Audit

Dec. 7, 2021

Project Announcement: Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment (Project No. D2022-D000CR-0043.000)

We plan to begin the subject audit in December 2021. We are conducting the subject audit at the request of the House Committee on Oversight and Reform. The objective of this audit is to determine the actions taken by the DoD to configure remote access software used to facilitate telework during the coronavirus disease–2019 (COVID-19) pandemic to protect DoD networks and systems from potential malicious activity. We will also determine the extent to which the DoD implemented security controls to protect remote connections to its networks. We may revise the objective as the audit proceeds, and we will consider suggestions from management for additional or revised objectives.

Dec. 7, 2021

Project Announcement: Oversight of the Audit of the FY 2022 Army Working Capital Fund Financial Statements (Project No. D2022-D000FI-0042.000)

Our planned oversight will begin immediately. The Chief Financial Officers Act of 1990, as amended, requires this audit. In accordance with the Act, the DoD Office of Inspector General is the principal auditor for the Army Working Capital Fund Financial Statements. We contracted with the independent public accounting firm of KPMG LLP (KPMG) to audit the Army Working Capital Fund Financial Statements for fiscal years ending September 30, 2022, and September 30, 2021. The objective of KPMG’s audit is to determine whether the FY 2022 Army Working Capital Fund Financial Statements and related notes are presented fairly and in conformity with accounting principles generally accepted in the United States of America. The objective of this oversight project is to provide contract oversight of KPMG’s audit of the Army Working Capital Fund Financial Statements for fiscal years ending September 30, 2022, and September 30, 2021, and determine whether KPMG complied with applicable auditing standards. We will execute the contractor’s audit procedures associated with reviews of transactions and facilities that are Special Access Program, TOP SECRET, and TOP SECRET/Sensitive Compartmented Information and provide an unclassified version of the results of our review to KPMG to use in developing its overall audit conclusions.

Dec. 6, 2021

Project Announcement: Audit of DoD Actions Taken to Protect DoD Information When Using Collaboration Tools During the COVID-19 Pandemic (Project No. D2022-D000CR-0038.000)

The DoD Office of Inspector General will begin the subject audit in December 2021. The objective of this audit is to determine whether DoD’s deployment of collaboration tools used to facilitate telework during the coronavirus disease–2019 (COVID-19) pandemic exposed DoD networks and systems to potential malicious activity, and the extent to which the DoD implemented security controls to protect the collaboration tools used on its networks. We will perform this audit in accordance with generally accepted government auditing standards. We may revise the objective as the audit proceeds, and we will consider suggestions from DoD management for additional or revised objectives.

Dec. 6, 2021

Project Announcement: Audit of Climate Change Adaptation and Facility Resilience at Military Installations in California (Project No. D2022-D000RL-0044.000)

We plan to begin the subject audit in December 2021. The objective of this audit is to determine whether the Military Services assessed facility resilience and planned for adaptation needed to address climate change and extreme weather events at installations in California. We may revise the objective as the audit proceeds, and we will also consider suggestions from management on additional or revised objectives.

Dec. 3, 2021

Audit of the DoD’s Use of Cybersecurity Reciprocity Within the Risk Management Framework Process (DODIG-2022-041)

Publicly Released: December 7, 2021

The objective of this audit was to determine whether DoD Components leveraged cybersecurity reciprocity to reduce redundant test and assessment efforts when authorizing information technology through the Risk Management Framework (RMF) process. This audit was conducted concurrently with audits conducted by the Military Department audit agencies: U.S. Army Audit Agency (AAA), Naval Audit Service (NAS), and Air Force Audit Agency (AFAA).