What is the value of financial auditability?

The value of financial auditability is to comply with laws, improve business processes, make better use of resources, and increase public trust.

• Comply with laws – Laws require financial statements audits (1990 Chief Financial Officers Act, 1994 Government management Reform Act and FY2010 National Defense Authorization Act).
• Improved business processes – Processes are sometimes non-standard, making audits difficult, costly, and potentially impossible. Audits reduce risk from waste, fraud, and abuse via improved internal controls and reduce the cost of overall business operations.
• Make better use of resources – Audits verify the accuracy of the budget status and identify dollars before they expire.
• Increase public trust – The Public and Congress are reassured that DoD is a good steward.

What are the benefits to the DON?

• Audit readiness will improve the efficiency and effectiveness of the DON’s operations and strengthen the DON’s support for the warfighter
• The DON will be able to fulfill its missions in a more fiscally responsible fashion, allowing it to operate successfully on a limited amount of resources.

What are the DON’s major accomplishments?

• Successfully completed an audit by a private firm on USMC Statement of Budgetary Resources
• Underwent and received a clean opinion on an examination of Appropriation Received process
• Undergoing an examination by DoD IG on Existence and Completeness of Ships, Trident missiles, and Satellites
• Asserted Existence and Completeness in major asset categories such as Ships, Aircraft, Trident missiles, and Satellites, as well as Ordnance

What are the major challenges impeding audit readiness?

• Legacy accounting systems were never designed to do accounting in a proprietary way very well. Principally, they were designed to perform “fund/budgetary” accounting functions, that is, to execute and report on commitments, obligations, and expenditures/disbursements
• In the past, each major business processes were optimized for the functional owner, where financial accounting implications were less important
• Many of the DON’s end-to-end business processes span multiple organizations, both inside and outside the DON. The end-to-end processes have not been fully linked very well (example is contracting and receipt and acceptance processes), in such a way as to readily facilitate a financial reporting environment that allows for auditability. Working through the coordination impediments specific to the multiple touch points has posed to be a very challenging process
• For Reimbursable Work Orders, the major deficiencies noted during the process assessment included:
  • Authorizing officials were not properly designated and/or credentialed
  • Key reconciliations between trading partners were not performed to ensure goods/services were being supplied
  • Transaction universes could not be completely identified and reconciled
  • Source documentation was not always available
• For the Requisitioning (MILSTRIP) process:
  • Transaction universe not defined yet
  • Source documentation will be difficult to obtain in some instances
• To view an illustrative explanation of challenges, click here (PPT, 4.92MB)

How will the DON move to overcome these challenges?

• To view the DON SBR Integrated Plan of Action and Milestones (PoAM), click here.

How are lessons learned shared across DON components?

• Lessons learned are shared formally through regular meetings, Memorandums of Agreement (MOAs), distribution of revised documentation (e.g. testing strategy, control requirements), and general memorandums.
• Lessons are also shared informally through regular communication with Component Activities and through DoD FIAR and DON Audit Committee governance forums

What is the DON audit readiness strategy?

The DON Audit Readiness Strategy (ARS) is an incremental approach to achieving sustainable, repeatable financial improvement and annual audit readiness that provides:

• Increased accuracy, reliability, and timeliness of financial information for decision making.
• Seamless transition from the current financial environment to target systems and business process standardization.
• Independently auditable financial statements compliant with OMB Bulletin 07-04, as amended.

How do auditors form an opinion on financial statements?

Most of an auditor’s work in forming an opinion on financial statements consists of obtaining and evaluating sufficient, appropriate evidence concerning the assertions in the financial statements. The five basic assertions underlying the financial statements are as follows:

• Valuation or allocation – All transactions are recorded at the appropriate amount.
• Rights and obligations - Recorded assets are owned by the entity as evidenced by legal title or similar signs of ownership.
  Liabilities are the obligations of the entity at a given date.
  Completeness – All valid transactions are recorded and properly classified.
• Existence or occurrence – Recorded transaction, underlying events, and related processing procedures are authorized by Federal laws, regulations, and management policy.
• Presentation and disclosure – The financial statements or footnotes contain all information required to be disclosed.

What is a control vs. substantive procedure?

Internal controls indicate that we are reducing risk from incorrectly recording and supporting financial transaction events by putting in place internal controls or methods to ensure the integrity of financial and accounting information (e.g., delegation of authority, separation of duties). On the other hand, substantive procedures simply indicate that we actually are recording and supporting financial transaction events. Important terms and there definition are as follows:

• Control – An activity designed to either prevent an error from occurring or identify an error after it occurs.
• Corrective Action – A process, policy, or technology change implemented to address an identified weakness.
• Substantive – A test performed to validate the accuracy of financial transactions through a comparison to source documents (such as an invoice).
• Testing – The assessment of a control designed to validate the effectiveness of the control in preventing or identifying errors.

How does asset management auditability affect the DON?

A second goal of the DON FIAR is to demonstrate stewardship for assets, including accountability by location and count. The DON schedules calls for asserting Existence and Completeness of all major assets by FY2012. Below are descriptions of the DON Asset Categories:

• Military Equipment – Includes high-value assets that must be accounted for by custodians, verified by periodic inventories, and recorded in an accountable property system of record (APSR). DON has asserted E&C for ships, aircraft, satellites, ICBMs. DoDIG is currently examining ships, satellites, and Intercontinental Ballistic Missiles (ICBMs).
• Ordnance – Includes small arms to ammo to conventional missiles. The Ordnance Information System is in the APSR and DON has asserted E&C.
• Operating Material and Supplies – Includes material held for use in operations (not inventory) and large sub-categories such as uninstalled aircraft engines, sponsor-owned material, and industrial equipment.
• Real Property – Includes procurement, custody, and accountability of land, buildings, and accompanying infrastructure.
• Inventory – Includes repair parts produced and held for re-sale.
• General Equipment – Includes simulators, materials handling gear, and other longer-life assets used to accomplish mission.

How do you achieve audit readiness for appropriations received?

To achieve audit readiness for Appropriation Received, a reporting entity must:

• Design and implement control activities that limit the risk of material misstatements by meeting all relevant KCOs and,
• Support account transaction and balances with sufficient audit evidence defined as KSDs, supplemented with the reporting entity’s own documentation requirements.
• Reporting entities must test their control activities and supporting documentation to ensure audit readiness. In most cases, auditors will need to test both controls and supporting documentation to support their audit opinion. The more reliance the auditor can place on the reporting entity’s internal controls, based on their test of controls, the less testing of supporting documentation will be needed. A high reliance on internal controls yields a more effective and efficient audit, lowering the cost of the audit and the impact on the reporting entity personnel and operations.

What are incremental improvements or segments?

Segments, or assessable unites, are elements of the financial environment that management will assert as audit ready and are:

• Separately identifiable and measurable,
• Significant either by dollar value or requiring regulatory compliance,
• Substantially constant for year to year, and
• Collectively represent the total financial transaction universe supporting financial statement balances.

What is the focus of management’s assertion?

Management’s focus is reasonable assurance that:

• Business events and financial transactions are fairly presented on the financial statements,
• Internal control policies, procedures, and environment are sufficiently reliable, or compensating controls are in place,
• Segment audit readiness, once validated, is sustainable, and
• The structured presentation of segment document provides the basis for the risk assessment and testing necessary to verify management’s assertion.

What is the FIAR Strategy?

Since 2005, when the first FIAR Plan was published, the Department’s strategy for achieving improved financial information and auditability has evolved to be more focused, effective, and consistent across the reporting entities. The FIAR Strategy incorporates refinements and remains:

• Incremental and prioritized;
• Guided by a Methodology (Business Rules);
• Integrated with the requirements of OMB Circular A-123, Appendix A;
• Integrated with the implementation of the CFO Act and Federal Financial Management Improvement Act (FFMIA) (DoD FMR Vol.1 Chap 3);
• Integrated with the modernization of business and financial systems;
• Based on decentralized, reporting entity-level execution; and
• Comprehensive by focusing improvements on policies, processes and controls, systems and data, audit evidence, and human capital.

A clear, comprehensive strategy for achieving audit readiness is critical to ensuring that limited resources are assigned effectively to facilitate sustained and measurable progress. The strategy provides a critical path for the Department, while balancing short-term accomplishments with the long-term goal of an unqualified opinion on the Department's financial statements.

What are the FIAR Priorities?

The USD(C) established the current FIAR priorities on August 11, 2009. Before establishing the Department’s priorities, the USD(C) coordinated with the Deputy Secretary of Defense, reporting entities, Department of Defense Office of the Inspector General (DoD OIG), OMB, Government Accountability Office (GAO), and Congress, who approved, endorsed or acknowledged these priorities.
The USD(C) priorities are designed to achieve the FIAR objectives. These priorities are budgetary information, and mission critical asset information.
The USD(C) also directed the reporting entities to modify and regularly update their Financial Improvement Plans (FIPs) to achieve these objectives and priorities.

What is the FIAR Methodology?

The FIAR Methodology is a mandatory set of standardized phases and tasks that reporting entities must follow to achieve audit readiness. The six steps of the methodology are: Discovery, Corrective Action, Evaluation, Assertion, Validation, and Audit.
The methodology maximizes the potential for successful financial statement audits by considering auditing standards. In accordance with professional standards, auditors collect evidence supporting the fair presentation of financial statement amounts by focusing on two primary areas: internal controls and supporting documentation. To achieve audit readiness, reporting entities must:

• Identify and evaluate the risk of material misstatement and then design and implement control activities to meet key control objectives (KCO) that limit the risk of material misstatements, and
• Support account balances with sufficient and appropriate audit evidence, defined as key supporting documents (KSD), supplemented with the reporting entities’ own documentation requirements.

Reporting entities should focus their audit readiness efforts on improving their processes, controls, and related documentation based on the results of the application of the methodology.

How are the FIAR Strategy and DoD strategy management plan linked?

The Department’s Strategic Management Plan (SMP), a requirement of the NDAA for FY 2008, establishes seven specific business goals to further articulate needed changes in the Department’s “business domain” and to structure unity of effort across the enterprise. Business Goal 2, “Strengthen DoD Financial Management”, as seen in Figure 8, identifies the Department’s plans and their relationships to ensure Department leaders have access to timely, relevant and reliable financial and cost information to make informed decisions. One focus area of Business Goal 2 is to “sustain public confidence through auditable financial statements.” Due to its size and complexity, the Department utilizes a “family of plans” approach to cascade enterprise business priorities into functional and organizational plans. These include the Enterprise Transition Plan (ETP) and the FIAR Plan supported by the Business Enterprise Architecture (BEA).

How do you achieve E&C audit readiness?

To achieve E&C audit readiness, a reporting entity, in coordination with its service provide(s) must:

• Have designed and implemented control activities that limit the risk of material misstatements by meeting all relevant KCOs defined in Appendix C, and;
• Be able to support account transactions and balances with sufficient audit evidence defined as KSDs, supplemented with the reporting entity’s own documentation requirements.

Reporting entities and service providers must test their control activities and supporting documentation to ensure audit readiness. In most cases, auditors will need to test both controls and supporting documentation to support their audit opinion. The more reliance the auditor can place on internal controls based on their test of controls, the lesser the amount of testing of supporting documentation they will need to complete. A high reliance on internal controls yields a more effective and efficient audit, lowering the cost of the audit and the impact on the reporting entity personnel and operations.

How does SBR auditability affect the DON?

DON FIAR approaches audit readiness for the SBR by breaking processes that produce financial transactions into “business process segments.” These segments are evaluated for risk, internal controls, and ability to produce source documentation. Various organizations within DON are affected in different ways, depending on the segment. The eight segments are described below:

• Contract/Vendor Pay – Procurement of goods and services from non-government organizations.
• Reimbursable Work Orders (Grantor) – Procurement of goods/services from intra-government organizations
• Reimbursable Work Orders (Performer) – Payment in return for goods sold/services provided.
• Civilian Pay – Payment of federal civilian personnel.
• Military Pay – Payment of federal military personnel.
• Transportation of People – Temporary duty (TDY) travel.
• MILSTRIP – Procurement of materials from intra-DoD suppliers.
• Collections and Disbursements – Transfer of funds to and from the organization resulting from business transactions.

What is the DON’s strategy for achieving SBR Auditability by FY2014?

A detailed plan, sufficient resources to execute the plan, senior leaders’ awareness, support, and sponsorship, widening DON’s knowledge and expertise, and stressing the value of financial auditability.

• A detailed plan – DON’s SBR plan contains detailed tasks, their completion dates, and who is responsible for accomplishing them. As the SBR reflects the flow of funds from Congressional appropriations through expending these funds for goods and services, all Navy organizations will have responsibility for success; all functional communities (human resources, finance, logistics, acquisition, operations) will play a role. Success will require an all-Navy, team effort.
• Sufficient resources to execute the plan – DON leaders have provided adequate resources to execute the Navy-Marine Corps plan to date. Every major command has a role in the plan and each has been given resources.
• Senior leaders’ awareness, support, and sponsorship – “Tone from the top” is essential, as success will depend on all-Navy participation. CNO (ADM Greenert) spoke at the last two annual Navy Audit Readiness conferences, and he issued statements of support to other senior leaders. CMC/ACMC issued similar supportive statements on auditability. VCNO (ADM Ferguson) has received an initial briefing from ASN (FM&C) on this endeavor. Some major command commanders have issued statements of support to their organizations. Beginning FY2012, senior executives (who are responsible for business processes which generate financial transactions) will have a tailored performance objective for supporting audit readiness.
• Widening DON knowledge and expertise – As we continue to expand the circle of accountability for audit readiness, we need to ensure we raise the technical skills of all concerned. We’re increasing our training opportunities and stepping up communication of our strategy and milestones. We continue to bring in additional experts from the federal government and the private sector.
• Stressing the value of financial auditability – Audit readiness is the outcome we’re seeking; this goal depends on strengthening controls over our business processes, thereby increasing the accuracy of our financial data. Accurate financial data enables informed business decisions; having reliable financial data reassures taxpayers and Congress that we’re good stewards of the resources we’re managing. Success will also bring DoD into compliance with legislative mandates for auditability, which most other executive departments have already achieved.

What are the major challenges to meeting the SBR goal?

Ensuring outside business service providers (primarily Defense agencies) provide auditability support. Strengthening (or implementing) key controls over business processes at the organizational level. Ensuring major business systems are assessed for controls effectiveness and changed when feasible. Ensuring massive volumes of documentation substantiating auditability are organized, retrievable, and available to an auditor. Continuing work to standardize DON business practices by choosing “best of breed” processes; standardized, streamlined processes are more efficient and do not require a varied set of internal controls.

How do you achieve SRB audit readiness?

To achieve SBR audit readiness, a reporting entity, in coordination with its service provider(s) must:

• Have designed and implemented control activities that limit the risk of material misstatements by meeting all relevant KCOs and
• Be able to support account transaction and balance with sufficient audit evidence defined as KSD, supplemented with the reporting entity’s own documentation requirements.

Reporting entities must test their control activities and supporting documentation to ensure audit readiness. In most cases, auditors will need to test both controls and supporting documentation to support their audit opinion. The more reliance the auditor can place on the reporting entity’s internal controls based on their test of controls, the lesser the amount of testing of supporting documentation they will need to complete. A high reliance on internal controls yields a more effective and efficient audit, lowering the cost of the audit and the impact on the reporting entity personnel and operations.

Have any changes been made the DON’s plan recently?

Yes, Secretary Panetta has accelerated the date (FY2014) for all Components to be audit ready on one of their financial statements, the Statement of Budgetary Resources (SBR).

• The SECDEF has not changed the Congressionally-assigned date for full financial auditability, this goal remains 2017.
• “Full auditability comprises of audit readiness on all of the Component’s financial statements, including the two major statements: Balance Sheet and SBR.”
• DON is the only Component with a projected SBR audit readiness date prior to the SECDEF FY2014 goal: Navy has an aggressive schedule, expecting to be audit-ready on its SBR by the end of FY2013

What are the components of Audit Readiness Risk Management?

There are four main components of Audit Readiness Risk Management: roles and responsibilities, Critical Success Factors (CSFs), an integrated PoAM, and PoAM reporting. The four main components are described in detail as follows:

• Roles and Responsibilities – The A&RMD Program Managers coordinate risk mitigation and tracking at a programmatic level. The Functional Segment Leads coordinate with the functional community to support in the management and mitigation of risks. The Commands report issues and risks and execute mitigation activities. Service Providers support A&RMD Program Managers.
• Critical Success Factors (CSFs) – These are key programmatic areas of focus and execution designed to drive visibility, risk assessment and mitigation.
• Integrated PoAM – A deliberate and measured plan of programming and sequencing activities that drives accountability to individual stakeholders managing risk. This plan incorporates and addresses topics in CSFs, FIAR Guidance “Deal Breakers,” and lessons learned from GOA, DODIG, FIAR, and USMC Audits.
• PoAM Reporting – Reporting identifies and manages risks and issues through transparent execution, established escalation channels, and routine reporting intervals.

What are the benefits to the DON of the validation process?

• Double-checks that the DON has considered all relevant information and performed adequate testing and analysis to prove its management assertion
• Develops corporate experience in a financial audit as the DON builds its audit response infrastructure

What are DON audit readiness program risks?

DON Audit Readiness Program Risks include Capture Transaction Universe, Capture Transaction Populations by Segment, IT Controls Assessment, Timely Completion of Corrective Actions, and Use of the BAM Tool for Reconciliation. Detailed descriptions of these programs are below:

• Capture Transaction Universe – STARS and ERP transaction must be identified and reconciled to the 1071 file to substantiate the universe of financial transactions.
• Capture Transaction Populations by Segment – Transactions must be parsed to identify populations by segment for each Command.
• IT Controls Assessment – An assessment of IT Systems and controls is required for SBR assertion.
• Timely Completion of Corrective – Corrective Action Plans (CAPs) to remediate process and/or controls efficiencies may not be competed with the assertion timelines.
• Use of the BAM Tool for Reconciliation – The Bam Tool is being developed to automate the FBWT reconciliation.

What is the Audit Response Center (ARC)?

The Audit Response Center provides timely integrated DON response in accordance with DoDIG, IPA, Naval Audit Service, and GAO audit and attestation engagement standards. The Audit Reponses structure is consistent with audit requirements and based upon USMC lessons learned.

What does FMO do?

FMO leads financial programs and activities that are designed to improve the way the Department of the Navy (DON) does business and supports the warfighter. As Department of Defense directives and policies are set for financial efficiency, effectiveness, and transparency, FMO reports on financial data, as well as develops and manages accounting and finance related programs to help Commands comply with the Department of Defense (DoD) requirements. For a detailed description of FMO's mission, vision, and strategic objectives, click here.

What are the roles of FMO's different divisions?

FMO has six divisions, each of which is responsible for a certain aspect of supporting the planning and execution of the DON's financial and accounting activities. For a summary overview of the responsibilities of each division, click here.

Where does FMO sit in the Department of the Navy?

FMO sits directly under the Assistant Secretary of the Navy, Financial Management and Comptroller (ANS FM&C). To see FMO's location in the ASN FM&C Organization Chart, click here.

Where is FMO located?

FMO is headquartered at the Washington Navy Yard in Washington, D.C., Building 36, Room 115. For information regarding visitor access and parking at the Washington Navy Yard, as well as directions for public transit, click here.

When was FMO created?

FMO was formally established in 1995, and was created to be comparable to the Army/Air Force Financial Management Organizations, established by the Goldwater-Nichols Reorganization Act in 1986. For more information regarding FMO's history, click here.