Warfighter Support: Actions Needed to Improve the Joint Improvised Exposive Device Defeat Organization's System of Internal Control

JIEDDO has taken actions that collectively implement this recommendation. During the 2nd Qtr of FY2010, JIEDDO determined and reported - in its annual internal control external statements of assurance - that there was a material weakness in its ability to assess the effectiveness of C-IED initiatives. However, JIEDDO undertook efforts to remedy the reported weakness. Specifically, the four actions taken were: (1) JIEDDO established an Evaluation Division within the Capabilities Acquisition Center to oversee evaluation of initiatives and ensure that a viable independent assessment plan was developed for each initiative; (2) JIEDDO developed the JIEDDO Assessment Methodology to provide an objective review of program health and performance based on established criteria and focused questions; (3) the JIEDDO Operations Research Systems Analysis Division works with units in theater to establish data collection plans to support JIEDDO assessments; (4) all initiatives are reviewed for performance and suitability by JIEDDO senior leaders during JIEDDO Executive Committee meetings. In August 2014, after completing implementation and testing the effectiveness of its actions, JIEDDO resolved and closed the material weakness. Further, JIEDDO operational assessment data shows that as of August 1, 2014, JIEDDO counter-IED initiatives' performance has improved based on evaluations of proven results to unproven results across initiatives and measurements showing that the average time to deploy counter-IED initiatives is reduced when comparing 2010-2012 data to 2007-2009 data.

Joint Improvised Explosive Device Defeat Organization's (JIEDDO's) actions to implement additional controls to improve the documentation of all initiative management actions and decisions addresses this recommendation. Specifically, JIEDDO has systematically institutionalized its process for documenting counter-IED initiative management actions and decisions through adoption of a commercially available software that the government is already licensed to use. Workflow movement through the 13 JIEDDO-required decision points associated with counter-IED initiatives is now recorded, and responsible action officers must validate that all supporting documentation has been uploaded into the system or act to override the validation step. The system automatically records any action to override a required validation/documentation step and triggers a further action to complete the required rationale narrative and approver's name. With its design and embedded controls, JIEDDO's system for documenting counter-IED initiative management actions and decisions now ensures that all approved programmatic and financial documentation is retained in a centralized location.

JIEDDO revised its Joint Improvised Explosive Device Defeat (JIEDD) Capability Approval and Acquisition Management Process (JCAAMP) instruction in December 2010 to provide better definition of how the approval and acquisition management process applies to Counter-Improvised Explosive Device (C-IED) initiatives, developmental efforts, and staff and infrastructure support for initiatives. The revised JCAAMP now defines the difference between C-IED initiatives and C-IED overhead, which the instruction now defines as "Staff and Infrastructure." The revised JCAAMP also defines and documents the process for identifying, and separately tracking JIEDDO programs and activities that are considered overhead and excluded from its JCAAMP process. The JIEDDO Operational Requirements Assessments Board manages initiative validation and prioritization; the Lines of Operation (LOO) chairs develop spending plans within their respective lines of operations; and the Program Budget Advisory Committee review provides executive oversight over initiative management decisions and actions.

JIEDDO has implemented processes to track all JCAAMP actions to demonstrate controls were properly executed and appropriately documented, and therefore the intent of this recommendation is met. First, JIEDDO issued a JCAAMP revision in December 22, 2010 to provide and document its improved methodology for counter-IED initiative decision-making. Next, with the finalization in June 2013 of its process for automating the documentation of the JCAAMP counter-IED initiative management actions and decisions, JIEDDO took the steps necessary to ensure that all key steps of JCCAMP are followed. Movement of counter-IED initiatives through the requirements identification phase to development, to fielding and to transfer of completed initiatives is now automatically recorded and the system automatically records any action to override a required validation/documentation step and triggers a further action to complete the required rationale narrative and approver's name. With its design and embedded controls, JIEDDO's system for documenting counter-IED initiative management actions and decisions now helps to ensure all steps of JCAAMP are followed and fully documented, as required.

JIEDDO has developed its internal control system to ensure improved follow through on corrective actions and recommendations identified. Beginning in 2010 and continuing into 2011 and 2012, as part of its management internal control program, JIEDDO undertook a comprehensive review of every organizational element in JIEDDO to assess areas of risk and establish effective control procedures. JIEDDO completed documentation, testing, and process improvement for the critical functions affecting resource management; these include financial controls, procurement and logistics processes, and contract oversight. JIEDDO established an internal assessment plan in September 2010 and published JIEDDO standard operating procedures for this plan. The program is designed to ensure annual review and assessment of control processes and systems within JIEDDO. The JIEDDO Chief of Staff chairs a Senior Assessment Team, which evaluates progress and recommends changes as needed. In addition, the Internal Review audit function conducts internal audits to evaluate compliance. Also, in September 2010, JIEDDO hired a Management Control Administrator to manage and oversee its internal control program. The Management Control Administrator completed the FY 2011 training program and oversaw the development of JIEDDO's 2011 and 2012 external statements of assurance on JIEDDO's internal control risks and program, made to OSD. The JIEDDO internal control program now appears to provide for ongoing systemic review and process improvement where warranted. The actions taken on JIEDDO's internal control processes and system demonstrate follow through particularly on recommendations and corrections needed to address the material weakness of its immature internal control system, thereby eliminating the weakness as a material risk as of July 12, 2012.

Actions that DOD and JIEDDO have implemented since our report collectively address this recommendation fully. JIEDDO's actions began with hiring an experienced person to develop and manage its formal internal control program. JIEDDO then fully developed and implemented its management control processes, including training staff and managers in their responsibilities under the Federal Managers' Financial Integrity Act to assess, identify, address, and report to DOD on efforts taken to address its shortcomings. DOD took action to ensure that JIEDDO is now recognizing and disclosing existing shortcomings needing corrective action in JIEDDO's annual management control reports. Specifically, DOD implemented a control process external to JIEDDO to review and validate the sufficiency of the annual report on its management control program--JIEDDO's Statement of Assurance to the Office of the Secretary of Defense. Beginning in FY 2011, the USD(C) Financial Improvement Audit Readiness office began to conduct annual onsite validation meetings with JIEDDO to review the sufficiency and completeness of JIEDDO's annual internal controls Statement of Assurance. Lastly, JIEDDO has also augmented its government civilian authorizations with an additional 142 government civilian positions in mid fiscal year 2010, and as of May 2011, JIEDDO had a total of 181 Department of the Army Civilian GS positions filled. Beginning in fiscal year 2012 JIEDDO was approved to convert and in-source 192 contracted manpower equivalent positions to improve the government span of control and to ensure sufficient coverage for inherently-governmental functions. JIEDDO continued to recruit qualified GS professionals against all approved vacancies including recruiting GS professionals through in-sourcing against the 192 approved positions beginning in FY 2012. These efforts expanded government oversight and span of control in JIEDDO, helping to ensure sufficient density of the skilled staff needed to identify and address JIEDDO's organizational and procedural shortcomings.

JIEDDO responded to this recommendation by conducting an organization-wide workload analysis in 2011 to determine actual JIEDDO workforce needs and to identify positions that require specialized expertise. JIEDDO then created new acquisition positions and converted existing positions to align with DoD acquisition corps requirements. Consequently, as of July 31, 2013, JIEDDO had 38 acquisition coded positions annotated to reflect required acquisition certification and experience. Certification is the procedure through which a military service or DoD Component determines that an employee meets the education, training, and experience standards required for a career level in an acquisition career field, such as in the field of Program Management. Of the 38 positions, 14 require the highest level of DOD professional certification for the position: "Level 3" certification. Of the remaining 24 acquisition coded positions, 10 required "Level 2" certification, and 14 required "Level 1" certification. In addition, as of July 31, 2013, JIEDDO had 41 individuals with acquisition certification, 20 of whom had "Level 3" certification, 7 of whom had "Level 2" certification, and 14 of whom had "Level 1" certification. Further, according to JIEDDO officials, individuals who continue to work towards "Level 3" certification have Individual Development Plans in place.

DOD responded to this recommendation by designating the Financial Improvement Audit Readiness (FIAR) office within USD(C) to monitor and report on JIEDDO's progress managing its Management Internal Control (MIC) program. The FIAR office has and continues to conduct on-site reviews and validation meetings of JIEDDO's internal control system, including a focus on actions JIEDDO has taken to address material weaknesses in its internal control system. Demonstrating the positive improvements in the JIEDDO internal control program, the FIAR office concluded in June 2012 that actions JIEDDO had taken to address a material weakness previously identified by JIEDDO--i.e. JIEDDO's "Immature Managers' Internal Control Program" material weakness, previously reported in the Statement of Assurance--has been successfully completed. Further, according to a FIAR office official, it was apparent that JIEDDO leadership has fully accepted and supported the importance of the internal control in terms of the identification, prioritization and remediation of risk, and that the JIEDDO internal review division had made terrific progress in the implementation of the JIEDDO internal control program.

DOD responded to this recommendation by developing and implementing additional internal control at the OSD level. DOD has taken action to ensure that JIEDDO is now recognizing and disclosing existing internal control weaknesses needing corrective action in its management control reports. DOD has implemented a control process external to JIEDDO to review and validate the sufficiency of the annual report on its management control program--JIEDDO's Statement of Assurance (SOA) to the Office of the Secretary of Defense. Beginning in FY 2011, the USD(C) Financial Improvement Audit Readiness (FIAR) office began to conduct annual onsite validation meetings with JIEDDO to review the sufficiency and completeness of JIEDDO's SOA. The FIAR office provides oversight through the validation of the JIEDDO's adherence to DoD Instruction on Managers' Internal Control Program Procedures (DOD-I 5010.40). Using the instruction as criteria, the FIAR office evaluates JIEDDO's management control program to assess adherence to DOD management control program expectations. According to DOD, this program emphasizes proactive implementation of the Department's management control program through adherence with DoD Instruction 5010.40 to include ongoing support and active participation by Senior Management, a risk-based approach, and the use of self-reporting so that material internal control weaknesses can be identified and remediated prior to their potential negative impact upon JIEDDO's mission.