This is the accessible text file for GAO report number GAO-11-830 
entitled 'DOD Financial Management: Marine Corps Statement of 
Budgetary Resources Audit Results and Lessons Learned' which was 
released on September 15, 2011. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Report to Congressional Requesters: 

September 2011: 

DOD Financial Management: 

Marine Corps Statement of Budgetary Resources Audit Results and 
Lessons Learned: 

GAO-11-830: 

GAO Highlights: 

Highlights of GAO-11-830, a report to congressional requesters. 

Why GAO Did This Study: 

Long-standing weaknesses in Department of Defense (DOD) business 
processes, systems, and controls have hindered efforts to achieve 
financial audit readiness. Because DOD relies heavily on budget 
information for day-to-day management decisions, in August 2009, the 
DOD Comptroller designated the Statement of Budgetary Resources (SBR) 
as an audit priority. The U.S. Marine Corps was identified as the 
pilot military service for an SBR audit. GAO was asked to determine 
(1) the primary reasons the Marine Corps was unable to obtain an 
opinion on its fiscal year 2010 SBR; (2) the effectiveness and status 
of the Marine Corps’ remediation plan, and (3) military service 
efforts to leverage Marine Corps SBR audit lessons. GAO reviewed 
auditor findings and recommendations, evaluated the Marine Corps 
corrective action plans, and reviewed documentation on military 
service audit readiness and lessons learned efforts. During its work, 
GAO met with DOD, Marine Corps, military service, and Defense Finance 
and Accounting Service (DFAS) officials and the auditors. 

What GAO Found: 

The Marine Corps received a disclaimer of opinion on its Fiscal Year 
2010 SBR because it could not provide supporting documentation in a 
timely manner, and support for transactions was missing or incomplete. 
Auditors also reported that the Marine Corps did not have adequate 
processes, systems controls, and controls for accounting and reporting 
on the use of budgetary resources. Further, the Marine Corps could not 
provide evidence that reconciliations for key accounts and processes 
were being performed on a monthly basis. The auditor also identified 
ineffective controls in key information technology (IT) systems used 
by the Marine Corps to process financial data. The auditors provided 
139 recommendations to correct identified weaknesses. 

The Marine Corps developed action items and milestones in response to 
the auditor’s findings. But its remediation plan was focused on near-
term outcomes and did not adequately specify key elements, including 
goals and objectives, actions for addressing those objectives, and 
associated performance measures. GAO previously reported that it is 
standard practice to have strategy that includes these features. GAO 
found that many of the Marine Corps’ actions did not address the 
specific auditor recommendations, and other actions were not adequate 
to correct underlying problems or root causes. Further, many of the 
remediation actions would require steps on the part of other DOD 
components, such as DFAS and the Defense Contract Management Agency. 
As of July 2011, the Marine Corps reported that actions on 88 of the 
139 auditor recommendations were fully implemented. Auditors will 
assess the effectiveness of these actions as part of the fiscal year 
2011 SBR audit effort. However, because many of the actions do not 
address the underlying internal control weaknesses, the Marine Corps 
risks continuing disclaimers of opinion. 

The Marine Corps’ fiscal year 2010 SBR audit results provide valuable 
lessons on preparing for a first-time financial statement audit. GAO 
identified five fundamental lessons that are critical to success. 
Specifically, the Marine Corps’ experience demonstrated that prior to 
asserting financial statement audit readiness, DOD components must: 

* confirm completeness of populations of transactions and address any 
abnormal transactions and balances, 

* test beginning balances, 

* perform key reconciliations, 

* provide timely and complete response to audit documentation 
requests, and, 

* verify that key IT systems are compliant and auditable. 

These issues are addressed in Internal Control Standards and audit 
requirements as well as DOD’s Financial Improvement and Audit 
Readiness Guidance, which the military services are to follow in 
developing their respective Financial Improvement Plans (FIP). Navy, 
Army, and Air Force FIP officials stated that they were aware of the 
Marine Corps lessons. Navy officials stated that they are in the 
process of updating their audit readiness plan to address all five 
areas. Army and Air Force officials indicated their plans addressed 
some but not all of the lessons. 

What GAO Recommends: 

GAO makes recommendations to (1) the Marine Corps to develop a risk-
based remediation plan and confirm its actions fully respond to 
auditor recommendations and (2) DOD to direct other military services 
to consider key lessons learned in their audit readiness plans, as 
appropriate. DOD concurred with three of four recommendations but said 
the recommendation for a risk-based plan was too prescriptive. GAO 
believes this is needed for the long term. 

View [hyperlink, http://www.gao.gov/products/GAO-11-830] or key 
components. For more information, contact Asif A. Khan at (202) 512-
9869 or khana@gao.gov. 

[End of section] 

Contents: 

Letter: 

Background: 

Inadequate Support for Accounting Transactions and Ineffective 
Controls Led to Disclaimer on the Marine Corps' SBR: 

Marine Corps Remediation Plan Is Focused on Near-Term Outcomes: 

Lessons Learned from the Marine Corps' SBR Audit Effort: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Objectives, Scope, and Methodology: 

Appendix II: Reported Status of Marine Corps Actions on 
Recommendations from the Fiscal Year 2010 Statement of Budgetary 
Resources Audit Effort: 

Appendix III: Comments from the Department of Defense: 

Appendix IV: GAO Contact and Staff Acknowledgments: 

Tables: 

Table 1: DOD IG Recommendations, Reported Status of USMC Actions on 
Accounting and Financial Reporting Process Issues as of July 18, 2011, 
and DOD IG Confirmation of Status as of August 25, 2011: 

Table 2: DOD IG Recommendations, Reported Status of USMC Actions on 
MCTFS Information Technology System Issues as of July 18, 2011, and 
DOD IG Confirmation of Marine Corps Statuses as of August 25, 2011: 

Table 3: DOD IG Recommendations, Reported Status of USMC Actions SABRS 
Information Technology System Issues as of July 18, 2011, and DOD IG 
Confirmation of Marine Corps Status as of August 25, 2011: 

Table 4: DOD IG Recommendations, Reported Status of USMC Actions on 
DDRS Information Technology System Issues as of July 18, 2011, and DOD 
IG Confirmation of Status as of August 25, 2011: 

Figure: 

Figure 1: Marine Corps Trend Analysis on Estimated Obligations and 
Liquidations Related to Fiscal Year 2010 Officer PCS Moves: 

Abbreviations: 

ACAT: Acquisition Category: 

ACID: Accessor Identification: 

ADA: Antideficiency Act: 

AG: Software AG: 

BIA: Business Impact Analysis: 

BTA: Business Transformation Agency: 

CA: Computer Associates: 

C&A: Certification and Accreditation: 

CAC: Common Access Card: 

CCB: Configuration Control Board: 

CFO: Chief Financial Officer: 

CI: Configuration Items: 

CICS: Customer Information Control System: 

CL: Cleveland: 

CMB: Configuration Management Board: 

COE: Commit, Obligate, and Expend: 

COOP: Continuity of Operations: 

COTR: Contracting Officer Technical Representative: 

DAA: Designated Accrediting Authority: 

DBA: Database Administrator: 

DCAA: Defense Contract Audit Agency: 

DCAS: Defense Cash Accountability System: 

DCMA: Defense Contract Management Agency: 

DCPS: Defense Civilian Pay System: 

DDRS: Defense Departmental Reporting System: 

DDRS-AFS: Defense Departmental Reporting System-Agency Financial 
Reporting: 

DDRS-B: Defense Departmental Reporting System-Budgetary: 

DDRS-DCM: Defense Departmental Reporting System-Data Collection Module: 

DEAMS: Defense Enterprise Accounting and Management System: 

DECC: Defense Enterprise Computing Centers: 

DIC: Document Identifier Code: 

DLT: Design Logic Tool: 

DFAS: Defense Finance and Accounting Service: 

DFAS-CL: Defense Finance and Accounting Service-Cleveland: 

DFAS-CO: Defense Finance and Accounting Service-Columbus: 

DFAS-IN: Defense Finance and Accounting Service-Indianapolis: 

DIACAP: DOD Information Assurance Certification and Accreditation 
Process: 

DISA: Defense Information System Agency: 

DOD: Department of Defense: 

DON: Department of the Navy: 

DSSN: Disbursing Station Symbol Number: 

ELSIG: Electronic Signature: 

eMASS: Enterprise Mission Assurance Support System: 

ERP: Enterprise Resource Planning: 

FASAB: Federal Accounting Standards Advisory Board: 

FBWT: Fund Balance with Treasury: 

FIAR: Financial Improvement and Audit Readiness: 

FIP: Financial Improvement Plan: 

FM: Functional Manager: 

FMR: Financial Management Regulation: 

FOS: Family of Systems: 

FRD: Functional Requirements Document: 

GAAP: Generally Accepted Accounting Principles: 

GDA: Global Data Area: 

GFEBS: General Fund Enterprise Business System: 

GL: General Ledger: 

HQMC: Headquarters Marine Corps: 

IA: Information Assurance: 

IAO: Information Assurance Officer: 

ICOFR: Internal Control over Financial Reporting: 

IG: Inspector General: 

IT: Information Technology: 

JADS: Joint Application Development Sessions: 

JV: Journal Voucher: 

LOA: Line of Accounting: 

MCCAT: Marine Corps Administrative Analysis Team: 

MCO: Marine Corps Order: 

MCPDT: Marine Corps Permanent Duty Travel: 

MCPRT: Marine Corps Program Review Team: 

MCTFS: Marine Corps Total Force System: 

MI: Manpower Information: 

MILSTRIP: Military Standard Requisition and Issue Procedures: 

MISSO: Manpower Information Systems Support Office: 

MOA: Memorandum of Agreement: 

MOCAS: Mechanization of Contract Administration Services: 

MRCV: Monthly Reconciliation/Certification Voucher: 

N/A: Not applicable: 

NDAA: National Defense Authorization Act: 

NFR: Notice of Findings and Recommendations: 

OMB: Office of Management and Budget: 

PanAPT: Panvalet Automated Production Turnover Software: 

PCS: Permanent Change of Station: 

PIN: Personal Identification Number: 

PMO: Program Management Office: 

POAM: Plan of Action and Milestones: 

PPA: Prior Period Adjustment: 

PTR: Production Trouble Report: 

Pub. L. No.: Public Law Number: 

RFA: HQMC, Programs and Resources Department, Fiscal Division, 
Accounting Branch: 

RFF: HQMC, Programs and Resources Department, Fiscal Division, Finance 
Branch: 

SAAR: System Access Authorization Request: 

SABRS: Standard Accounting, Budgeting, and Reporting System: 

SAT: System Acceptance Testing: 

SBR: Statement of Budgetary Resources: 

SCA: System Connection Agreement: 

SCR: System Change Request: 

SDN: Standard Document Number: 

SDP: System Development Plan: 

SF: Standard Form: 

SFIS: Standard Financial Information Structure: 

SI-DI: System Integration-Data Integrity: 

SIT: System Integration Testing: 

SLA: Service-Level Agreement: 

SMD: System Management Directorate: 

SMD-CL: System Management Directorate-Cleveland: 

SOD: Segregation of Duties: 

SPO: Standard Operating Procedure: 

SR: Software Release: 

STARS-FL: Standard Accounting and Reporting System-Field Level: 

Stat.: Statute: 

TAR: Tri-Annual Review: 

TASO: Terminal Area Security Officer: 

TRF: Transaction Research File: 

TSO: Technology Services Organization: 

TSO-CL: Technology Services Organization-Cleveland: 

UD/MIPS: Unit Diary/Marine Integrated Personnel System: 

U.S.C.: United States Code: 

USMC: United States Marine Corps: 

USSGL: United States Standard General Ledger: 

WAWF: Wide Area Work Flow: 

[End of section] 

United States Government Accountability Office: 
Washington, DC 20548: 

September 15, 2011: 

Congressional Requesters: 

The Chief Financial Officers Act of 1990 (CFO Act), as amended, 
established requirements for 24 agencies, including the Department of 
Defense (DOD) to prepare annual financial statements and have them 
audited.[Footnote 1] As we have previously reported, DOD's many 
challenges in resolving its pervasive and long-standing weaknesses in 
financial management, business operations, and systems, have inhibited 
its ability to meet this requirement.[Footnote 2] These weaknesses 
have also adversely affected DOD's ability to control costs; ensure 
basic accountability; anticipate future costs and claims on the 
budget; measure performance; maintain funds control; and prevent and 
detect fraud, waste, and abuse. DOD has undertaken several financial 
management improvement initiatives over the years, but it remains one 
of two CFO Act agencies that are unable to prepare auditable financial 
statements as of fiscal year 2010.[Footnote 3] The National Defense 
Authorization Act (NDAA) for Fiscal Year 2010 mandated that DOD be 
prepared to validate (certify) that its consolidated financial 
statements are ready for audit by September 30, 2017.[Footnote 4] 

In 2005, the Under Secretary of Defense (Comptroller/Chief Financial 
Officer) first prepared the Financial Improvement and Audit Readiness 
(FIAR) Plan to improve DOD business processes with the goal of 
producing timely, reliable, and accurate financial information that 
could generate audit-ready annual financial statements. The FIAR Plan 
is DOD's strategic plan and management tool for guiding, monitoring, 
and reporting on the department's financial management improvement 
efforts. As such, the plan communicates progress in addressing the 
department's financial management weaknesses and achieving financial 
statement auditability. The DOD Comptroller announced in August 2009 
that in DOD's effort to improve its financial management information, 
priority would be given to improving those processes and controls that 
produce information on which DOD managers rely most heavily to run the 
agency. Because budgetary information is widely and regularly used for 
management, the DOD Comptroller designated as one of DOD's highest 
priorities the improvement of its budgetary information and processes 
underlying the Statement of Budgetary Resources (SBR). The SBR is the 
only financial statement predominantly derived from an entity's 
budgetary accounts in accordance with budgetary accounting rules, 
which are incorporated into generally accepted accounting principles 
(GAAP) for the federal government. The SBR is designed to provide 
information on authorized budgeted spending authority and links to the 
Budget of the United States Government (President's Budget), including 
budgetary resources, availability of budgetary resources, and how 
obligated resources have been used.[Footnote 5] The United States 
Marine Corps was identified as the pilot military service for an audit 
of the SBR. For fiscal year 2010, the Marine Corps reported more than 
$37.5 billion in total budgetary resources, including over $32.1 
billion in net outlays (spending, net of offsetting 
collections[Footnote 6] and receipts). The Marine Corps is a military 
service within the Department of the Navy, and its success in 
achieving audit readiness is intended to pave the way for the Navy to 
be the second military service to undergo an SBR audit. 

The DOD Inspector General (IG) contracted with an independent public 
accounting firm to conduct the audit of the Marine Corps' Fiscal Year 
2010 SBR. Based on the results of the auditors' work, the DOD IG 
issued a disclaimer of opinion[Footnote 7] on the fiscal year 2010 
SBR. During a September 2010 hearing held by the Subcommittee on 
Federal Financial Management, Government Information, Federal 
Services, and International Security, Senate Committee on Homeland 
Security and Governmental Affairs, DOD witnesses noted that the Marine 
Corps' SBR audit efforts had identified significant problems with the 
Marine Corps' documentation of business systems and processes, support 
for transactions, and proper and timely recording of transactions, 
which contributed to the disclaimer of opinion. The Subcommittee 
expressed concern about the current status of the Marine Corps' audit 
readiness, the effectiveness of its remediation efforts, and the 
effects on DOD's overall financial audit readiness timeline. 

This report responds to the request that we determine (1) the primary 
reasons the Marine Corps was unable to obtain an opinion on its Fiscal 
Year 2010 SBR, (2) the effectiveness and reported status of the Marine 
Corps' remediation plan, and (3) the military services' efforts to 
leverage Marine Corps SBR audit lessons learned. For the first 
objective, we reviewed pertinent documentation, including the 
auditors' report and DOD IG audit documentation. For the second 
objective, we analyzed the Marine Corps' remediation plans to 
determine whether corrective actions were appropriately designed using 
relevant criteria and reviewed the Marine Corps' milestone dates and 
reported status as of July 18, 2011. For the third objective, we met 
with Army, Navy, Air Force, and Defense Finance and Accounting Service 
(DFAS) officials responsible for financial improvement and audit 
readiness efforts to obtain information on corrective actions they 
have initiated as a result of the Marine Corps SBR audit effort. We 
also reviewed DOD's FIAR Plan and FIAR Guidance and met with DOD 
Comptroller officials to obtain information on DOD-wide audit 
readiness initiatives. 

We conducted this performance audit from February 2011 through 
September 2011 in accordance with generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a 
reasonable basis for our findings and conclusions based on our audit 
objectives. Appendix I provides further details on our scope and 
methodology. 

Background: 

DOD's FIAR Plan focuses on three goals: (1) achieve and sustain audit 
readiness; (2) achieve and sustain unqualified assurance on the 
effectiveness of internal controls; and (3) attain Federal Financial 
Management Improvement Act of 1996 (FFMIA) compliance for financial 
management systems that support effective financial management. 
[Footnote 8] The NDAA for Fiscal Year 2010 requires DOD to report to 
relevant congressional committees on the status of the implementation 
of the FIAR Plan twice a year--no later than May 15 and November 15. 

Consistent with prior GAO recommendations[Footnote 9] and the NDAA for 
Fiscal Year 2010, the DOD Comptroller issued FIAR Guidance in May 2010 
to provide standardized guidance for DOD components to follow in 
developing their Financial Improvement Plans (FIP). DOD components are 
expected to prepare a FIP in accordance with the FIAR Guidance for 
each of their assessable units. The FIPs are intended to both guide 
and document financial improvement efforts. When a component 
determines that it has completed sufficient financial improvement 
efforts for an assessable unit so that it is ready for audit, the FIP 
documentation is used to support its conclusion of audit readiness. 

The Marine Corps SBR Effort: 

The United States Marine Corps was established on November 10, 1775, 
to provide security to naval vessels and boarding parties and to 
conduct limited land engagements in support of naval operations. While 
the Marine Corps is a separate military service, it also is a 
component of the Department of the Navy, accounting for approximately 
$33.6 billion out of a total $179.4 billion in reported Department of 
the Navy fiscal year 2010 obligations.[Footnote 10] At the end of 
fiscal year 2010, the Marine Corps comprised 202,441 active duty 
Marines and 39,222 reserves. In addition, the Marine Corps employed 
approximately 17,000 civilian employees. 

The Marine Corps first asserted financial audit readiness for its 
General Fund SBR on September 15, 2008. The DOD IG reviewed the Marine 
Corps' assertion package and, on April 10, 2009, reported that the 
assertion of audit readiness was not accurate, and that its 
documentation supporting the assertion was not complete. The DOD IG 
also reported that the Marine Corps had identified remediation 
activities that must be accomplished before an audit of its SBR was 
undertaken. While the Marine Corps made progress toward audit 
readiness during fiscal year 2009, the DOD IG reported that a number 
of issues led auditors to conclude that an audit of the Marine Corps' 
Fiscal Year 2009 SBR would not have positive results. The DOD IG 
reported that unless the issues were resolved, the risk of a 
disclaimer of opinion would be high. The DOD IG suggested that the 
Marine Corps consider requesting an audit of its Fiscal Year 2010 SBR 
and subsequently awarded a contract for the Marine Corps' Fiscal Year 
2010 SBR audit. 

Purpose of the Statement of Budgetary Resources: 

The SBR is designed to provide information on budgeted spending 
authority reported in the Budget of the United States Government 
(President's Budget), including budgetary resources, availability of 
budgetary resources, and how obligated resources have been used. The 
SBR is an agencywide report that aggregates account-level information 
reported in the SF 133, Report on Budget Execution and Budgetary 
Resources,[Footnote 11] and links to the Program and Financing 
schedules in the President's Budget.[Footnote 12] The SBR consists of 
four separate but related sections that provide information about 
budgetary resources, status of budgetary resources, changes in 
obligated balances, and outlays for major budgetary accounts. 

Budgetary Resources. This section shows total budgetary resources made 
available to the agency for obligation during the reporting period. It 
consists of new budget authority, unobligated amounts available from 
prior reporting periods, transfers available from prior-year balances, 
reimbursements and other income, and adjustments such as recoveries of 
prior-year obligations. This information ties to information reported 
in related Program and Financing schedules in the President's Budget. 

Status of Budgetary Resources. This section displays the status of 
budgetary resources at the end of the period and consists of 
obligations incurred and the unobligated balances at the end of the 
period that are available for future use and those that are 
unavailable except to adjust or liquidate obligations chargeable to 
prior period appropriations. The total for this section and for the 
Budgetary Resources section must be reconciled to the total status 
reported for the aggregate of all budget accounts on the Marine Corps 
SF-133, Report on Budget Execution and Budgetary Resources. 

Change in Obligated Balance. This section displays the change in 
obligated balances during the reporting period. It consists of unpaid 
obligations brought forward from the previous year and obligations 
incurred in the current year, less current year outlays and recoveries 
of prior year unpaid obligations. The total change in obligated 
balance reflects the amount of unpaid obligations at the end of the 
accounting period and brought forward in the next period's financial 
statements. This information is reported in the related Program and 
Financing schedules in the President's Budget. 

Outlays. This section shows the relationship between obligations and 
outlays and discloses the payments made to liquidate obligations, net 
of offsetting collections. Obligations are usually liquidated by means 
of cash payments (outlays) such as currency, checks, or electronic 
fund transfers. This section reconciles outlays with obligations 
incurred and the change in obligated balances during the year. Outlays 
also are reported in the related SF-133 Report and Program and 
Financing Schedules in the President's Budget. 

Inadequate Support for Accounting Transactions and Ineffective 
Controls Led to Disclaimer on the Marine Corps' SBR: 

The DOD IG reported a disclaimer of opinion on the Marine Corps' 
Fiscal Year 2010 SBR because the Marine Corps did not provide timely 
and relevant supporting documentation for accounting transactions and 
disbursements in key areas, which prevented the auditors from 
completing the audit by the November 15, 2010, reporting deadline. A 
lack of documentation limited the scope of work the auditors could 
accomplish such that they were unable to render an opinion on the 
information presented. In addition, the auditors reported that 
ineffective internal control and ineffective controls in key financial 
systems should be addressed to ensure the reliability of reported 
Marine Corps financial information.[Footnote 13] The auditors 
identified 70 findings and made 139 recommendations to address the 
issues. The 139 recommendations related to support for transactions 
and internal control over basic accounting and financial systems. (See 
appendix II for a complete list of the audit findings, related 
recommendations, and Marine Corps action plans and reported status.) 

Inadequate Support for Transactions: 

The auditors reported that they did not receive timely, relevant, and 
complete supporting documentation for the accounting transactions 
selected for testing. The Defense Finance and Accounting Service 
location in Cleveland, Ohio, (DFAS-CL)--which performs accounting, 
disbursing, and financial reporting services for the Marine Corps--did 
not have effective procedures in place to ensure that supporting 
documentation for transactions was complete and readily available to 
pass basic audit transaction testing. For example, the auditors found 
that DFAS staff had only retained selected pages of the documents 
supporting payment vouchers, such as the voucher cover sheet and did 
not have the purchase order, receiving report, and the invoice to 
support payments made. Payment voucher documentation should include 
evidence of a contract or purchase order, a receiving report for the 
goods delivered, and an invoice showing evidence of review and 
approval. Documentation should also include evidence that the 
completeness and accuracy of its support for the related transactions 
has been verified. To address this problem, DFAS-CL staff took 
immediate action and conducted an extensive effort to re-image 
supporting documentation for transactions. 

GAO's Standards for Internal Control in the Federal Government states 
that transactions and other significant events need to be clearly 
documented, the documentation should be readily available for 
examination for actions such as approvals, authorizations, 
verifications, reconciliations, monitoring, and performance reviews. 
[Footnote 14] Without such supporting documentation, it is not 
possible to verify whether payments were made in the appropriate 
amount for authorized purposes, and to the appropriate parties. Other 
problems with documentation included the following: 

* Difficulty identifying and providing complete populations of 
transactions that the auditors could confirm and use for substantive 
testing.[Footnote 15] The auditors made repeated requests to the 
Marine Corps for transaction-level detail for major accounts in order 
to select samples for their substantive testing. These delays had a 
negative effect on the timeline of the audit effort, and as a result, 
the auditors were able to perform only limited testing. This limited 
testing, however, identified 14 accounting and financial reporting 
weaknesses, resulting in 52 recommendations. 

* Not providing timely and complete supporting documentation in 
response to auditor requests to support testing of beginning balances. 
For example, our review of auditor documentation showed that during 
the testing of four material accounts related to obligations for 
delivered and undelivered orders totaling $44.1 billion, 86 of the 897 
sample items selected, with a dollar value of $1.3 billion, were not 
supported. 

Ineffective Internal Control over Basic Accounting and Financial 
Systems: 

During the planning phase of an audit, auditors assess the 
effectiveness of the design and operation of internal controls to 
determine control risk, which is used in determining the nature, 
extent, and timing of substantive procedures needed to achieve the 
desired level of detection risk. Auditors generally rely on the 
effectiveness of internal controls to reduce the level and amount of 
substantive testing required. However, in planning the fiscal year 
2010 SBR audit effort, the auditors determined that they could not 
rely on the internal controls in the Marine Corps' processes and 
systems for assurance of the reliability of financial reporting on the 
information presented in its SBR. Ineffective internal controls 
require the auditors to expand their substantive testing. Accordingly, 
the auditors had to increase their substantive tests for the first-
year SBR audit effort. Even with the increased audit testing, many key 
items remained unauditable as a result of the internal control 
problems. For example, the auditors reported the following: 

* The Marine Corps could not provide evidence to the auditors that 
reconciliations for key accounts and accounting processes were being 
performed on a monthly basis. Specifically, the auditors could not 
test Fund Balance with Treasury (FBWT)--a key internal control for SBR 
audits--because the Marine Corps was unable to tie its balances to 
Treasury balances and transaction-level detail, leaving the FBWT 
unauditable. 

* The Marine Corps recorded payments prior to recording the expense 
for various transactions, creating abnormal balances in the "Delivered 
orders, unpaid" account. The Marine Corps lacked effective processes 
and controls to assure timely recognition of expenses. 

* The Marine Corps also did not have effective controls in place to 
support estimated obligations, referred to as "bulk obligations," to 
record a payment liability and as a result, was not able to reconcile 
the related payment transactions to the estimates. The Marine Corps 
estimates obligations in a bulk amount to record payment liabilities 
where it does not have a mechanism to identify authorizing 
documentation as a basis for recording the obligations. 

The auditors also tested the controls over three major information 
technology (IT) systems used by the Marine Corps and reported numerous 
problems that required resolution. The three systems are the Marine 
Corps Total Force System (MCTFS), which is an integrated military 
personnel and payroll system; the Standard Accounting, Budgeting, 
Reporting System (SABRS), which is the Marine Corp's general ledger 
accounting system; and the Defense Departmental Reporting System 
(DDRS), which is a DOD-wide financial reporting system. The auditors 
found ineffective IT controls over all three systems. Examples of 
issues reported by the auditors include the following. 

* Segregation of duties weaknesses caused by staff with incompatible 
functional access to the systems. For example, the auditors reported 
that the lack of segregation of duties allowed a user to both 
authorize and approve payment of transactions within SABRS. 
Segregation of duties is a key internal control described in federal 
government internal control standards as the division of duties and 
responsibilities among different people to reduce the risk of error or 
fraud, and it includes the separation of responsibilities for 
authorizing transactions, processing and recording them, reviewing the 
transactions, and handling any related assets.[Footnote 16] The 
control is designed to help ensure completeness, accuracy, 
authorization, and validity of all transactions. 

* A lack of controls over interfaces between systems to ensure 
completeness of the data being transferred. System interface controls 
are critical for ensuring the completeness and accuracy of data 
transferred between systems. The standards also call for controls to 
be installed at a system's interfaces with other systems to ensure 
that all inputs are received and valid and outputs are correct and 
properly distributed.[Footnote 17] If system interface controls are 
ineffective, the reliability of the data used for financial management 
is questionable. 

* The lack of procedures to provide evidence of periodic review and 
approval of systems changes to assure their proper and timely 
implementation. 

Marine Corps Remediation Plan Is Focused on Near-Term Outcomes: 

The Marine Corps did not develop an overall corrective action or 
remediation plan that includes key elements of a risk-based plan. 
Instead, its approach to addressing auditor findings and 
recommendations focuses on short-term corrective actions based on 
extensive manual effort and adjustments to produce reliable financial 
reporting at year-end. Such efforts may not result in sustained 
improvements over the long term that would help ensure that the Marine 
Corps could routinely produce sound data on a timely basis for 
decision making. We previously reported that using principles of risk 
management helps policymakers make informed decisions about best ways 
to prioritize investments, so that the investments target the areas of 
greatest need.[Footnote 18] We also previously reported that it is 
standard practice to have a strategy that lays out goals and 
objectives, identifies actions for addressing those objectives, 
allocates resources, identifies roles and responsibilities, and 
measures performance against objectives.[Footnote 19] However, we 
found that the Marine Corps' SBR Remediation Plan focused on 
individual initiatives to address 70 auditor Notices of Findings and 
Recommendations (NFR) that included 139 recommendations, without 
assessing risks, prioritizing actions, or ensuring that actions 
adequately responded to recommendations.[Footnote 20] Further, the 
plan did not identify resources, roles and responsibilities, or 
include performance indicators to measure performance against action 
plan objectives.[Footnote 21] 

Given the current efforts, goals, and timeframes for achieving 
auditability of the Marine Corps' Fiscal Year 2011 SBR, the current 
approach is understandably focused on short-term actions. However, 
achieving financial accountability that is sustainable in the long 
term will require reliable financial systems and sound internal 
controls. An effective remediation plan would help ensure that audit 
recommendations are fully addressed to deal with the short-term and 
long-term goals. GAO's Standards for Internal Control in the Federal 
Government states that managers are to (1) promptly evaluate findings 
from audits and other reviews, (2) determine proper actions in 
response to findings and recommendations from audits and reviews, and 
(3) complete within established time frames, all actions that correct 
or otherwise resolve the matters brought to management's attention. 
[Footnote 22] 

The Marine Corps has implemented an extensive SBR remediation effort 
that is focused on individual initiatives, referred to by the Marine 
Corps as plans of action and milestones (POAM), to address the 70 
audit findings and 139 related recommendations aimed at remediating 
documentation, internal control, accounting, and information systems 
weaknesses. The Marine Corps reported that actions on 88 of the 139 
recommendations, including weaknesses related to accounting and 
financial reporting and IT systems, were fully implemented; however, 
the completeness and effectiveness of most Marine Corps' actions have 
not yet been tested. DOD IG auditors told us that tests performed 
during the Marine Corps' fiscal year 2011 SBR audit effort will 
determine whether and to what extent the problems identified during 
the fiscal year 2010 SBR audit effort have been resolved. They also 
confirmed that as of August 25, 2011, the Marine Corps had remediated 
the problems on 11 of the IT audit recommendations. (Appendix II 
includes a list of auditor recommendations and the Marine Corps' 
planned remediation actions, targeted completion dates, and reported 
status.) 

Remediation Actions Related to Accounting and Financial Reporting 
Process Issues: 

The design of many of the actions taken by the Marine Corps relied on 
monitoring, a detective control, and high-level initial fixes to 
account balances that did not address root causes as well as other 
actions that were not consistent with the related auditors' 
recommendations. For example: 

* Numerous action plans relied on issuing guidance and monitoring 
without correcting root causes. Marine Corps' remediation actions on 
22 of the 56 accounting and financial reporting recommendations rely 
on issuing guidance, monitoring, or both in an attempt to quickly 
address identified weaknesses. Correcting underlying causes requires 
process improvements and in some cases, system changes. For example, 
the Marine Corps does not have a process for capturing actual costs 
and expenditures for travel and shipments of household goods related 
to permanent change of station (PCS) moves associated with 
reassignments and military separations. Instead, it currently relies 
on data calls to estimate the population of obligations that need to 
be recorded to reflect a payment liability. As noted previously, these 
estimates are referred to as "bulk obligations." The auditors reported 
that the Marine Corps did not ensure that the estimated amount 
recorded for bulk obligations was reviewed and adjusted to reflect 
actual costs and expenditures. 

To address these findings, the Marine Corps developed additional 
guidance to support its current process for estimating bulk 
obligations and implemented a process to monitor the liquidation 
(payment) of bulk obligations. This process includes performing 
monthly and quarterly trend analysis of the estimated bulk obligations 
and liquidations. However, the guidance does not address the need for 
monthly reconciliations to identify and record necessary adjustments 
to reflect actual costs and expenditures. Marine Corps officials 
stated that they are working on a process to capture the related 
travel and household goods shipment authorizations as a basis for 
establishing and liquidating obligations, but they said they will need 
to rely on trend analysis and monitoring until process improvements 
are in place. 

Recording and liquidating obligations associated with travel and 
moving expenses often occurs over 2 or more fiscal years because for 
PCS moves that occur in the summer months, final bills may not be 
received until after the current fiscal year ends on September 30, or 
sometimes even later, for example, when household goods are stored 
during lengthy deployments. As shown in figure 1, during fiscal year 
2010, the Marine Corps had recorded $43 million (unaudited) estimated 
bulk obligations for these types of expenses. As of September 30, 
2010, Marine Corps had recorded only $20.2 million (unaudited) 
payments against those obligations. Payments against the 2010 
obligations continued into 2011, with the liquidated amount of 2010 
obligations increasing to $28.5 million (unaudited) at June 30, 2011. 

Figure 1: Marine Corps Trend Analysis on Estimated Obligations and 
Liquidations Related to Fiscal Year 2010 Officer PCS Moves: 

[Refer to PDF for image: multiple line graph] 

Fiscal quarter: Q1, 2010: 
Cumulative estimated obligation: $11.757 million; 
Cumulative reported liquidation: $0.204 million. 

Fiscal quarter: Q2, 2010: 
Cumulative estimated obligation: $39.272 million; 
Cumulative reported liquidation: $2.023 million. 

Fiscal quarter: Q3, 2010: 
Cumulative estimated obligation: $35.491 million; 
Cumulative reported liquidation: $5.307 million. 

Fiscal quarter: Q4, 2010: 
Cumulative estimated obligation: $43.044 million; 
Cumulative reported liquidation: $20.248 million. 

Fiscal quarter: Q1, 2011: 
Cumulative estimated obligation: $43.318 million; 
Cumulative reported liquidation: $25.724 million. 

Fiscal quarter: Q2, 2011: 
Cumulative estimated obligation: $43.266 million; 
Cumulative reported liquidation: $27.524 million. 

Fiscal quarter: Q3, 2011: 
Cumulative estimated obligation: $43.197 million; 
Cumulative reported liquidation: $28.48 million. 

Source: Unaudited Marine Corps data. 

[End of figure] 

Ineffective monitoring of estimated bulk obligations is a funds 
control weakness that can lead to ineffective use of budgetary 
resources if the estimates are too high and poses a risk of 
Antideficiency Act (ADA) violations if the estimates are too low. 
[Footnote 23] For example, if during the second year, the Marine Corps 
determined that estimated bulk obligations are higher than needed to 
cover the related payments, these 1-year funds will have expired and 
cannot be used for other priorities. However, if the estimated bulk 
obligations were lower than the amount needed to cover the related 
payments, the Marine Corps could incur an ADA violation if it did not 
have sufficient funds otherwise available to cover the shortfall. The 
Army and the Navy experienced ADA violations related to their fiscal 
year 2008 military personnel appropriations as a result of the failure 
to monitor bulk obligations and determine whether obligations and 
expenditures were within statutory allocations of funds and 
appropriated amounts.[Footnote 24], [Footnote 25] 

In addition, to assist the Marine Corps in monitoring key accounts, 
SABRS produces a variety of exception reports on a scheduled basis 
(daily, weekly, or monthly), which are sent to designated recipients 
throughout the Marine Corps. The reports identify abnormal 
transactions and balances that meet certain criteria, such as the 
transaction resulted in an accounting error, the transaction is 
dormant or has not been active for an inappropriate time, and the 
account balance is a negative instead of a positive amount. The 
guidance for the report recipients contains general instructions on 
correcting the transactions, but does not include any instruction on 
how the problem could be avoided in the future. While monitoring key 
accounts is a helpful tool to ensure the accuracy of the Marine Corps' 
accounting, it does not resolve the underlying accounting problems 
that caused the abnormal accounting conditions to occur. 

* Many planned actions were not consistent with the related 
recommendations. Our analysis of the Marine Corps' remediation action 
plans found that actions on 20 of the 139 recommendations were not 
consistent with recommendations. For example, auditor tests of fiscal 
year 2010 beginning balances for "Delivered orders-obligations, 
unpaid" identified unliquidated obligations on old contracts for which 
performance was substantially complete. The Marine Corps had not 
reviewed the obligations to determine whether they should be adjusted, 
as required by DOD policy.[Footnote 26] The DOD Financial Management 
Regulation (FMR) requires DOD components to perform Tri-annual Reviews 
(TAR) to monitor and confirm commitments, obligations, liquidations, 
accounts payable, and accounts receivable. The auditors found that the 
Marine Corps did not have an effective process for reviewing 
undelivered orders and unliquidated obligations, and recommended that 
they strengthen the TAR controls, whose weaknesses were the root cause 
of the finding. The lack of review of these "stale obligations" can be 
a significant problem in managing budgetary resources because unneeded 
funds are not identified in a timely manner, and once the related 
appropriation accounts expire, unneeded funds that were obligated 
cannot be used for other priorities. 

In response to these findings, Marine Corps officials stated that they 
have implemented a robust Tri-annual Review and Confirmation process 
for validating obligations. The auditors reported that the Marine 
Corps developed effective written procedures, but they found problems 
with the implementation of those procedures. Marine Corps officials 
told us that its TAR procedures will be included in its August 2011 
review of internal controls over financial reporting. 

* The Marine Corps has not fully addressed service-provider 
recommendations. At least 12 of the 139 recommendations and Marine 
Corps action plans directly address service-provider agreements and 
coordination. For example, the auditors recommended that the Marine 
Corps strengthen controls surrounding the monitoring of the coding of 
expenditures by DFAS to help ensure that contract payments will be 
recorded properly. The auditors also recommended that the Marine Corps 
establish policies and procedures for service-provider monitoring of 
system log-on controls and handling lost or compromised passwords. In 
addition, the auditors recommended that the Marine Corps strengthen 
controls over the review of open obligations to identify any related 
to contracts that were no longer valid or open, or for which 
deliveries of goods or services were completed and needed to be 
billed. The effectiveness of contract monitoring efforts by Marine 
Corps program managers and buying commands and the Defense Contract 
Management Agency (DCMA) and the Defense Contract Audit Agency (DCAA) 
are an important element to Marine Corps review and management of 
commitments, obligations, liquidations, accounts payable, and accounts 
receivable. Service-provider agreements are important for assuring the 
effectiveness of contract monitoring, audit, and closeout. As 
discussed in DOD's FIAR Guidance, service providers working with 
reporting entities are responsible for audit readiness efforts 
surrounding service-provider systems and data, processes and controls, 
and supporting documentation that have a direct effect on reporting 
entities' auditability. The FIAR Guidance also specifies that service- 
provider and reporting entity communications and understandings must 
be documented in a Service-Level Agreement or Memorandum of 
Understanding. The Marine Corps has been attempting to develop a new 
service-provider agreement with DFAS for nearly a year. However, the 
agreement remains in draft. Further, while the Marine Corps has no 
service-provider agreements with DCMA and DCAA, Marine Corps officials 
told us they discussed this matter with the FIAR Directorate as a DOD-
wide issue. 

Remediation Actions Related to IT System Weaknesses: 

The Marine Corps' remediation action plans dealing with IT weaknesses 
do not adequately address recommendations on a number of issues, 
including system access controls, feeder systems, and the audit trail 
on the change-management process. Specific issues include the 
following: 

* The Marine Corps disagreed with six auditor recommendations to 
strengthen SABRS IT system controls over information processing. For 
three recommendations related to password and log-on controls, the 
Marine Corps action states that the Defense Information System Agency 
(DISA) and not DFAS is responsible for the actions. However, Marine 
Corps officials told us they had not contacted DISA officials to 
ensure that they would address the recommendations. For two 
recommendations related to data transfers between feeder system and 
SABRS, the Marine Corps action states that legacy systems cannot 
accept acknowledgment of received transactions from SABRS. However, 
the Marine Corps did not take alternative action to assure the 
completeness and accuracy of data transfers. The sixth recommendation 
related to implementing edit checks to assure that transactions 
processed from a feeder system could only be entered into SABRS once. 
The Marine Corps action stated that DFAS and the Marine Corps already 
have sufficient checks in place to prevent the processing of the same 
transaction more than once. However, the Marine Corps did not explain 
these edit checks, or indicate that they had been tested and deemed to 
be effective. 

* The auditors recommended that the Marine Corps work with DFAS to 
implement a solution to allow them to track all SABRS system changes 
being migrated to production and to retain evidence of management 
approval for all changes to SABRS. The Marine Corps reported that 
actions on this recommendation have been fully implemented. However, 
the Marine Corps reported its action on this recommendation as "The 
signature approval block has been removed as signature is no longer 
required." This reported action does not explain how the 
recommendation was addressed and raises questions about whether the 
recommendation has in fact been addressed. 

Lessons Learned from the Marine Corps' SBR Audit Effort: 

The Marine Corps' fiscal year 2010 SBR audit results provide valuable 
lessons on preparing for a first-time financial statement audit. As we 
recently testified, lessons learned from the Marine Corps' SBR audit 
effort can provide a roadmap to help other DOD components achieve 
audit readiness through strengthening their financial management 
processes to increase data reliability as they develop their own 
action plans in preparation for their first-time audits.[Footnote 27] 
While the Marine Corps SBR effort and resulting auditor findings and 
recommendations identified numerous issues for the other military 
services to consider in their audit readiness efforts, we identified 
five overall lessons that are critical to success. Specifically, the 
Marine Corps' experience demonstrated that prior to asserting 
financial statement audit readiness, DOD components must: 

* confirm completeness of populations of transactions and address any 
abnormal transactions and balances, 

* test beginning balances, 

* perform key reconciliations, 

* provide timely and complete response to audit documentation 
requests, and: 

* verify that key IT systems are compliant and auditable. 

Officials responsible for Navy, Army, and Air Force FIPs as well as 
other financial management officials told us that they are aware of 
the Marine Corps lessons. Navy officials told us they are updating 
their audit readiness plan to address all five areas. Navy officials 
discussed several examples of actions they plan to include in their 
revised audit readiness plan. However, the plan, which is still in 
draft, is incomplete, and Navy officials did not provide us a copy of 
the draft document. Navy officials explained that the initial POAM, 
which is targeted for completion by December 16, 2011, is a living 
document that would be modified as the evaluation of Navy business and 
financial processes unfold, deficiencies are identified, and 
corrective actions are implemented. Army and Air Force officials 
indicated that they are addressing some but not all of these lessons 
in their audit readiness efforts. 

Overall, the procedures required by DOD's FIAR Guidance are consistent 
with Internal Control Standards and selected procedures for conducting 
financial statement audits, such as reconciling the population of 
transactions to be tested and conducting tests of information system 
controls. We found that the five issues identified as critical lessons 
from the Marine Corps SBR audit effort are addressed in the FIAR 
Guidance. As the Navy, Army, and Air Force move forward in developing 
and implementing their FIPs, it will be critical for them to take into 
account the lessons learned during the course of pilot audit efforts, 
such as the Marine Corps SBR. Adherence to the FIAR Guidance in these 
areas can help ensure that the military service FIPs provide the 
needed audit readiness procedures. 

The following sections discuss each of the five lessons resulting from 
the Marine Corps SBR effort and the status of the military services' 
efforts to ensure that their respective FIPs address these lessons in 
accordance with FIAR Guidance. 

* Confirm completeness of transaction populations. DOD's FIAR Guidance 
includes steps to address the completeness of transaction populations 
during the audit readiness work. During the fiscal year 2010 SBR audit 
effort, the auditors made multiple requests for Marine Corps 
transaction-level detail for key SBR accounts, such as "Undelivered 
orders-obligations, unpaid." The multiple attempts caused significant 
delays and the auditors were not able to complete their audit effort. 
Navy FIP and other financial management officials told us that they 
identified problems with the way transactions map to general ledger 
accounts and make it difficult to identify transaction populations. 
For example, the officials explained that general ledger account 
numbers changed over the years, requiring multiple maps from 
accounting systems to the Defense Departmental Reporting System, and 
field staff had occasionally created their own general ledger accounts 
without coordinating with DFAS officials who maintain the U.S. 
Standard General Ledger (USSGL) chart of accounts. Navy officials 
noted that these problems prevent the reconciliation of Unadjusted to 
Adjusted Trial Balances and FBWT reconciliations, and impede overall 
funds control. The officials explained that the Navy is updating its 
audit readiness plan to address these problems. Army and Air Force FIP 
officials we met with said they were aware of the Marine Corps audit 
findings. However, they did not discuss efforts to identify complete 
populations of transactions or ensure that transactions properly map 
to USSGL accounts. 

* Test beginning balances. DOD's FIAR Guidance discusses the 
importance of confirming beginning balances. A first-year SBR audit 
requires substantial testing to confirm beginning balances. Because 
this testing involves transactions that originated in prior years, the 
auditors examine documents from current and prior periods, including 
contracts, receiving reports, invoices, and disbursement records to 
verify beginning balances. During its fiscal year 2010 SBR audit 
effort, the Marine Corps did not provide complete supporting 
documentation, resulting in this key lesson learned. Navy audit 
readiness efforts and DOD's FIAR Guidance include steps to address the 
testing of beginning balances during the audit readiness work. The 
Navy FIP and other financial management officials we interviewed noted 
that earlier audit readiness discovery efforts were not sufficient to 
confirm beginning balances, and problems subsequently identified with 
assignment of USSGL account numbers and mapping of transactions to the 
proper accounts will need to be resolved to ensure the auditability of 
beginning balances. DFAS is actively working with the Navy in this 
effort. Army and Air Force FIP officials recognized the importance of 
confirming beginning balances, but they did not provide information on 
their efforts in this area. 

* Perform key reconciliations. DOD's FIAR Guidance includes steps to 
perform key reconciliations during the audit readiness efforts. The 
completion of key reconciliations is essential to financial statement 
auditability. During the fiscal year 2010 Marine Corps' SBR audit 
effort, the Marine Corps did not have processes in place to reconcile 
key accounts. For example, without transaction-level detail, the 
Marine Corps was unable to reconcile its FBWT. In addition, the Marine 
Corps had to make repeated attempts to reconcile the Unadjusted Trial 
Balance to the Adjusted Trial Balance. Navy FIP and financial 
management officials told us that the Navy has identified Unadjusted 
to Adjusted Trial Balance and FBWT reconciliations as key requirements 
to be completed before asserting audit readiness. The Navy's target 
for FBWT audit readiness is the fourth quarter of fiscal year 2012. In 
December 2010, the Air Force asserted that its FBWT was auditable. The 
Air Force FBWT audit readiness assertion is currently under review by 
an independent public accounting firm The Army's target for FBWT audit 
readiness is the first quarter of 2015. 

* Provide timely and complete responses to audit documentation 
requests. DOD's FIAR Guidance includes steps for achieving a timely 
and complete response to audit documentation requests during the audit 
readiness work. The auditors reported that the Marine Corps did not 
consistently provide timely and accurate audit documentation. DFAS 
stated that this NFR was its responsibility. Such documentation is 
needed to determine whether a transaction being tested was authorized, 
the goods and services were received, the invoice was approved for 
payment, and the funds disbursed were correct. Navy FIP and other 
financial management officials told us they are working closely with 
DFAS-CL and DFAS-Columbus (DFAS-CO) to ensure that audit documentation 
will be available to support auditor requests. The DFAS-Indianapolis 
(DFAS-IN) FIAR team officials are aware of this requirement. Army and 
Air Force FIP officials we met with did not discuss audit readiness 
efforts in this area. The Marine Corps established a Web site to 
facilitate the exchange of audit information, including auditor 
requests for information, samples, and supporting documentation, and 
financial manager submission of documents in response to auditor 
requests. Web sites for timely exchange of a high volume of 
documentation are useful to facilitating audits of large 
organizations. However, Army and Air Force FIP officials told us they 
do not have plans to establish such a Web site for exchanging 
information. 

* Verify that key IT systems are compliant and auditable. DOD's FIAR 
Guidance includes steps for verifying that key IT systems are 
auditable. During the Marine Corps SBR audit effort, the auditors 
issued numerous Notices of Findings and Recommendations reporting that 
key application systems used by the Marine Corps did not have 
effective controls, which impacted their auditability. The 
auditability of key application systems, including military payroll 
systems, accounting systems, and financial reporting systems, is 
essential to achieving and sustaining an audit opinion. The Navy FIP 
Leader and other Navy officials told us that they have determined that 
the Navy's Standard Accounting and Reporting System-Field Level (STARS-
FL) general ledger accounting system does not append account 
identifiers to transactions. Without this identifier, the Navy will be 
unable to reconcile its FBWT at the appropriation level. The lack of 
an account identifier also impairs the resolution of problem 
disbursements. The Navy also is implementing the Navy Enterprise 
Resource Planning System (Navy ERP), which is intended to standardize 
the acquisition, financial, program management, maintenance, plant and 
wholesale supply, and workforce management capabilities at Navy 
commands. Once it is fully deployed, the Navy estimates that the 
system will control and account for approximately $71 billion, or 50 
percent, of the Navy's estimated appropriated funds, after excluding 
the appropriated funds for the Marine Corps and military personnel pay 
and allowances. In October 2010, we reported that the Navy ERP 
schedule for full deployment had slipped 2 years from 2010 to 2012. 
[Footnote 28] 

DOD officials have said the successful implementation of enterprise 
resource planning (ERP) is key to resolving the long-standing 
weaknesses in the department's business operations in areas such as 
business transformation and financial management. The Army has 
acknowledged problems with its General Fund Enterprise Business System 
(GFEBS). These problems include incomplete data, which affects the 
reliability of financial reporting and the lack of visibility of 
available funds and poses a risk of ADA violations. The Army estimates 
that when fully implemented, GFEBS will be used to control and account 
for about $140 billion in spending. Army officials told us that GFEBS 
deployment consists of eight waves with full implementation in July 
2012 to support the ultimate goal of audit readiness by 2017. 

The Air Force is developing a new ERP general ledger system--called 
the Defense Enterprise Accounting and Management System (DEAMS). DEAMS 
is intended to provide the Air Force the entire spectrum of General 
Fund financial management capabilities, including collections, 
commitments and obligations, cost accounting, general ledger, funds 
control, receipts and acceptance, accounts payable, and disbursement, 
billing, and financial reporting. According to Air Force FIP 
officials, when DEAMS is fully operational, it is expected to maintain 
control and accountability for about $160 billion. In October 2010, we 
reported that the Air Force's schedule for full deployment of DEAMS 
had slipped 3 years from 2014 to 2017.[Footnote 29] 

The Marine Corps SBR audit effort also identified problems with DOD- 
wide systems, including the Defense Departmental Reporting System, the 
Defense Cash Accountability System, and the Mechanization of Contract 
Administration Services (MOCAS). MOCAS is a 50-year-old legacy system. 
Navy officials noted that MOCAS processes about one third of the 
Navy's transactions. Navy officials also told us that DOD has serious 
data reliability concerns with MOCAS, including proper recording and 
reporting of contract payment accruals. Navy and Air Force FIP 
officials told us they are coordinating with DFAS-CO on MOCAS audit 
readiness support and Army FIP officials said they plan to do so in 
the fall of 2011 or winter of 2012. 

Conclusions: 

The Marine Corps learned some valuable lessons in the attempted fiscal 
year 2010 audit of its SBR; however, it still faces significant 
challenges in achieving auditability of its basic budgetary and 
spending information. In addition, lessons learned from the Marine 
Corps' SBR audit effort can provide a valuable roadmap to help other 
DOD components strengthen their financial management processes and 
achieve audit readiness. The Marine Corps has undertaken numerous 
actions to correct the many deficiencies identified during its SBR 
audit effort, but many actions are incomplete, rely on detective 
controls rather than preventive controls, and do not address the 
underlying weaknesses. Many of the actions are also dependent on the 
effectiveness of DOD-wide system and process improvements, which are 
still in process. In order to help ensure that actions dependent on 
other components are implemented in an effective manner, it is 
critical that the Marine Corps develop effective service-provider 
agreements with DFAS and other DOD service providers. Finally, in 
meeting DOD's overall goals of financial management improvement and 
audit readiness, it is essential that the other military services and 
DOD components, such as DFAS, take timely, diligent action to fully 
leverage the fundamental lessons resulting from the Marine Corps SBR 
audit effort. Unless the military services embrace basic accounting 
and internal control steps, such as confirming beginning balances and 
performing needed reconciliations, the prospects for achieving audit 
readiness in any area will remain uncertain. DOD's FIAR Guidance, if 
effectively implemented, would help the military services ensure that 
their FIPs include these basic steps. A successful SBR audit is an 
important tool in providing accountability and discipline over the 
budgetary resources provided by Congress and ultimately by the 
American taxpayers. Such accountability and transparency is a basic 
responsibility made even more critical given the current fiscal 
constraints faced by our nation. 

Recommendations for Executive Action: 

We are making four recommendations to improve Marine Corps and 
Department of Defense (DOD) audit readiness efforts. First, we make 
three recommendations to the Secretary of the Navy to direct the 
Commandant of the Marine Corps to take the following actions: 

* Using the results of the fiscal year 2010 and 2011 SBR audit 
efforts, develop a comprehensive, risk-based plan for designing and 
implementing corrective actions that provide sustainable solutions for 
SBR auditor recommendations. Such a plan should identify goals and 
objectives, identify and prioritize actions for addressing those 
objectives, allocate resources, assign roles and responsibilities, and 
measure performance against objectives. 

* Review Marine Corps SBR remediation actions under way and confirm 
that actions are fully responsive to the auditor recommendations. 

* For remediation actions that require coordination and action on the 
part of other DOD components, such as DFAS, DCMA, and DCAA, require 
the Marine Corps to develop and implement timely and effective service-
provider agreements with the appropriate DOD components in accordance 
with the FIAR Guidance. These agreements should identify roles and 
responsibilities, the individuals responsible for those activities, 
and performance measures that establish accountability. 

In addition, to help fully leverage lessons learned from the first-
year Marine Corps SBR audit effort, we recommend that the Secretary of 
Defense direct the Secretaries of the Army, the Navy, and the Air 
Force to consider the fundamental lessons resulting from the Marine 
Corps effort and incorporate the lessons, as appropriate, in their 
respective FIPs. 

Agency Comments and Our Evaluation: 

We received written comments from the Department of Defense (DOD) on 
September 13, 2011, stating that the department agreed with three of 
our four recommendations. DOD also stated that as we pointed out, most 
issues identified are not unique to the Marine Corps and noted that 
all DOD reporting components are working with the Defense Finance and 
Accounting Service and other service-providers to address these 
issues. However, DOD's letter states that the Marine Corps and its 
service providers have made far more progress in remediation than our 
report indicates. DOD's letter also states that it disagrees with 
several of the statements in our report related to the Marine Corps' 
remediation plan and that the report does not present a fair 
assessment of the Marine Corps' remediation efforts as a whole. 
However, most Marine Corps' corrective actions have not yet been 
confirmed by the DOD Inspector General (IG), and accordingly, the 
success of the Marine Corps' efforts to date in remediating weaknesses 
is unknown at this time. DOD's written comments are reprinted in 
appendix III. We summarize and evaluate DOD's comments and responses 
to our recommendations below. We made technical corrections and 
clarifications suggested by DOD in the body of our report, where 
appropriate. 

DOD did not agree with our recommendation that the Marine Corps 
develop a comprehensive, risk-based plan for designing and 
implementing corrective actions to its Statement of Budgetary 
Resources, commenting that the recommendation was overly prescriptive. 
As stated in our report, we are concerned that the Marine Corps' 
approach to addressing auditor findings and extensive manual effort 
and adjustments to produce reliable financial reporting at year-end. 
Such efforts may not result in sustained improvements over the long 
term that would help ensure that the Marine Corps routinely produces 
sound data on a timely basis for decision making. In response to DOD's 
comment, we clarified our recommendation to indicate that fiscal year 
2010 and 2011 audit results should be considered in developing a 
comprehensive plan to address auditor recommendations. 

DOD also stated that the Marine Corps contends that the referenced 
Standards for Internal Control in the Federal Government[Footnote 30] 
does not have a requirement that management must identify resources, 
roles and responsibilities, or include performance indicators to 
measure performance against action plan objectives. DOD stated that 
the Marine Corps fully complied with the three requirements noted in 
the standard to (1) promptly evaluate findings from audits and other 
reviews, (2) determine proper actions in response to findings and 
recommendations from audits and reviews, and (3) complete within 
established time frames, all actions that correct or otherwise resolve 
the matters brought to management's attention. Our reference to the 
internal control standards relates to our finding that the Marine 
Corps had not fully addressed all audit recommendations. As stated in 
our report, the Marine Corps' remediation action plans dealing with 
information technology (IT) system weaknesses do not adequately 
address recommendations on a number of issues, including system access 
controls, federal systems, and the audit trail on the change-
management process. In addition, as noted in appendix II of our 
report, the Marine Corps disagreed with several IT system 
recommendations and did not plan corrective actions to address them. 

However, our overall concern with the Marine Corps' remediation plan 
is that given the large number of recommendations and the need for 
long-term actions that will result in sustainable improvement, the 
Marine Corps could benefit from a risk-management approach to its 
remediation plan. Such an approach helps policymakers make informed 
decisions about the best ways to prioritize investments, so that the 
investments target the areas of greatest need. This is particularly 
important in an environment where resources are limited. Further, as 
additional findings and recommendations are identified during the 
Marine Corps' Fiscal Year 2011 SBR audit, it will be important to 
assess risk and prioritize actions to address them. We therefore 
continue to believe that this recommendation, as revised, has merit. 

We are sending copies of this report to the Secretary of Defense, the 
Under Secretary of Defense (Comptroller/Chief Financial Officer), the 
Secretary of the Navy, the Assistant Secretary of the Navy for 
Financial Management and Comptroller, the Commandant of the Marine 
Corps; the Fiscal Director of the Marine Corps; the Directors of DFAS, 
DFAS-Cleveland, and DFAS-Columbus; the Director of the Office of 
Management and Budget; and appropriate congressional committees. In 
addition, the report is available at no charge on the GAO Web site at 
[hyperlink, http://www.gao.gov]. 

If you or your staffs have any questions about this report, please 
contact me at (202) 512-9869 or khana@gao.gov. Contact points for our 
Office of Congressional Relations and Public Affairs may be found on 
the last page of this report. GAO staff who made key contributions to 
this report are listed in appendix IV. 

Signed by: 

Asif A. Khan: 
Director, Financial Management and Assurance: 

List of Requesters: 

The Honorable Thomas R. Carper: 
Chair: 
The Honorable Scott P. Brown: 
Ranking Member: 
Subcommittee on Federal Financial Management, Government Information, 
Federal Services and International Security: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

The Honorable Claire McCaskill: 
Chair: 
Subcommittee on Contracting Oversight: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

The Honorable Tom Coburn: 
Ranking Member: 
Permanent Subcommittee on Investigations: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

The Honorable John McCain: 
United States Senate: 

[End of section] 

Appendix I: Objectives, Scope, and Methodology: 

We were requested to determine (1) the primary reasons why the Marine 
Corps was unable to obtain an opinion on its Fiscal Year 2010 SBR, (2) 
the effectiveness and reported status of the Marine Corps' remediation 
plan design and implementation, and (3) military service and Defense 
Finance and Accounting Service (DFAS) efforts to leverage Marine Corps 
SBR audit lessons learned. 

To determine the primary reasons for the disclaimer of opinion, we 
reviewed DOD IG audit documentation, the auditor notices of findings 
and recommendations (NFR), the Marine Corps' response to the auditors' 
findings and conclusions, the Marine Corps' management assertion 
letter, the auditors' report and more detailed management letter, and 
the Marine Corps' response to the report. 

To determine the effectiveness and reported status of the Marine 
Corps' remediation plan design and implementation, we reviewed the 
Marine Corps' action plans for addressing auditor NFRs, which are 
described in Program Objectives and Milestone (POAM) documents. We 
considered corrective action guidance included in DOD's Financial 
Improvement and Audit Readiness (FIAR) Guidance as well as GAO's 
Standards for internal Control in the Federal Government.[Footnote 31] 
We analyzed the Marine Corps' remediation plans to determine whether 
Marine Corps corrective actions were appropriately designed to resolve 
the problems identified during the audit effort, including actions to 
address identified weaknesses in accounting and financial reporting 
and key information technology (IT) systems. We also reviewed the 
Marine Corps' milestone dates for completing remediation actions, the 
reported status of Marine Corps actions as of July 18, 2011, and DOD 
IG confirmation of Marine Corps implementation. 

To determine the military service efforts to leverage Marine Corps SBR 
audit lessons learned, we met with Army, Navy, Air Force, and Defense 
Finance and Accounting Service (DFAS) financial managers to discuss 
actions they had initiated as a result of the Marine Corps audit 
effort. We also reviewed DOD's FIAR Plan and FIAR Guidance and met 
with DOD Comptroller and FIAR officials to determine the status of 
their efforts to ensure the lessons are addressed in the military 
service's audit readiness plans. We reviewed lessons learned 
documentation provided by the military services. We also reviewed the 
FIAR Guidance to determine whether it included information that would 
help address the key lessons learned from the Marine Corps SBR audit 
effort. 

We conducted this performance audit from February 2011 through 
September 2011 in accordance with generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate audit evidence to provide 
a reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a 
reasonable basis for our findings and conclusions based on our audit 
objectives. 

[End of section] 

Appendix II: Reported Status of Marine Corps Actions on 
Recommendations from the Fiscal Year 2010 Statement of Budgetary 
Resources Audit Effort: 

This appendix presents the recommendations related to accounting and 
financial reporting findings and information technology (IT) system 
findings from the United States Marine Corps (USMC) Fiscal Year 2010 
Statement of Budgetary Resources (SBR) audit effort. The auditors 
communicated 14 notices of findings and recommendations (NFR) related 
to accounting and financial reporting processes and 56 findings 
related to IT system weaknesses. These NFRs resulted in 139 
recommendations, which are shown in tables 1 through 4. The USMC has 
indicated that several actions had been completed as of July 18, 2011, 
but the effectiveness of all but 11 Marine Corps' actions had not yet 
been confirmed by the auditor. Department of Defense (DOD) Inspector 
General (IG) auditors stated that ongoing testing for the audit of the 
Marine Corps Fiscal Year 2011 Statement of Budgetary Resources likely 
would confirm the effectiveness of Marine Corps remediation actions. 
The DOD IG's report on the Marine Corps' fiscal year 2011 SBR audit 
will be issued in November 2011. 

Table 1 presents the recommendations related to the Marine Corps' 
accounting and financial reporting processes; the Marine Corps' action 
plans to remediate these recommendations, reported implementation 
status, and targeted completion dates; and notes whether the DOD IG 
has confirmed the effectiveness of the Marine Corps' implementation. 

Table 1: DOD IG Recommendations, Reported Status of USMC Actions on 
Accounting and Financial Reporting Process Issues as of July 18, 2011, 
and DOD IG Confirmation of Status as of August 25, 2011: 

NFR 1: Improper Accrual of Delivered Orders, Unpaid: 

Recommendations: 1. Analyze or reconcile all delivered orders recorded 
as commit, obligate, and expend (COE) for the noted types of bulk 
obligations and any other obligation types that are known to 
management as of 9/30/09; 

USMC action plan: NFR 1: Improper Accrual of Delivered Orders, Unpaid: 
All USMC Commands and HQMC participated in a data call to identify the 
universe and value of all bulk obligations and expense transactions 
using a standard document template. Improper accrual transactions are 
closely related to the bulk obligations that are referenced in "NFR 2: 
Lack of Review of Estimated Bulk Obligations"; 
Targeted completion date: 7/21/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: The USMC Marine Corps Programs, Resources, 
Accounting and Financial Systems Branch (commonly referred to as the 
Accounting Branch, or RFA) independently queried the core accounting 
system to identify the universe of manually entered COE transactions 
into SABRS; 
Targeted completion date: 8/18/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Analyzed validity of Delivered and Undelivered 
Orders; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Audit Support team selected a sample of documents 
related to COE transactions under review to evaluate implementation of 
management guidance and the adjusted values reported on the financial 
statements. This review included a validation of a system change that 
eliminates the manual entry of a COE in SABRS; 
Targeted completion date: 10/14/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. For any unsupported amounts and/or any amounts 
that may no longer be necessary to remain in delivered or open status, 
adjustments should be recorded to reverse or decrease the accrued 
delivered orders; 
USMC action plan: Developed a Prior Period Adjustment (PPA) package 
which contained JV adjustments and approvals for unsupported COE 
transactions and which will be corroborated by a detail schedule of 
unsupported transactions; 
Targeted completion date: 10/20/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Stop recording COEs unless there are strong 
reconciliation controls implemented to ensure that amounts that remain 
open beyond fiscal year-end are related to amounts that will actually 
be delivered against the related obligation; 
USMC action plan: USMC initiated Systems Change Requests (SCR) to 
eliminate the Document Identifier Code (DIC) COE for the movement of 
household goods via the Marine Corps Permanent Duty Travel (MCPDT) 
application as well as for manual COEs in SABRS; 
Targeted completion date: 9/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 4. Strengthen internal controls surrounding the 
substantiation of obligated amounts recorded for bulk obligations by 
preparing and maintaining detailed schedules that agree to the amounts 
recorded within the general ledger; 
USMC action plan: The USMC has developed and distributed bulk 
obligation and expense management guidance to define monitoring 
efforts to ensure obligation accuracy, accrual estimation, and 
sustainment via reconciliation procedures; 
Targeted completion date: 8/13/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 5. Make sure that all recorded amounts are supported 
by sufficient, competent audit evidence, such as the calculation bases 
or historical analysis for any recorded estimates; 
USMC action plan: Based on remediation actions and previous efforts to 
monitor abnormal condition, the USMC effectively eliminated the 
recognition of manual accruals that are unsupported or lack 
appropriate audit evidence given the system changes which have 
eliminated manual expense entries. Therefore, historical analysis is 
only applicable to timing differences at period end (e.g., MOCAS JV 
process) where additional analysis is ongoing. The USMC is proceeding 
with improved accrual estimation via the implementation of an 
automated accrued liability module that will allow for accurate 
recognition of period-end expenses. SABRS functional requirements have 
been designed and implemented; 
Targeted completion date: 6/30/2010; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 6. Implement review controls at least annually, if 
not quarterly, to reconcile amounts of accrued delivered orders and 
identify potential amounts that should be deobligated; 
USMC action plan: The USMC has developed and distributed bulk 
obligation and expense management guidance to define monitoring 
efforts that ensure obligation accuracy, accrual estimation, and 
sustainment via reconciliation procedures; 
Targeted completion date: 8/13/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR 2: Lack of Review of Estimated Bulk Obligations: 

Recommendations: 1. Correct all noted errors identified during 
Beginning Balance Testing; 

USMC action plan: The USMC analyzed the validity of delivered and 
undelivered orders recorded in the Statement of Budgetary Resources; 
Targeted completion date: 7/21/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: For unsupported amounts, the USMC prepared adjusting 
journal entries to correct the overstatement of unpaid obligations 
impacting the presentation of the Fiscal Year 2010 Statement of 
Budgetary Resources; 
Targeted completion date: 10/20/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Ensure that expenses are recorded when a liability 
exists and not at the time of obligations; 
USMC action plan: USMC initiated Systems Change Requests (SCR) to 
eliminate the Document Identifier Code (DIC) COE for the movement of 
Household Goods via the Marine Corps Permanent Duty Travel (MCPDT) 
application as well as for manual COEs in SABRS. This essentially 
eliminates the manual recording of the expense at the time when the 
obligation is entered into the core accounting system (SABRS). 
Additional monitoring via abnormal and periodic reporting requirements 
has consistently been a component to the USMC "Deadly Sins" reporting 
package and Tri-Annual Review (TAR) process. These are monitoring 
mechanisms that are codified within Marine Corps Order (MCO) 7300.21A, 
Marine Corps Financial Management Standard Operating Procedure Manual. 
Action beyond these steps would reside within the Marine Corps' 
accrual estimation process that is currently under implementation 
(referenced above); 
Targeted completion date: 9/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. The use of bulk/estimated obligations should be 
limited to extreme instances when actual amounts are not known; 
USMC action plan: The USMC developed and distributed bulk obligation 
and expense management guidance to define monitoring efforts that 
ensure obligation accuracy, accrual estimation, and sustainment via 
reconciliation procedures; 
Targeted completion date: 8/13/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 4. When bulk/estimated obligations are necessary, 
strengthen the controls regarding the use of estimates and support the 
estimation methodology; 
USMC action plan: The USMC developed and distributed bulk obligation 
management guidance to define monitoring efforts that ensure 
obligation accuracy, accrual estimation, and sustainment via 
reconciliation procedures; 
Targeted completion date: 8/13/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 5. Ensure existing bulk obligation documents must be 
reviewed for activity and the beginning balance for obligation be 
adjusted accordingly; 

USMC action plan: The USMC analyzed the validity of delivered and 
undelivered orders recorded in the Statement of Budgetary Resources; 
Targeted completion date: 7/21/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: For unsupported amounts, the USMC prepared adjusting 
journal entries to correct the overstatement of unpaid obligations; 
Targeted completion date: 10/20/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 6. All current year and future transactions that used 
the bulk/estimated obligation and expense must be reviewed and fully 
supported as proper; 

USMC action plan: The USMC developed and distributed bulk obligation 
management guidance to define monitoring efforts that ensure 
obligation accuracy, accrual estimation, and sustainment via 
reconciliation procedures; 
Targeted completion date: 8/13/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: The Marine Corps audit support team selected a 
sample of bulk documents in order to evaluate both the implementation 
of the guidance and the adjusted values reported on the financial 
statements; 
Targeted completion date: 10/21/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-3: Liquidation Precede the Recording of Expenses: 

Recommendations: 1. Strengthen controls surrounding the recordation of 
expenses prior to, or at the point, of funds disbursal; 

USMC action plan: 
Developed management guidance and produce monthly reports from which 
USMC Commands and HQMC can monitor and address abnormal accounting 
conditions; 
Targeted completion date: 8/23/2010; 
Status according to Marine Corps: Fully Implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Created and implemented a rigorous TAR and 
Confirmation process to ensure accurate and judicious financial 
information that provides USMC financial managers and senior 
leadership with a clear financial picture in order to be good stewards 
of public funds, accurately account for funds spent, and to comprehend 
the impact when expending limited financial resources; 
Targeted completion date: 2/1/2011; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: NFR 1: As a normal course of business, 
intragovernmental transactions often result in disbursement processing 
where the USMC is not in receipt of substantiating documentation to 
ensure delivery, receipt and acceptance of goods or service. While the 
USMC has published guidance to address proper due diligence in 
obtaining substantiating evidence to support the proper recording of 
the expense, the performing activities are remiss in supporting our 
requests. Therefore, this matter has been elevated for support and 
substantiation by the Defense Finance and Accounting Service (DFAS) 
and other service support agencies and departments; 
Targeted completion date: 10/1/2011; 
Status according to Marine Corps: Action initiated; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Correct the errors noted during testing of the 
beginning balances; 
USMC action plan: Initiated an adjusting journal entry to address 
auditor identified concerns relating to the noted NFR and other 
similarly identified issues in order to effect the correct 
representation on the financial statement; 
Targeted completion date: 10/20/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Record the liability prior to the disbursement/ 
liquidation so that account 4801 - Undelivered Orders is reduced and 
amounts are posted to 4901-Delivered Orders, Unpaid; 
USMC action plan: Implementing automated accrued liability module that 
will allow for accurate recognition of period-end expenses. SABRS 
functional requirements have been designed and implemented. Monthly 
accruals are anticipated to begin 30 June 2011; 
Targeted completion date: 6/30/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-4: Lack of Sufficient Audit Evidence to Substantiate Obligations, 
Expenses, and Disbursements Recorded;: 

Recommendations: 1. Analyze the identified transactions from Beginning 
Balance Testing that were unsupported and obtain the related 
supporting documentation. If not available, record adjustments to 
remove any unsubstantiated amounts from the general ledger; 

USMC action plan: USMC initiated a JV adjusting entry in the DDRS-AFS 
for bulk transactions where no support can be obtained or derived; 
Targeted completion date: 10/20/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: For COE transactions where no support or adjustment 
is evident, RFA initiated a comprehensive adjustment initiative that 
will effectively eliminate all remaining balances for all manually 
entered COE transactions; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: NFR 1: Initiated Internal Control over Financial 
Reporting (ICOFR) review of TAR functions and management support for 
TAR certifications in order to strengthen responsiveness and 
reliability of fund holder review of obligation, expenses, and 
liquidations; 
Targeted completion date: 6/17/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Identify if there are any consistent themes noted 
during the analysis of the noted errors, such as common transaction 
types or any specific commands that seem to have a higher error rate 
than others, we recommend that further efforts be undertaken to 
perform additional review of these types of transactions or 
transactions running through any identified commands. If any common 
themes and/or problem commands are identified, we recommend that 
management develop and implement the appropriate internal controls 
guidance, and provide training to the necessary personnel; 
USMC action plan: Performed analysis of core remediation areas and 
implemented updates and corrections to systems and management guidance 
on proper recording and review of financial events. Guidance updates 
include improved FBWT Standard Operating Procedure (SOP), Military 
Payroll reconciliation SOPs, and updates to MCO 7300.21A with 
forthcoming Document Type Code and Reimbursable Type Code 
documentation and analysis. Audit remediation efforts also yielded 
improved systems functionality and representation of transaction-level 
details; 
Targeted completion date: 7/11/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Implement internal controls to ensure that 
sufficient, competent, and independent evidence is maintained and 
readily available upon request pursuant to USMC, DOD, GAO, and OMB 
guidance. Additionally, we recommend that the USMC ensure this 
documentation traces to and supports the amounts recorded within SABRS; 
USMC action plan: Published management guidance that empowers Commands 
and HQMC with information resource tools that enable the timely 
retrieval of source documentation to support audit requirements and 
assist in providing complete audit sample documentation; 
Targeted completion date: 9/3/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-5: Advances Recorded That Are Actually Contract Financing Payments: 

Recommendations: 1. Correct errors noted during the performance of 
Beginning Balance Testing; 

USMC action plan: The Marine Corps and DFAS teams have identified all 
6W transactions impacting all general ledger balances. The universe 
was confirmed as accurate via a comparative assessment of independent 
data extracts that were independently performed by DFAS and USMC RFA 
(resources and accounting and personnel); 
Targeted completion date: 8/31/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Based on the universe identified with the above 
corrective action, the DFAS audit support team engaged in an 
exhaustive reconciliation of the 6W transaction type code processing 
in order to ensure that progress payments are properly classified 
and/or updated for noted variances; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: RFA initiated a comprehensive adjustment initiative 
that will effectively reclassify progress payments from general ledger 
accounts 4802 to 4902; 
Targeted completion date: 9/30/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Strengthen controls surrounding the monitoring of 
the coding of expenditures by the accounting service provider (DFAS) 
so that the contract financing payments will be recorded properly; 
USMC action plan: An SCR has been processed that effectively 
eliminates the automatic change of the transaction type code reflected 
in Defense Cash Accountability System. Subsequent to SCR processing, 
DFAS review of associated Marine Corps transactions indicates that the 
system change was successful. In addition, DCAS users at DFAS-Columbus 
were provided instruction on the proper processing of transaction type 
codes; 
Targeted completion date: 4/10/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Evaluate contract payments at the transaction 
level to determine if the payment should be classified as an advance 
or as a contract financing payment and correct the beginning balances 
accordingly; 

USMC action plan: The USMC and DFAS teams are engaged in processing 
appropriate redistribution of payments to correct the erroneous 
transaction type code postings; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: The USMC has initiated a process to correct the 
SABRS table posting logic to correctly classify contract financing 
payments; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: RFA has initiated a comprehensive adjustment 
initiative that will effectively reclassify progress payments from 
general ledger accounts 4802 to 4902; 
Targeted completion date: 9/30/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 4. Correct current year transactions that used the 
same process to contract payments and ensure future payments are 
recorded properly; 
USMC action plan: RFA has initiated a comprehensive adjustment 
initiative that will effectively reclassify progress payments from 
general ledge accounts 4802 to 4902; 
Targeted completion date: 9/30/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-6: Lack of Review of Stale Obligations Recorded: 

Recommendations: 1. Analyze the noted errors in appropriate U.S. 
Standard General Ledger (USSGL) accounts 4801, 4802, and 4901, and 
determine whether these amounts are still valid. Analyze all other 
open undelivered orders and delivered orders to make sure that these 
amounts remain valid. If not, then adjustments need to be recorded 
accordingly; 

USMC action plan: For each bulk transaction identified in the data 
call, HQMC have initiated an analysis of the validity of delivered and 
undelivered orders recorded in the SBR; 
Targeted completion date: 7/15/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: For each COE transaction identified, RFA has 
initiated an analysis of the validity of delivered and undelivered 
orders recorded in the SBR; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: The USMC developed management guidance and produce 
monthly reports from which Marine Corps Commands can monitor and 
address abnormal accounting conditions; 
Targeted completion date: 8/23/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Initiated Internal Control over Financial Reporting 
(ICOFR) review of Tri-annual Review (TAR) functions and management 
support for TAR certifications in order to strengthen responsiveness 
and reliability of fund holder review of obligation, expenses and 
liquidations; 
Targeted completion date: 6/17/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Identify if there are any consistent themes within 
these problem items, such as common transaction types or any specific 
commands that seem to have a higher error rate than others, we 
recommend that further efforts be undertaken to perform additional 
review of these types of transactions or transactions running through 
any identified commands, and adjustments be made accordingly to 
correct any noted error. If so, we also recommend the development and 
implementation of guidance and training to prevent these deficiencies 
from occurring in the future; 
USMC action plan: Performed analysis of core remediation areas and 
implemented updates and corrections to systems and management guidance 
on proper recording and review of financial events. Guidance updates 
include improved FBWT SOP, Military Payroll reconciliation SOPs, and 
updates to MCO 7300.21A with forthcoming Document Type Code and 
Reimbursable Type Code documentation and analysis. Audit remediation 
efforts also yielded improved systems functionality and representation 
of transaction-level details; 
Targeted completion date: 7/11/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Strengthen controls for those contracts that are 
managed internally by USMC contracting officers surrounding the review 
of open obligations and more specifically related to the use of 
procurement appropriations to ensure a more timely and active review 
of the contracts and identification of needs that are no longer valid. 
Funds Managers, Contracting Officer Technical Representatives (COTR), 
and Contracting Activities should be corresponding on or about, if not 
prior to the expiration of the period of performance to ensure timely 
contract closeout; 
USMC action plan: Created and implemented a rigorous TAR and 
confirmation process to ensure accurate and judicious financial 
information provides Marine Corps financial managers and senior 
leadership with a clear financial picture in order to be good stewards 
of public funds, accurately account for funds spent, and comprehend 
the impact when expending limited financial resources; 
Targeted completion date: 2/1/2011; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 4. For those contracts that are managed externally by 
trading partners, strengthen the controls surrounding the review of 
open obligations and have the COTRs, Funds Managers, and/or using 
units more actively communicate with the trading partners to close any 
contracts that are no longer valid/open, or for which deliveries of 
goods/services are completed and need to be billed/invoiced. These 
communications should take place on or about, if not prior to, the 
expiration of the period of performance to ensure timely contract 
closeout; 

USMC action plan: The USMC updated the verbiage within Military 
Interdepartmental Purchase Request (MIPR) with an explicit clause 
highlighting the need by the performing activity to provide supporting 
documentation on a monthly basis; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Provided consistent guidance and update in 
maintaining all level of due diligence to ensure that supporting 
documentation is obtained from the performing activity. This is 
explicitly highlighted in MCO 7300.21A; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: The USMC coordinated improved retention and 
transmission practices by DFAS in order to strengthen Intra-
Governmental Payment and Collection processing. This requires DFAS to 
provide substantiating details that support the processing of intra-
departmental disbursements; 
Targeted completion date: 9/30/2011; 
Status according to Marine Corps: Action; 
initiated; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 5. Ensure compliance with USMC policy on daily Funds 
Manager reviews; 
USMC action plan: Developed management guidance and produce monthly 
reports from which Marine Corps Commands and HQMC can monitor and 
address abnormal accounting conditions; 
Targeted completion date: 8/23/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 6. Strengthen the Tri-annual Review Controls to 
ensure reviews of all open obligations, travel advances, and accrued 
expenses are occurring as required by the DOD FMR and that any 
necessary adjustments are being made in a timely manner; 
USMC action plan: Created and implemented a rigorous TAR and 
Confirmation process to ensure accurate and judicious financial 
information provides USMC financial managers and senior leadership 
with a clear financial picture in order to be good stewards of public 
funds, accurately account for funds spent, and comprehend the impact 
when expending limited financial resources. Inaccurate accounting of 
limited financial resources ultimately leads to lost opportunities to 
provide critical support to the war-fighter; 
Targeted completion date: 2/1/2011; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-7: Lack of Completeness of Delivered Orders: 

Recommendations: 1. Analyze the subsequent disbursements identified in 
the Beginning Balance Testing and record the necessary adjustments to 
the financial statements; 
USMC action plan: Initiated an adjusting journal entry to address 
auditor identified concerns relating to the noted NFR and other 
similarly identified issues in order to effect the correct 
representation on the financial statement; 
Targeted completion date: 10/20/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Strengthen internal controls surrounding the 
recording of delivered orders by ensuring that receivers understand 
how to assign the dates of receipt and acceptance to correspond to the 
actual dates of delivery of goods and/or services; 
USMC action plan: Performed analysis of core remediation areas and 
implemented updates and corrections to systems and management guidance 
on proper recording and review of financial events. Guidance updates 
include improved FBWT SOP, Military Payroll reconciliation SOPs, and 
updates to MCO 7300.21A with forthcoming Document Type Code and 
Reimbursable Type Code documentation and analysis. Audit remediation 
efforts also yielded improved systems functionality and representation 
of transaction-level details; 
Targeted completion date: 7/11/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Develop a search for unrecorded liabilities at 
fiscal year-end to be accrued during preparation of the annual 
financial statements; 
USMC action plan: Implementing automated accrued liability module that 
will allow for accurate recognition of period-end expenses. SABRS 
functional requirements have been designed and implemented. Monthly 
accruals are anticipated to begin by 30 June 2011; 
Targeted completion date: 6/30/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 4. Implement a review control for Wide Area Work Flow 
(WAWF) invoices entered at fiscal year-end that do not have accounting 
station codes assigned to identify items to be accrued; 
USMC action plan: Action is congruent with policy and guidance updates 
associated with Marine Corps Order (MCO) 7300.21A. The USMC is 
coordinating with its service providers in order to ensure proper data 
entry in WAWF; 
Targeted completion date: 7/11/2011; 
Status according to Marine Corps: Action initiated; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 5. Develop and deploy policy guidance to ensure 
personnel in the field record accruals for delivered orders as 
required by the Federal Accounting Standards Advisory Board (FASAB), 
Treasury, DOD, and USMC requirements; 
USMC action plan: Action is congruent with policy and guidance updates 
associated with MCO 7300.21A. The USMC is coordinating with its 
service providers in order to ensure proper data entry in WAWF; 
Targeted completion date: 7/11/2011; 
Status according to Marine Corps: Action initiated; 
Confirmed by DOD IG (yes/no): No. 

NFR-8: Lack of Timely Funds Manager Reviews: 

Recommendations: 1. Correct errors noted during the performance of 
Beginning Balance Testing,; 
USMC action plan: Initiated USMC command review of abnormal accounting 
conditions with emphasis on resolving all errors identified in RFA 
provided reports; 
Targeted completion date: 8/18/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Strengthen controls surrounding daily Funds 
Manager reviews; 
USMC action plan: Developed management guidance and produce monthly 
reports from which Marine Corps Commands and HQMC can monitor and 
address abnormal accounting conditions; 
Targeted completion date: 8/23/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Implement reviews of Military Standard Requisition 
and Issue Procedures (MILSTRIP) transactions/orders in an effort to 
limit post closeout adjustments that cause abnormal balances; 
USMC action plan: Developed management guidance and produce monthly 
reports from which Marine Corps Commands and HQMC can monitor and 
address abnormal accounting conditions; 
Targeted completion date: 8/23/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 4. Implement/improve financial reporting controls 
over abnormal balances to ensure timely reviews, investigations, and 
corrections of abnormal balances; 
USMC action plan: Developed management guidance and produce monthly 
reports from which Marine Corps Commands and HQMC can monitor and 
address abnormal accounting conditions; 
Targeted completion date: 8/23/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-9: Recording of 6W Transactions in the MOCAS System: 

Recommendations: 1. Correct errors noted during the Beginning Balance 
Testing for the identified sample items; 

USMC action plan: The Marine Corps and DFAS teams have identified all 
6W transactions impacting all general ledger balances. The universe 
was confirmed as accurate via a comparative assessment of independent 
data extracts that were independently performed by DFAS and RFA 
personnel; 
Targeted completion date: 8/31/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: The DFAS audit support team engaged in an exhaustive 
reconciliation of the 6W transaction type code processing in order to 
ensure that progress payments are properly classified and/or updated 
for noted variances; 
Targeted completion date: 9/30/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Strengthen controls surrounding the use of the 6W 
and 6W--Credit Mechanization of Contract Administration Services 
(MOCAS) transactions; 

USMC action plan: An SCR has been processed that effectively 
eliminates the automatic change of the transaction type code reflected 
in DCAS. Subsequent to SCR processing, DFAS review of associated 
Marine Corps transactions indicates that the system change was 
successful. In addition, DCAS users at DFAS-Columbus were provided 
instruction on the proper processing of transaction type codes; 
Targeted completion date: 4/10/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Marine Corps has initiated a process to correct the 
SABRS table posting logic to correctly classify contract financing 
payments to the correct budgetary account; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Use the 6W transactions be used only when the USMC 
truly has an advance and not in the instance of a contract financing 
payment; 
USMC action plan: Marine Corps has initiated a process to correct the 
SABRS table posting logic to correctly classify contract financing 
payments to the correct budgetary account; 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 4. Review the 6W MOCAS transactions those that are 
actually contract financing payments be reclassified into USSGL 4902 - 
Delivered Orders, Paid and out of USSGL 4802 Undelivered Orders, Paid; 
USMC action plan: RFA will initiate a comprehensive adjustment 
initiative that will effectively reclassify progress payments. This 
will involve initiating a JV adjusting entry in DDRS-AFS that will be 
corroborated by a detailed schedule of unsupported transactions and 
their amounts; 
Targeted completion date: 9/30/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-10: Reconciliation of MCTFS to MRCV to DCAS Disbursement Data to 
SABRS Balances: 

Recommendations: 1. Strengthen controls surrounding the monthly 
reconciliation of MCTFS to Monthly Reconciliation/Certification 
Voucher (MRCV) to DCAS Disclosure Data to SABRS. Specifically, USMC 
needs to perform these four-way reconciliations starting October 2009; 
USMC action plan: Implemented military (active duty) entitlements pay 
reconciliation that compares the interfaced amounts from MCTFS, SABRS, 
and DCAS by document number, voucher, appropriation, and Disbursing 
Station Symbol Number (DSSN); 
Targeted completion date: 10/1/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-11: Temporary and Permanent MILPAY Standard Document Numbers (SDN) 
Balances: 

Recommendations: 1. Strengthen controls surrounding the timely 
recording of net payroll reversals to temporary SDNs so that such 
reversals are completed in the same month as the payroll to which they 
correspond; 
USMC action plan: The Marine Corps Program Review Team (MCPRT) refined 
its reconciliation practices to better account for current-year 
temporary SDN balances. SOPs and other operating documents have been 
developed to ensure process transparency, consistency, and 
repeatability; 
Targeted completion date: 10/14/2010; 
Status according to Marine Corps: Fully Implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Reconcile the temporary SDNs for prior years and 
adjust the beginning balance of 4902-Delivered Orders, Paid, 
accordingly; 
USMC action plan: MCPRT refined its reconciliation practices to better 
account for current-year temporary SDN balances. SOPs and other 
operating documents have been developed to ensure process 
transparency, consistency, and repeatability; 
Targeted completion date: 10/14/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Perform reconciliations of temporary and permanent 
SDNs for the current year and all future periods; 
USMC action plan: MCPRT communicated that approximately 52,000 
transactions have been reviewed for correctness and appropriate 
posting to a permanent SDN. The remaining 4,000 transactions are 
currently under review; 
Targeted completion date: 9/1/2010; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-12: Improper Use of Recoveries (Upward/Downward Adjustments): 

Recommendations: 1. Correct the exceptions noted, and examine amounts 
recorded in accounts to identify other items that also require 
adjustment, and record corrections for those items; 
USMC action plan: DFAS to reclassify current year amounts from General 
Ledger Accounts 4871/4881 to 4801/4901, respectively, to ensure the 
accurate reporting of Recoveries; 
Targeted completion date: 6/30/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Develop, document, and implement policies and 
procedures to ensure that the subsequent adjustments are recorded in 
the USSGL accounts; 
USMC action plan: System adjustment in SABRS will be implemented ahead 
of DFAS reclassification in order to ensure the proper posting of 
Recoveries for all future transactions; 
Targeted completion date: 6/30/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-13: Lack of Timely and Accurate Recording of Transactions: 

Recommendations: 1. Correct noted errors identified during the 
performance of Beginning Balance Testing,; 
USMC action plan: Initiated USMC command review of bulk transactions 
in order to support the accuracy or adjustment to the transaction 
balance; 
Targeted completion date: 8/18/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Strengthen internal controls over the recording of 
obligations and any related changes by requiring periodic 
reconciliations of obligations, as well as the recording of 
corresponding delivered orders; 

USMC action plan: Initiated USMC command review of abnormal accounting 
conditions with emphasis on resolving all errors identified in RFA 
provided reports; 
Targeted completion date: 8/18/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Initiated Internal Control over Financial Reporting 
(ICOFR) review of TAR functions and management support for TAR 
certifications in order to strengthen responsiveness and reliability 
of fund holder review of obligation, expenses, and liquidations; 
Targeted completion date: 6/17/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 3. Improve the management review process over 
recorded transactions ensuring that the recorded amounts are entered 
properly and supported with appropriate documentation; 

USMC action plan: Developed management guidance and produce monthly 
reports from which Headquarters Marine Corps (HQMC) can monitor and 
address abnormal accounting conditions; 
Targeted completion date: 8/23/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Published management guidance that empowers Commands 
and HQMC with information resource tools that enable the timely 
retrieval of source documentation to support audit requirements and 
assist in providing complete audit sample documentation; 
Targeted completion date: 9/3/2010; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-14: Improper Recording of Shared Appropriations with Navy: 

Recommendations: 1. Correct the misclassifications noted; 

USMC action plan: Analyzed allocation of Shared Appropriations and 
provided amplifying guidance on financial statement disclosures 
related to Shared Appropriations; 
Targeted completion date: 4/29/2011; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

USMC action plan: Analyzed Shared Appropriations reconciliations to 
Fund Balance with Treasury (FBWT) and demonstrated relationship to 
component level Report on Budget Execution and Budgetary Resources (SF-
133); 
Targeted completion date: 5/4/2011; 
Status according to Marine Corps: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Recommendations: 2. Establish policy to record shared appropriations 
as non-expenditure transfers and implement internal controls to ensure 
the policy is followed; 
USMC action plan: Prepared response to support USMC actions in 
recording the Shared Appropriations with the Department of the Navy 
(DON). With no specific line for reporting on Allocations Received, 
the USMC contends that the current representation on the financial 
statement is accurate and supportable; 
Targeted completion date: 5/2/2011; 
Status according to Marine Corps: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

Source: Marine Corps SBR remediation action plan information and DOD 
IG confirmation of status. 

[End of table] 

Table 2 shows the recommendations related to the Marine Corps Total 
Force system (military payroll system); the Marine Corps' action plans 
to remediate these recommendations, reported implementation status, 
and targeted completion dates; and notes whether the DOD IG confirmed 
the effectiveness of the Marine corps' implementation. 

Table 2: DOD IG Recommendations, Reported Status of USMC Actions on 
MCTFS Information Technology System Issues as of July 18, 2011, and 
DOD IG Confirmation of Marine Corps Statuses as of August 25, 2011: 

NFR-1: MCTFS Certification and Accreditation Process/DOD Information 
Assurance Certification and Accreditation Process (DIACAP) Was Still 
in Process and not Complete: 

Recommendations: 1. USMC management should complete the DIACAP process 
and continue to remediate any identified weaknesses to attempt to 
achieve a full Authority To Operate (ATO). 
2. USMC management should ensure that an up-to-date ATO is available 
for all feeder applications that interface with MCTFS; 
USMC action plan: NFR-1: MCTFS Certification and Accreditation 
Process/DOD Information Assurance Certification and Accreditation 
Process (DIACAP) Was Still in Process and not Complete: The Technology 
Services Organization (TSO) has completed the DOD Information 
Assurance Certification and Accreditation Process (DIACAP) process for 
MCTFS and has received ATO from the USMC Designated Accrediting 
Authority (DAA); 
Targeted completion date: 5/31/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-2: Logging and monitoring is not performed at the local 
application level. Formal policy and procedures for the monitoring 
performed by third party providers have not been documented: 

Recommendations: 1. USMC management establish a formal process for 
monitoring activity, including the interaction with third party 
service providers and execute that process on a periodic basis. 
2. USMC management ensure that responsibilities for logging and 
monitoring of logs are addressed and defined in service level 
agreements (SLA) with third party providers.
3. USMC management incorporate Privacy Act compliance into the SLA; 
USMC action plan: The TSO Management will update and incorporate the 
following in our guidance documents: - Formal policy and procedures 
for monitoring third-party providers - Formal requirements to review 
audit logs on a periodic basis; 
Targeted completion date: 10/01/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-3 Marine Corps Total Force System (MCTFS) Password Management: 

Recommendations: 1. USMC management formally document a policy and 
procedures for MCTFS password management. 
2. USMC management implement an electronic signature (ELSIG) personal 
identification number (PIN) expiration setting that will force PIN 
changes on a periodic basis.; 
USMC action plan: The TSO Management has updated its Desk-Top-
Procedures to incorporate policy and procedures for password 
management; 
Targeted completion date: 5/31/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-4 Supporting Documentation for 7 out of 45 Change Management 
Sample Items Could not Be Provided: 

Recommendations: 1. USMC management should establish a policy to 
review the system change request (SCR) approval package to ensure all 
Configuration Items (CI) are included.
2. Management should also ensure an audit trail exists that includes a 
mapping of System Change Requests (SCR) to their associated CIs and 
classification of change; 
USMC action plan: NFR-1: MCTFS Certification and Accreditation 
Process/DOD Information Assurance Certification and Accreditation 
Process (DIACAP) Was Still in Process and not Complete: These seven 
items referenced were either non-MCTFS related modules that are not 
associated with any MCTFS SCR or symbolic maps which are generated out 
of a Customer Information Control System (CICS) map compile. These are 
system generated and not a CI maintained by MCTFS; 
Targeted completion date: N/A; 
Status according to USMC: Non-concur; 
Confirmed by DOD IG (yes/no): No. 

NFR-5 Emergency Changes Are not Able To Be Separately Identified from 
the Overall Change Management Population: 

Recommendations: 1 USMC management should implement a process or 
identifier to enable the identification of changes that relate to 
emergency changes so they may be tracked and analyzed.; 
USMC action plan: The TSO understands and accepts the risks identified; 
Targeted completion date: 5/31/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-6 Marine Corps Total Force System (MCTFS) Configuration Management 
Compliance Audit: 

Recommendations: 1. USMC management establish a periodic review of 
changes that are migrated to production that includes a complete, 
accurate population of CIs (both PanAPT and non-PanAPT changes). The 
frequency of review should be commensurate with the level of risk.
2. USMC management follow-up and research potentially unauthorized 
changes be performed by individuals not involved with the CI migration 
process and the follow-up should be formally documented.; 
USMC action plan: The TSO Management has established criteria and has 
started performing periodic reviews of changes that are migrated into 
production. In addition, the TSO Management has established guidance, 
performed, and documented follow- up for any authorized changes that 
are found; 
Targeted completion date: 5/31/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-7 Marine Corps Total Force System (MCTFS) Contingency Plan Has not 
Been Approved or Tested: 

Recommendations: 1. USMC management finalize the MCTFS contingency 
plan so that it can be approved by the appropriate individual of the 
organization.
2. USMC management develop a Business Impact Analysis (BIA) for MCTFS.
3. USMC management test the MCTFS contingency plan to evaluate its 
effectiveness on an annual basis; 
USMC action plan: A test of the MCTFS Contingency Plan is planned for 
2011. A MCTFS BIA is being developed; 
Targeted completion date: 10/01/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-8 Marine Corps Total Force System (MCTFS) Data Strategy and Design 
Is not Formally Documented: 

Recommendations: 1. USMC management develop a data management strategy 
and design that includes requirements specific to MCTFS, including 
regulatory requirements and database standards; 
USMC action plan: TSO will coordinate with the Functional Managers 
(FM) to formalize the Data Management Strategy, which is an FM 
responsibility; 
Targeted completion date: 10/01/2011; 
Status according to USMC: Actions underway; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-9 Marine Corps Total Force System (MCTFS) Tolerance and Parameter 
Review: 

Recommendations: 1. USMC management implement a periodic review of the 
input processing edit checks, warnings/alerts, parameters, and 
tolerance values for the MCTFS application. If an improper 
configuration status is identified in the review, changes should 
follow an established change management process; 
USMC action plan: The same processes that are currently in place for 
new legislative changes are also in place for Marine Corps identified 
issues above and beyond legislation mandated changes to the system. 
Marine Corps Administrative Analysis Team (MCAAT) performs monitoring 
activities and provides feedback reports. The Manpower Information 
Systems Support Office (MISSO) also holds training and feedback 
sessions with the administrative units to solicit changes. MI and RFF 
hold annual MCTFS conferences and workshops to solicit changes. Also, 
the Configuration Management Board (CMB) holds a periodic review where 
system changes are reviewed. The semi-annual Configuration Control 
Board (CCB) performs another periodic review. In fact, the TSO submits 
technical projects (developed as a result of internal periodic reviews 
as well as joint application development sessions (JADS)) to the 
functional managers for approval and subsequent inclusion into the CCB 
approval process; 
Targeted completion date: N/A; 
Status according to USMC: Non-concur; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-10 There Is No Data Design and Strategy Documentation or Operating 
Procedures Available for Data Processing Between the Unit Diary/Marine 
Integrated Personnel System (UD/MIPS) and the Marine Corps Total Force 
System (MCTFS): 

Recommendations: 1. USMC management develops interface design and 
strategy documentation for the data processing between Unit Diary 
Marine Integrated Personnel System (UD/MIPS) and MCTFS in order to 
reasonably assure that the data processed is accurate and complete; 
USMC action plan: Both UD/MIPS and MCTFS Certification and 
Accreditation (C&A) package contain system interface information 
wherein both interfaces are annotated and described. Both these 
systems are in the same family of systems (FOS), meaning that they are 
internal interfaces not external. No system interface agreement (SIA) 
is needed. Additionally, all interfaces are documented in data manager 
and a file layout is included in the Design Logic Tool (DLT). We have 
documentation for all MCTFS interfaces in Data Manager, but not 
"interface design documentation". We keep purely meta data about the 
interface: Dataset names, input or output, sponsors etc.; 
Targeted completion date: N/A; 
Status according to USMC: Non-concur; 
Confirmed by DOD IG (yes/no): No. 

NFR-11 Developer Access to Production Environment of the MCTFS 
Collection Server: 

Recommendations: 1. USMC management enforce a user account policy for 
the collection server that establishes accountability at the 
individual user level.
2. USMC management should grant administrative level access only if 
the individual's job functions require such access.
3. USMC management limit any developer access to production as read- 
only access; 
USMC action plan: This issue will be mitigated once the TSO completes 
its migration to the Kansas City IT Center and are connected to Active 
Directory allowing Common Access Card (CAC) authentication and logging 
for each user; 
Targeted completion date: 11/01/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-12 Not all transactions are properly recorded between the 
entitlements and feeder applications into MCTFS: 

Recommendations: 1. USMC management implement a mechanism that ensures 
that all transactions entered and processed through MCTFS are backed 
up and are able to be restored and recreated if required.
2. Additionally, it is recommended that USMC management implement a 
mechanism that ensures that transactions processed through MCTFS 
cannot be back-dated; 
USMC action plan: This issue is the risk that transactions will fall 
off the Transaction Research File (TRF) after 180 days. If a diary 
that was 190 days old was certified, it's true that it would 
immediately fall off the TRF, however, the input transaction datasets 
could be restored from the archives. There is no possibility of data 
not being able to be restored; 
Targeted completion date: N/A; 
Status according to USMC: Non-concur; 
Confirmed by DOD IG (yes/no): N/A. 

NFR-13 Marine Corps Total Force System (MCTFS) System Authorization 
Access Request (SAAR) Forms: 

Recommendations: 1. USMC management should implement a procedure to 
properly retain the System Access Authorization Request (SAAR) forms 
for authorizing access to MCTFS; 
USMC action plan: TSO Management will work with the FM to implement 
procedures to retain SAAR forms for establishing and authorizing user 
access to MCTFS and will update the Security Management Plan to 
include the SAAR Retention process; 
Targeted completion date: 9/01/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-45 Marine Corps Total Force System (MCTFS) User Account Review: 

Recommendations: 1. USMC management develop a formal procedure to 
properly document the daily user access audits.
2. USMC management develop a procedure to ensure that a member cannot 
have multiple MCTFS end-user Accessor Identification (ACID); 
USMC action plan: The TSO management has established procedures to 
formally document that daily audits are performed when the TSO 
mainframe security personnel perform reviews to ensure that MCTFS 
application users are limited to one end-user ACID; 
Targeted completion date: NFR-1: MCTFS Certification and Accreditation 
Process/DOD Information Assurance Certification and Accreditation 
Process (DIACAP) Was Still in Process and not Complete: 5/31/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-46 The Software Development Plan for MCTFS Release SR 2-10 Has not 
Been Formally Approved and Signed by Management: 

Recommendations: 1. USMC management formally document their review and 
approval for System Development Plans (SDP) for every scheduled 
configuration management release; 
USMC action plan: The SDP for SR 2-10 is signed indicating approval. 
Future SDPs will be signed for scheduled configuration management 
releases as is the documented practice; 
Targeted completion date: 5/31/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-56 MCTFS A-123 Assessment: 

Recommendations: 1. USMC management should perform a review of 
internal controls in accordance with OMB Circular A-123 for MCTFS; 
USMC action plan: TSO will support higher headquarters A-123 
Compliance Assessment initiatives as directed; 
Targeted completion date: 9/30/2011; 
Status according to USMC: Actions underway; 
Confirmed by DOD IG (yes/no): No. 

Source: Marine Corps SBR remediation action plan information and DOD 
IG confirmation of status. 

[End of table] 

Table 3 shows the recommendations related to the Marine Corps; 
Standard Accounting, Budgeting, and Reporting System (general ledger 
accounting system); the Marine Corps' action plans to remediate these 
recommendations, reported implementation status, and targeted 
completion dates; and notes whether the DOD IG has confirmed the 
effectiveness of the Marine Corps' implementation. 

Table 3: DOD IG Recommendations, Reported Status of USMC Actions SABRS 
Information Technology System Issues as of July 18, 2011, and DOD IG 
Confirmation of Marine Corps Status as of August 25, 2011: 

NFR-14 Department of Defense Information Assurance Certification and 
Accreditation Process (DIACAP) Package Inherited Services: 

Recommendations: 1. USMC management coordinate with DFAS management to 
assign ownership and responsibility for those information assurance 
(IA) controls identified under USMC control and ensure all other IA 
controls are handled by third-party providers; 
USMC action plan: System Management Directorate (SMD)-CL will 
coordinate with DFAS-CL and TSO-KC & correctly assign ownership and 
responsibility for all IA controls not inherited by DISA. SABRS DIACAP 
packages will be updated to reflect changes; 
Targeted completion date: 8/05/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-15 Standard Accounting, Budgeting and Reporting System (SABRS) 
Feeder Systems Authority to Operate (ATO) and Security Control 
Validation: 

Recommendations: 1. USMC management coordinate with DFAS management to 
request an up-to-date ATO (or equivalent authorization) and 
verification of the last time security controls were tested for each 
of its feeder application systems that interface with SABRS; 
USMC action plan: Authority to operate documentation has been 
requested from System Managers and will be provided once received; 
Targeted completion date: 10/01/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-16 Standard Accounting, Budgeting and Reporting System (SABRS) 
Application Level Logging and Monitoring: 

Recommendations: 1. USMC management coordinate with DFAS management to 
establish a formal process for monitoring activity, including the 
interaction with third-party service providers and execute that 
process on a periodic basis.
2. USMC management coordinate with DFAS management to establish 
policies and procedures for handling of lost or compromised passwords, 
including interaction with third-party service providers.
3. USMC management coordinate with DFAS management to ensure that 
responsibilities for logging and monitoring of logs are addressed and 
defined in Service Level Agreements (SLA) with third- party providers; 
USMC action plan: All logging application level logging and monitoring 
is controlled by the DISA's Defense Enterprise Computing Centers 
(DECC); 
Targeted completion date: Date not provided; 
Status according to USMC: Non-concur; however, partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-17 Standard Accounting, Budgeting and Reporting System (SABRS) 
Emergency Changes: 

Recommendations: 1. USMC management coordinate with DFAS management to 
implement a process or identifier to enable the identification of 
changes that relate to emergency changes so they may be tracked and 
analyzed; 
USMC action plan: Configuration management policy and procedures have 
been updated; 
Targeted completion date: 1/15/2010; 
Status according to USMC: Non-concur; 
however, fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-18 SABRS User Provisioning Process: 

Recommendations: 1. USMC management coordinate with DFAS management to 
ensure that all access to SABRS, including changes to previous access 
rights and privileges, follow a consistent process that includes 
timely documented supervisory review and approval as well as 
identification and documentation of the specific privileges requested 
and granted; 
USMC action plan: Marine Corps order (MCO) P7300 will be updated; 
Targeted completion date: 8/31/2011; 
Status according to USMC: Actions underway; 
Confirmed by DOD IG (yes/no): No. 

NFR-19 Inappropriate Access to SABRS Tables 204 and 205: 

Recommendations: 1. USMC management coordinate with DFAS management to 
remove access to any user who has the ability to execute transactions 
in both spending and authorization tables to resolve the segregation 
of duties conflict.
2. USMC review current user privileges for SABRS are reviewed to 
identify any additional SOD conflicts; 
USMC action plan: MCO P7300 will be updated; 
Targeted completion date: 8/31/2011; 
Status according to USMC: Non-concur; 
however, actions underway; 
Confirmed by DOD IG (yes/no): No. 

NFR-20 Management Does not Perform Formal Periodic Reviews to 
Recertify SABRS Account Access: 

Recommendations: 1. USMC management coordinate with DFAS management to 
establish policies and procedures for access recertification of SABRS 
users and communicate the requirements to USMC commands and activities 
that utilize the system. USMC management should coordinate with DFAS 
to perform periodic reviews of SABRS users in the DFAS organization to 
detect inappropriate or excessive access and modify user accounts as 
necessary; 
USMC action plan: USMC has coordinated with DFAS and established 
policies/procedures for periodic recertification for SABRS access; 
Targeted completion date: 8/31/2011; 
Status according to USMC: Fully implemented (completed ahead of 
schedule); 
Confirmed by DOD IG (yes/no): No. 

NFR-22 The SABRS Change Management Process Does not Include Formal 
Procedures Documented for Addressing Mass Global Changes: 

Recommendations: 1. USMC management coordinate with DFAS management to 
ensure that mass global changes are authorized, approved, and can be 
audited back to the originating account or transaction prior to the 
global change. The policies and procedures for mass global changes 
should provide for the traceability to the associated Configuration 
Items (CI); 
USMC action plan: Reference to the Software AG Manual has been added 
to SABRS Configuration Management Plan to further clarify how Global 
Data Area (GDA) changes are handled; 
Targeted completion date: 5/31/11; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-23 Standard Accounting, Budgeting and Reporting System (SABRS) 
Change Management Process: 

Recommendations: 1. It is recommended that USMC management coordinate 
with DFAS management to implement a solution to allow them to track 
all changes that are moved to production for the SABRS system. This 
will allow for a complete audit trail to exist and management will 
have an accurate population of changes being migrated to production.
2. When CIs are deleted from production, evidence of management 
approval should be retained. Finally, all changes moved to production 
should have documented authorization and approval from management.; 
USMC action plan: Part 1: The signature approval block has been 
removed as signature is no longer required. Part 2: Addressed in NFR 
22; 
Targeted completion date: NFR- 14 Department of Defense Information 
Assurance Certification and Accreditation Process (DIACAP) Package 
Inherited Services: 2/28/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-24 The Standard Accounting, Budgeting and Reporting System (SABRS) 
Continuity of Operations Plan (COOP): 

Recommendations: 1. USMC management coordinate with DFAS management to 
obtain the approval for the Continuity of Operations (COOP) from the 
appropriate individuals of the organization.
2. USMC management coordinate with DFAS management to develop a 
Business Impact Analysis and a Crisis Communication Plan.
3. USMC management coordinate with DFAS management to test for 
unauthorized access during a SABRS COOP test exercise; 
USMC action plan: SABRS Program Management Office has updated the COOP 
to include test scenarios to restrict access of unauthorized personnel 
during the test and coordinate for approval. A Business Impact 
Analysis and Crisis Communication Plan has been developed and included 
in the appendix of the COOP; 
Targeted completion date: 4/30/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-25 SABRS Transaction Logging and Monitoring: 

Recommendations: 1. USMC management coordinate with DFAS management to 
formalize policies and procedures for conducting periodic reviews of 
SABRS transactions. The policies and procedures should be established 
and communicated to DFAS and USMC commands that utilize the SABRS 
system; 
USMC action plan: MCO P7300.21 will be updated to task all commands 
with certification of corrective action on prescribed basis. Updates 
will include a stronger emphasis on the requirement for continuous 
review and validation of all financial events recorded in SABRS; 
Targeted completion date: 8/31/2011; 
Status according to USMC: Actions underway; 
Confirmed by DOD IG (yes/no): No. 

NFR-26 SABRS Business Process Input Edit Checks: 

Recommendations: 1. USMC management coordinate with DFAS-CL to review 
the SABRS system to ensure the existing edit check configurations are 
established in accordance with current and approved Functional 
Requirements Documents (FRD). 
2. USMC management coordinate with DFAS-CL management to establish a 
method to ensure GL accounts are auto-balanced, and duplicate 
transactions are blocked/prevented from further processing; 
USMC action plan: The SABRS Program Management Office and the USMC TSO 
has included test scenarios for all business rules, validations, and 
edit checks contained in the design document as part of System 
Integration Testing (SIT) and System Acceptance Testing (SAT); 
Targeted completion date: 4/30/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-27 Interface Reconciliation Reports Are not Available for Six 
SABRS Feeder Systems: 

Recommendations: 1. USMC management coordinate with DFAS management to 
develop a reconciliation report for interface data transfer for all 
feeder systems and develop a policy and procedure for review and 
investigation of error transactions.
2. DFAS-CL assign responsibility to feeder system owners for 
adequately confirming that the interface data transfer totals are 
complete and accurate between the feeder system and SABRS.; 
USMC action plan: USMC management is coordinating with DFAS management 
to reviewing internal controls and identifies ways to improve the 
process by defining additional procedures and policies. The parties 
are also reviewing the internal reject report and file to provide 
positive assurance; 
Targeted completion date: 5/31/2011; 
Status according to USMC: Non-concur; 
however, fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-28 Retired Document Identifier Codes (DIC) Still Exist in the 
Active Production SABRS Environment: 

Recommendations: 1. It is recommended that USMC management coordinate 
with DFAS management to develop guidance governing the management of 
SABRS table 200 and perform periodic reviews of all DICs in table 200 
to ensure that only DICs that provide valid and current business 
process functionality are included. Retired DICs should be removed 
from SABRS table 200, the active production repository for all SABRS 
DICs, so that users cannot process transactions within SABRS using 
retired DICs; 
USMC action plan: SABRS software release (SR) 1-11 was implemented on 
February 19, 2011, to include comments on retired DICs. USMC 
management is developing guidance to identify retired DICS and to 
prevent inappropriate use of the DICS; 
Targeted completion date: 2/19/2011; 
Status according to USMC: Non-concur, however, fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-29 Functional Requirements Document and Memorandum of Agreement 
Documentation for SABRS Interfaces Are not Current, Finalized, and 
Approved by Management: 

Recommendations: 1. USMC management coordinate with DFAS management to 
perform a comprehensive review of Functional Requirements Documents 
(FRD) and Memoranda of Agreement (MOA) for all key feeder systems that 
interface with SABRS. Documents should include error handling 
procedures and have formal review and approval from management; 
USMC action plan: SABRS Program Management Office will coordinate with 
TSO-KC to perform a comprehensive review of FRDs and System Connection 
Agreements (SCA) for all feeder systems that interface with SABRS. As 
necessary, FRDs and SCAs will be updated to include error handling 
procedures and have formal review and approval from management; 
Targeted completion date: 8/30/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-30 General Ledger Table Data and User Maintenance Policies, 
Procedures, and Audit Trail: 

Recommendations: 1. USMC management coordinate with DFAS management to 
develop an audit trail to systematically track changes to the GL 
tables and establish a periodic review policy and procedure for these 
changes.
2. USMC management coordinate with DFAS management to review the 
individual user IDs that have the ability to modify the GL tables and 
remove any individuals whose job description and role do not warrant 
further access (based upon the concept of least privilege).; 
USMC action plan: SABRS Program Management Office (PMO) is reviewing 
additional controls to add an audit trail to maintain the central 
tables. SABRS PMO is also reviewing profiles for who should have 
access to the GL tables. General Ledger Team is making changes to the 
related tables and updating the polices and procedures accordingly.; 
Targeted completion date: 6/30/2011; 
Status according to USMC: Non-concur; 
however, fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-31 SABRS Interface Error Reports: 

Recommendations: 1. USMC management coordinate with DFAS-CL to develop 
an interface error report for MCTFS and the Defense Civilian Pay 
System (DCPS).
2. USMC management coordinate with DFAS-CL to establish a policy so 
that Management can identify and correct any errors that occur during 
the data transfer between feeder applications and SABRS.; 
USMC action plan: SABRS Program Management Office has modified the 
interface with DCPS. DCPS interface errors are now captured in a 
report that previously did not exist; 
Targeted completion date: 5/31/2011; 
Status according to USMC: Non-concur; 
however, fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-32 SABRS Interface Edit Checks to Prevent Duplicate Transactions: 

Recommendations: 1. USMC management coordinate with DFAS management to 
implement edit checks that provide reasonable assurance that all 
transactions processed through a feeder application into SABRS are 
accepted and processed only once; 
USMC action plan: DFAS and the USMC have sufficient checks in place to 
prevent the processing of the same transactions more than once; 
Targeted completion date: N/A; 
Status according to USMC: Non-concur; 
Confirmed by DOD IG (yes/no): N/A. 

NFR-33 Accountability acknowledgment of received transactions between 
a feeder system and SABRS: 

Recommendations: 1. USMC management coordinate with DFAS management to 
develop a method that would ensure data transfers between a feeder 
application and SABRS are properly accepted and acknowledged.
2. DFAS-CL develop a method to properly communicate any error 
notifications to feeder applications in the even of a rejected 
transaction; 
USMC action plan: Legacy systems can not accept acknowledgment of 
received transactions from SABRS; 
Targeted completion date: Date not provided; 
Status according to USMC: Non-concur; 
however, fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-47 Inappropriate Access Rights for SABRS Accounts: 

Recommendations: 1. USMC management coordinate with DFAS management to 
ensure that all SABRS accounts are reviewed and validated for 
instances of administrators with access to end user transactions and 
individuals with multiple Accessor IDs (ACID) assigned to them.; 
USMC action plan: USMC management coordinated the DFAS management to 
establish and publish new procedures in April. Complete implementation 
was completed by June 1, 2010 that required RFA/System Integration-
Data Integrity (SI-DI) to validate both (ACID) and name in CA Top 
Secret (security tool) to prevent the duplicate assignment. USMC 
management also implemented procedures that when a name is "changed" 
on an ACID, the Terminal Area Security Officer (TASO) must submit a 
"delete" request for the old name prior to updating profile with new 
name; 
Targeted completion date: 3/31/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-48 Standard Accounting, Budgeting and Reporting System (SABRS) 
Configuration Management Baseline Audit: 

Recommendations: 1. USMC management coordinate with DFAS management to 
establish procedures that formally document, retain follow-up and 
research potentially unauthorized changes.
2. Additionally, it is recommended that investigations of CI 
discrepancies be performed by individuals not involved with the CI 
migration process; 
USMC action plan: SABRS Program Management revised configuration 
management baseline procedures; 
Targeted completion date: No date provided; 
Status according to USMC: Non-concur, however fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-49 Standard Accounting, Budgeting and Reporting System (SABRS) 
Interface Edit Check: 

Recommendations: 1. USMC management coordinate with DFAS management to 
review and ensure that the existing edit check configurations for 
interface data processing are established in accordance with current 
and approved Functional Requirement Documents (FRD); 
USMC action plan: An SCR was submitted and completed to ensure that 
the program code and design were in alignment; 
Targeted completion date: 5/31/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-50 SABRS Data Strategy and Design: 

Recommendations: 1. USMC management coordinate with DFAS management to 
develop a data management strategy and design that includes specific 
requirements for SABRS, including regulatory requirements and database 
standards; 
USMC action plan: USMC will coordinate with DFAS to see if the Data 
Management Strategy can be strengthened; 
Targeted completion date: 10/30/2011; 
Status according to USMC: Non-concur; 
however actions underway; 
Confirmed by DOD IG (yes/no): Yes. 

Source: Marine Corps SBR remediation action plan information and DOD 
IG confirmation of status. 

[End of table] 

Table 4 shows the recommendations related to the Defense Departmental 
Reporting System (financial reporting system); the Marine Corps' 
action plans to remediate these recommendations, reported 
implementation status, and targeted completion dates; and notes 
whether the DOD IG has confirmed the effectiveness of the Marine 
Corps' implementation. 

Table 4: DOD IG Recommendations, Reported Status of USMC Actions on 
DDRS Information Technology System Issues as of July 18, 2011, and DOD 
IG Confirmation of Status as of August 25, 2011: 

NFR-34 DDRS User Provisioning Process: 

Recommendations: 1. USMC management coordinate with Business 
Transformation Agency (BTA) management to ensure that all access to 
DDRS including changes to previous access rights and privileges follow 
a uniform process that includes timely documented supervisory review 
and approval as well as identification and documentation of the 
specific privileges requested and granted; 
USMC action plan: DFAS Cleveland Accounting Operations will coordinate 
with various interested parties from USMC, BTA, and within the various 
DFAS operational areas to thoroughly review and document the existing 
process, identify internal control weaknesses and process 
deficiencies, including the finding under this NFR, and take 
appropriate action to strengthen policies and procedures; 
Targeted completion date: 4/30/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-35 Configuration Management and Table Maintenance Policies and 
Procedures: 

Recommendations: 1. USMC management coordinate with BTA management to 
formally document their review and approval of the Configuration 
Management Policy. Additionally, it is recommended that BTA management 
develops and approve policies and procedures for DDRS table 
maintenance; 
USMC action plan: BTA has obtained the required management approval 
and signatures for the existing Configuration Management Plan and 
Policies. BTA has included a table maintenance policy within the 
Configuration Management Plan; 
Targeted completion date: 4/30/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-36 DDRS Third-Party Monitoring: 

Recommendations: 1. USMC management coordinate with BTA management to 
establish a formal process for monitoring activity, including the 
interaction with third-party service providers and execute that 
process on a periodic basis.
2. USMC management coordinate with BTA management to ensure that 
responsibilities for logging and monitoring of logs are addressed and 
defined in agreements with third-party service providers.; 
USMC action plan: The Information Assurance Officer (IAO) has 
requested evidence of monitoring from the service providers, and post 
the artifacts in eMASS and will continue to do so on a regular basis. 
The IAO has verified that each Service Level Agreement (SLA) covers 
responsibilities for logging and monitoring; 
Targeted completion date: 3/2/2011; 
Status according to USMC: Non-concur; 
however fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-37 DDRS Complete Listing of Configuration Items (CI): 

Recommendations: 1. USMC management coordinate with BTA and DFAS 
management to establish a methodology to systematically track all DDRS 
configuration items that are migrated to production. This will provide 
an audit trail that will allow closer monitoring and management of the 
CM process; 
USMC action plan: TSO Cleveland has modified their policies and 
procedures to ensure that changes are properly documented before a 
modification, both normal releases and release exceptions, is applied 
to DDRS Production. TSO Cleveland, the DDRS developers, has updated 
Policy 12-Functional Configuration Audit and the DDRS Configuration 
Management Plan to specify that a listing of CIs will be maintained to 
support each system modification for normal releases. For Emergency 
Releases, Policy 18--Release Exceptions has been updated to specify 
that a monthly audit of all release exceptions will be performed and 
that a PTR must be created prior to a modification being applied to 
Production in CMIS for all production problems; 
Targeted completion date: 3/1/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-38 DDRS Inappropriate Access: 

Recommendations: 1. USMC management coordinate with BTA and DFAS 
management to appropriately restrict access to shared drives and user 
groups that allow access to source code repositories; 
USMC action plan: TSO Cleveland has implemented new procedures to 
limit the number of developers authorized to send code to Release 
Management. All other developers now have "read access" only to the 
shared drive. TSO Cleveland has updated Policy 13 - Release Management 
and the DDRS/Corporate Services MOA to specify this new procedure, and 
have created a new shared drive folder with limited access rights. TSO 
Corporate Services has removed the five identified users with 
inappropriate access to the DDRS Production source code from the "dba" 
user group. All other users in the "dba" user group with appropriate 
access will continue to have access to the Production source code; 
Targeted completion date: 3/15/2011; 
Status according to USMC: Partially concur; 
however, fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-39 DDRS Interface Design and Strategy Documentation: 

Recommendations: 1. USMC management coordinate with BTA management and 
DFAS management to develop interface design documentation for the data 
processing between SABRS and DDRS in order to reasonably assure that 
the data processed are accurate and complete; 
USMC action plan: The DDRS Program Management Office (PMO) will modify 
the SABRS/DDRS Memorandum of Agreement (MOA) to include edits 
validations, ownership of interface processing, and error correction; 
Targeted completion date: 9/30/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-40 DDRS Interface Data Reconciliation: 

Recommendations: 1. USMC management coordinate with BTA management and 
DFAS management to develop a process that would ensure data transfers 
between SABRS and DDRS are properly accepted and acknowledged.
2. USMC management coordinate with BTA management to establishes a 
process for data reconciliation between SABRS and DDRS in the 
interface MOA; 
USMC action plan: The DDRS PMO has modified the SABRS/DDRS MOA to 
describe the reconciliation process and include information that 
addresses how to ensure the data are complete and accurate. (Also see 
response for NFR #39); 
Targeted completion date: 4/4/2011; 
Status according to USMC: Non-concur, however fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-41 DDRS Interface Preprocessing Error Report: 

Recommendations: 1. USMC management coordinate with BTA management and 
DFAS management to implement a mechanism that would allow for an audit 
trail to exist for the data received from SABRS that is manually 
directed to the corresponding line of accounting (LOA) through the 
preprocessing phase.
2. Once the audit trail exists for data processed through the 
preprocessing phase, BTA should develop a report so that it can be 
reviewed by management in order to ensure that data is being corrected 
and resubmitted to the corresponding LOA; 
USMC action plan: An SCR has been submitted and implemented to now 
provide a preprocessing audit report; 
Targeted completion date: 6/29/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-42 DDRS Interface Input Program Documentation- Edit Checks. 

Recommendations: 1. USMC management coordinate with BTA and DFAS 
management to perform a comprehensive review of the input process 
program in order to list, identify, and explain all the edit 
conditions contained in the program; 
USMC action plan: TSO Cleveland will document all the edit checks and 
validations contained in the DDRS input process applicable to the 
SABRS interface. Two documents will be produced, one detailing general 
interface edits and one detailing SABRS specific edits; 
Targeted completion date: 10/1/2011; 
Status according to USMC: Partially implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-43 DDRS Data Strategy and Design: 

Recommendations: 1. USMC management coordinate with BTA and DFAS 
management to incorporate the concepts of cryptography and middleware 
to the DDRS data management plan; 
USMC action plan: Documentation has been provided that evidences that 
a Data Management Plan is not required by DOD for Acquisition Category 
(ACAT) III Systems; 
Targeted completion date: 2/11/2011; 
Status according to USMC: Non-concur; 
however, fully implemented; 
Confirmed by DOD IG (yes/no): Yes. 

NFR-44 DDRS Application Security Logging and Monitoring: 

Recommendations: 1. USMC management coordinate with BTA management to 
establish a formal process for logging and monitoring activity, 
including the interaction with third-party service providers and 
execute that process on a periodic basis.; 
USMC action plan: The Information Assurance Officer (IAO) has 
requested evidence of monitoring from the service providers, and post 
the artifacts in eMASS and will continue to do so on a regular basis. 
The IAO has verified that each Service Level Agreement (SLA) covers 
responsibilities for logging and monitoring; 
Targeted completion date: 3/2/2011; 
Status according to USMC: Non-concur; 
however fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-51 No evidence of Periodic Review for Changes Migrated to 
Production: 

Recommendations: 1. USMC management coordinate; 
with BTA and DFAS management to establish a periodic review of changes 
that are migrated to production that includes a complete, accurate 
audit trail of Configuration Items (CI).
2. USMC followup and research of potentially unauthorized changes be 
performed by individuals not involved with the CI migration process 
and the follow up should be formally documented; 
USMC action plan: TSO Corporate Services has created a new procedure 
to be executed as part of each release that captures the state of the 
application prior to release and after release. The resulting changes 
are reconciled with the Release documentation to verify all changes 
are accounted for. The results of this procedure are maintained by the 
DDRS PMO; 
Targeted completion date: 5/6/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

NFR-52 DDRS Segregation of Duties Conflict Monitoring: 

Recommendations: 1. USMC management coordinate with BTA management to 
review all users with dual access to DDRS and submit appropriate 
waivers to reflect management's acceptance and acknowledgment of risk. 
These waivers should be updated in a timely manner prior to granting 
dual access to a user.
2. USMC management implement the mitigating control of periodically 
reviewing dual access user activity; 
USMC action plan: BTA and DFAS have streamlined and modified the role 
assignment process to ensure that a waiver is obtained prior to 
granting dual access to a user; 
BTA has requested that DFAS Standards and Compliance accept the risk 
of not having tools that permit reviewing activity of specific dual 
access users. The following risk mitigation controls are in place; 
(a) A user cannot approve a Journal Voucher or Data Adjustment that it 
created. (b) Dual user role profiles are reviewed monthly by Security 
Administrators and Reporting Managers. (c) Users have all agreed to 
behave responsibly in accepting the BTA Rules of Behavior. (d) 
Financial statements and reports are all reviewed and/or certified; 
Targeted completion date: 6/29/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no):No. 

NFR-57 DDRS Access Recertification: 

Recommendations: 1. USMC management coordinate with BTA management to 
establish policies and procedures to ensure the actions requested as a 
result of periodic access recertification of DDRS users (i.e., remove 
privileges for a Responsible Work Area, disable an account, etc.) are 
carried out to completion; 
USMC action plan: DFAS Cleveland Accounting Operations has coordinated 
with various interested parties from USMC, BTA, and within the various 
DFAS operational areas to thoroughly review and document the existing 
process, including the finding under this NFR, and take appropriate 
action to strengthen the policies and procedures; 
Targeted completion date: 4/27/2011; 
Status according to USMC: Fully implemented; 
Confirmed by DOD IG (yes/no): No. 

Source: Marine Corps SBR remediation action plan information and DOD 
IG confirmation of status. 

[End of table] 

[End of section] 

Appendix III: Comments from the Department of Defense: 

Under Secretary Of Defense: 
Comptroller: 
Defense Pentagon: 
Washington, DC 20301-1100: 

September 13, 2011: 

Mr. Asif A. Khan: 
Director, Financial Management and Assurance: 
U.S. Government Accountability Office: 
441 G Street, NW: 
Washington, DC 20548: 

Dear Mr. Khan, 

This is the Department of Defense (DoD) response to the Government 
Accountability Office (GAO) draft report GA0-11-830, "DoD Financial 
Management: Marine Corps Statement of Budgetary Resources Audit 
Results and Lessons Learned," dated August 29, 2011, (GAO Code 
197096). Our responses to the recommendations made in the draft report 
and additional technical comments are enclosed with this letter. 

Improving DoD financial management information is one of the 
Department's most important management goals. Over the last two years, 
your audit reports and testimony have recognized that the Department 
now has a sound strategy and approach to achieve audit readiness. In 
July you stated, "GAO supports DoD's current approach of focusing and 
prioritizing efforts." We appreciate this validation and support, and 
have taken steps to focus leadership and management on executing this 
strategy. A key component of the Department's approach is to, where 
reasonable, engage auditors to validate the progress being made; the
United States Marine Corps (USMC) audit does just that. 

When successful, the USMC financial statement audit will be a 
significant achievement, as the first such accomplishment for a 
military service. The audit will have a wider impact beyond the Marine 
Corps by providing clear, concrete actions to be taken to achieve 
auditability. As you have pointed out, most issues identified are not 
unique to the USMC and, therefore, inform the efforts of other DoD 
Components. The fiscal year 2010 USMC audit has highlighted specific 
process and systems changes needed to achieve audit. All of our 
reporting Components are working with the Defense Finance and 
Accounting Service and other service providers to address these issues 
and succeed in their audit efforts. 

Your audit report focuses on the planning of these remediation 
efforts, rather than on their outcomes. Given our available resources, 
the USMC and their service providers have made far more progress in 
remediation than your audit report indicates. It is because of this 
progress revealed in the fiscal year 2011 USMC audit, in areas such as 
complete transaction populations and Funds Balance with Treasury 
reconciliations, that we disagree with several of the statements in 
your audit report related to the USMC remediation plan. We have 
included the justification for several technical comments in an 
attachment to this letter. 

We have actions underway in the Department to address auditor findings 
across all service providers and Components consistent with three of 
your recommendations. We feel that your remaining recommendation on 
the content of our remediation plans is overly prescriptive. I believe 
our remediation plans are reasonable and will continue to hold leaders 
accountable to execute their plans and judge their efforts based on 
near-term outcomes rather than attempt to manage their plans. 

I appreciate your recent testimony that -the Department is heading in 
the right direction and making progress." Additional corrective 
actions are underway, and there are certainly more needed which have 
yet to be identified; however, we feel that the USMC audit is on the 
road to success. While in this case we do not agree with all of the 
findings in your report, and feel it does not present a fair 
assessment of the USMC remediation efforts as a whole, we look forward 
to your continued involvement in and recommendations for improvement 
of our effort. My point of contact for this effort is Mr. Joseph 
Quinn. He can be reached at 571-256-2678 or joseph.quinn@osd.mil. 

Sincerely, 

Signed by: 

Robert F. Hale: 

Enclosures: As stated: 

[End of letter] 

GAO Draft Report Dated August 29, 2011: 
GA0-11-830 (GAO Code 197096): 

"DOD Financial Management: Marine Corps Statement Of Budgetary 
Resources Audit Results And Lessons Learned" 

Department Of Defense Comments To The GAO Recommendations: 

Recommendation NO. 1: The GAO recommends that the Secretary of the 
Navy direct the Commandant of the Marine Corps: "develop a 
comprehensive, risk-based plan for designing and implementing 
corrective actions to SBR auditor recommendations. Such a plan should 
identify goals and objectives, identify and prioritize actions for 
addressing those objectives, allocate resources, assign roles and 
responsibilities, and measure performance against objectives." (See 
page 26/GAO Draft Report.) 

Response: Non-Concur. The Secretary of the Navy does not need to 
direct the Commandant of the U.S. Marine Corps (USMC) to develop a 
plan that conforms to GAO's requirements. The USMC contends that the 
referenced standard (Standards for Internal Control in the Federal 
Government) does not state that management must "identify resources, 
roles and responsibilities, or include performance indicators to 
measure performance against action plan objectives." The USMC fully 
complied with the three requirements noted in the standard, which are: 
1) promptly evaluate findings from audits and other reviews; 2) 
determine proper actions in response to findings and recommendations 
from audits and reviews; and 3) complete within established time 
frames, all actions that correct or otherwise resolve the matters 
brought to management's attention. In this regard, the USMC will 
continue to employ all manner of due diligence and professional 
scrutiny in developing courses of actions and remediation activities, 
as necessary, in order to correct audit findings given known and 
anticipated audit workstreams. Furthermore, the remediation efforts 
taken heretofore may demonstrate appropriate correction of the 
underlying audit deficiencies as a consequence and outcome to the 
Fiscal Year (FY) 2011 Statement of Budgetary Resources (SBR) audit. 

Recommendation NO. 2: The GAO recommends that the Secretary of the 
Navy direct the Commandant of the Marine Corps to: "review Marine 
Corps SBR remediation actions under way and confirm that actions are 
fully responsive to the auditor recommendations." (See page 26/GAO 
Draft Report.) 

Response: Concur. Additional actions beyond those currently in support 
the FY 2011 SBR audit will be undertaken to assess remediation 
responsiveness to auditor recommendation. This will involve an 
assessment of financial statement supportability through concurrent 
review of account balances, system processing and internal control 
design and effectiveness. Furthermore, the auditors are currently 
examining corrective actions related to FY 2010 SBR audit findings and 
have confirmed that several of the FY 2010 SBR audit Notices of 
Findings and Recommendations have been corrected. Thus, sufficient 
insight of corrective action adequacy or insufficiency shall be 
obtained via these ongoing and overlapping remediation review efforts. 

Recommendation NO. 3: The GAO recommends that the Secretary of the 
Navy direct the Commandant of the Marine Corps to: "for remediation 
actions that require coordination and action on the part of other DOD 
components, such as DFAS, DCMA, and DCAA, require the Marine Corps to 
develop and implement timely and effective service-provider agreements 
with the appropriate DOD components in accordance with the FIAR 
Guidance. These agreements should identify roles and responsibilities, 
the individuals responsible for those activities, and performance 
measures that establish accountability. (See pages 26 through 27/GAO 
Draft Report.) 

Response: Concur. The USMC will undertake a comprehensive review of 
its service provider agreements and implement updates that account for 
improved business processing and audit supportability. The USMC has 
long recognized the need for coordinated and codified service support 
from the Defense Finance and Accounting Service (DFAS). To this end, 
the Marine Corps established a signed Service Level Agreement (SLA) 
with DFAS-Kansas City before accounting support and financial 
reporting services were transferred to the consolidated service center 
in Cleveland, OH. This change was due to a Base Realignment and 
Closure (BRAC) requirement and the USMC maintained a close 
relationship with DFAS-Cleveland in order to aid in their BRAC 
transition and acclimatization. After a short period, efforts were 
undertaken to begin developing an updated SLA. These continue today 
and are expected to conclude in FY 2012. With respect to additional 
agreements with the Defense Contract Management Agency and Defense 
Contract Audit Agency, these organizations provide Defense-wide 
services that are not segmented across the Military Services, as in 
the case with the DFAS centers. Therefore, while the USMC concurs with 
the recommendation, it requests that such agreements be established 
and applicable to all of DoD, with the Office of the Under Secretary 
of Defense (Comptroller) Financial Improvement and Audit Readiness 
Directorate responsible for coordinating these SLA actions. 

Recommendation NO. 4: "In addition, to help fully leverage lessons 
learned from the first-year Marine Corps SBR audit effort, we 
recommends that the Secretary Defense direct the Secretaries of the 
Army, the Navy, and the Air Force to consider the fundamental lessons 
resulting from the Marine Corps effort and incorporate the lessons, as 
appropriate, in their respective FIPs. (See page 27/GAO Draft Report.) 

Response: Concur. On behalf of the Secretary of Defense, the Under 
Secretary of Defense (Comptroller)/Chief Financial Officer 
(USD(C)/CFO) has directed the military Military Services and other DoD 
components to consider the key lessons learned from the USMC audit 
effort, as outlined in this audit report, in their audit readiness 
plans. The USD(C)/CFO recognizes the importance of sharing audit 
readiness lessons across the Department, and this direction will serve 
to underscore an initiative already underway. The Military Services 
are, in fact, currently in the process of addressing the 
recommendations from the GAO audit of the Navy Civilian Pay and Air 
Force Military Equipment financial improvement plans, as well as those 
from the audit of the USMC SBR, in their audit readiness plans. It has 
always been the Department's approach to incorporate lessons learned 
from audit readiness efforts into all future preparations. 

[End of section] 

Appendix IV: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Asif A. Khan, (202) 512-9869 or khana@gao.gov: 

Staff Acknowledgments: 

In addition to the contact named above, Gayle L. Fischer, Assistant 
Director; Jacquelyn N. Hamilton, Acting Assistant General Counsel; 
William F. Wadsworth, Assistant Director, Information Security; 
Francine DelVecchio; Jason Kirwan; Richard D. Mayfield, Auditor-in- 
Charge; Carol T. Nguyen; Kerry A. Porter; Eric H. Stalcup; and Carroll 
M. (CJ) Warfield, Jr., Auditor-in-Charge, made key contributions to 
this report. 

[End of section] 

Footnotes: 

[1] Pub. L. No. 101-576, § 303, 104 Stat. 2838, 2849 (Nov. 15, 1990), 
codified, as amended, at 31 U.S.C. § 3515. 

[2] GAO, DOD Financial Management: Numerous Challenges Must Be 
Addressed to Improve Auditability, [hyperlink, 
http://www.gao.gov/products/GAO-11-864T] (Washington, D.C.: July 28, 
2011); DOD Financial Management: Numerous Challenges Must Be Addressed 
to Improve Reliability of Financial Information, [hyperlink, 
http://www.gao.gov/products/GAO-11-835T] (Washington, D.C.: July 27, 
2011); and High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-11-278] (Washington, D.C.: February 
2011). 

[3] The other agency with a disclaimer was the Department of Homeland 
Security. 

[4] Pub. L. No. 111-84, § 1003(a), (b), 123 Stat. 2190, 2439-40 (Oct. 
28, 2009). 

[5] Budgetary resources include the amount available to enter into new 
obligations and to liquidate them. Budgetary resources are made up of 
new budget authority (including direct spending authority provided in 
existing statute and obligation limitations) and unobligated balances 
of budget authority provided in previous years. 

[6] Offsetting collections are collections from government accounts or 
from transactions with the public. These collections are credited to 
appropriation or fund accounts. 

[7] In a disclaimer of opinion, the auditor does not express an 
opinion on the financial statements. A disclaimer of opinion is 
appropriate when the audit scope is not sufficient to enable the 
auditor to express an opinion, or when there are material 
uncertainties involving a scope limitation--a situation where the 
auditor is unable to obtain sufficient appropriate audit evidence. 

[8] CFO Act agencies' financial management systems are required by the 
Federal Financial Management Improvement Act of 1996 (FFMIA) to comply 
with federal financial management systems requirements, applicable 
federal accounting standards, and the United States Government 
Standard General Ledger at the transaction level. Pub. L. No. 104-208, 
div. A, title VIII, § 803, 110 Stat. 3009, 3009-390 (Sept. 30, 1996). 

[9] GAO, Financial Management: Achieving Financial Statement 
Auditability in the Department of Defense, [hyperlink, 
http://www.gao.gov/products/GAO-09-373] (Washington, D.C.: May 6, 
2009). 

[10] An obligation is a definite commitment that creates a legal 
liability of the government for the payment of goods and services 
ordered or received. 

[11] According to OMB Circular No. A-11, the SF-133, Report on Budget 
Execution and Budgetary Resources, is intended to provide a consistent 
presentation of data across programs within each agency, and across 
agencies, which helps program, budget, and accounting staffs to 
communicate. SF-133s provide historical reference that can be used to 
help prepare the President's Budget, program operating plans, and 
spending estimates. The reports also provide a basis to determine 
obligation patterns when programs are required to operate under a 
Continuing Resolution. An agencywide SF-133 should generally agree 
with an agency's Statement of Budgetary Resources. 

[12] GAO, Financial Audit Guide: Auditing the Statement of Budgetary 
Resources, [hyperlink, http://www.gao.gov/products/GAO-02-126G] 
(Washington, D.C.: December 2001). 

[13] Internal control comprises the plans, methods, and procedures to 
provide reasonable assurance that objectives are being achieved in the 
following areas: (1) effectiveness and efficiency of operations, (2) 
reliability of financial reporting, and (3) compliance with applicable 
laws and regulations. 

[14] GAO, Standards for Internal Control in the Federal Government, 
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00.21.3.1] 
(Washington, D.C.: November 1999). 

[15] Testing of the reasonableness of account balances or amounts in 
financial statements is commonly referred to as substantive testing. 
This is in contrast to testing of the internal controls related to a 
particular account or balance. 

[16] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00.21.3.1]. 

[17] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00.21.3.1]. 

[18] GAO, Defense Business Transformation: DOD Needs To Take 
Additional Actions to Further Define Key Management Roles, Develop 
Measurable Goals, and Align Planning Efforts, [hyperlink, 
http://www.gao.gov/products/GAO-11-181R] (Washington, D.C.: Jan. 26, 
2011); and Risk Management: Strengthening the Use of Risk Management 
Principles at Homeland Security, [hyperlink, 
http://www.gao.gov/products/GAO-08-904T] (Washington, D.C.: June 25, 
2008). 

[19] GAO, Intelligence, Surveillance, and Reconnaissance: DOD Needs a 
Strategic, Risk-Based Approach to Enhance Is Maritime Domain 
Awareness, [hyperlink, http://www.gao.gov/products/GAO-11-621] 
(Washington, D.C.: June 20, 2011); High-Risk Series: An Update, 
[hyperlink, http://www.gao.gov/products/GAO-11-278] (Washington, D.C.: 
February 2011). 

[20] The Marine Corps SBR Remediation Plan consists of a written plan 
covering the initial 11 financial statement process notices of 
findings and recommendations (NFR) to comply with DOD IG audit 
requirements and 59 additional NFRs that were addressed in separate 
plans of action and milestones. 

[21] Some of these elements are consistent with the FIAR Guidance 
requirements for a corrective action plan, such as identifying 
required resources and ensuring that actions address the identified 
deficiencies. 

[22] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. 

[23] The Antideficiency Act requires agencies to establish a system 
for administrative control of funds to, among other things, prevent 
obligations and expenditures in excess of appropriations and 
apportionments. 31 U.S.C. §§ 1341, 1514(a), 1517(a). 

[24] GAO, Department of the Army--The Fiscal Year 2008 Military 
Personnel, Army Appropriation and the Antideficiency Act, B-318724 
(Washington, D.C.: June 22, 2010). 

[25] Under Secretary of Defense (Comptroller/CFO), March 16, 2011, 
letter reporting a Department of the Navy violation of the 
Antideficiency Act, case number 10-03. 

[26] DOD Financial Management Regulation, Volume 3, Chapter 8, 
Standards for Recording and Reviewing Commitments and Obligations, 
Section 0804. 

[27] GAO, DOD Financial Management: Numerous Challenges Must Be 
Addressed to Achieve Auditability, [hyperlink, 
http://www.gao.gov/products/GAO-11-864T] (Washington, D.C.: July 28, 
2011). 

[28] GAO, DOD Business Transformation: Improved Management Oversight 
of Business System Modernization Efforts Needed, [hyperlink, 
http://www.gao.gov/products/GAO-11-53] (Washington, D.C.: Oct. 7, 
2010). 

[29] [hyperlink, http://www.gao.gov/products/GAO-11-53]. 

[30] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. 

[31] GAO, Standards for Internal Control in the Federal Government, 
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00.21.3.1] 
(Washington, D.C.: November 1999). 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: