DOD FINANCIAL MANAGEMENT
Accelerated Timelines Needed to Address Long-standing Issues and Fraud Risk
Statement of Asif A. Khan, Director, Financial Management and Assurance
Before the Subcommittee on Government Operations, Committee on Oversight and Government Reform, House of Representatives
For Release on Delivery Expected at 10:00 a.m. ET
United States Government Accountability Office
For more information, contact Asif Khan at khana@gao.gov, Vijay D’Souza at dsouzav@gao.gov, or Seto Bagdoyan at bagdoyans@gao.gov.
Highlights of GAO-25-108191, a testimony before the Subcommittee on Government Operations, Committee on Oversight and Government Reform, House of Representatives
Accelerated Timelines Needed to Address Long-standing Issues and Fraud Risk
DOD is responsible for about half of the federal government's discretionary spending and about 82 percent of the federal government’s total physical assets.
DOD obtaining a clean audit opinion is important to ensure that its financial statements and underlying financial management information are reliable for decision-making. DOD’s financial management and business systems modernization efforts have both been on GAO’s High-Risk List since 1995. DOD has taken steps over the last 30 years to improve these areas. However, the department needs to address pervasive weaknesses in its finances, fraud risk management, and IT acquisition management.
To help DOD improve its financial management, DOD's auditors have issued thousands of notices of findings and recommendations and identified associated material weaknesses. DOD has taken important steps to address these findings and weaknesses but has faced challenges in meeting target remediation dates.
This testimony discusses (1) GAO’s high-risk areas of DOD financial management (including fraud risk management) and DOD business systems modernization; (2) DOD’s efforts to address audit findings and associated impediments; and (3) DOD’s progress, audit benefits, and next steps to achieving a clean audit opinion in 2028. This testimony is based on GAO work from 2020 through 2025 related to DOD financial management. Details on GAO's methodology can be found in each of the reports cited in this statement.
What GAO Found
The Department of Defense (DOD) has made some progress in improving its financial management efforts. However, more remains to be done to address significant remaining issues and for DOD to realize its goal of achieving an unmodified (“clean”) audit opinion by the end of 2028. In February 2025, GAO found that DOD’s efforts to address its financial management and business systems modernization high-risk areas demonstrated leadership’s commitment to addressing them. However, GAO also found that other areas, such as action plans and demonstrating results, needed further attention. GAO also expanded the financial management high-risk area to include fraud risk management. For fiscal years 2017 through 2024, DOD reported about $10.8 billion in confirmed fraud. The full extent of fraud affecting DOD is not known but is potentially significant. Until DOD implements a comprehensive antifraud strategy that effectively aligns with leading practices, as GAO has recommended, its programs and significant expenditures will remain at substantial risk of fraud.
DOD has also taken steps to address audit findings in pursuit of its goal of achieving a clean audit opinion in 2028. These have included identifying priority areas and developing a strategy, plans, and roadmaps to systematically address major impediments. According to DOD, it is also studying lessons learned from the Marine Corps’ approach, which resulted in clean audit opinions for fiscal years 2023 and 2024. Nevertheless, the DOD Inspector General has identified 17 scope-limiting material weaknesses that are significant roadblocks to DOD’s clean audit opinion goal. DOD has developed a timeline for addressing these weaknesses (see figure).
DOD’s Timeline for Addressing Selected Scope-Limiting Material Weaknesses
DOD has made progress in addressing some of its scope-limiting material weaknesses. However, DOD needs to accelerate the pace at which it addresses these long-standing issues. DOD has also achieved a variety of benefits from its efforts to improve its financial management, including cost savings and avoidances and improvements to financial systems and data.
GAO has over 100 open recommendations aimed at improving DOD financial management. To make greater progress, DOD needs to address these open recommendations associated with, among other things, challenges DOD faces in meeting target remediation dates, addressing auditor-identified deficiencies, and improving efforts to manage fraud risk. Addressing these recommendations and the DOD Inspector General’s material weaknesses will help DOD achieve the benefits of a clean audit opinion and improved program integrity.
Chairman Sessions, Ranking Member Mfume, and Members of the Subcommittee:
Thank you for the opportunity to discuss the Department of Defense’s (DOD) financial statement audit progress, fraud risk management, and systems oversight.
DOD spends over $1 trillion annually to provide the military forces needed to deter war and to protect the security of the United States. DOD’s spending makes up almost half of the federal government’s total discretionary spending, and its physical assets make up about 82 percent of the federal government’s total physical assets. Without having sound financial management practices and reliable, useful, and timely financial information routinely available, DOD risks being unable to effectively and efficiently manage its budgets and assets and ensure accountability and stewardship over its extensive resources. However, as of fiscal year 2024, DOD is the only one of the 24 agencies subject to the Chief Financial Officers Act of 1990 (CFO Act) that has never obtained an unmodified or “clean” audit opinion on its financial statements, primarily due to serious financial management and system weaknesses.[1]
Since 1995, we have designated DOD financial management as a high-risk area because of ineffective processes, aging systems, and inadequate controls; incomplete corrective action plans; and insufficient monitoring and reporting.[2] In 2025, we expanded DOD’s financial management high-risk area to include fraud risk management at DOD.[3] While DOD leadership over the years has demonstrated a commitment to improving its financial management, it has not yet demonstrated the same level of commitment to managing fraud risk.[4] In addition, DOD business systems modernization, which includes financial and other systems that support business functions such as logistics and health care, has been on GAO’s High-Risk List since 1995.[5]
DOD also continues to experience systemic shortfalls in implementing cybersecurity measures to safeguard its data environment and address cybersecurity vulnerabilities. GAO and the DOD Office of Inspector General (OIG) have reported that DOD’s efforts to improve its system environment, modernize its outdated systems, and become auditable have been insufficient.[6]
My testimony today provides information on DOD’s ongoing efforts to improve its financial management and business practices and become auditable. Specifically, I will summarize our prior work addressing (1) GAO’s high-risk areas on DOD financial management (including fraud risk management) and DOD business systems modernization; (2) DOD’s efforts to address audit findings and associated impediments; and (3) DOD’s progress, audit benefits, and next steps to achieving a clean audit opinion in 2028.
My remarks are primarily based on GAO work from 2020 through 2025, including several reports we have issued since September 2024, when we last testified before this committee on this issue. This includes reports on DOD financial management workforce planning, GAO’s High-Risk Series, and the audit of the fiscal year 2024 U.S. government’s consolidated financial statements.[7] This statement also includes information on our related ongoing work, which we expect to report on later this year.
We conducted the work on which this testimony is based in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Background
Beginning with the CFO Act of 1990, which required DOD to prepare financial statements for certain components, and continuing through fiscal year 2018, Congress has frequently required DOD to take actions intended to improve its financial management. These efforts have included additional reporting, undergoing specific financial statement audits, and establishing audit readiness milestones.[8] The National Defense Authorization Act (NDAA) for fiscal year 2014 included a requirement for the performance of full-scope audits of DOD statements, beginning with fiscal year 2018.[9] These audits have resulted in disclaimers of opinion, which means that auditors were unable to complete planned audit procedures.[10]
Starting with full-scope audits for fiscal year 2018,[11] financial auditors have identified thousands of deficiencies, many of which remain outstanding. In fiscal year 2024, the DOD OIG identified 28 material weaknesses that have adversely affected DOD’s ability to prepare auditable financial statements.[12] DOD’s inability to achieve a clean financial audit opinion is one of three major impediments preventing GAO from expressing an audit opinion on the U.S. government’s consolidated financial statements since fiscal year 1997.[13]
The DOD OIG has highlighted the role of financial systems in DOD’s annual audit findings. In August 2024, the DOD OIG noted that long-standing IT challenges remain. These challenges prevent DOD from implementing efficient and effective financial management and inhibit progress toward receiving a clean audit opinion and implementing sustainable processes with effective internal controls.[14]
In addition, in July 2015, we issued A Framework for Managing Fraud Risks in Federal Programs (Fraud Risk Framework), which contains a comprehensive set of leading practices to guide agency managers in combating fraud in a strategic, risk-based way.[15] Specifically, the Fraud Risk Framework describes leading practices within four components: commit, assess, design and implement, and evaluate and adapt. Since 2016, consistent with the requirements of the Fraud Reduction and Data Analytics Act of 2015 and the Payment Integrity Information Act of 2019, the Office of Management and Budget (OMB) has required agencies, including DOD, to adhere to the Fraud Risk Framework leading practices as part of their efforts to effectively design, implement, and operate internal control systems that address fraud risks.[16]
DOD Is Taking Steps to Improve Its Financial Management and Business System Modernization Efforts, but More Remains to Be Done
DOD Financial Management
Since 1995, when we first added DOD’s financial management to the High-Risk List, DOD leaders have established a succession of programs, systems, policies, rules, and procedures; organizations intended to make improvements; and committees and boards to oversee progress. Efforts such as these resulted in DOD sustaining its Leadership Commitment score in our biennial High-Risk Update.[17] However, the ratings for all five high-risk criteria remain unchanged since 2023. Figure 1 shows GAO’s February 2025 ratings for the DOD financial management high-risk area.
Figure 1: DOD Financial Management High-Risk Area Rating as of February 2025
We also reported that DOD could make additional progress by implementing open GAO recommendations associated with this high-risk area related to strengthening its information systems, action plans, and monitoring efforts, and improving its fraud risk assessment and management processes. For example, we recommended that DOD should improve its corrective action plan review process and develop and document a DOD-wide comprehensive plan that includes a clear vision for how to achieve a clean audit opinion, and procedures for addressing material weaknesses, with interim milestone activities and dates.
Fraud Risk Management. In 2025, we expanded the DOD financial management area on GAO’s High-Risk List to include DOD fraud risk management.[18] Effective fraud risk management is essential to protect the integrity of DOD’s programs. The lack of an effective fraud risk management program combined with the material weaknesses discussed later in my testimony compounds DOD’s failure to establish a strong financial management internal control environment and increases opportunities for fraudulent actions against DOD’s vast resources.
The scope and scale of DOD’s financial activity makes it inherently susceptible to fraud. DOD spends over $1 trillion annually, which is about half of the federal government’s discretionary spending and about 15 percent of its total spending. In fiscal year 2023, DOD obligated about $456 billion for contracting activity, making it the largest contracting agency in the federal government.
However, the full extent of fraud affecting DOD is not known. In 2018, DOD reported to Congress that, from fiscal years 2013 through 2017, it had recovered more than $6.6 billion from adjudicated defense contracting fraud cases.[19] For fiscal years 2017 through 2024, DOD reported about $10.8 billion in confirmed fraud via PaymentAccuracy.gov.[20] Recoveries and confirmed fraud reflect only a small fraction of DOD’s potential fraud exposure. While DOD officials previously informed us that they did not believe there was much fraud within the department relative to its overall spending, even a small percentage of DOD’s $1 trillion in annual spending lost to fraudsters would be a significant divergence of resources from its warfighting mission.
Not only does fraud threaten DOD’s financial position, but it can also put the warfighter in increased danger. We previously reported on closed Defense Criminal Investigative Services fraud cases.[21] One such case involved a fraudster who provided purposefully falsified documents, including a fraudulent certificate related to a machine gun bipod component, to conceal the fraudster’s company’s failure to maintain contractually required manufacturing standards. While the financial impact was about $124,000, the nonfinancial impacts were more significant. A military engineer tested one of the bipods that the company manufactured and found a number of deficiencies. These deficiencies could pose potential safety hazards and have potential national security impacts.
While DOD leadership has demonstrated a commitment to improving its financial management, it has not yet demonstrated the same level of commitment to managing fraud risk. DOD faces significant fraud exposure given the complexity of its programs, the volume of its annual payments, and the material weaknesses in its audit reports, and is required to manage its fraud risk accordingly. It is, therefore, important that DOD leadership give equal consideration to enhancing the department’s fraud risk management efforts throughout its many programs and operations as it does to financial auditability.
Specifically, as we recommended in 2021, DOD should determine and document the fraud risk management roles and responsibilities of all oversight officials and the chain of accountability for implementing an effective fraud risk management strategy.[22] Further, as we recommended in 2024, DOD should ensure that its designated entity for fraud risk management has the necessary authority—not just responsibility—to design and oversee fraud risk management activities, such as data analytics.[23]
DOD did not initially concur with these recommendations but has since changed its position. Specifically, DOD told us that it plans to revise its Fraud Risk Management Strategy to address both recommendations but has repeatedly extended the deadline for completion. We made a total of 16 recommendations across our 2021 and 2024 reports. Thirteen of them remain open as of April 2025. Until DOD creates and implements a comprehensive antifraud strategy that effectively aligns with leading practices and effectively addresses both financial auditability and fraud risk management, it remains at substantial risk of fraud against its programs.
DOD Business Systems Modernization
DOD’s business systems modernization efforts also have been on GAO’s High-Risk List since 1995. DOD spends billions of dollars each year to acquire and modernize business systems, including ones that address key areas such as personnel, financial management, health care, and logistics. For fiscal year 2024, the department requested approximately $43.3 billion for its unclassified IT investments, including its major IT and other business programs, which are intended to help the department sustain its key business operations. In July 2024, we reported that DOD planned to spend $9.1 billion from fiscal year 2022 through fiscal year 2024 on 21 selected major IT business programs.[24]
We also reported that DOD officials from 15 of the 21 IT business programs reported cost or schedule changes since January 2022. DOD needs to improve its business systems acquisition management to achieve better cost, schedule, and performance outcomes; manage its portfolio of business systems investments more effectively and efficiently; and leverage its federated business enterprise architecture to help identify and address potential duplication and overlap.
In our latest High-Risk Update, leadership commitment increased from partially met to met. For example, in October 2023, the Secretary of Defense issued a department-wide memorandum calling for the department to take steps to remove DOD business systems modernization from the High-Risk List. The memorandum also called for the department’s Chief Information Officer (CIO) to accelerate the retirement of noncompliant legacy defense business systems. These actions contributed to progress in this area.
In addition, we reported that DOD developed a draft action plan for fiscal year 2025 that included a roadmap with specific actions and associated milestones to help the department address key aspects of this high-risk area. Thus, the rating for action plan increased from not met to partially met. The ratings for the remaining three criteria were unchanged. Figure 2 shows GAO’s February 2025 ratings for the DOD business systems modernization high-risk area.
Figure 2: DOD Business Systems Modernization High-Risk Area Rating as of February 2025
We also reported that DOD could make additional progress by taking actions such as finalizing an effective action plan to improve the management of its portfolio of defense business systems and addressing open recommendations associated with this high-risk area. For example, we recommended that DOD update business system investment management and acquisition policy and guidance and finalize plans for improving its business enterprise architecture.
DOD’s Audit Findings, Efforts to Address Findings, and Impediments
DOD’s Fiscal Year 2024 Audit Findings
DOD’s material weaknesses account for a significant portion of the total government-wide material weaknesses that auditors have identified. DOD’s material weaknesses have not changed since 2021 and adversely affect the auditability of its financial statements. The total number increased from 20 in fiscal year 2018 to 28 in fiscal year 2024 because of expanding audit testing since fiscal year 2018. In fiscal year 2024, across all CFO Act agencies, of the 53 material weaknesses identified, 28 belonged to DOD. Remediating material weaknesses is imperative for DOD to have sustainable business processes and a functioning internal control environment in its financial management operations.
The DOD OIG has also highlighted the role of financial systems in DOD’s annual financial audit findings. In May 2023, the DOD OIG noted that long-standing IT challenges remain.[25] Six of DOD’s material weaknesses are associated with IT. These challenges prevent DOD from implementing efficient and effective financial management and inhibit progress toward receiving a clean audit opinion.
To address findings related to IT systems, including noncompliance with Federal Financial Management Improvement Act of 1996 requirements, DOD has initiated a variety of efforts over the last 30 years to improve and help modernize its business and financial systems.[26] These efforts have resulted in system improvements, but they have not been fully successful to date and put the department at risk of establishing a “check the box” approach to ensuring that systems comply with requirements that contribute to auditable financial statements.[27] We have a forthcoming report where we assess the extent to which the Department of the Navy’s financial system modernization efforts follow strategic and migration planning leading practices.[28]
Remediation Rates for Notices of Findings and Recommendations
Auditors have also provided direct, actionable feedback by issuing notices of findings and recommendations (NFR) that describe weaknesses in DOD’s business processes, IT systems, and financial reporting that DOD entities must correct. We have reported that DOD needs to improve its efforts to address these NFRs.[29]
NFRs remain open until the underlying weakness is resolved. Annual NFR remediation rates, which measure how DOD and its components fully address and close auditor-issued NFRs, are indicators of DOD’s progress toward achieving a clean audit opinion. DOD officials expressed a desire to demonstrate progress by closing NFRs.[30] In September 2024, we reported that DOD’s annual fiscal year NFR remediation rate had increased from 27 percent in 2019 to 35 percent in 2023.[31] However, in fiscal year 2024, DOD’s NFR remediation rate decreased to 29 percent.
Auditors closed 955 of the 3,322 NFRs open as of the end of fiscal year 2023 and issued or reissued 2,387 NFRs in fiscal year 2024.[32] As the DOD OIG reported, each year auditors continue to identify new NFRs and reissue a significant number from prior years.[33] Auditors keep the audit findings open by reissuing them for consecutive years if the agency does not take corrective action or if a corrective action does not address the audit deficiency.
DOD’s Efforts to Remediate Audit Findings
In response to the material weaknesses and deficiencies identified by the auditors, DOD prioritized areas for remediation and developed a strategy for addressing these weaknesses.
Audit Priority Areas
DOD identified audit priority areas that focus on significant DOD-wide material weakness areas. After receiving the results from the fiscal year 2018 financial audit, the Secretary of Defense began issuing an annual memorandum to outline priority areas for the department. These priority areas were to support audit progress by developing stronger and sustainable internal controls and improving the security of vital systems and data.
For fiscal year 2025, DOD’s audit priorities, issued in December 2024, were: (1) improve its fund balance with Treasury reconciliation, (2) strengthen the systems control environment, (3) advance the universe of transactions, (4) optimize asset valuations, and (5) integrate procure to pay processes to accelerate auditability.
DOD’s Financial Management Strategy
DOD’s Financial Management Strategy for fiscal years 2022 through 2026 includes high-level strategic goals for uniting DOD-wide financial management community efforts.[34] The plan’s third strategic goal focuses on increasing the integrity of financial results by accelerating the path to an unmodified audit opinion. DOD plans to measure progress toward this goal in the following areas:
· Increase the number of favorable (unmodified or qualified) component financial statement audit opinions.
· Increase the number of favorable (unmodified or qualified) opinions on service organization controls.
· Centralize all fund balance with Treasury reconciliation tools.
· Establish processes and controls to clear undistributed disbursements and collections in a timely manner, including posting and matching transactions to obligations.
· Reduce undistributed disbursement and collection balances to a small percentage of the total fund balance with Treasury.
· Increase the number of systems with appropriate user access control solutions implemented to improve cybersecurity and auditability.
Measuring progress is an important step, but DOD has faced challenges meeting its target remediation dates.[35] We reported that DOD has not yet issued detailed implementation plans to carry out its financial management transformation strategies and achieve these goals.[36]
According to DOD, lessons learned from the Marine Corps’ approach to achieve a clean audit opinion for fiscal years 2023 and 2024 are being studied to inform the department’s overall audit strategy.[37] For example, modifying the Marine Corps’ financial statement audit plan for fiscal years 2022 and 2023 from two annual financial statement audits to a single 2-year audit allowed significantly more time for the Marine Corps to clean up its financial data and organize its financial records to allow the auditor to test transaction and balances.
According to the DOD OIG, as part of this 2-year audit, the auditors used a substantive-based testing approach throughout fiscal year 2022 and fiscal year 2023, and this process was repeated for the fiscal year 2024 audit. This approach was labor intensive for both the auditor and the Marine Corps. This was because the auditors had to increase the testing necessary since they were unable to rely on the Marine Corps’ internal controls over financial reporting. This required the Marine Corps to produce a large volume of information for auditors to test, which supports transactions, account balances, and other adjustments made while preparing financial statements, as well as physically counting military equipment, ammunition, and other property. These efforts were all designed to result in adequate audit evidence to support a clean audit opinion.
Corrective Action Plans and Audit Roadmaps
After receiving an NFR, DOD and component management develop one or more corrective action plans that outline how the finding will be remediated, establish key milestones, and assign responsibility for completing identified tasks.[38] However, we reported in May 2023 that DOD’s plans lacked details and root-cause analyses needed to effectively address deficiencies, which increases the risk that corrective actions may not address the identified deficiencies or be timely.[39]
DOD initially established financial statement audit roadmaps in fiscal year 2021 as tools to measure and monitor progress of the corrective action plans developed to remediate NFRs and material weaknesses. DOD updates these roadmaps annually. According to DOD, the DOD-wide audit roadmap charts a course for remediating its 28 material weaknesses reported by the DOD OIG in fiscal year 2024.
DOD audit roadmaps are intended to align DOD-wide material weakness remediation strategies, identify timelines, prioritize focus areas, and ensure that components monitor progress. DOD’s efforts to address audit findings are important steps toward DOD improving financial management and obtaining a clean audit opinion. We made five recommendations in May 2023 to help DOD address deficiencies with its audit planning and roadmaps. As of March 2025, all five remain open.
Major Impediments to Achieving and Sustaining a Clean Audit Opinion
DOD’s scope-limiting material weaknesses identify major impediments to achieving a clean audit opinion. Scope-limiting material weaknesses are weaknesses that do not allow auditors to perform sufficient procedures to reach a conclusion on the fair presentation of the financial statements. In August 2024, the DOD OIG reported that, of the 28 department-wide material weaknesses, it identified 17 as scope-limiting.[40] According to the DOD OIG, DOD has known about some of these scope-limiting material weakness for more than 19 years. The DOD OIG reported that these are significant roadblocks to DOD’s auditability goals, preventing DOD from establishing an efficient and effective financial management environment. Figure 3 describes DOD’s current planned timeframes for addressing each of its scope-limiting weaknesses.
Figure 3: Department of Defense’s (DOD) Planned Timeline to Remediate Agency-wide Scope-Limiting Material Weaknesses to Help Achieve a Clean Financial Statement Audit Opinion by Fiscal Year 2028
Examples of these scope-limiting material weaknesses include the following (not listed in order of importance or severity):
· Financial Management Systems and Modernization. Material weaknesses associated with IT remain a challenge, preventing DOD from efficient and effective financial management operations and progress toward receiving a clean audit opinion. More specifically, six material weaknesses are associated with IT and financial management systems: financial management systems modernization, configuration management, security management, access controls, segregation of duties, and interface controls. Resolving these material weaknesses will better position DOD to achieve broader business transformation.
DOD’s efforts over the past 30 years to modernize its business and financial systems, including systems responsible for functions such as property management and acquisition management, have not been fully successful. This has been in part due to a lack of developed guidance and reliable data. In March 2023, we reported that effective oversight of its business and financial systems is essential to moving DOD military departments and defense agencies in the right direction.[41] Key elements of such oversight include establishing oversight processes, using and communicating quality information, sustaining leadership commitment, and managing risk. According to DOD, it plans to remediate this material weakness by fiscal year 2031.
· Universe of transactions. According to the DOD OIG, a significant hurdle to making progress on DOD’s financial statement auditability is DOD’s inability to produce a complete, accurate, and reconcilable universe of transactions. A complete universe of transactions is a record of every financial event, or transaction, that affects the financial statement balance for a given fiscal year, such as transactions related to DOD’s inventory, property, and payroll. The universe of transactions is compiled by the department, combining all transactions from multiple accounting systems. DOD’s complex IT systems environment compounds the challenges. DOD could not provide a complete and accurate population of transactions to support the balances reported in its financial statements. As a result, auditors were unable to perform the necessary procedures to verify the accuracy of the balances presented. According to DOD, it plans to remediate this material weakness by fiscal year 2028.
· Joint Strike Fighter program. The Joint Strike Fighter program (i.e., F-35 program) is DOD’s most costly weapon system in history, with overall costs estimated to be $1.7 trillion over the program’s life cycle. Since 2019, the DOD OIG has reported a material weakness associated with the Joint Strike Fighter program. According to the DOD OIG, DOD could not provide timely, reliable data to verify the existence, completeness, and valuation of the Joint Strike Fighter program inventory due to the lack of processes or procedures to collect the information necessary to accurately report the value of the inventory. In May 2022, we evaluated DOD’s efforts to address this material weakness and recommended that DOD develop and document a strategy, including detailed procedures to address this material weakness and plans to verity the completeness of the Joint Strike Fighter asset records.[42]
Additionally, in May 2023, we reported that DOD’s lack of accountability over the Joint Strike Fighter global spare parts pool affects DOD’s ability to resolve the material weakness related to the Joint Strike Fighter program.[43] We also found that DOD designed inventory count procedures to verify the physical existence of certain Joint Strike Fighter assets, such as support equipment held at contractor facilities and included in property records; however, DOD did not verify the completeness of assets, as directed by DOD guidance. According to DOD, it plans to remediate this material weakness by fiscal year 2027.
· Government property in the possession of contractors. According to DOD OIG, DOD did not have adequate internal controls to account for and reconcile its government property provided to contractors for performance of a contract. Also, DOD could not provide sufficient documentation to support the existence and completeness of its government property in possession of contractors. This created a scope limitation because the auditors could not perform sufficient procedures to conclude on the balances. In addition, in 2022, we reported that DOD was unable to verify approximately $16 million of Joint Strike Fighter assets listed on contractor records.[44] DOD plans to remediate this material weakness by fiscal year 2026.
As previously discussed, the Marine Corps was able to obtain and sustain a clean audit opinion in fiscal years 2023 and 2024 largely through a substantive-based audit approach and manual effort. The Marine Corps’ auditor noted that it performed a substantive-based audit approach, which included more than 70 site visits and testing of approximately 26 million assets. According to DOD, it was an all-hands effort to complete the Marine Corps audit. According to the total assets the DOD OIG reported in the fiscal year 2024 DOD agency financial report and the military service agency financial reports, the Marine Corps accounts for 1 percent of DOD’s assets.[45]
In addition, while the Marine Corps was able to achieve a clean audit opinion, auditors identified seven material weaknesses that remain open. The Marine Corps still needs to remediate its open material weakness to improve its IT and financial operations. Remediating some of these material weaknesses is essential for implementing sustainable business processes and effective internal controls to routinely produce financial statements to demonstrate stewardship over its financial resources. Similarly, if DOD is able to achieve a clean opinion by the 2028 deadline without adequately strengthening internal controls and processes, substantial audit remediation work will likely continue to be needed. For example, like DOD, the Department of Homeland Security is composed of several component entities. It first achieved a clean audit opinion in 2013 but still needs to continue taking steps to improve its financial management and systems. For example, in November 2024, the Department of Homeland Security’s OIG reported that the department’s material weaknesses in internal control included those in (1) financial reporting and (2) IT controls and information systems.[46]
DOD’s Audit Progress, Benefits, and Next Steps
DOD’s Audit Progress and Benefits
For fiscal year 2024, 11 DOD reporting entities, including the Marine Corps, sustained a clean audit opinion. Also in 2024, the Defense Threat Reduction Agency and Defense Logistics Agency National Defense Stockpile Transaction Fund achieved a clean opinion for the first time. In addition, DOD has made progress addressing some of the scope-limiting material weakness across the department. For example, in fiscal year 2024, the DOD OIG reported that eight reporting entities closed or downgraded their fund balance with Treasury material weakness, allowing auditors to be able to reconcile to Treasury records. Additionally, in fiscal year 2024, the military services downgraded or closed a total of six component-level material weaknesses.
To achieve a department-wide clean audit opinion by December 2028, DOD needs to accelerate the pace at which it addresses its long-standing issues. Further, many of these long-standing issues will need to be resolved with enough time remaining to allow auditors to confirm that they have been addressed and will result in routinely producing reliable financial statements.
The value of financial statement audits extends far beyond the audit opinion. We reported that according to DOD, the financial statement audits and related efforts have resulted in a range of financial and operational benefits, including cost savings and avoidances, improvements to financial systems and data, mitigation of cybersecurity risks, and the identification of workforce gaps.[47]
Next Steps for Improving DOD Financial Management and Auditability
To make greater progress, DOD needs to take steps to address over 100 open GAO recommendations associated with the DOD financial management and business systems modernization areas of our February 2025 High-Risk report.[48] These include addressing challenges DOD faces in meeting target remediation dates; addressing auditor-identified deficiencies; improving system transitions; and addressing its planning, oversight, and data limitations. Addressing these recommendations will help DOD track audit remediation efforts, avoid system transition delays, modernize its financial systems, and achieve the benefits of a clean audit opinion. Improving DOD’s financial management and business processes will help lead to the preparation of reliable financial statements and help DOD’s mission by providing accurate information for decision-making.
DOD must remediate its scope-limiting material weaknesses in a timely manner to enable it to achieve a clean audit opinion by 2028 and be able to sustain it in subsequent years. To address this, DOD will need to (1) implement effective financial management systems, (2) collaborate with other stakeholders, and (3) implement effective audit roadmaps. Given the magnitude and complexity of the deficiencies, it is essential that DOD effectively oversees and monitors efforts to address them.
In addition, given the significant fraud exposure and requirements for managing fraud risk, DOD leadership needs to enhance the department’s fraud risk management efforts throughout its many programs and operations. This includes fully establishing fraud-related processes to better understand the totality of its fraud risk exposure and implementing controls to readily prevent and detect fraud.
Further, as noted, after achieving a clean audit opinion, it will be important for DOD to continue taking steps to sustain a clean opinion and continue improving its financial management environment. Moreover, addressing financial statement audit findings has inherent benefits, including helping to identify vulnerabilities, improve operations, and produce cost savings through informed budgetary decision-making, and helping DOD reach its goals for improved financial management. Such benefits, in turn, help the warfighter and DOD’s overall operational readiness.
The commitment of DOD leadership and management attention to these efforts will be critical to DOD’s success. We will continue to monitor the progress of and provide feedback on the status of DOD’s financial management improvement efforts.
Chairman Sessions, Ranking Member Mfume, and Members of the Subcommittee, this concludes my prepared statement. I would be pleased to respond to any questions you may have.
GAO Contacts and Staff Acknowledgments
For further information on this testimony, please contact Asif A. Khan at khana@gao.gov, Vijay A. D’Souza at dsouzav@gao.gov, or Seto Bagdoyan at bagdoyans@gao.gov. Contact points for the individual reports are listed in the reports on GAO’s website. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this testimony. GAO staff who made key contributions to this testimony are Michael Holland (Assistant Director), Althea Sprosta (Analyst in Charge), Tulsi Bhojwani, Heather Dunahoo, Andrew Erickson, Edward Romesburg, and Samantha Sloate.
Related GAO Products
High-Risk Series: Heightened Attention Could Save Billions More and Improve Government Efficiency and Effectiveness. GAO‑25‑107743. (Washington, D.C.: February 25, 2025).
Financial Audit: FY 2024 and FY 2023 Consolidated Financial Statements of the U.S. Government. GAO‑25‑107421. (Washington, D.C.: January 16, 2025).
DOD Financial Management: Action Needed to Enhance Workforce Planning. GAO‑25‑105286. (Washington, D.C.: October 10, 2024).
DOD Financial Management: Benefits to Date of Financial Statements Audits and Need to Improve Financial Managements Systems. GAO‑24‑107593. (Washington, D.C.: September 24, 2025).
Financial Management: DOD Has Identified Benefits of Financial Statement Audits and Could Expand Its Monitoring. GAO‑24‑106890. (Washington, D.C.: September 24, 2024).
IT Systems Annual Assessment: DOD Needs to Strengthen Software Metrics and Address Continued Cybersecurity and Reporting Gaps. GAO‑24‑106912. (Washington, D.C.: July 11, 2024).
DOD Fraud Risk Management: Enhanced Data Analytics Can Help Manage Fraud Risks. GAO‑24‑105358. (Washington, D.C.: February 27, 2024).
F-35 Program: DOD Needs Better Accountability for Global Spare Parts and Reporting of Losses Worth Millions. GAO‑23‑106098. (Washington, D.C.: May 23, 2023).
DOD Financial Management: Additional Actions Needed to Achieve a Clean Audit Opinion on DOD’s Financial Statements. GAO‑23‑105784. (Washington, D.C.: May 15, 2023).
Financial Management: DOD Needs to Improve System Oversight. GAO‑23‑104539. (Washington, D.C.: March 7, 2023).
DOD Financial Management: Additional Actions Would Improve Reporting of Joint Strike Fighter Assets. GAO‑22‑105002. (Washington, D.C.: May 5, 2022).
DOD Fraud Risk Management: Actions Needed to Enhance Department-Wide Approach, Focusing on Procurement Fraud Risks. GAO‑21‑309. (Washington, D.C., August 19, 2021).
Financial Management: DOD Needs to Implement Comprehensive Plans to Improve Its Systems Environment. GAO‑20‑252. (Washington, D.C.: September 30, 2020).
A Framework for Managing Fraud Risks in Federal Programs. GAO‑15‑593SP. (Washington, D.C.: July 28, 2015).
High-Risk Series: An Overview. GAO/HR‑95‑1. (Washington, D.C.: February 1995).
This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately.
The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost is through our website. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. You can also subscribe to GAO’s email updates to receive notification of newly posted products.
Order by Phone
The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, https://www.gao.gov/ordering.htm.
Place orders by calling (202) 512-6000, toll free (866) 801-7077,
or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information.
Connect with GAO
Connect with GAO on X,
LinkedIn, Instagram, and YouTube.
Subscribe to our Email Updates. Listen to our Podcasts.
Visit GAO on the web at https://www.gao.gov.
To Report Fraud, Waste, and Abuse in Federal Programs
Contact FraudNet:
Website: https://www.gao.gov/about/what-gao-does/fraudnet
Automated answering system: (800) 424-5454
Media Relations
Sarah Kaczmarek, Managing Director, Media@gao.gov
Congressional Relations
A. Nicole Clowers, Managing Director, CongRel@gao.gov
General Inquiries
[1]Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990). The list of agencies is codified at 31 U.S.C. § 901(b). These agencies are commonly referred to collectively as “CFO Act agencies.” An auditor expresses an unmodified opinion when the auditor concludes that the financial statements are presented fairly, in all material respects, in accordance with generally accepted accounting principles.
[2]GAO, High-Risk Series: An Overview, GAO/HR‑95‑1 (Washington, D.C.: February 1995). GAO’s High-Risk Series identifies government operations with serious vulnerabilities to fraud, waste, abuse, and mismanagement or that are in need of transformation.
[3]GAO, High-Risk Series: Heightened Attention Could Save Billions More and Improve Government Efficiency and Effectiveness, GAO‑25‑107743 (Washington, D.C.: Feb. 25, 2025).
[5]See GAO‑25‑107743 for the area’s current high-risk rating and GAO/HR‑95‑1 for when it was first added to the High-Risk List.
[6]See, for example, GAO, Financial Management: DOD Needs to Implement Comprehensive Plans to Improve Its Systems Environment, GAO‑20‑252 (Washington, D.C.: Sept. 30, 2020). Also see Department of Defense, Office of Inspector General, Audit of the DOD’s Plans to Address Longstanding Issues with Outdated Financial Management Systems, DODIG-2024-047 (Alexandria, Va.: January 2024).
[7]GAO, DOD Financial Management: Action Needed to Enhance Workforce Planning, GAO‑25‑105286 (Washington, D.C.: Oct. 10, 2024); GAO, High-Risk Series: Heightened Attention Could Save Billions More and Improve Government Efficiency and Effectiveness, GAO‑25‑107743 (Washington, D.C.: Feb. 25, 2025); and Financial Audit: FY 2024 and FY 2023 Consolidated Financial Statements of the U.S. Government, GAO‑25‑107421 (Washington, D.C.: Jan. 16, 2025).
[8]See, for example, CFO Act, Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990); Government Management Reform Act of 1994, Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994); National Defense Authorization Act for FY 2010, Pub. L. No. 111-84, div. A, § 1003(a), 123 Stat. 2190, 2439-40 (Oct. 28, 2009); and National Defense Authorization Act for FY 2013, Pub. L. No. 112-239, § 1005, 126 Stat. 1632, 1904 (Jan. 2, 2013).
[9]Pub. L. No. 113-66, div. A, § 1003, 127 Stat. 672, 842 (Dec. 26, 2013). The National Defense Authorization Act for FY 2018, Pub. L. No. 115-91, div. A, § 1002(b), 131 Stat. 1283, 1538 (Dec. 12, 2017), repealed this provision and instead enacted a permanent requirement for annual DOD financial statement audits, now codified as section 240a of Title 10, of the United States Code.
[10]A disclaimer of opinion arises when the auditor is unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.
[11]Beginning in fiscal year 1991, DOD began submitting the Department of the Army to the DOD OIG for audit. DOD began submitting the agencywide financial statements for audit in fiscal year 1996. However, all these audits resulted in disclaimers of opinion. A provision in the NDAA for fiscal year 2002 limited the scope of audit efforts on DOD financial statements until DOD determined the statements to be reliable. Full-scope audits of DOD statements began again, as required by the NDAA for fiscal year 2014, with fiscal year 2018.
[12]According to the DOD OIG, a material weakness represents weaknesses in internal control that results in a reasonable possibility that management will not prevent, or detect and correct, a material misstatement in the financial statement in a timely manner.
[13]Since fiscal year 1997, when the federal government began preparing consolidated financial statements, the other two primary impediments preventing us from rendering an audit opinion on the federal government’s consolidated financial statements have been (1) the federal government’s inability to adequately account for intragovernmental activity and balances between federal agencies and (2) the weaknesses in the federal government’s process for preparing the consolidated financial statements. See GAO, Financial Audit: FY 2024 and FY 2023 Consolidated Financial Statements of the U.S. Government, GAO‑25‑107421 (Washington, D.C.: Jan. 16, 2025).
[14]Department of Defense, Office of Inspector General, Understanding the Results of the Audit of the FY 2023 DOD Financial Statements (Alexandria, Va.: Aug. 8, 2024).
[15]GAO, A Framework for Managing Fraud Risks in Federal Programs, GAO‑15‑593SP (Washington, D.C.: July 28, 2015).
[16]Pub. L. No. 114-186, 130 Stat. 546 (2016).
[17]GAO’s High-Risk List includes five criteria for removal: leadership commitment, capacity, action plan, monitoring, and demonstrated progress. See GAO, High-Risk Series: Key Practices to Successfully Address High-Risk Areas and Remove Them from the List, GAO‑22‑105184 (Washington, D.C.: Mar. 3, 2022).
[19]Recovered funds include moneys received in fines, penalties, restitution, and forfeiture of property in criminal convictions of fraud and also through civil judgments and settlements.
[20]According to OMB, confirmed fraud is the amount determined to be fraudulent through the judicial or adjudication process. It represents only those fraud cases that have been confirmed by a court or other adjudicative forum and does not represent anything settled out of court with or without admission of guilt. OMB requires agencies to provide certain information about improper payments and confirmed fraud. OMB publishes this information in a dashboard on PaymentAccuracy.gov.
[21]GAO, DOD Fraud Risk Management: Enhanced Data Analytics Can Help Manage Fraud Risks, GAO‑24‑105358 (Washington, D.C.: Feb. 27, 2024).
[22]GAO, DOD Fraud Risk Management: Actions Needed to Enhance Department-Wide Approach, Focusing on Procurement Fraud Risks, GAO‑21‑309 (Washington, D.C.: Aug. 19, 2021).
[24]GAO, IT Systems Annual Assessment: DOD Needs to Strengthen Software Metrics and Address Continued Cybersecurity and Reporting Gaps, GAO‑24‑106912 (Washington, D.C.: July 11, 2024).
[25]Department of Defense, Office of Inspector General, Understanding the Results of the Audit of the Fiscal Year 2022 DOD Financial Statements (Alexandria, Va.: May 16, 2023).
[26]The Federal Financial Management Improvement Act of 1996 requires the 24 CFO Act agencies to implement and maintain financial management systems that comply substantially with (1) federal financial management system requirements, (2) applicable federal accounting standards, and (3) the U.S. Standard General Ledger at the transaction level. Pub. L. No. 104-208, div. A, §101(f), title VIII, 110 Stat. 3009, 3009-389, reprinted as amended in 31 U.S.C. § 3512 note.
[27]See for example GAO, Financial Management: DOD Needs to Improve System Oversight, GAO‑23‑104539 (Washington, D.C.: Mar. 7, 2023).
[28]GAO‑25‑107119 (Forthcoming).
[29]GAO, DOD Financial Management: Continued Efforts Needed to Correct Material Weaknesses Identified in Financial Statements Audits, GAO‑21‑157 (Washington, D.C.: Oct. 13, 2020).
[30]GAO, DOD Financial Management: Additional Actions Needed to Achieve a Clean Audit Opinion on DOD’s Financial Statements, GAO‑23‑105784, (Washington, D.C.: May 15, 2023).
[31]GAO, Financial Management: DOD Has Identified Benefits of Financial Statement Audits and Could Expand Its Monitoring, GAO‑24‑106890 (Washington, D.C.: Sept. 24, 2024).
[32]We obtained data from the DOD OIG showing the count of NFRs that were issued and closed to the reporting entities as of March 2025.
[33]NFRs are considered reissued if the weakness or deficiency noted in the NFR was identified during a prior year audit but the DOD component had not yet corrected it.
[34]Department of Defense, Financial Management Strategy FY22-26 (March 2022).
[37]The DOD Strategic Management Plan FY 2022-2026, Annual Performance Plan, and DOD Financial Management Strategy FY 22-26 have intersecting financial statement audit goals and objectives.
[38]According to the Implementation Guide for OMB Circular A-123, corrective action plans are plans management develops to present the procedures that an agency plans to follow to resolve its deficiencies. Corrective action plans should include measurable indicators of compliance and resolution to assess and verify progress throughout the resolution cycle.
[40]Department of Defense, Office of Inspector General. Understanding the Results of the Audit of the FY 2023 DOD Financial statements (Alexandria, Va.: Aug. 8, 2024). These scope-limiting weaknesses include material weaknesses in areas such as information technology, fund balance with Treasury, inventory and operating materials and supplies, real property, and government property in the possession of contractors.
[42]GAO, DOD Financial Management: Additional Actions Would Improve Reporting of Joint Strike Fighter Assets, GAO‑22‑105002 (Washington, D.C.: May 5, 2022).
[43]GAO‑ F‑35 Program: DOD Needs Better Accountability for Global Spare Parts and Reporting of Losses Worth Millions, GAO‑23‑106098 (Washington, D.C.: May 23, 2023).
[45]Department of Defense, Agency Financial Report Fiscal Year 2024 (Washington, D.C.: Nov. 8, 2024). Army, Agency Financial Report Fiscal Year 2024 (Washington, D.C.: Nov. 8, 2024). Navy, Agency Financial Report Fiscal Year 2024 (Washington, D.C.: Nov. 8, 2024). Air Force, Agency Financial Report Fiscal Year 2024 (Washington, D.C.: Nov. 8, 2024). Marine Corps, Agency Financial Report Fiscal Year 2024 (Washington, D.C.: Feb. 3, 2025).
[46]U.S. Department of Homeland Security, Office of Inspector General, Independent Auditor’s Report on the Department of Homeland Security’s FYs 2024 and 2023 Consolidated Financial Statements and Internal Control over Financial Reporting, OIG-25-05, (Washington, D.C.: Nov. 15, 2024).
[47]See GAO, Financial Management: DOD Has Identified Benefits of Financial Statement Audits and Could Expand Its Monitoring, GAO‑24‑106890 (Washington, D.C.: Sept. 24, 2024), and DOD Financial Management: Actions Needed to Enhance Workforce Planning, GAO‑24‑105286 (Washington, D.C.: Oct. 10, 2024).