Internal auditors at the Defense Information Systems Agency have significant problems with meeting the federal government’s standards — significant enough to cause the Pentagon’s own audit agency to issue a grade of “fail” in a recent review.
The findings come from the audit policy and oversight branch of the Defense Department’s inspector general, which examined several of DISA’s recent internal audits and interviewed staff. The DoD IG reported the agency’s audit organization failed in several respects to comply with both its own auditor’s manual and the governmentwide Generally Accepted Government Auditing Standards (GAGAS) often known as the “yellow book.”
“The significant deficiencies identified do not provide DISA IG management with reasonable assurance of performing and reporting in conformity with GAGAS in all material aspects. Accordingly, as a result of the significant deficiencies … we are issuing a fail opinion on the DISA IG audit organization’s system of quality control,” the DoD IG’s office wrote in a letter last week to Air Force Lt. Gen. Ronnie Hawkins, DISA’s director.
The DoD IG report made public Friday did not call out any specific or glaring inaccuracies in the work DISA’s auditors had performed and does not accuse the agency as a whole of mismanaging resources. Indeed, DISA is one of a relative handful of DoD components to have successfully put its financial statements to the scrutiny of outside auditors and come out with a clean opinion.
Rather, it focused on the quality controls that internal government auditors are supposed to have in place in order to ensure they get things right when they reach their conclusions. It found in several cases that DISA’s IG does not.
In some cases, staff members were inadequately trained on government accounting standards or the agency’s training materials themselves were lacking. In others, the DISA IG’s audit organization lacked “professional judgment,” the DoD IG found.
“We determined that the DISA IG audit organization did not exercise professional judgment due to the array of noncompliances found in the majority of auditing standards areas including quality control and assurance, supervision, evidence, documentation, reporting, independence, planning and the use and application of GAGAS,” auditors wrote.
For instance, audit staff were inadequately supervised. The review found no evidence that supervisors ever reviewed the detailed fieldwork of audit staff before they included information in a final report.
In another example, the DoD IG found DISA’s auditors didn’t gather sufficient evidence before reaching conclusions. The agency’s audit staff was trying to determine whether DISA was complying with acquisition regulations that require the military to register and track purchases of all items according to their Individually Unique Item Identification code (IUID).
“For the IUID audit, 93 percent of the testing results for the second finding were not supported by sufficient and appropriate documentation,” the report found.
The DoD IG made five recommendations for improvement. DISA’s Inspector General, Kristopher Miltner, agreed with each of them.
DISA, he wrote will make several changes, including:
Providing in-house training on governmentwide accounting standards
Adding details about tracking of continuing education requirements to its auditor’s handbook
Ensuring it performs annual reviews of its quality control procedures
Reevaluating its 180-day goal for completing audits, which the DoD IG suggested could be overly ambitious and might be a factor leading to some of the “yellow book” shortfalls.
This story is part of Federal News Radio’s daily DoD Report. For more defense news, click here.