Inspector General Robert P. Storch announced today that the Department of Defense Office of Inspector General released the “Audit of the Defense Digital Service Support of DoD Programs and Operations.”
“The report highlights issues in the oversight of DDS that enabled officials to exceed their authority and left records management obligations unfulfilled. Some of the deficiencies we identified stemmed from a DoD Hotline complaint,” said IG Storch. “Our hotline is crucial for maintaining transparency, accountability, and integrity within the DoD, as it provides a safe and confidential means for employees to report wrongdoing, fraud, waste, or abuse without fear of retaliation. By encouraging employees to speak up, we can identify and address issues early, preventing them from escalating and potentially harming the DoD or its mission.”
The objective of our audit was to determine whether Defense Digital Service (DDS) engagements achieved their intended purpose and were executed in accordance with DoD and Federal policies. We identified that 5 of the 10 DDS engagements reviewed met their intended purpose. For the other five engagements, we were unable to determine if they met their intended purpose because DDS officials did not maintain adequate records of those engagements. In addition, the DoD OIG substantiated the Hotline allegation that DDS officials relied on waivers of DoD policies they improperly granted to themselves to use unauthorized information technology tools and services to store, process, and transmit DoD-controlled unclassified information, which puts DoD data at risk of compromise.
The report also identified that the Washington Headquarters Services (WHS), which was required to provide guidance to DDS officials on the creation and organization of a records management program and ensure compliance with records management policies, did not ensure that a program was established at the DDS. Adequate records of all DDS engagements are necessary so that DoD officials can analyze the effectiveness of DDS efforts and DDS officials can identify best practices for use throughout the DoD.
The DoD OIG made 15 recommendations, including that the Chief Digital and Artificial Intelligence Officer (CDAO), who oversees the DDS, develop, resource, and implement a records management program, and develop a clear waiver request process for CDAO directorates that includes a requirement to document and maintain records of the requests. The DoD OIG also recommended that the CDAO assess the hardware, software, cloud services, networks, and any other tools used by the DDS since 2015 to ensure compliance with DoD cybersecurity requirements.
The DoD OIG will continue to monitor the progress of the CDAO and WHS toward fully implementing all recommendations.
For more information on the DoD OIG Hotline visit http://www.dodig.mil/hotline.