates, as well as interviews with Navy and Defense Department officials, revealed what one official described as a significant “de-scoping” of the accelerated deadline for producing an audit-ready SBR mandated by Panetta and required by law no later than 2017. Instead, the military services have been working toward preparing what is known as a Schedule of Budgetary Activity — a far less rigorous requirement that uses only current year appropriation activity and transactions.
Defense Department spokesman Commander William Urban told FedScoop the department’s goal remains to have all business processes and systems used to produce an SBR “audit-ready” by Sept. 30. But once that level of readiness is achieved, the services will begin an audit of their Schedule of Budgetary Activity, he said.
“After reviewing the lessons from the Marine Corps audit experience, we determined that this was the most cost-effective approach to achieving auditability of the full Statement of Budgetary Resources and ultimately auditability of all financial statements,” Urban said in an email to FedScoop. “This approach represents a deliberate decision that will allow us to cost-effectively build the foundation for auditability that will be used beginning in FY 2015 and into the future.”
The SBR presents all budgetary resources that a reporting entity has available, the status of those resources at period end, a reconciliation of changes in obligated balances from the beginning to the end of the period and cash collections and disbursements for the period reported. The SBA, however, will exclude unrestrained and unexpended funds carried over from prior years’ appropriations, as well as information on the status and use of such funding in subsequent years. It is a major change that underscores the difficulty the services have been experiencing in preparing their business processes and IT systems for a major audit.
“That’s a pretty big de-scoping because the SBA technically isn’t a financial statement,” said Danny Chae, a Navy financial management analyst, in an interview with FedScoop. “It’s just a schedule. It’s a pretty big difference if we’re not looking at prior years and beginning balances. We’re basically just drawing a line in the sand saying everything prior to FY 2015 we’re not looking at.”
The Defense Department may not have had a choice in the matter. The reality is that studies by the department’s own inspector general as well as the Government Accountability Office show the military branches have had their share of challenges when it comes to preparing their systems, data and business processes for an independent audit. Although the Marine Corps received an “unqualified” favorable audit opinion in December 2013, it was for an SBA. And it is that experience, along with the struggles the Army, Air Force and Navy have reported, that informed the Pentagon’s change in strategy.
“First, it would be extremely expensive to conduct the in-depth research needed to develop the historical transactional level detail an initial audit of the SBR would require,” Urban said. “Second, this allows us to develop a foundation of transactional documentation and better controlled systems that will ensure that we can support audits of all financial statements beginning in 2018, consistent with our 2017 audit readiness goal.”
De-scoping a global challenge
That goal, first established by the 2010 National Defense Authorization Act, in many ways remains a moving target. The sheer size and complexity of the Defense Department is proving to be a formidable challenge to even the most experienced financial and IT managers.
“When the auditors first get on board here in December, they’re going to be in for a shock,” Chae said. “I know the largest corporations in the world have gone through successful audits and I’m sure they have a lot of systems too, but they don’t have them as spread out all over the world like we do.”
The Navy is perhaps the best example of how challenging it can be to prepare a massive IT infrastructure for a major financial audit. For example, Navy IT and financial analysts have identified a large number of common problems and deficiencies with all of their systems, but they lacked a framework that would enable a common solution.
“We were finding that you could have the same access control problem on various systems, but every system was handling that differently,” Chae said.
Other common problems discovered included lack of policies and procedures for disabling inactive accounts, managing configuration changes and procedures for identification and resolution of segregation of duties conflicts.
But perhaps the biggest challenge for the Navy and the other branches is the large number of systems and the level of duplication. In the Navy, for example, officials counted 80 financial systems that perform basically the same functions. In addition, there were 24 contractor pay systems, 24 standard requisition systems and 13 reimbursable work order systems.
“We don’t need 80 systems to run the Navy’s business,” Chae said. “There’s definitely redundancy and overlap that we can streamline and consolidate.”
But streamlining and consolidating IT systems has to be done in a deliberate, thoughtful manner.
“Since the dawn of time we’ve been trying to reduce our footprint,” Amira Tann, a financial management analyst in the Efficiencies and Analysis Branch of the Navy’s CIO Office, said in an interview. “We don’t necessarily want to tackle them all at the same time and remove something from the process that impacts a long-term end product. We want to make sure that for any given process that if that system goes away that it doesn’t contain a unique feature where now that particular process, which is very important to our mission or commanders, cannot get done.”
Tann characterized the Navy’s challenge as a process architecture challenge — trying to figure out all of the Navy’s financial processes and then tying them to specific IT systems.
“This is why we’re so kind of set on being locked in step between the financial management and CIO community,” Tann said. “The audit impacts us all. The big thing that really got us to sit at the same table and finally talk to the same common goal is the fact that audit is more than just a financial management problem. It really touches everything. All of our financial statements go through some type of system.” Follow @DanielVerton