14 DAY TRIAL // The conclusions drawn following the first U.S. Defense Department-wide financial audit are not surprising to anyone given that the Pentagon failed the audit just as expected.
“We never thought we were going to pass an audit, right? Everyone was betting against us, that we wouldn’t even do the audit,” told Patrick Shanahan the Deputy Secretary of Defense to reporters on Thursday at the Pentagon.
Although the audit has already been completed, a full report will be released by the Pentagon's inspector general during December 2018 given the amount of data that needs to be organized and the 2,000 findings and recommendations the results of the audit contain.
The technical term for the audit fail is that the DoD "did not receive a clean audit for the more than $2.7 trillion in assets it owns," as reported by the Federal News Network.
Even though the Pentagon failed its first-ever audit, as the principal deputy inspector general Glenn Fine said, the department will take the results of the audit seriously and will do everything possible to fix all procedure flaws according to the final report's recommendations,
As detailed by the DoD, "About 1,200 auditors conducted more than 900 site visits at more than 600 locations, including military bases, depots and warehouses."
IT gaps found during the audit include security management and access control issues
According to Fine, the DoD audit found multiple IT weaknesses affecting the Pentagon's day to day operations, ranging from system changes and security management to inadequate controls over access to military assets.
The audit unearthed material weaknesses such as "Systemic shortfalls in implementing cybersecurity measures to guard the data protection environment" and "Gaps in cybersecurity access controls including privileged user authentication and public key infrastructure and device hardening / encryption contribute to data protection vulnerabilities."
Furthermore, the report also mentions that "Issues exist in policy compliance with cybersecurity measures, oversight, and accountability."
The Pentagon's audit also comes with a number of recommendations to fix the found IT issues as it asks the DoD to revise current user system access policy, the current acquisition and IT purchase contracts and policy, as well as the current policy on shared file and drive protection.