ISSUE 40: SEPTEMBER OCTOBER 2018 armgg

EVERYONE BUSINESS

 

 

 

   
   
    

Ernst and Young Provides Outlook On Auditability INSIDE THIS ISSUE
It? 5 back to school for many kids around the nation, and The Process for Closing Notice
it?s time to get back in gear with homework, tests, study of Findings and
sessions, and research all in the hopes of receiving a Recommendations
?nal report card that shows off their hard work and

dedication. Defense Audit

. ERemediation Working
DLA Is workIng hard to receive Its own form of report Group
carcl? the auditor? 5 opinion. Ernst and Young (EY) I

recently informed DLA leadership of their intent to issue
a Disclaimer of opinion of the Working Capital Fund (WCF), General Fund (GF), and CFO Corner: Ms. Gretchen

 

 

Transaction Fund (TF) for the Fiscal Year (FY) 2018 Financial Statements. DLA did not Anderson

complete or implement its Corrective Action Plans (CAPS) for the material weaknesses 

identi?ed during the FY 2017 ?nancial statement audits. EY is therefore unable to perform

suf?cient testing to provide a basis for an audit opinion. Why Does DLA Have
An Enterprise Risk

While ultimate goal is to receive an unmodi?ed ?clean? audit opinion on one of its Management and internal

three funds by FY 2020, a disclaimer is the beginning of the Agency?s audit journey. it means Control Program?
the auditors were unable to form an opinion on the fairness of the ?nancial statements. A .
disclaimer is neither a positive nor a negative opinion; it simply means that the auditors do DLA instruction 0?
not have an adequate basis to express an opinion. Trial Balance
Management

EY also provided DLA with actionable feedback, the or the Notices of Findings and and AnalySIs
Recommendations. A NFR explains why the auditors were unable to form an opinion, 
effectively providing DLA with a roadmap to improvement. As we work off the NFR, we General Equipment
make progress towards the ultimate goal of an unmodi?ed opinion. This feedback will also Financial Reporting
be included in the of?cial Annual Financial Report (AFR). To effectively mitigate the audit Updates
?ndings and deploy the necessary Corrective Action Plans (CAPs), DLA must prioritize to
ensure each NFR is addressed.

Ke Highlights from the
Where are we now In the audIt process WIth National efense Strategy 3p .
EY has announced their intent to disclaim on all three funds 1? i (i iSeCUl?itV ?33!

EY has currently completed business process and control 
EY is currently performing substantive testing on select lines of the balance sheet
0 EY is communicating new FY 2018 observations draft NFRs and reissuing FY 2017 NFRs

How can you help DLA be successful in its audit?

0 Document and update processes

0 Update existing Standard Operating Procedures (SOPs) ifthey have changed .

0 Provide Evidential Matter (EM) for every transaction 3?identify process gaps through process mapping and improvement, and examine outside 5? f? 
effects and dependencies

Remain consistent and accountable for end-to-end business Audit 013
processes

0 Submit complete and accurate supporting documentation

 

 

. . . . October?
RemInder, an auditor determInes whether the Manual statements of an December 

entity are presented fairly in all material respects and in accordance with
accounting standards by reviewing the underlying information and
processes that went into preparing the ?nancial statements. Audit
reports include an opinion as to whether there is a reasonable assurance
that the ?nancial statements are free from material misstatements.

While the unquali?ed opinion is the goal, it is not ?the end.? DLA will
continue to be audited every year. Financial audit readiness must become
ingrained in our daily activities and eventually a part of the Agency?s
collective DNA. And so, in December, EY will start the FY 2019 audit
process and begin the planning phase again. my-
October

 

 

DLA ?5
here

Audit phases may overlap

 

 

 

 

 

 

 

PAGE 1

 

 

ISSUE 40: SEPTEMBER ZOIS

The Process for Closing Notice of Findings and
Recommendations

Notice of Findings and Recommendations (NFRs) are de?ned as areas of
improvement identi?ed by an auditor, for which DLA creates a timeline to
develop and close a Corrective Action Plan (CAP). it is important that we remain
on schedule with closing each of our CAPs. The following publications provide
guidance on the NFR CAP validation process: Of?ce of Management and Budget
(OMB) Circular A-123, Department of Defense (DOD) internal Control over
Finajncial Reporting (ICOFR) Guide, and Process Cycle Memorandum (PCM)

Gui ance.

The CAP phase is an ongoing process. As such, it is important to follow the
designated procedures and documented processes laid out in the publications
above. To start, a NFR CAP must contain speci?c elements, that clearly dictate
the purpose of the CAP and plan a procedure, such as: Description of de?ciency,
year de?ciency was ?rst identi?ed, point of contact, of?cial responsible for
monitoring remediation progress Process Owner and a detailed
description of milestone activities.

Once the above have been established, the Process Cycle Integrator (PCI) will
review for form and content to provide feedback to the P0. The Compliance
Management (1891) will review the CAP to ensure it meets A-123 requirements.
The Enterprise Business Cycle Owner (EBCO) then reviews and approves the
CAP. The Vice Director (VD) must review and approve the CAP as a ?nal step. If a
need for change is identi?ed after implementation of the CAP has begun, the
NFR CAP owner must prepare a justi?cation for the EBCO and request approval.
The EBCO must then brief the request to the Stewardship Committee and await
approval from the VD.

When all implementation milestones and testing of key controls are complete,
the Action Of?cer (A0) and Process Cycle Integrator prepare a formal NFR CAP
completion package and memorandum to submit to J891 for review and
approval. 1891 then makes a formal recommendation to the Project
Management Team to approve the completion. The PO then briefs the
completed NFR CAP to the Stewardship Committee, and ARS PO (J892) noti?es
the Independent Public Accountant (IPA), Ernst and Young (EY), that the NFR
CAP has been completed. EY then assesses the CAP, which includes evidence to
support the implementation of the solution. From there, EY will either test the
process to determine if the controls put in place are operating effectively and
issue a new CAP if the key controls are not operating effectively or reissue the
NFR if not all the conditions were addressed.

Important notes from EY on the CAP process:

0 Engage EY early in the process and communicate planned timing and details
0 CAPs

EY will discuss and review partial steps updated Standard Operating
Procedures (SOPs), policies, controls) and provide initial feedback on
direction of remediation plan, if requested

EY will perform the test of operating effectiveness of new controls once the
control has been implemented for a period of time

The period oftime the control needs to be in place will vary based on
frequency of the control controls typically need to be in place for at
least 90 days)

If a control has not been in place for a suf?cient period of time, as described
above, EY can review the design of the control to provide feedback, but is
not able to conclude that the control was operating effectively during the
period

For the good of the War?ghter, let?s work hard to continue our progress in
following through with NFR 

Defense Audit Remediation Working Group

Just last month, ?ve ?nal research and recommendation papers were jointly
signed by the Of?ce of the Secretary of Defense (OSD) Acting Director, Defense

I Mu"

CFO CORNER

MS. GRETCHEN ANDERSON
DLA Chief Financial Officer


?i

As we come to the ?nish line of our
second year ?nancial statement audit, 
?nd myself being reminded of Ronald
Reagan?s famous dictum, ?Trust, but
verify,? and noting how it can be applied
to our audit efforts. When under audit,
everything that an Agency does must be
veri?ed. An auditor can?t simply trust our
processes are correct??they must verify
them by conducting site visits and doing
substantive testing. To prepare for their
veri?cation, we must be performing our
own veri?cation of everything we do.
Even if you trust the process, you must
verify and then verify again to ensure it is
running smoothly and correctly.

DLA has internal controls in place for each
process and procedure in order to prove
to the auditor that we not only trust our
processes and procedures but have a
system in place to fully verify them. You

can read morevabOUt internal .
controls at page three of this
1? 







Business Management Analysis and Optimization, and the Deputy Chief Financial . 

Of?cer (CFO): Intragovernmental Transactions, to Include Interfund issue 56,
Remedial Action Cost Engineering and Requirements Validation RACER

Validation Issue 41, Adjustments for Expired Reimbursable Sales Orders issue 80, 3

Chemical Weapons Disposal Issue 40, and Accrued Liabilities Estimation and
Recordation Issue 13. To view these research papers, please go to: 


 

all

 



 

PAGE 2

'3

ISSUE 40: SEPTEMBER OCTOBER 2018 9
Why Does DLA Have An Enterprise Risk Management and Internal Control Program?

Enterprise Risk Management Internal Control (ERM IC) program and the ?nancial statement audit are complementary
processes that, when integrated, provide management with the information needed to support remediation and effectively
sustain an audit remediation posture. To reach an unmodi?ed opinion of our funds, the system of internal controls within
DLA must be strengthened enough to be able to prove the effectiveness of business process performance in the Agency.



A strong internal control environment enables risk management to be a proactive process, not a reactive one. Risk
Management and internal control evaluations drive sustainment of auditable business processes that establish a strong
internal control environment to prevent, detect, or correct material issues. Planned evolution will establish a proactive
program that allows for sustainment of an internal control environment that can support a clean audit opinion. The ERM IC
process is divided into ?ve phases: evaluation, planning, testing, reporting, and corrective action.

0 Evaluation Phase: Perform a risk assessment and review all documentation that pertains to the design,
implementation, and operating effectiveness ofthe control environment.

0 Planning Phase: Determine which internal controls will be tested throughout the year and develop a timeline for
testing and Statement of Assurance (SOA) reporting. The planning phase also
includes the creation of a scope of testing procedures document, which is
approved by the process owner.

0 Testing Phase: Execute internal control testing across the entity level controls
and ?nancial reporting, and system controls to assess the design and operating
effectiveness of control activities with the Agency.

0 Reporting Phase: Includes management?s review of the internal control testing
results and de?ciencies identi?ed, the determination of the level of assurance that
will be presented based upon the test results and de?ciencies identi?ed,
determination ofthe overall status of internal controls with the organization, and
the submission of the SOA.

- Corrective Action Phase: Develop and implement Corrective Action Plans (CAPS)
for self-identi?ed and auditor-identi?ed de?ciencies. De?ne requirements to
mitigate de?ciencies in control activities or supporting documentation, and design
solutions to strengthen and execute control activities, processes and or systems
and policies. The corrective action phase of the internal control cycle is ongoing
and may span the entire internal control cycle as corrective actions are designed, Five Phases of the Internal Control
design tested, implemented, and followed-up on, and as independent closure
testing is conducted. The status of the CAP is reported internally and externally, and the CAP is fully remediated, closed,
and documented.

 

Reporting
Phase

E?s

Testing
Phase

 

 

 

 

 

Since our assertion in Fiscal Year (FY) 2015, our goal has become to drive strategy and improve our internal control
environment. This will limit substantive testing from the auditors and help us mature as an organization. To accomplish this,
DLA needs to increase program management oversight and drive standardization on DLA-wide risk and control de?ciencies
and assessment criteria. In FY 2019, the A-123 program approach will be to drive sustainment. We will be expected to
incorporate areas into our A-123 program internal control test plans where corrective action plan remediation is completed
and incorporated in the Governance, Risk and Compliance Risk Management (GRC-RM) Tool dashboards.

Each of us plays an important role in implementing and operating an effective internal control system. We help DLA
management design, implement, and operate an internal control system, and are responsible for reporting issues noted in
the operations, reporting, or compliance objectives that drive mission accomplishment.

success depends on its greatest resource us! We must possess the skills, tools and supporting culture to meet 
ever changing and challenging mission.

Instruction on Trial Balance Management and Analysis Published

The Defense Logistics Agency Instruction (DLAI) for ?Trial Balance (TB) Management and Analysis? was signed and put into
effect July 13, 2018. The policy assigns responsibility to DLA Finance to perform procedures over Agency Enterprise Business
System (EBS) trial balances and ?nancial data to ensure the accuracy and completeness through multiple processes,
including: recurring analysis, standard reconciliations, performance of closing procedures, recording accruals,
monitoring key performance indicators, recurring reviews of aged transactions, and con?rmation of system data and reports.
The DLAI also dictates speci?c procedures to be followed in future transactions. For more information on this policy, please
go to: 

General Equipment Financial Reporting Updates

A new policy was signed into effect by the Of?ce of the Secretary of Defense (OSD) Deputy Chief ?nancial Of?cer (DCFO) that
establishes ?nancial reporting responsibilities for Department of Defense General Equipment (GE) and associated
capital improvements. This policy applies to all Components, including uni?ed and combatant commands, and covers
policies under: Construction-in?Progress (CIP), In-Service GE (including weapon systems and Government Furnished
Equipment and Capital Improvements to GE. The policy reports that because GE assets are frequently funded
and used by multiple component reporting entities simultaneously,? it can be dif?cult to assign accountability and implement
ef?cient ?nancial reporting policies. The new policy aims to facilitate ?nancial reporting by assigning reporting
responsibilities to speci?c entities within a broad range of GE situations. We are all familiar with the complexity involved
when sharing resources amongst different of?ces and teams around the world. For that reason, it is important that we work
together to ensure proper record management and reporting to help our team and the Agency as a whole. For more
information on this memorandum and the new policy, please go to the Defense Audit Remediation Working Group page.

PAGE 3

(J
ISSUE 40: SEPTEMBER 2018 

x5 ?5

iKey Highlights from the National Defense Strategy and National Security Strategy

At the most recent J8 Connect meeting, Mr. Gordon Weiss, Branch Chief, Enterprise Services (J861) briefed from the
American Society of Military Comptrollers (ASMC) Professional Development Institute (PDI) charts. Mr. Weiss noted that
due to the growing political, economic, military, and information competitions, President Donald Trump unveiled the
National Security Strategy (N58) to addresses key challenges and trends that affect our standing in the world. A statutorily
mandated document, the NSS explains to the American people, U.S. allies and partners, and federal agencies how the
President intends to put his national security vision into practice. The strategy identi?es four vital national interests, or ?four
pillars?, as: protect the homeland, the American people, and the American way of life; promote American prosperity;
preserve peace through strength; and advance American in?uence. The strategy also addresses key challenges and trends
that affect our standing in the world, including: revisionist powers such as China and Russia, regional dictatorships such as
Iran and North Korea, transnational threats, includingjihadist terrorists, and transnational criminal organizations.

To support the NSS, the 2018 National Defense Strategy (NDS), driven by Defense Secretary Jim Mattis, plays a key role in
identifying the capabilities required by our war?ghters. According to Secretary Mattis, ?This National Defense Strategy will
guide all our actions, aligning the Department's three lines of effort to gain synergies. But we recognize no strategy can long
survive without necessary funding and the stable, predictable budgets required to defend America in the modern age.? More
speci?cally, Mr. Weiss noted that the NDS is used to establish the objectives for military planning regarding force structure,
force modernization, business processes, supporting infrastructure, and required resources (to include funding and
manpower) to build a more lethal Joint Force and Defense enterprise to deal with national security challenges today and in

uture.

For more on N55, go to: 

For more on the NDS, go to:


Department of Defense Financial Management Regulation Updates

The Of?ce of the Under Secretary of Defense (Comptroller) and the Defense Finance and Accounting Services
(DFAS) are responsible for the publication and maintenance of the Department of Defense (DOD) Financial Management
Regulations (FMR). The FMR consists of 366 chapters. Revisions to the FMR are issued by chapter; however, the chapters are
consolidated by subject matter into 19 volume ?les and a single regulation ?le to enhance navigation and research
capabilities. This three?tiered access provides the ability to conduct an electronic search across the entire FMR, or the option
to limit a search to the subject matter of a single volume or chapter on the FMR website. Accounting Finance
Policy and DFAS publish updates to the FMR. Below are the updates made in August 2018.

Volume 4, Chapter 26: ?Assets Under Capital Lease?

Volume 4, Chapter 27: ?Internal Use Software? .

Volume 5, Chapter 6: ?Physical Losses of Funds, Erroneous Payments, and Overages?
Volume 5, Chapter 10: ?Smart Cards For Financial Applications?

Volume 5: ?De?nitions?

Volume 6B, Chapter 10: ?Notes to the Financial Statements?

Volume 8, Chapter 11: ?Allotments and Voluntary Deductions?

Volume 9, Chapter 4: "Transportation Allowances?

Volume 12, Chapter 30: ?Operation and Use of General Gift Funds?

Volume 16, Chapter 6: ?Debt Owed to the Department of Defense By Foreign Entities?

Audit Advancement Comic

 

 

 

 

 

  

 

     

How does this team building w?
exercise help us do our job again? 0?7 9992. 1521? don?t think Mark 3?
And ultimately, our cohesion, trust understands how this exercise works. . .
i/Vell, by building trust and hard work goes to support our
each other, th most important cause. .
team is better able to

 

 
 

 

 

complete ourjobs.

  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Stewardshi Website

 

For Audit Advancement questions, please email: AuditAdvancementHelp@DLA.mil
For editorial comments or suggested topics, please email Tanya Lee at Tanya.Lee@DLA.mil

PAGE 4