The Defense Department’s (DoD) Fiscal Year 2019 audit identified IT and DoD’s business systems as a material weakness, amid the report’s 1,300 findings and recommendations, according to documents released by DoD on November 15.
The audit – DoD’s second ever full audit – found IT and business systems to be a material weakness, similar to last year’s findings. The audit is still ongoing, and DoD noted that it expected “significantly more” notices of findings and recommendations from the completed audit.
“The DoD information systems environment had control weaknesses over security management, access, configuration management, segregation of duties, and business process applications. As a result, DoD was unable to prepare reliable financial statements and disclosures,” the audit states.
The latest audit’s release also offered an update on DoD’s progress from the FY2018 audit. The department fared especially poorly in cybersecurity during its FY2018 audit – 46 percent of all notices of findings and recommendations concerned access controls.
However, DoD placed an emphasis on handling cybersecurity-related recommendations from the audit, with a joint memo coming from the CIO, chief management officer, and comptroller.
“The status of corrective actions for these high priority deficiencies is being actively monitored. In addition, an automated solution for provisioning and managing access to audit-impacting applications has been selected for DoD Components that do not already have this capability in place,” the department noted.