Skip to main content

Financial Management: DOD Needs to Implement Comprehensive Plans to Improve Its Systems Environment

GAO-20-252 Published: Sep 30, 2020. Publicly Released: Sep 30, 2020.
Jump To:

Fast Facts

Department of Defense financial management has been on our High Risk List since 1995 in part because of deficiencies found in its supporting information systems. DOD uses these systems to report its spending and assets.

DOD's Inspector General and other auditors found the data used for the military services' FY 2019 financial statements unreliable. They identified new and ongoing deficiencies in 2,100 audit findings.

DOD doesn't track how much it spends on the systems. But we calculated it could be at least $2.8 billion in FY 2020.

We made 6 recommendations, including that DOD develop a road map for implementing its improvement strategy.

A person reviews a financial spreadsheet while holding a magnifying glass in one hand and pen in the other.

Skip to Highlights

Highlights

What GAO Found

Data supporting the Department of Defense's (DOD) fiscal year 2019 financial statements are not reliable, according to the DOD Office of Inspector General (OIG) and independent auditors. In January 2020, the OIG reported that the department had wide-ranging weaknesses in its financial management systems that prevented it from collecting and reporting financial and performance information that was accurate, reliable, and timely. Specifically, the OIG reported 25 material weaknesses that impacted DOD's ability to achieve an unmodified audit opinion on its fiscal year 2019 department-wide financial statements. These material weaknesses are based, in large part, on identified deficiencies and corresponding recommendations, also known as notices of findings and recommendations (NFRs).

In fiscal year 2019, independent public accountants issued 2,100 new and reissued NFRs to the military services and DOD remediated 26 percent of the military services' NFRs from fiscal year 2018. Of the 2,100 fiscal year 2019 NFRs, 1,008 were related to information technology (IT) and cybersecurity issues. Of the 1,008 NFRs, 484 were new and 524 were reissued from previous years. (See figure.)

Figure: IT Notices of Findings and Recommendations Issued by Independent Public Accountants Based on Audits of Military Services' Fiscal Year 2019 Financial Statements

Figure: IT Notices of Findings and Recommendations Issued by Independent Public Accountants Based on Audits of Military Services' Fiscal Year 2019 Financial Statements

To address the NFRs and DOD's underlying financial management system weaknesses, the department has a strategy that fully addresses three requirements for a comprehensive and effective IT strategic plan; however, it does not include measures for tracking progress in achieving the strategy's goals. (See table on next page.)

Table: GAO Ratings of DOD's IT Financial Management Systems Strategy

IT Strategic Plan Requirementsa

GAO Ratings

Alignment with the agency's overall strategic plan

Results-oriented goals and performance measures

Strategies to achieve desired results, including a clear narrative of how IT is enabling agency goals

Descriptions of dependencies within and across projects

Legend:

● Fully addressed: DOD provided evidence that it fully addressed this requirement.

◑ Partially addressed: DOD provided evidence that it addressed some, but not all, of this requirement.

Source: GAO analysis of Department of Defense documentation. | GAO-20-252

aThe requirements for a comprehensive and effective IT strategic plan are based on Office of Management and Budget guidance and prior GAO research and reviews of federal agencies' IT strategic plans.

DOD has not developed an enterprise road map to implement its strategy, as called for by Office of Management and Budget guidance. Such a road map should document the current and future states of a systems environment that, among other things, describes business processes and rules, information needs and flows, and work locations and users; and a transition plan for moving from the current to the future. In response to recently enacted legislation requiring a comprehensive road map, DOD stated that it plans to develop one; however, it did not state by when.

DOD also does not have sufficiently detailed plans for migrating key military service legacy accounting systems to new systems. The Navy has developed a plan to migrate its system, but the plan is missing key elements consistent with Software Engineering Institute guidance. The Army and Air Force do not have detailed migration plans for their key accounting systems.

While DOD has developed a plan to address IT issues identified during annual audits, it has not established performance goals that include indicators, targets, and time frames. Officials said that it is challenging to develop such goals because issues identified by the IPAs vary widely. However, DOD has already grouped the issues by priority, facilitating the establishment of appropriate performance goals.

Moreover, DOD does not know how much it spends on the systems that support its financial statements because it does not have a way to reliably identify these systems in its systems inventory and budget data. GAO calculated that the department will spend at least $2.8 billion on those systems in fiscal year 2020. However, that amount is understated–GAO identified 45 systems that were missing from the list of significant systems that DOD provided to GAO.

As a result of these deficiencies, the department faces challenges in ensuring accountability over its extensive resources and in effectively managing its assets and budgets. DOD also risks wasting funds on short-term fixes that might not effectively and efficiently support longer-term department goals.

Why GAO Did This Study

DOD financial management has been on GAO's High Risk List since 1995 because of long-standing deficiencies found in, among other areas, its supporting information systems. DOD uses these systems to report its spending and assets.

GAO was requested to review DOD's financial management systems. The objectives of this review are to determine (1) to what extent the data produced by DOD financial management systems are reported to be reliable for presenting financial statements in accordance with generally accepted accounting principles, (2) to what extent DOD and the military departments have strategies and plans to address key information technology controls for their financial systems, and (3) how much money DOD reports spending on developing and maintaining its financial management systems.

To address these objectives, GAO analyzed (1) independent public auditors' findings resulting from the department's fiscal year 2019 audit; (2) DOD's financial management systems strategy and plans relative to OMB guidance and recent legislation; (3) data in DOD system and budget databases. GAO also interviewed relevant DOD and military service officials.

Recommendations

GAO made the following six recommendations to DOD:

  1. Establish performance measures for DOD's financial management systems strategy, including targets and time frames, and how it plans to measure values and verify and validate those values.
  2. Establish a specific time frame for developing an enterprise road map to implement DOD's financial management systems strategy and ensure that it is developed.
  3. Develop detailed migration plans for certain key accounting systems.
  4. Establish performance goals with performance indicators, targets and time frames, to monitor DOD's efforts to address IT-related audit findings.
  5. Implement a mechanism for identifying a complete list of financial management systems and related budget data.
  6. Limit investments in financial management systems to what is essential to maintain functional systems and help ensure system security until DOD implements the other recommendations.

DOD concurred with GAO's recommendations and described actions it plans to take to address them.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish measures to determine if the department is succeeding in achieving its goal to improve its financial management systems. Specifically, it should document targets and time frames to define the level of performance to be achieved. It should also document how DOD plans to measure expected outcomes by identifying data sources, how it plans to measure values, and how DOD plans to verify and validate measured values. (Recommendation 1)
Open – Partially Addressed
As of July 2024, the Department of Defense (DOD) has partially addressed this recommendation. Specifically, as of March 2024, DOD had established one metric that included targets and time frames to define the level of performance to be achieved and the data source. DOD's Strategic Management Plan for fiscal years (FY) 2022-2026 documented a metric to track and count audit relevant legacy financial management system retirements. In particular, the measure documented targets for the number of legacy systems scheduled for retirement in each fiscal year and results for the most recent fiscal year. DOD also provided documentation describing how it plans to measure expected outcomes and values and the data source. In addition, DOD identified this metric in its Financial Management Strategy for FY 2022-2026. However, the department had not fully demonstrated how it plans to verify and validate measured values. DOD also identified a metric in its Financial Management Strategy for FY 2022-2026 associated with increasing system compliance with relevant audit and security regulations. However, for this metric, the department did not identify targets and time frames, document how DOD plans to measure expected outcomes by identifying data sources, how it plans to measure values, or how DOD plans to verify and validate measured values. DOD also provided additional information about related metrics. However, this information did not include details such as actual measures or how DOD plans to verify and validate measured values. Further, in August 2023, the department stated that it planned to issue updated guidance to define and document the mechanisms to identity financial and feeder systems in support of providing a complete inventory of systems. Without a mechanism to ensure a complete systems inventory, the department risks using incomplete information to prepare its metrics. In March 2024, officials from the Office of the Under Secretary of Defense (Comptroller) stated that they are considering addressing this recommendation along with related recommendations from a January 2024 DOD Inspector General report. As a result, they anticipated taking additional time to provide a response on steps they plan to take to fully address this recommendation. Further, in May 2024, DOD stated that it planned to submit additional information intended to close this recommendation during quarter 1 of FY 2025. We will continue to follow-up with department on the status of its efforts to address this recommendation.
Department of Defense The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish a specific time frame for developing an enterprise road map to implement its financial management systems strategy, and ensure that it is developed. The road map should document the current and future states at a high level, from an architecture perspective, and present a transition plan for moving from the current to the future in an efficient, effective manner. The road map should discuss performance gaps, resource requirements, and planned solutions, and it should map DOD's financial management systems strategy to projects and budget. The plan should also document the tasks, time frames, and milestones for implementing new solutions, and include an inventory of systems. (Recommendation 2)
Open – Partially Addressed
As of July 2024, the Department of Defense (DOD) has partially addressed this recommendation. Specifically, DOD completed its initial roadmap in June 2022, with a Plan of Action and Milestones (POAM) to expand the initial roadmap, finalized in November 2022. The POAM addressed actions related to performance gaps using open auditor-issued notices of findings and recommendations and considered the end-to-end business activities and processes. It also outlined the capture and use of additional data and metrics for use in systems level business value decisions within or independent of the Planning, Programming, Budgeting, and Execution process. In February 2024, DOD stated that the department planned to complete an updated and redesigned roadmap by the third quarter of fiscal year 2024. Further, in March 2024, officials from the Office of the Under Secretary of Defense (Comptroller) stated that DOD will provide an updated date for when they expect to take steps sufficient for closing the recommendation, which may include considering complementary tools and information associated with the roadmap. In June 2024, DOD provided a list of tools that it stated it has deployed and plans to deploy to complement its financial management systems roadmap. According to DOD, it has deployed tools such as its Financial Management IT Roadmap Application, Financial Management Functions Requirements Matrix Application and Migration and Retirement Application. According to DOD, it has also automated monthly financial management system tagging in its Advana tool and automated the monthly logging of planned system retirement date changes. DOD also provided a list of tools still in development that it stated support its financial management IT roadmap and portfolio management. This includes a tool that intends to provide trend analysis of planned retirement date changes, summarize associated systems, and allow DOD to determine when a retirement date moves into a new fiscal year. In addition, DOD stated that it is developing a tool that will provide a comprehensive view of DOD financial management system compliance with statutory requirements (i.e., the Federal Financial Management Improvement Act of 1996). Nevertheless, DOD did not demonstrate that it has developed a financial management roadmap that fully addresses this recommendation. For example, the information provided by DOD, did not demonstrate that DOD's roadmap will discuss performance gaps and resource requirements and map DOD's financial management systems strategy to projects and budget. Further, the information did not demonstrate that the roadmap will document the tasks, time frames, and milestones for implementing new solutions. We will follow-up with DOD for additional information and continue to monitor the department's efforts to fully implement the recommendation.
Department of Defense The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to develop detailed migration plans for the Air Force's General Accounting and Finance System-Reengineered, Navy's Standard Accounting and Reporting System, and Army's Standard Finance System and the Standard Operation and Maintenance Army Research and Development System. (Recommendation 3)
Closed – Implemented
As of September 2024, DOD has demonstrated that it has taken actions that substantially address the intent of this recommendation. We are no longer tracking migration plans for the Navy's Standard Accounting and Reporting System because it was retired in December 2022. In addition, we are tracking the Air Force's efforts to develop a migration plan for its General Accounting and Finance System-Reengineered under a recommendation associated with GAO-22-103636. DOD officials also stated that the Army has migrated its activities out of its Standard Operation and Maintenance Army Research and Development System (SOMARDS) and provided supporting documentation showing no Army activities remain in the system. Further, DOD officials stated that Army maintains limited activity in the Standard Finance System (STANFINS) and intends to move all transactions out of the system by the end of fiscal year 2026. DOD also provided supporting documentation showing that it plans to transfer all STANFINS balances to its target system by the end of fiscal year 2026. DOD also provided its migration plans for SOMARDS and STANFINS and examples of training available to Army users for the system replacing SOMARDS and STANFINS. While work remains to fully divest the Army from STANFINS, DOD's actions substantially address the intent of this recommendation.
Department of Defense The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to establish performance goals that include performance indicators, targets and time frames, to monitor the status of efforts to address IT-related audit findings. (Recommendation 4)
Closed – Implemented
DOD has established performance goals, including indicators, targets, and time frames to monitor the status of its efforts to address its high priority IT-related audit findings. Specifically, the department reported at its July 2021 and April 2022 Information Technology Functional Council meetings on the number of high priority IT-related notices of findings and recommendations that it expected to address in fiscal years 2021 through 2024. As a performance indicator, the department reported the percentage of corrective action plans intended to address the audit findings that would not be closed by their target completion dates (i.e. slippages).
Department of Defense The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to implement a mechanism for identifying financial management systems that support the preparation of the department's financial statements in the department's systems inventory and budget data, and identify a complete list of financial management systems. (Recommendation 5)
Open – Partially Addressed
As of July 2024, the Department of Defense (DOD) has partially addressed this recommendation. Specifically, in August 2023, the department stated that it would issue updated guidance on identifying financial statement and audit relevant systems by December 2023. In February 2024, the department stated that it was drafting an updated closure package for this recommendation and expected to submit it in February 2024. According to the department, its guidance on identifying financial statement and audit relevant systems will define and document the logic and mechanisms to be used to identity and capture financial and feeder systems, including providing a complete inventory of systems. In May 2024, DOD stated that it planned to submit additional information intended to close this recommendation in June 2024. However, as of July 2024, DOD has not submitted an updated closure package for this recommendation. We will continue to follow-up with the department on the status of this recommendation.
Department of Defense
Priority Rec.
The Secretary of Defense should direct the Chief Management Officer and other entities, as appropriate, to ensure that the department limits investments in financial management systems to only what is essential to maintain functioning systems and help ensure system security until it implements the other recommendations in this report. (Recommendation 6)
Open
As of July 2024, the Department of Defense (DOD) has not demonstrated that it has addressed this recommendation. According to the department, it executed its fiscal year (FY) 2023 systems review, and the results of this review informed the FY 2024 defense business systems certification investment decision memorandums. Further, in March 2024 officials from the office of the Under Secretary of Defense (Comptroller) stated that the department has institutional processes in place to constrain financial management system investments, such as applying conditions to annual funds certification decisions. However, as of March 2024, the department had not provided documentation substantiating that its actions were sufficient to address this recommendation. In May 2024, DOD stated that it planned to submit additional information to close this recommendation during quarter 4 of FY 2024. We will continue to follow up on the department's efforts to address this recommendation.

Full Report

GAO Contacts

Asif A. Khan
Director
Financial Management and Assurance

Kevin Walsh
Director
Information Technology and Cybersecurity

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Topics

Accounting standardsAccounting systemsFinancial managementFinancial management systemsFinancial reportingFinancial statementsInformation systemsInformation technologyInternal controlsMilitary forces