On Tuesday, the Department of Defense (DoD) inspector general (IG) released a detailed summary of the agency’s 2018 audit that detailed the departments struggles with its IT systems.
The audit compiled a summary for each department of the number of Notifications of Findings and Recommendations (NFRs), which are what auditors issue to address weaknesses in the DoD’s processes. For fiscal year 2018, the auditors issued 800 new NFRs related to the DoDs IT systems and 319 IT NFRs were reissued. NFRs are reissued “if the weaknesses or inefficiency noted in the NFR was identified during a prior year audit,” but was not corrected by the time of the new audit.
The Navy led the way with 246 new IT NFRs, signaling its significant struggles with IT management and modernization. The Air Force followed with 96 new IT NFRs and the Army with 64.
According to the report, the auditors classified the NFRs “based on the severity of the weaknesses.” Most had weaknesses related to inadequate controls over access, system changes, and security management of the IT systems.
Among the inadequacies in controls regarding the IT systems, auditors found that: “required monitoring of sensitive user activities, including activities of privileged users, [were] not documented or not being performed; access rights and responsibilities were not appropriately restricted according to segregation of duties policy; users access was not terminated in a timely manner when the users left the organization; and controls had not been implemented to identify unintentional or unauthorized changes made to applications, databases, or data.”
The audit found that collectively the DoD also underspent $27.7 billion of its appropriated budget, $19 billion of which was for DoD operations, readiness, and support accounts.