News | Feb. 4, 2020

DoD OIG Newsletter - February 2020


The DoD OIG newsletter summarizes the reports and investigations released by the Department of Defense Office of Inspector General in the previous month and those we anticipate releasing in the coming month. I encourage you to read these reports and to access our website, which lists reports and investigations by year, subject, and DoD component. You'll also find our project announcements and additional news releases highlighting investigations conducted by the Defense Criminal Investigative Service. Thank you for subscribing to our newsletter.



Significant reports expected to be issued within the next 30 days include:

Audit of DoD’s Accountability of Equipment Designated for Syria
This audit determines whether the DoD accounted for and properly stored equipment—such as weapons, ammunition, and vehicles—in Kuwait that was designated for Syria and procured with Counter-Islamic State of Iraq and Syria Train and Equip Funds, from procurement through divestment.  This report is classified.

Audit of the Global Command and Control System–Joint Security Controls
This audit determines whether DoD Combatant Commands and Military Services have implemented effective physical and logical security controls for the Global Command and Control System-Joint (GCCS-J) to protect DoD data and information technology assets.  The GCCS-J is a system that provides DoD military commanders secure and reliable information on the operational environment, including air, land, maritime, space, and cyberspace.  Additionally, the GCCS-J allows users to plan movement of troops and equipment across theaters of operation and build operations for enhanced combat situational awareness.  This report is classified.

Audit of DoD Service-Disabled Veteran-Owned Small Business Contract Awards
This audit determines whether the DoD awarded service-disabled veteran-owned small business set-aside and sole source contracts to eligible contractors.

Audit of the Navy and Air Force Hurricane Recovery Effort Costs
This audit determines whether the Navy controlled costs for the Global Contingency Construction Contract task orders issued to support the military base recovery efforts from the 2017 and 2018 hurricanes.  The task orders required the contractor to obtain equipment, materials, and labor to perform repairs for hurricane damage; perform construction and engineering services; and supervise hurricane recovery efforts.

Followup Audit on Corrective Actions Taken by DoD Components in Response to DoD Cyber Red Team-Identified Vulnerabilities and Additional Challenges Facing DoD Cyber Red Team Missions
This audit determines whether DoD Cyber Red Teams and DoD Components took actions to correct problems identified in a prior DoD OIG report, Report No. DODIG-2013-035, “Better Reporting and Certification Processes Can Improve Red Teams’ Effectiveness,” December 21, 2012.  The audit also determines whether DoD Cyber Red Teams supported operational testing and combatant command exercises to identify network vulnerabilities, threats, and other security weaknesses, and whether corrective actions were taken to address DoD Cyber Red Team findings.  DoD Cyber Red Teams are independent, multidisciplinary groups of personnel certified, accredited, and authorized to identify vulnerabilities and weaknesses affecting DoD systems, networks, and missions by portraying the tactics, techniques, and procedures of adversaries.  This report is classified. 

Audit of the Nuclear Command and Control System Supply Chain Security Risk Management Efforts
This audit determines whether the DoD's supply chain risk management program has mitigated the risk that an adversary could infiltrate the DoD supply chain and sabotage, maliciously introduce an unwanted function, or otherwise compromise the design or integrity of the critical hardware, software, and firmware for one or more critical networks or systems that comprise the Nuclear Command and Control System.  This report is classified.

Summary of Reports Issued and Testimonies Made Regarding DoD Cybersecurity From July 1, 2018, Through June 30, 2019
This audit summarizes unclassified and classified cybersecurity reports and testimonies from the DoD oversight community and the Government Accountability Office issued between July 1, 2018, and June 30, 2019.  The audit also identifies cybersecurity risks areas for DoD management to address based on the five functions of the National Institute of Standards and Technology Cybersecurity Framework, and identifies the open DoD OIG recommendations related to DoD cybersecurity. 

Audit of the Army's Oversight of the Base Operations Support Services Contract for Camp Taji, Iraq
This audit determines whether Combined Joint Task Force–Operation Inherent Resolve and the Army ensured that a contractor provided Camp Taji, Iraq, base life support services according to contract requirements.  The Camp Taji base life support services contract includes services such as base security, billeting, lodging, meals, potable water, emergency response, fire response and prevention, hazardous material storage, and electric power generation.    

Evaluation of Force Protection Screening, Vetting, and Biometric Operations for Afghanistan National Defense Security Forces
This evaluation determines whether U.S. Forces-Afghanistan developed and implemented screening, vetting, and biometric processes for members of the Afghan National Defense Security Forces partnering with U.S. and allied forces. This report is classified.

Evaluation of Combined Joint Task Force - Operation Inherent Resolve's Military Information Support Operation
This evaluation determines whether the Combined Joint Task Force - Operation Inherent Resolve, the headquarters of the U.S. contingent of the NATO military operation in Afghanistan, planned and executed military information support operations according to joint doctrine, and coordinated its messaging responsibilities with allies, the Government of the Islamic State of Afghanistan, and the Department of State.  This report is classified.

Evaluation of DoD Law Enforcement Organization Submissions of Criminal History Information to the Federal Bureau of Investigation
This evaluation determines whether the DoD and its law enforcement organizations complied with Federal law and DoD policy for submitting DoD criminal history information to the Federal Bureau of Investigation for entry into its criminal history databases.  The types of information examined include fingerprints and offender final disposition reports; Deoxyribonucleic Acid information; Sex Offender Registration and Notification Act information; and Gun Control Act information.  This evaluation also determines whether the DoD and its law enforcement organizations have implemented policies, processes, training, and management oversight procedures to improve the DoD’s collection and submission of criminal history information to the Federal Bureau of Investigation.  This evaluation follows up on prior DoD OIG reporting in 2017 and 2018 that found inconsistent transfer of criminal history information from DoD law enforcement organizations to the Federal Bureau of Investigation.   

Evaluation of Weather Support Capabilities for the MQ-9 Reaper
This evaluation determines whether the Air Force implemented weather support capabilities on the MQ-9 Reaper unmanned aircraft system (UAS).  Weather support capabilities are those capabilities that provide near-real time weather conditions and observations, enhancing forecasting, pilot situational awareness, mission planning and execution, and command and control of UAS.  The MQ-9 consists of a remotely piloted aircraft, a ground control station, communications equipment, and associated support equipment.  

Evaluation of the Integrated Enterprise Ground Service Environment
This evaluation determines whether the Air Force Space Command has developed a plan to implement the Enterprise Ground Services.  The Enterprise Ground Services is the prototype phase of the Air Force Satellite Control Network and consists of hardware, and software applications that support tactical operational systems.   

Lead Inspector General for Operation Pacific Eagle--Philippines Quarterly Report to the United States Congress, October 1, 2019 through December 31, 2019
This report discusses the Quarter 1 FY 2020 activities related to the efforts to support the Armed Forces of the Philippines’ fight against Islamic State in Iraq and Syria (ISIS) affiliates and other terrorist organizations, and describes ongoing and planned Lead Inspector General (IG) and partner agency oversight work.

Lead Inspector General for East Africa and North and West Africa Counterterrorism Operations Report to the United States Congress, October 1, 2019 through December 31, 2019
This report discusses the Quarter 1 FY 2020 activities related to the efforts that seek to degrade al Qaeda and ISIS-affiliated terrorists in specific regions of Africa, and describes ongoing and planned Lead IG and partner agency oversight work.

Lead Inspector General for Operation Freedom’s Sentinel Quarterly Report to the United States Congress, October 1, 2019 through December 31, 2019
This report discusses the Quarter 1 FY 2020 activities related to the U.S. missions in Afghanistan: 1) counterterrorism operations against al Qaeda, ISIS-Khorasan, and their affiliates in Afghanistan; and 2) training, advising, and assisting the Afghan National Defense and Security Forces through the NATO-led Resolute Support Mission. This report also describes ongoing and planned Lead IG and partner agency oversight work.

Recently issued Reports of Interest (to view report, if available, please click on title)

Testimony from Glenn A. Fine, Principal Deputy Inspector General Performing the Duties of the Inspector General, before the Subcommittee on Government Operations Committee on Oversight and Reform on Protecting Those Who Blow the Whistle on Government Wrongdoing
This hearing statement discusses the significant contributions of whistleblowers, why the protection of whistleblowers is important, how the DoD OIG evaluates and investigates whistleblower disclosures and complaints of reprisal, and several best practices the DoD OIG has implemented to improve the timeliness and efficiency in whistleblower investigations.

Understanding the Results of the Audit of the DoD FY 2019 Financial Statements
On November 15, 2019, the DoD OIG issued a disclaimer of opinion on the FY 2019 Agency‑Wide Basic Financial Statements, meaning an overall opinion could not be expressed on the financial statements under audit.  Audit opinions, by their nature are technical, follow a prescribed format, and may not be easily understood without a background in accounting.  The DoD OIG issued this report to explain the results of the FY 2019 audit report in clear and understandable terms for the Congress and the public.  In addition, the report describes the contents of the DoD Agency Financial Report, the purpose of the financial statement audits, the importance of financial statement audits, and the roles and responsibilities of DoD management and the auditors that reviewed the financial statements.

Lead Inspector General for Operation Inherent Resolve Quarterly Report to the United States Congress, October 1, 2019 through December 31, 2019
This Lead Inspector General quarterly report for Operation Inherent Resolve (OIR), the overseas contingency operation to combat the ISIS, which covered the period October 1 through December 31, 2019, summarizes the quarter’s key events and describes completed, ongoing, and planned Lead IG and partner agency oversight work related to OIR.  In addition, the report discusses a series of events that took place after the quarter, in both Syria and Iraq, that affects OIR, including a U.S. airstrike in Iraq killed Iranian Major General Qassem Soleimani, the leader of the Islamic Revolutionary Guards Corps–Qods Force, and the Iranian response.   

Audit of Surge Sealift Readiness Reporting
This audit determined that the Military Sealift Command (MSC) did not accurately report the readiness status for 15 of its surge sealift ships during FYs 2017 and 2018.  The MSC’s Sealift Program provides sea transportation for DoD agencies and Military Services.  The MSC uses a surge sealift fleet to support the initial sealift demands associated with operational plans.  The MSC also inaccurately reported the readiness status of its surge sealift ships.  In addition, Department of Transportation Maritime Administration (MARAD) contractors did not follow MSC criteria for assessing and reporting the readiness status for the 35 MARAD-owned surge sealift ships.  As a result of MSC’s inaccurate reporting, U.S. Transportation Command’s assessment of surge sealift capacity was unreliable and could lead geographic combatant commanders to make incorrect assumptions about availability and resupply.  In addition, the DoD spent $477.8 million from FYs 2016 through 2018 on maintenance and repairs of the 35 MARAD surge sealift ships and plans to spend an additional $843.9 million from FYs 2019 through 2022, without verification that the surge sealift ships are being maintained and will be mission-ready when required.   

Audit of Controls Over Opioid Prescriptions at Selected DoD Military Treatment Facilities
This audit determined that selected military treatment facilities overprescribed opioids between 2015 and 2017 because policies and processes were not in place to properly monitor and identify beneficiaries who received more than the maximum recommended dose of 90 milligrams of morphine equivalent per day.  In addition, the DoD OIG determined that military treatment facility staff and officials did not prevent providers from prescribing unusually high or large doses of opioids to beneficiaries.  Additionally, when trying to compare beneficiaries’ medical records with the data from the military treatment facilities, the DoD OIG identified errors and limitations in the DoD Medical Health System Data Repository for 2015 through 2018.  These errors prevented the DoD OIG from being able to determine the full universe of beneficiaries who were prescribed opioids above the recommended dose of 90 milligrams of morphine equivalent.  If the DoD does not monitor opioid prescriptions, hold providers accountable, and carefully justify why the provider did not follow DoD guidance, beneficiaries may be at risk of being overprescribed opioids, developing opioid use disorder, progressing to the use of heroin, or possibly dying of an opioid overdose. 

Audit of the Readiness of Arleigh Burke-Class Destroyers
This audit determined that Navy fleet commanders, type commanders, and unit commanding officers identified training deficiencies during the Arleigh Burke-class destroyers’ optimized fleet response plan—the Navy’s framework to improve fleet readiness.  Commanding officers reported training deficiencies, such as the inability to be certified or maintain proficiency in mission areas in the Navy’s system for readiness reporting for 9 of 12 ships reviewed during the audit.  In addition, fleet commanders reported that 5 of the 12 ships reviewed had training deficiencies, such as training that was either incomplete or not completed under established conditions or standards.  However, the commanders and commanding officers did not address the identified deficiencies.  As a result, the Navy needs to address these deficiencies as part of its efforts to address the overall readiness challenges that face the Arleigh Burke-class destroyer.

Interagency Coordination Group of Inspectors General for Guam Realignment
This report provided a detailed statement of the obligations, expenditures, and revenues associated with U.S. military construction on Guam.  The annual report of the Interagency Coordination Group of Inspectors General for Guam Realignment is required by Public Law 111-84, “The National Defense Authorization Act for Fiscal Year 2010,” October 28, 2009.

System Review Report on the Army Internal Review Program
This review evaluated the system of quality control for the Army Internal Review (IR) Program in effect for the 3-year period ended December 31, 2018.  A system of quality control covers the Army IR Program’s organizational structure, the policies adopted, and procedures established to provide the Army with reasonable assurance of conformity with the Government Auditing Standards.  Audit organizations can receive a rating of pass, pass with deficiencies, or fail.  The Army IR Program received an external peer review rating of pass with deficiencies.  Examples of deficiencies noted, included insufficient supervisory reviews and not following the standards for attestation engagements, reporting, and monitoring the quality of work completed.   

Evaluation of Defense Contract Management Agency Contracting Officer Actions on Penalties Recommended by the Defense Contract Audit Agency
This evaluation determined that in 18 of 28 Defense Contract Audit Agency (DCAA) audit reports reviewed, Defense Contract Management Agency (DCMA) contracting officers did not adequately explain why they disagreed with DCAA’s recommendations to assess penalties on $43 million in unallowable indirect costs.  In addition, DoD OIG concluded that DCMA contracting officers did not calculate the correct amount of penalties and interest when they assessed penalties against contractors.  As a result, the contracting officers did not collect penalties on $43 million in costs that may have been unallowable and subject to penalties, as well as additional interest due to the U.S. Government.

Evaluation of U.S. European Command's Warning Intelligence Capabilities
This evaluation determined whether warning intelligence information from the U.S. European Command Joint Intelligence Operations Center (JIOCEUR) and the JIOCEUR Analytic Center provided senior officials adequate information to make decisions based on notification of a potential threat to the U.S. or allied interests.  A redacted version of this report was publically released on January 30, 2020.  

DEFENSE CRIMINAL INVESTIGATIVE SERVICE HIGHLIGHTS (to view DOJ press release, if available, please click on title)

Tampa Bay Autism Service Provider Agrees To Pay $675,000 to Resolve Civil Healthcare Fraud Allegations  
On January 7, 2020, the Department of Justice announced that Behavioral Consulting of Tampa Bay (BCOTB) agreed to pay the United States $675,000 to resolve allegations that BCOTB violated the False Claims Act by submitting false or fraudulent claims to TRICARE program.  The United States initiated an investigation after an audit by TRICARE’s managed care support contractor, Humana Military Program Integrity, revealed alleged false or fraudulent claims to TRICARE for applied behavior analysis therapy and other services to TRICARE beneficiaries with autism spectrum disorder.  The settlement resolves allegations that BCOTB submitted claims to TRICARE that misrepresented the identity of the provider, misrepresented the service provided, requested payment for more time than supported by the medical record, and were not substantiated by a medical record.  This case was investigated by the Defense Criminal Investigative Service (DCIS) and Humana Military Program Integrity. 

Oregon Military Department Employee Pleads Guilty to Making False Statements
On January 9, 2020, Dominic Caputo of Clackamas County, Oregon, pleaded guilty to making false statements while employed as a civilian program manager for the Oregon National Guard (ONG) Oregon Sustainment Maintenance Site (OSMS).  The ONG operates and maintains the OSMS at Camp Withycombe, an Oregon Military Department.  OSMS supports readiness and training of the U.S. Military by refurbishing out-of-service electronic equipment owned by the DoD.  In the event of an emergency or declaration of war, OSMS deploys refurbished equipment to other military bases or installations.  During the relevant time period, OSMS was the only maintenance site in the United States capable of repairing and rebuilding certain engines in support of the Federal military supply system.  From 2010 to 2014, Caputo served as a civilian program manager for the OSMS Power Division where he directed, controlled, and supervised the rebuilding and repair of small and large engines, generators, tires and other types of equipment.  Caputo was responsible for certifying completed work and submitting claims to the Army Communications-Electronics Command (CECOM) under the National Maintenance and other DoD Programs.  During fiscal year 2014, Caputo billed CECOM more than $675,000 for the repair and rebuilding of John Deere Diesel Engines despite the work having not been performed.  However, more than 60 of the engines had already been repaired and billed to CECOM in prior fiscal years.  For those engines, Caputo directed Power Division employees to remove and replace original serial numbers and identifying engine plates from the engines to conceal the duplicate billing.  In June 2014, Caputo prepared a work order and test data indicating that the falsified repair work on an engine had been performed and submitted this false information to CECOM.  Caputo’s employment with OSMS was terminated in November 2014 when his fraud was revealed.  In September 2018, a Federal grand jury in Portland indicted Caputo for misrepresenting the operational status of military equipment used to maintain a war-ready posture.  As part of the plea agreement, Caputo has agreed to pay more than $2.6 million in restitution to CECOM.  This case was investigated by DCIS, the Federal Bureau of Investigation (FBI), and the Army Criminal Investigation Command (Army CID). 

Former Green Beret Pleads Guilty to Conspiracy and Receiving Stolen Federal Funds
On January 13, 2020, William Chamberlain of Raleigh, North Carolina, pleaded guilty to conspiracy and receiving stolen Government property.  Chamberlain and four other members from the 3rd Special Forces Group based at Fort Bragg, North Carolina were indicted in June 2014.  According to the charges, Chamberlain, Cleo Autry, Jeffrey Cook, Deric Harper, and Barry Walls stole approximately $200,000 between July 2009 and January 2010 while deployed together in Afghanistan.  The five soldiers split- had access to various Government funds.  Operational funds were provided to purchase mission critical items that could not be obtained through military supply systems.  Commander’s Emergency Response Funds were earmarked for humanitarian projects intended to benefit the local Afghan populace, such as public roads, schools and medical clinics.  In addition, there were classified funds for Special Forces to support counterterrorism operations.  The Indictment alleged that these soldiers stole a portion of the aforementioned funds and falsified receipts to conceal the amount stolen.  According to the investigation, all five soldiers converted stolen funds into postal money orders, which were purchased from military post offices in Afghanistan.  They also sent cash to family members in the mail or carried cash back into the United States at the end of their deployment.  When first approached by law enforcement, Chamberlain and the others falsely claimed either winning the cash gambling or bringing the cash with them from the United States when deployed.  The other four soldiers, Cleo Autry, Jeffrey Cook, Deric Harper, and Barry Walls, entered guilty pleas in 2014.  This was a joint investigation with DCIS, FBI, Army-CID, and the Special Inspector General for Afghanistan Reconstruction.

Five Men Indicted for Operating an International Procurement Network to Export Goods from the United States to Pakistan's Nuclear Program
On January 15, 2020, five men associated with the front company Business World in Rawalpindi, Pakistan were indicted for conspiracy to violate the International Emergency Economic Powers Act and the Export Control Reform Act of 2018 and Conspiracy to Smuggle Goods from the United States.  Between September 2014 and October 2019, the defendants allegedly operated an international procurement network of front companies that existed to acquire goods for the Advanced Engineering Research Organization (AERO) and the Pakistan Atomic Energy Commission (PAEC), and to cause those goods to be exported from the United States to the entities without export licenses in violation of Federal law.  Both AERO and PAEC were on the Commerce Department’s Entity List, which imposes export license requirements for organizations whose activities are found to be contrary to U.S. national security or foreign policy interests.  PAEC was added to the Entity List in 1998.  AERO was added to the Entity List in 2014, after the U.S. Government found that it had used intermediaries and front companies to procure items for use in Pakistan’s cruise missile and strategic UAV programs.  The defendants also allegedly attempted to conceal the true destinations in Pakistan of the U.S.-origin goods by using the conspirators’ network of front companies as the supposed purchasers and end users of the goods and as the apparent source of payments for the goods, even though the goods were ultimately received in Pakistan and paid for by AERO or PAEC.  The defendants caused the U.S. companies to file export documents that falsely identified the Ultimate Consignees of the shipments as entities other than AERO and PAEC.  The defendants never applied for or obtained an export license from the Department of Commerce authorizing the export of goods to AERO or PAEC in Pakistan.  This was a joint investigation with DCIS, the Department of Commerce’s Office of Export Enforcement, and the Immigration and Customs Enforcement’s Homeland Security Investigations.

Texas Doctor Found Guilty for Role in $325 Million Health Care Fraud Scheme Involving False Diagnoses of Life-Long Diseases
On January 15, 2020, a Federal jury found a Texas rheumatologist guilty for his role in a $325 million health care fraud scheme in which he falsely diagnosed patients with life-long diseases and treated them with toxic medications on the basis of that false diagnosis.  Following a 25-day trial, Jorge Zamora-Quezada, M.D., of Mission, Texas, was convicted of one count of conspiracy to commit health care fraud, seven counts of health care fraud, and one count of conspiracy to obstruct justice.  Zamora-Quezada is expected to be sentenced on March 27, 2020.  During the trial, evidence showed that Zamora-Quezada falsely diagnosed a large number of patients with rheumatoid arthritis, a life-long, incurable disease, and treated them with toxic, medically unnecessary medications like chemotherapy drugs on the basis of that false diagnosis.  Many patients, including patients as young as 13, suffered physical and emotional harm as a result of the false diagnoses, chemotherapy injections, hours' long intravenous infusions, and other excessive, repetitive and profit-driven medical procedures.  The evidence further showed that to obstruct and mislead a federal grand jury investigation, Zamora-Quezada falsified medical records.  This case was investigated by the Rio Grande Valley Health Care Fraud Task Force, which includes the FBI, the Department of Health and Human Services Office of Inspector General (HHS-OIG), the Texas HHS-OIG and Texas Medicaid Fraud Control Unit, and DCIS. 

ResMed Corp. to Pay the United States $37.5 Million for Allegedly Causing the Filing of False Claims Related to the Sale of Equipment for Sleep Apnea and Other Sleep-Related Disorders
On January 15, 2019, ResMed Corp. (ResMed), a manufacturer of durable medical equipment (DME) based in San Diego, California, agreed to pay more than $37.5 million to resolve alleged False Claims Act violations for paying kickbacks to DME suppliers, sleep labs and other health care providers who billed TRICARE and other federal healthcare programs.  The settlement resolves allegations that ResMed provided DME companies with free telephone call center services and other free patient outreach services that enabled these companies to order resupplies for their patients with sleep apnea; provided sleep labs with free and below-cost positive airway pressure masks and diagnostic machines, as well as free installation of these machines; arranged for, and fully guaranteed the payments due on, interest-free loans that DME suppliers acquired from third-party financial institutions for the purchase of ResMed equipment; and provided non-sleep specialist physicians free home sleep testing devices referred to as “ApneaLink.”  The agreement resolves five lawsuits originally brought by whistleblowers under the qui tam, or whistleblower, provisions of the False Claims Act.  The settlement was the result of a coordinated effort by the Civil Division of the Department of Justice; the U.S. Attorney’s Offices for the Eastern District of New York, the District of South Carolina, the Southern District of California and the Northern District of Iowa; HHS-OIG; DCIS; the Defense Health Agency Office of General Counsel; FBI; and the National Association of Medicaid Fraud Control Units.

ANNOUNCED PROJECTS (to view the announcement letters, if available, please click on the title)

Evaluation of the DoD’s Actions to Control Contamination from Perflouroalkyl and Polyflouroalkyl Substances at DoD Installations
The objective of this evaluation is to determine the extent that the DoD has taken steps to identify, mitigate, and remediate contamination from Perflouroalkyl and Polyflouroalkyl Substances (PFAS) at DoD installations; and identify and inform populations exposed to PFAS at DoD installations of the associated health and safety concerns.  PFAS are a large, diverse group of man-made chemicals used in a variety of commercial and industrial applications.  The DoD's use of PFAS is primarily in the form of a firefighting foam, which is used to quickly extinguish petroleum-based fires.

Audit of Corrective Actions Taken by DoD Components in Response to Cybersecurity Vulnerabilities Identified During the Cybersecurity Test and Evaluation of DoD Acquisition Programs 
The objective of this audit is to determine the extent to which DoD Components took action to accept, mitigate, or remediate cybersecurity vulnerabilities identified during the cybersecurity test and evaluation of DoD acquisition programs.  Cybersecurity test and evaluation assists the DoD in developing and fielding more secure, resilient systems to address vulnerabilities and threats throughout a program's lifecycle.  Maintaining continual awareness of emerging cybersecurity threats, testing information systems against those threats, and mitigating system vulnerabilities should be an ongoing process supported by decision makers with the authority to require corrective actions.

Audit of the National Background Investigation System Security and Interoperability 
The objective of this audit is to determine whether the DoD planned for and implemented effective cybersecurity controls to protect sensitive information in the National Background Investigation System (NBIS).  The Defense Information Systems Agency is currently developing the NBIS as the DoD’s new end-to-end information technology system that will support and enhance investigative operations and processes.  NBIS capabilities are expected to include collecting and validating information; processing fingerprints and biometric data; and providing continuous evaluation and adjudication, among other critical tasks.  In addition, this audit will determine whether the DoD planned for, developed, and implemented controls to achieve interoperability between the NBIS and legacy background investigation systems. 

Audit of the DoD’s Compliance With the Federal Information Security Modernization Act of 2014 
The objective of this audit is to determine the effectiveness of the DoD’s information security policies, procedures, and practices and provide an annual independent evaluation of the DoD's implemented information security policies, procedures, controls, and practices, in accordance with the Federal Information Security Modernization Act of 2014.

Audit of the Collection, Analysis, Dissemination, and Security of Sensitive Information Maintained by the Defense Insider Threat Management and Analysis Center 
The objective of this audit is to determine whether the Defense Insider Threat Management and Analysis Center is consolidating Component-level reporting of insider threat indicators and providing an enterprise-level capability to identify and prevent insider threats.  An insider threat is a threat that insiders pose to the DoD and Government installations, facilities, personnel, missions, or resources.  In addition, this audit will determine whether officials implemented effective processes and controls to protect the Center’s repository of insider threat assessments, indicators, and other legal, personal, health, mental health, and security information from unauthorized access.

Audit of the DoD Acquisition and Reporting of Cloud Computing Services 
The objective of this audit is to determine whether the DoD Components are acquiring and reporting the use of secure cloud computing services according to DoD policy, guidance, and strategy.  Cloud computing is a means for enabling on-demand access to networks, servers, storage applications, and services.

Audit of Pharmacy Operations at DoD Military Treatment Facilities 
The objective of this audit is to determine whether the Defense Health Agency properly accounted for and safeguarded pharmaceuticals at selected DoD military treatment facilities according to guidance from the Defense Health Agency and Military Departments.

Evaluation of Foreign Influence in DoD Research and Development
The objective of this evaluation is to determine whether the Office of the Under Secretary of Defense for Research and Engineering is monitoring and mitigating foreign influence into the DoD’s research and development programs.