[Senate Hearing 116-644]
[From the U.S. Government Publishing Office]
S. Hrg. 116-644
THE DEPARTMENT OF DEFENSE AUDIT
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON READINESS AND
MANAGEMENT SUPPORT
OF THE
COMMITTEE ON ARMED SERVICES
UNITED STATES SENATE
ONE HUNDRED SIXTEENTH CONGRESS
FIRST SESSION
__________
NOVEMBER 20, 2019
__________
Printed for the use of the Committee on Armed Services
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available via: http://www.govinfo.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
54-854 PDF WASHINGTON : 2024
COMMITTEE ON ARMED SERVICES
JAMES M. INHOFE, Oklahoma, Chairman
ROGER F. WICKER, Mississippi JACK REED, Rhode Island
DEB FISCHER, Nebraska JEANNE SHAHEEN, New Hampshire
TOM COTTON, Arkansas KIRSTEN E. GILLIBRAND, New York
MIKE ROUNDS, South Dakota RICHARD BLUMENTHAL, Connecticut
JONI ERNST, Iowa MAZIE K. HIRONO, Hawaii
THOM TILLIS, North Carolina TIM KAINE, Virginia
DAN SULLIVAN, Alaska ANGUS S. KING, Jr., Maine
DAVID PERDUE, Georgia MARTIN HEINRICH, New Mexico
KEVIN CRAMER, North Dakota ELIZABETH WARREN, Massachusetts
MARTHA McSALLY, Arizona GARY C. PETERS, Michigan
RICK SCOTT, Florida JOE MANCHIN, West Virginia
MARSHA BLACKBURN, Tennessee TAMMY DUCKWORTH, Illinois
JOSH HAWLEY, Missouri DOUG JONES, Alabama
John Bonsell, Staff Director
Elizabeth L. King, Minority Staff Director
__________
Subcommittee on Readiness and Management Support
DAN SULLIVAN, Alaska, Chairman
DEB FISCHER, Nebraska TIM KAINE, Virginia
JONI ERNST, Iowa JEANNE SHAHEEN, New Hampshire
DAVID PERDUE, Georgia MAZIE K. HIRONO, Hawaii
MARTHA McSALLY, Arizona TAMMY DUCKWORTH, Illinois
MARSHA BLACKBURN, Tennessee DOUG JONES, Alabama
(ii)
C O N T E N T S
__________
November 20, 2019
Page
The Department of Defense Audit.................................. 1
Members Statements
Statement of Senator Dan Sullivan................................ 1
Statement of Senator Tim Kaine................................... 2
Witness Statements
Norquist, Hon. David L., Deputy Secretary of Defense............. 4
Questions for the Record......................................... 40
Appendix A
Details Related to the Service Fiscal Year 2020 Marks.......... 47
Appendix B
Supporting documents........................................... 48
(iii)
THE DEPARTMENT OF DEFENSE AUDIT
----------
WEDNESDAY, NOVEMBER 20, 2019
United States Senate,
Subcommittee on Readiness
and Management Support,
Committee on Armed Services,
Washington, DC.
The Subcommittee met, pursuant to notice, at 9:30 a.m. in
room SR-222, Russell Senate Office Building, Senator Dan
Sullivan (Chairman of the Subcommittee) presiding.
Members present: Senators Sullivan, Fischer, Ernst, Perdue,
Blackburn, Shaheen, Hirono, Kaine, and Jones.
OPENING STATEMENT OF SENATOR DAN SULLIVAN
Senator Sullivan. Good morning. This hearing on the
Subcommittee on Readiness and Management Support will come to
order.
Today, this Subcommittee meets to receive testimony from
Deputy Secretary of Defense David Norquist concerning the
Department of Defense's (DOD) 2018 and 2019 audits. Last year,
when he was serving as the DOD Comptroller, Secretary Norquist
completed the first DOD audit ever. Soon thereafter, Secretary
Norquist was nominated and then confirmed as Deputy Secretary
of Defense with overwhelming Senate support from both sides of
the aisle. He is a wealth of knowledge on these issues, and I
thank him for being here today.
To a lot of people, aside from my good friend Senator
Perdue, who I'm hopeful will be here a little bit later, the
DOD audit might not come across as the most interesting topic
in the world. However, Ranking Member Kaine and I take our
oversight responsibility seriously and are happy to have this
important and timely hearing.
Another responsibility we take seriously has been one of
providing the funding needed to rebuild our military, with a
specific focus on restoring readiness.
Conducting an audit of this magnitude is a massive
undertaking, as I'm sure we'll hear. In fact, until Secretary
Norquist arrived, it had never happened. The Pentagon had never
completed an audit. Let me repeat that. In its history, the
Department of Defense had never completed an audit. Kind of
remarkable.
The fiscal year 2019 DOD audit is one of the largest audits
of any organization in history. Over the course of this year,
this audit has required more than 1,400 auditors and hundreds
of DOD site inspections. These auditors and inspections
evaluated thousands of sample and document items to account for
the roughly $2.8 trillion in DOD assets. Conducting an audit of
this size is no easy task, but it's a critical function that
DOD must do, and the results reveal issues that we all must
learn from. There is still much, much more work to be done, but
I commend the Secretary for undertaking this difficult, but
important, task.
As of last Friday, the Department of Defense completed its
second agency-wide audit. While it did not receive an overall
clean opinion, much knowledge was gained from actually doing
the audit. I'm sure we'll hear more, but of the 24 individual
audits done across the different agencies, 7 did come back
clean.
So, why do we take the time to do an audit? In part, it is
to encourage the more responsible use of resources within the
Department, and, from a readiness perspective, the ability to
promote real change within the Department. While identifying
cyber vulnerabilities in DOD information technology systems or
locating unaccounted-for equipment or improving the
recordkeeping of personnel is not a glamorous undertaking, it
does produce process improvements and technological upgrades
that are long overdue. These improvements are critical to DOD's
responsibility that, ``It's important to gain full value from
every taxpayer dollar spent on defense, thereby earning the
trust of Congress''. That is from the 2019 National Defense
Strategy (NDS). In other words, if DOD wants Congress to
continue to fund the military in order to counter great-power
competition, like that from Russia and China, as laid out in
the 2019 NDS, we, in the Congress, and the American people need
to have the confidence that these dollars are being spent
wisely.
As Chairman Inhofe regularly states, the NDS has been
preparing our military for a return to strategic competition
and does represent a prime example of bipartisanship for the
support of that strategy and our troops in the Senate. The NDS
explicitly states the audit as a priority towards driving a
better budget discipline for the Department and achieving our
overall national defense goals. I hope this budget discipline
starts with the audit and spreads throughout the Department to
all the financial processes within DOD, including our
procurement, acquisition, and contracting processes that this
subcommittee has oversight of. I look forward to hearing about
the progress, some of the successes, some of the failures.
I know my Ranking Member, Senator Kaine, is also
interested, so I will turn the dais over to him for his opening
remarks.
STATEMENT OF SENATOR TIM KAINE
Senator Kaine. Thank you, Mr. Chairman.
Secretary Norquist, it's good to have you here. When I saw
the amount of press streaming into the Capitol this morning, I
thought finally the Pentagon audit is going to get the
attention that it has deserved.
[Laughter.]
Senator Kaine. Apparently, there's other things going on,
on the Hill. But, I do want to welcome you and thank you for
your long record of public service, but also for your making
sure that the auditability of the DOD is a top priority.
The fact that all Federal agencies were mandated to do
audits, really beginning in 1990, and that the DOD has been the
last to get in line is well known, so much so that the NDAA
[National Defense Authorization Act], in, I believe, 2015, this
committee sort of said, ``Okay, you had enough time, you've got
to make this happen.'' I was gratified to be part of the
committee when we finally gave the ultimatum, and I'm gratified
that, under your leadership, the DOD is moving to get this
done.
Last week, the Department announced that it had officially
failed the 2019 audit. That's not surprising. I think,
actually, you would have found a great deal of skepticism on
this committee had the 2019 report said, ``Hey, everything's
fine.'' When you start something as complex as this, if you're
not finding areas to improve, failings that need to be
corrected, then you lead policymakers to question the veracity
or the sufficiency of the effort.
But, what the report last week showed is that there's so
much more to be done to get warfighters and taxpayers what they
deserve, a fully auditable Pentagon. We had a witness testify
before the full committee recently. I'm blanking on the
witness's name, but she used the phrase ``efficiency for
lethality,'' the idea that the audit should drive us to not
spend on things we shouldn't, reduce spending on things we
shouldn't, as a way of then directing those resources to more
lethality, to a more effective Department of Defense.
I hope we can talk about a number of issues today. What
benefits are the military forces already seeing from the audit
and its findings? Benefits in efficiency, but it was always my
hope, as a mayor and Governor, in looking at audits, to also
learn some things that might improve the effectiveness of
operations. I don't think it's just a number-counting exercise
and an exercise that should lead to saving a dollar here or a
dollar there. It should also lead to greater efficiencies and
effectiveness. And so, I hope we can talk about benefits.
How is the process of the audit already helping the
Pentagon clean up any data or accounting practices that need to
be improved? What resources are being applied to the audit? Are
there additional resources that need to be applied so that it
can be as effective as possible, moving forward? And, in your
opinion, Secretary Norquist, how long will it be,
realistically, before the DOD will be in a position where the
audits will be clean audits across all the numerous audits that
are done?
So, I look forward to working with the committee, under
your leadership, with the Department, to make good on this
promise made so long ago to the American taxpayer that every
aspect of the American Federal Government would be subject to
an audit, and that we would learn from the audit in a process
of continuous improvement so that we can get better at what we
do.
Thank you.
Senator Sullivan. Thank you, Senator Kaine.
And, Mr. Secretary, thanks again for being here. We look
forward to your opening statement. If you want a longer written
statement, that will be submitted for the record.
The floor is yours.
STATEMENT OF HON. DAVID L. NORQUIST, DEPUTY SECRETARY OF
DEFENSE
Secretary Norquist. Thank you, Mr. Chairman.
Chairman Sullivan, Ranking Member Kaine, distinguished
Members of the Committee, thank you for the opportunity to
testify before you today on the Department of Defense financial
statement audit.
There are three major questions about the audit I'd like to
briefly address. First, why do we even have an audit? Second,
what are the results of this year's audit? And third, how does
the audit and other reforms benefit American taxpayers?
The short answer on why we have an audit is that DOD is an
extraordinarily large and complex organization. We employ
nearly 3 million servicemembers and civilians. While a typical
commercial airline manages between 300 and 1,600 aircraft, the
military services fly approximately 16,000 aircraft. We also
manage 292 billion in inventory, more than 6 times the size of
Walmart, the world's largest retail company. Financial
statement audits are a proven commercial solution that uses
independent auditors to effectively assess complex operations.
A financial statement audit is comprehensive, and it includes
verifying the count, location, and condition of our military
equipment, property, material, and supplies. It tests
vulnerabilities in our security system of our business systems,
and it validates the accuracy of records and actions, such as
promotions and separations. In short, it provides the
independent feedback that both DOD leadership and Congress
needs.
This year, more than 1,400 auditors conducted over 600 site
visits, with the following results: consistent with last year,
they reported no evidence of fraud, no significant issues with
the amounts paid to civilian or military members, and that DOD
could account for the existence and completeness of major
military equipment. In addition, one more organization received
a clean opinion: the Defense Commissary Agency. Now 7 of the 24
will have an unmodified or clean opinion this year. And of the
2,377 findings in fiscal year 2018, the Department was
successful in closing more than 550, or 23 percent, of the
findings. The audit demonstrates progress, but we have a lot
more to do.
How does the audit benefit the American taxpayer? Well, the
original and primary purpose in an audit is transparency. But,
at DOD, we have seen how the audit saves money by improving
inventory management, identifying vulnerabilities in
cybersecurity, and providing better data for decisionmaking.
Let me give two examples:
The Navy, at Fleet Logistics Center (FLC) Jacksonville,
conducted a 10-week assessment, and they identified $81 million
worth of active material not tracked in the inventory system.
That was now available for immediate use, decreasing
maintenance time and filling 174 requisitions. They also
eliminated unneeded equipment, freeing up approximately 200,000
square feet, the equivalent of 4.6 acres.
We are already seeing the benefits of better data in the
use of data analytics. For example, the Department uses the
ADVANA tool recently to automate the quarterly review process
of its obligations. This workflow tool eliminated
inefficiencies and provided the analysts the time and the
insights they needed to identify $316 million in high-risk
funds, moving them from a low-priority function to better use
of those before they canceled or expired.
The audit is a foundational element of a broader landscape
of business reform in the National Defense Strategy. We are
moving forward on multiple fronts, improving our enterprise
buying power, consolidating IT [information technology],
realigning and reforming healthcare, consistent with
congressional direction, reforming how we do background
investigations to make them more effective and less expensive,
and eliminating duplicate and inefficient business systems, as
well as identifying efficiencies in what we like to call ``the
fourth estate.''
I would be remiss if I didn't mention the harmful impacts
of the ongoing continuing resolution (CR). I recognize I'm
preaching to the choir. The Department and the White House have
both expressed the urgent need for Congress to pass the fiscal
year 2020 authorization and appropriation bills. The CR stopgap
measures are wasteful to the taxpayer. They delay storm-damage
repairs and the damage the gains our military has made in
readiness and modernization. Ultimately, a CR is good for the
enemy, not for the men and women of the United States military.
The administration and I urge Congress to come to agreement as
quickly as possible, consistent with the budget deal reached in
the summer.
In closing, I'd like to thank President Trump for his
leadership and the DOD workforce for embracing this complex and
important issue. I'd also like to thank Congress and this
committee, and in particular the committee staff, for your
commitment to this massive undertaking and the role you have
played in making an annual financial statement audit a regular
way of doing business.
The Department of Defense is one of the most complex
enterprises in the world. In partnership with this Congress, we
must continually improve our business practices in order to
reduce costs and maintain our competitive edge. Each of us owes
it to the American taxpayer to be as responsible in spending
their money as they were in earning it.
Thank you, Mr. Chairman.
[The prepared statement of Mr. Norquist follows:]
Prepared Statement by The Honorable David L. Norquist
Chairman Sullivan, Ranking Member Kaine, distinguished Members of
the Committee, thank you for the opportunity to testify before you
today on the Department of Defense financial statement audit. On
November 15th, we completed our second Department-wide audit, which is
one element of a broader reform agenda in support of the National
Defense Strategy's third line of effort: to reform the Department for
greater performance and affordability.
There are three major questions about the audit I would like to
address: 1) why do we have an audit; 2) what are the results of this
year's audit; and 3) how does the audit and other reforms benefit
American taxpayers?
why do we have an audit?
Simply put, we conduct an annual financial statement audit in
accordance with the Government Management Reform Act of 1994 because it
is the most efficient way to evaluate an extraordinarily large and
complex organization. DOD employs nearly three million servicemembers
and civilians and operates in over 160 countries on all seven
continents, spanning about 30 million acres of land. While a typical
commercial airline manages between 300 and 1,600 aircraft, the Military
Services fly approximately 16,000 aircraft. DOD maintains approximately
573,000 facilities, including 267,000 buildings, 184,000 structures,
and 122,000 linear assets across more than 4,500 sites. It's not just
the scale but the breadth of our mission. We run one of the largest
health care systems in the country, which covers more than nine million
people. Our bases are like small cities that contain similar amenities
and services like police stations, fire stations, grocery stores,
hospitals, and schools. And we manage $292 billion in inventory, more
than six times the size of Walmart, the world's largest retail company.
In total, DOD manages nine supply chains with about five million items.
Financial statement audits are a proven commercial solution that use
independent auditors to provide sample-based assessments of complex
operations. A financial statement audit includes:
Verifying count, location and condition of our military
equipment, property, materials, and supplies;
Testing security vulnerabilities in our business systems;
and
Validating the accuracy of records and actions, such as
promotions and separations.
a major undertaking
The fiscal year 2019 Audit involved:
$2.9 trillion in assets and $2.8 trillion in liabilities
About 1,400 auditors
More than 600 site visits to military bases, depots, and
warehouses
Auditors requested over 200,000 items
To do this work, the auditors went through billions of
transactions, pulled samples, and then tested them for accuracy and
completeness. For example, for each payment to a contractor, auditors
check to see if there is an invoice, a receiving report, and a matching
contract. The auditors also confirm that they were approved at the
right level, and recorded accurately and timely. Likewise, for each
payment to an employee, military or civilian, auditors ask for proof
that it was the correct payment for that employee. With respect to real
property, the auditors asked the Services for their database of real
property--to include buildings, underground water pipes, fence lines,
etc.--and pulled a sample from that report. They then went to a select
number of bases with that list and, for those items, checked what was
supposed to be on each base. The auditors confirmed that it was there
and what condition it was in and whether they had the records to
demonstrate that they owned it. The auditors also looked around the
base for any other property and checked to see if it was recorded. They
did the same thing with inventory, going to warehouses, pulling samples
of spare parts, and looking for completeness and accuracy. The results
offer us independent feedback on how to improve our stewardship, and we
are eager to receive this feedback.
what are the results of this year's audit?
For the fiscal year 2019 audit, more than 1,400 auditors reviewed
billions of transactions from the more than 1,700 active accounts DOD
manages. Consistent with last year, auditors reported:
No evidence of fraud;
No significant issues with amounts paid to civilian or
military members;
DOD could account for the existence and completeness of
major military equipment; and
All organizations with a clean opinion last year kept
their clean opinion this year.
In addition:
One more organization, the Defense Commissary Agency
(DeCA), moved up to an unmodified (or clean) opinion in fiscal year
2019; and
Of the 2,377 findings in fiscal year 2018, the Department
was successful in closing more than 550, or 23 percent of the findings.
The specific details are as follows:
Six DOD organizations sustained their unmodified, or
clean, opinions, which is the highest rating: U.S. Army Corps of
Engineers (USACE) Civil Works; Military Retirement Fund (MRF); Defense
Health Agency--Contract Resource Management (DHA-CRM); Defense Finance
and Accounting Service--Working Capital Fund (DFAS); the Defense
Contract Audit Agency (DCAA); and the DOD Office of Inspector General
(DOD OIG), which will conclude in January.
This is the 24th consecutive unmodified opinion for the
Military Retirement Fund. The fund's nearly $900 billion represents
approximately 30 percent of DOD's total assets.
The Medicare-Eligible Retiree Health Care Fund (MERHCF)
received a modified opinion, which means its financial statements are
accurate with only modest exceptions.
The remaining organizations received disclaimed audit
opinions, which means the auditors did not have enough evidence to
provide an opinion.
No organization received an adverse opinion (i.e., were
outright wrong).
defense commissary agency
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
DeCA progressed from a qualified opinion in fiscal year 2018 to an
unmodified (or clean) opinion this year.
The audit went deeper this year. Auditor sample selections and
information the Department submitted to auditors, called ``Provided by
Client'' requests, rose from 40,000 in the fiscal year 2018 audit to
45,000 this year. As a result, findings from all audits are also
expected to increase.
The fiscal year 2019 audit reports are complete and available for
your review on our public website [https://comptroller.defense.gov/
odcfo/afr2019.aspx]. Auditors and the DOD Office of Inspector General
will complete their contractual deliverables and provide detailed
findings into our corporate database by the end of January. At that
point, we will begin anew to address those findings, making needed
improvements to our systems and processes. Unlike periodic program
audits, the repetitive nature of these audits will go deeper each year
while also providing us feedback that tells us if the fixes are in fact
addressing the root cause and being sustained. That is part of the
value that these audits provide. You will be able to see our progress--
first in the form of findings being remediated, then through a reduced
number of what auditors refer to as material weaknesses, and,
ultimately, through organizations moving from a disclaimer of opinion
to a positive audit opinion. The fiscal year 2019 audit demonstrated
progress but we have more to do.
how does the audit benefit american taxpayers?
The audit saves money by improving inventory management,
identifying vulnerabilities in cybersecurity, and providing better data
for decision-making.
Inventory
The audit is helping us improve the accuracy of our inventory. It's
necessary to know exactly what spare parts you have and where they are
in order to improve readiness. For example, at the Navy, Fleet
Logistics Center Jacksonville conducted a 10-week exploratory
assessment of material held within two Active aviation squadrons and
one building. They identified $81 million worth of active material not
tracked in the system that was available for immediate use, decreasing
maintenance time and filling 174 requisitions, including 30 high-
priority. They also eliminated unneeded equipment freeing up
approximately 200,000 square feet (84.6 acres).
There was also confirmations of excellence. Auditors performed more
than 60 site visits in which, for the items tested, no exceptions were
noted (i.e., a 100 percent pass rate). These site visits were performed
to confirm the existence and completeness of a broad range of assets
including, but not limited to, inventory, real property, ordnance, and/
or military equipment.
super hornet tailhooks--nas lemoore
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
At Naval Air Station Lemoore, located in California, 7 Super Hornet
Tailhook sub-assemblies were turned in for repair. The tailhook is a
``carcass constrained'' item, and will be returned back to fleet once
repaired. More than 580 consumable and repairable items valued at $14
million have bene identified.
IT Security
The audit is helping us close vulnerabilities in our IT systems.
Access controls, our biggest area of improvement, is an important part
of National Security, especially since there is no doubt that potential
adversaries are seeking to gain access to our systems in the hope of
stealing sensitive information or planting harmful software that could
erode our advantage on future battlefields. Access controls also reduce
the risk of fraud, waste, and abuse by preventing individuals from
committing fraud or improperly accessing sensitive information and
concealing those acts by changing system records. For example, four
years ago, Army auditors found 29 problems with regard to the Logistics
Modernization Program. All of those issues were fixed. This year,
auditors at Picatinny Arsenal in Morris County, New Jersey, tested 60
IT application controls for the procurement, revenue, and inventory
business process in the Logistics Modernization Program and found them
to be effective with no exceptions noted.
more than 60 sites achieved a 100 percent pass rate
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
At Tooele Army Depot in Utah, auditors tested 3.5 million items of
Operating Materials and Supplies for completeness and found no
exceptions.
Data Analytics
Historically, the Department's data was scattered across hundreds
of systems making it difficult to access information and answer basic
business questions in a timely fashion. We have developed a single
authoritative source for audit and business data analytics. This big
data platform, ADVANA, currently hosts over 15 billion transactions,
has over 7,000 users, 250+ dashboards, ingests data automatically from
over 120 DOD source systems, reconciles over $1 trillion dollars in
financial transactions, and has the flexibility to support analytics in
the areas of audit, financial operations, cost management, and
performance management.
We are also already seeing the benefits of better data. For
example, the Department, using the ADVANA tool, recently automated the
quarterly review process of its obligations. This workflow tool
eliminated inefficiencies and provided analysts time and insight to
identify a cumulative $316 million in high-risk funds, allowing for a
better use of those resources before expiring or canceling.
Costs
I'm often asked if the money we are spending on the audit is worth
it when we have so many other priorities. The two main costs for the
audit itself are the fees to the Independent Public Accounting firms
($195 million) and infrastructure to support the audits (about $250
million). The $195 million in audit contract costs is approximately 1/
30th of one percent of DOD's budget and, as a percent of revenue, is
equal to or less than what many of the top Fortune 100 companies pay
their auditors. Additionally, findings from the audits help the
Department identify areas that need improvement and validate the
effectiveness of corrective actions. Since we spent nearly $500 million
in fiscal year 2019 fixing audit problems, that feedback is critical.
The total cost of performing the fiscal year 2019 audit, including
remediation, remained consistent with the fiscal year 2018 audit,
slightly less than $1 billion. Arguably, much of this work would need
to be completed regardless of whether the annual financial statement
audits were required.
We expect the costs of the audit itself to remain relatively
consistent over the next few years, but as our ability to support the
audit improves and our reform efforts take hold, the cost to execute
the audit will go down and the dividends from business reforms will
continue to grow.
dod reform agenda
The audit is a foundational element of a broader landscape of
business reform described in the National Defense Strategy. We are
moving forward on multiple fronts, such as improving our enterprise
buying power; consolidating IT; realigning and reforming our
healthcare; reforming how we conduct background investigations;
eliminating duplicative and inefficient business systems; and
identifying efficiencies within the Defense Wide organizations.
Buying Power
The goal of Category Management is to negotiate pricing for the
category as a whole--increasing economies of scale--resulting in lower
pricing. Category Management and the audit are mutually supporting.
Category Management centralizes purchases and increases inventory
transparency supporting the audit. The audit provides better
transaction data, increasing the transparency of what we are buying--
both quantities and prices. This information then indicates what items
are good candidates for Category Management. For example, the Army
programmed $1.6 billion in savings from professional services contracts
in the fiscal year 2020-2024 FYDP as a result of employing category
management. Similarly, a review of Cisco routers uncovered $61 million
worth of equipment in a warehouse that DOD was paying to maintain as if
they were installed. Some of the routers had been marked for disposal,
but the DOD was still paying to maintain them. An interim contract is
now in place, lowering customer prices.
IT Consolidation
DOD has more than 2,500 data centers, 355 cloud efforts, 48,000
applications, 11,000 circuits, and 1,850 business systems.
Standardizing and modernizing the IT environment of networks, services,
data centers, and leveraging Enterprise capabilities eliminates
duplicative systems, and allows the Department to focus finite cyber
resources across fewer areas, ultimately shrinking DOD's cyber threat.
This has saved us $63 million through fiscal year 2020 and will save us
another $73 million through fiscal year 2024. Additionally, in the
defense agencies, we are consolidating 44 networks and 22 service desks
into a single Enterprise service provider for Common Use IT and are
closing 71 legacy data centers (18 closed; six more by the end of
December).
Healthcare
Reform isn't only about savings, in healthcare it's about restoring
military readiness and providing quality care for over nine million
eligible individuals. In implementing the fiscal year 2017 NDAA
provisions (Sections 702, 703, and 721), we are strengthening the
readiness of our military's medical force, while improving health care
quality for our military and their families. Our largest undertaking is
the ongoing consolidation of the Medical Treatment Facilities (MTFs)
under the authority, direction and control of the Defense Health
Agency. When complete, DOD will have a unified medical delivery system
that more efficiently integrates purchased care and MTFs.
Background Investigations
DOD assumed responsibility for the majority of the background
investigations for the federal government. We began with a backlog of
725,800 in April 2018 and have lowered the backlog by 437,800 as of
October 2019. We are adopting continuous monitoring in lieu of periodic
reinvestigations. Continuous monitoring is a vetting and adjudication
process to use technology to evaluate security clearance holders on an
ongoing basis, instead of more expensive periodic investigations.
Looking For Savings
In the Army, Secretary Esper established the ``Night Court''
process that the Army used to cut approximately $2.5 billion per year
in order to free up funding for higher modernization priorities. We are
now conducting a similar Defense-Wide Review to take a close look at
all DOD activities that do not fall under the Military Departments
(e.g., the Defense Agencies and Field Activities, the Office of the
Secretary of Defense, the Joint Staff, the Inspector General, and
SOCOM). The purpose is to identify time, money, and manpower to put
back into top priorities in the fiscal year 2021 President's Budget in
support of the National Defense Strategy.
Through the audit and these broader reform initiatives, we are
looking for savings, large and small, to reinvest back into the
lethality and readiness of our military forces.
looking for savings, large and small
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Previously, DLA stored 130 million physical maps in its warehouses.
By moving to Print on Demand mapping, DOD saved $10 million in fiscal
year 2018 by reducing physical inventory by 95 percent, removing 130
million physical maps, and freeing up over 180,000 square feet of
space. The new model uses digitized mapping that reduces shipping and
storing. The next step is to adopt this new model across the Military
Services.
conclusion
The audit, resulting findings, and our subsequent corrective
actions are doing exactly what they are supposed to do--find issues,
validate efficient and effective processes, and help us focus limited
resources on where we are most vulnerable or inefficient. We will keep
this up every year, and this is how we will build a mechanism for
sustaining improvements, move closer to a clean opinion, and continue
to improve the efficiency of the Department.
I would remiss if I did not mention the harmful impacts of the
ongoing Continuing Resolution (CR). The Department and the White House
have both expressed the urgent need for Congress to pass the fiscal
year 2020 authorization and appropriation bills in order for the
government to be funded at the levels of the bipartisan budget deal
passed this summer. The CR stopgap measures are wasteful to the
taxpayer and damages the gains our military has made in readiness and
modernization over the last few years. In order for us to pivot towards
planning for a future high-end fight against great power competition,
as the National Defense Strategy guides us, DOD must have the ability
to better align our funding towards the prioritized accounts and
programs. Under a CR, we are unable to begin new programs or projects,
production rates for weapons, equipment and munitions cannot be
increased, and a CR disrupts major exercises and training events.
Ultimately, a CR is good for the enemy, not the men and women of the
United States military. The Administration urges Congress to come to
agreement as quickly as possible consistent with the budget deal
reached in the summer.
In closing, I would like to thank President Trump for his
commitment to the audit, Secretary Esper for his steady support, the
Inspector General for his partnership, and the DOD leadership and
workforce for embracing this complex and important effort. I would also
like to thank Congress and this committee, both the Members and your
staff, for your commitment to this massive undertaking and the role you
have played in making an annual financial statement audit a regular way
of doing business. Most importantly, thank you for your support for our
men and women in uniform. Our collective efforts help ensure they have
the resources to do their jobs and return home safely.
The Department of Defense is one of the most complex enterprises in
the world. In partnership with Congress, we must continually improve
our business practices in order to reduce costs and maintain our
competitive edge. Each of us owes it to the American taxpayers to be as
responsible in spending their money as they were in earning it. As we
undertake these financial audits in support of the National Defense
Strategy, we will strive to make that an enduring legacy of this
Administration.
Senator Sullivan. Thank you, Mr. Secretary.
Let me begin with a very basic question. And I'm not sure
you have the answer, since you've only been in your position,
in the Comptroller position, for a couple of years. But, from
your perspective, why was the Pentagon never audited? You would
think, given what you just mentioned--how important it is to
the country, how large it is, how complex it is--that's exactly
the kind of Federal agency that you do want to audit. Why was
this the first time that somebody undertook this daunting task?
And, again, I commend you for doing it.
Secretary Norquist. Thank you, Mr. Chairman.
Let me start, just to clarify. The Pentagon has multiple
audits. We have GAO [Government Accountability Office], we have
the IG [Inspector General], we have others. They do program
audits, particular subjects. The difference with the financial
statement is the sheer breadth and depth of it. It is an end-
to-end audit, on a dramatic scale.
Senator Sullivan. What you just did twice.
Secretary Norquist. What we just did twice.
Senator Sullivan. That had never happened before.
Secretary Norquist. That had never happened before.
Senator Sullivan. Why?
Secretary Norquist. Well, there's a couple of reasons. One
is, it is an extremely hard task that would outlast anyone who
started it. And so----
Senator Sullivan. Okay, the Pentagon is used to hard tasks,
so----
Secretary Norquist. It is.
Senator Sullivan. It won World War II, for example.
Secretary Norquist. They did. They did.
The challenge with the audit is, there was an emphasis on
trying to get ready for it. This is where I brought a
fundamentally different view from those who had come before me.
They said, ``It's too expensive to pay the auditors. Let's get
ourselves ready enough that we could pass the audit, and then
bring the auditors in.'' My experience at the Department of
Homeland Security (DHS), where they were under audit, was that
that would be a major mistake.
At DHS, we didn't have a choice. When I showed up, the
auditors were already there. I found the auditors and their
feedback to be the central piece of getting us to that clean
opinion. So, my view is, the money we paid the auditors made
sure that all the other money we were spending was going
towards valuable things, we were getting feedback on whether we
were being successful.
So, even though Defense Department was spending money on
fixing problems, they had no audit baseline by which to tell
you: Were they better from one year to the next? We have fixed
that in this approach. We are carefully measuring those items,
precisely for that purpose. I think that's the biggest
difference, and I believe that the auditors are the key step in
getting us to the clean opinion, not something you bring at the
end, when you think you're ready.
Senator Sullivan. Okay. Let me dig into that a little bit
more, because the audit did cost a lot of money. I think the
fiscal year 2019 audit cost close to a billion dollars. If
we're doing this annually, which is your goal--correct?
Secretary Norquist. Uh-huh.
Senator Sullivan.--will this eventually pay for itself or
it already paying for itself?
Secretary Norquist. Let's take that into pieces. Before we
started the audit, the Department was spending $770 million to
fix problems. With the audit piece--there's about 195-200
million dollars we pay the external auditors. We know, from the
experience of the Army Corps of Engineers, that, when they went
from no opinion to a clean opinion, the cost of their audit
dropped in half. So, over time, that number will come down as
we start to move from where they have to do detailed sampling
to what we call ``test of controls.'' But, that's a level of
funding that's necessary for transparency, $200 million is \1/
13\ of 1 percent of our budget. To be held accountable, that's
fine. We then have to spend certain money on DOD side to
support that. Those numbers will come down, as well.
The big number, about half-a-billion dollars, is in the
remediation. The question there is, can you show what you have
fixed? In the absence of the audit, it's very hard. One of the
things I learned in my prior jobs is, self-reporting of fixing
problems isn't a very reliable indicator. I was dependent upon
the auditors confirming that people had, in fact, fixed it. And
one of the best things the auditors show us is, when an
organization says they fixed 10 problems, and the auditor
agrees with all 10, I have great confidence in that
organization's ability to go forward. If another organization
claims they've fixed 10, and the auditor agrees with them on 3,
I have a problem. I've got some training I need to do, some
people I need to talk to. That's not going to get them to
success. But, you can't wait till the end of the process to
find that. You need the auditors doing that on a continual
basis.
We have already seen benefits and savings and return on
investment, that I had not expected to see this early, long
before we got to the point where I expected the cost to come
down. But, we can--I can go on more about DFAS [Defense Finance
and Accounting Service], but I'll let you wait if----
Senator Sullivan. Well, let me just ask another basic
question. For those of us who are not auditors, what, exactly,
does this entail? You're going to installations, you have
people fanning out over all our military bases, they're going
to supply depots, what, exactly, are they doing? They're not
counting every rifle and every tank. Or are they?
Secretary Norquist. No, they can't, because the sheer labor
that would be involved is the problem. What the commercial
practice brings us is best practices, they will go up to the
highest level of the organization and look into their databases
and say, ``Show me everything you think you own and have in
inventory.'' They start there. And then they pull samples from
that and follow it all the way down to the installation. They
went to Fort Wainwright, and they went to Anniston. And they
come in with a list and say, ``I need to see--not just a tank,
I need to see this tank, with this serial number that's
supposed to be here.'' And when they show up, is it in working
condition? Because that's one of the things they test for, is
you're accurate on working condition. ``Do you have proof of
ownership? Is it where it's supposed to be?'' They walk through
each of those. Then they look around the base, and they find a
series of items, and they go the other direction, which is,
``Here are 25 things we found on the base. Show us that you, at
the Department level, have them in your system.'' So, it goes
one direction, and then it comes the other. What they're
looking for is examples of a breakdown, where the summary is
not equal to the parts. But, that's sampling process across
inventory. Then they do the same thing with pay. ``You paid
somebody a certain amount. Do you have the records to back up
that that soldier was, in fact, promoted? Did they, in fact,
qualify for hazardous-duty pay? Do you have the paperwork to
support that? And can you produce it in a timely manner?''
That's the process they go through. It's relatively extensive,
but it's the standards that we're held to.
Senator Sullivan. Great. Thank you. Thank you, Mr.
Secretary. I'm glad you're here to testify. And hopefully,
we're all going to learn from this, and, most importantly, that
the Pentagon is as well.
Senator Kaine.
Senator Kaine. Thank you, Mr. Chair.
Mr. Secretary, I'm going to start with a question that is
based, not on the audit, but on your role as Deputy Secretary
of Defense, the number-two official within the Pentagon. I was
proud to support your nomination.
In the last day, there have been a number of articles that
have come out, and I'll just read two headlines as examples.
Business Insider, ``The Army Is Prepared to Move Lieutenant
Colonel Alexander Vindman and His Family to a Safe Location, If
Necessary.'' Reuters, ``Army Assessing Impeachment Witness
Vindman's Security, U.S. official.'' These articles were based
on some initial reporting that was done by the Wall Street
Journal. Lieutenant Colonel Vindman is a Virginian--resident,
like you are. Lieutenant Colonel Vindman is a patriotic
American, like you are. I'm not going to ask you whether you
think it's appropriate to attack his loyalty, his patriotism,
his judgment, or his character, because I know how you would
think about such an attack. I'm not going to ask you whether
you think it's okay to use the White House social media account
or other White House assets to amplify such an attack, because
I know what you would think about that. But, I do want to ask
you this. In your role as Deputy Secretary of Defense, will you
make sure that members of the military are not punished or face
reprisals for cooperating with Congress?
Secretary Norquist. We take very seriously our
responsibility to accurately and responsibly respond to
Congress and, to the earlier part of your sentence, as well to
any issues that relate to personal security. I'm not going to
comment on any measures we take individuals on personal
security, but we do take it very seriously and we expect people
to be responsive and truthful in their dealings with Congress.
Senator Kaine. Thank you very much for that. I would urge
you, at this particular time, to be very diligent in protecting
members of our military if they are cooperating with Congress.
I think that your words, delivered here, should, hopefully,
give some assurance and some confidence to some who are very,
very worried. And I know they're worried because their families
are calling my office. They're my constituents, and they're
nervous about what might happen to them. You giving them that
assurance publicly means something to them.
Let me ask you this about the audit. A lot of the DOD
programs that have to be audited are classified. So, when we do
the NDAA, we're often grappling with issues in this room, even
in a closed session, and then there's a separate classified
annex that we have to spend, you know, in a more classified
setting, figuring out our own responsibilities with those. Talk
a little bit about how the audit approaches classified
programs, and how you can do a real audit, and a meaningful
one, while respecting the classified nature of the information.
Secretary Norquist. Thank you.
The challenge we had at the beginning was how to deal with
classified information. In the budget, it's either--it's
redacted or--in documents, it's often redacted, or it's
otherwise just protected. We talked with GAO, who wants to be
able to summarize the--a Federal Government-wide audit, and the
concern was, ``If you do that here, if we have redactions, if
we have classified annexes, you won't be able to do a
government-wide audit.'' So, what we looked was, how do we do
this in a way that we can keep it unclassified? And here I'd
like to tip my hat to a group called FASAB [Federal Accounting
Standards Advisory Board] They're the accounting standards
group for the Federal Government. Because we had to go to them
and say, ``We need you all to get a security clearance, because
we have to be able to have conversations with you that are
classified. And you have to give us the accounting standards on
how to treat classified information.'' So, they did. That was
one of the process we went through. They got security
clearances. They, in fact, issue us classified guidance that
allow us--you know, for example, when NASA [National
Aeronautics and Space Administration] was going to a clean
opinion, they went and said, ``Hey, we've got a question about
satellites. Do we expense or depreciate?'' And so, we will have
those types of things that are classified. And we will go to
them, and they, in their clearances, will be able to say,
``Here's how you should handle it in a classified'' answer that
allows us to present the data in an unclassified report. Our
auditors have security clearances, right up to the highest
level. There's nothing that, because it's classified, is
excluded from the audit. Even if it's the serious, most
sensitive items, the IG will test it. There is nothing that's
classified that is excluded from the scope of the audit.
Senator Kaine. Excellent. Excellent.
Let me ask you this. In a public hearing like this, I think
we would like to get some success stories, so it's less about
the findings or the agencies that passed, but do you have
examples of things that you've learned in the audit process
that you've already been able to direct toward this
``efficiency for lethality'' construct that the DOD witness
talked about recently at our hearing?
Secretary Norquist. We have. Let me just walk through a
couple of examples, and if people have others, I can go on
extensively on this issue. But, let me pick the issue of
inventory, and I'll use the Navy as an example.
I mentioned how the auditors went down, and then they'd
pull samples and test them backwards. What the Navy started
discovering is warehouses and storage facilities that had items
that had never been loaded into their inventory system. So, you
opened it up, and you found spare parts. And the spare parts
were not where somebody who's trying to order them can get to
them. So, the Navy--and I will give credit to Vice Admiral
Dixon Smith, the N4, because he was particularly aggressive in
this and would travel to some of these bases and just say,
``Open that up. Open that up.'' And they started to, and he's
found enough concerns he's said they're going to take 100
percent. But, even at the bases they have already visited,
they've--which is about 5 or 6--they found $167 million worth
of usable supplies that, when they put them into the system,
addressed unneeded--unmet demands, things that were on
backorder, other items that now can be put back into the
system. Again, you have the part, but if somebody doesn't know
it's there, if the person who ordered it rotates away and the
new one doesn't know that's where it's stored, and, more
importantly, from the Department, the Department doesn't know
it, so the neighboring base doesn't see it, you're out. So,
each one of those is an immediate and direct savings to the
taxpayer.
Senator Kaine. My time is expired, but others may want to
hear other examples.
Secretary Norquist. Hopefully--I've got a list. I'm happy
to keep going.
Senator Kaine. All right.
Thank you, Mr. Secretary.
Senator Sullivan. Senator Jones.
Senator Jones. Thank you, Mr. Chairman.
Mr. Secretary, thank you for being here, and thank you for
the letter from November 15 regarding the Anniston Army Depot,
which passed its audit test with 100 percent.
Tell me briefly, if you would, how important are those
audit tests? I'm proud of Anniston, but I assume those----
Secretary Norquist. Right.
Senator Jones.--were going on elsewhere, too. So, what's
the importance?
Secretary Norquist. These are the core of what the auditor
does. When they pull samples from above, and they come down to
a base, they're not testing everything on the base, but they've
got a list of what they're looking for. At 60 of the places
they showed up, there was 100 percent accuracy. Everything they
looked for, that base had. And so, I sent you a letter because
you had some of them in your State. That's incredibly valuable.
One of the things that I have heard when I talk to the auditors
is the importance of the local leadership. When they show up
and the commander of the base meets them and walks them around,
they can quickly see they're likely to have a good result
because that leadership has control and oversight of the
process. Now, we have other places where the samples are not
there, so we have to get there on everyone. But, this is going
to get solved at the local level, and then fixing the systems
that lie between what's accurate at the local level and what we
record at the departmentwide level. So, tremendous success.
One of the reasons I sent those letters out is because we
don't just want to use sticks. People can go give kudos to
those who deserve it, and that will help drive this process
forward.
Senator Jones. As the process goes forward, those leaders
at the various locations are going to get the word that they
did participate and cooperate, and that'll----
Secretary Norquist. Right.
Senator Jones.--help everybody.
Secretary Norquist. It's also in everyone' evaluation form.
Senator Jones. Right.
Secretary Norquist. Senior officers and civil servants, the
SES's [Senior Executive Service] have the audit as their--part
of their performance evaluation.
Senator Jones. I want to move to an area where Senator
Kaine kind of touched on. Are you familiar with the
Antideficiency Act?
Secretary Norquist. I am.
Senator Jones. All right. I'm struggling here with a couple
of things. On the one hand, I hear your testimony. You and I
have talked in my office, and I just applaud your effort so
much. You've emphasized the responsibility, and taking
seriously your responsibility, to report to Congress. On the
other hand, I'm also seeing this administration continually
thwarting Congress's oversight capabilities. They're not
producing witnesses, they're not producing documents, just
because they don't particularly like the subject matter of the
particular hearing. That's particularly going on in the House.
Then, recently, I read a report this morning where OMB [the
Office of Management and Budget] counsel has stated that, as a
legislative branch of government, the GAO, when they report
deficiencies or violations of the Antideficiency Act, that the
administration, the executive branch agencies, have no
obligation to report that back to Congress. It just seems to me
that there is a concerted effort with the administration to
just, basically, take those things that they don't want to
report and just ignore the Article 1 branch of the
Constitution. I'm really concerned about that. Have you seen
OMB counsel's opinion? I'd like to hear your thoughts about
that and whether or not that squares with what you said earlier
about your ability and your earnest, honest efforts to report
to Congress.
Secretary Norquist. I haven't seen that opinion, and I
don't know whether, as a matter of law, they are correct. But,
I know, as a matter of practice, whenever I had to sign out one
of those, it went to everybody. It went to the President, it
went to the leaders of the House and the Senate, it went, I
believe, to GAO. So, in practice, I know that, when we have
one--an Antideficiency Act violation, the notification is
broadspread.
Senator Jones. Well, I think--and I appreciate that--I
think that this is new. I may follow up with you, because I
think that this is changing a practice that has been a practice
across administrations, including this administration, but now
we've come, apparently, with a counsel who expressed a new
version of that. I may follow up to give you a chance to look
at that guidance to see how it might affect the Department of
Defense and your obligations to report to Congress.
If I have time, you mentioned the Navy, where you found
about $81 million of material, I think at the Jacksonville
Naval Air Station, where it just freed up inventory, you were
able to do some things. How important is that? What are the
lessons that you can learn and take away from that particular
episode, where there was, like, $280 million that was just
really, kind of, unaccounted for--$81 million, when they found
it, immediately got to use. Obviously, it is a little
concerning to Congress that $280 million at place can not be
accounted for. Tell me a little bit about what you're trying to
implement and how the lessons learn from that.
Secretary Norquist. The issue here is the value of the
inventory. But, our concern is, over time, you know, people, if
they buy inventory, if they store it without putting it into
the system, they may know it's there, but their successor may
not, the Department doesn't know it's there. It's inefficient.
It's an inefficient way to use taxpayer resources. The value of
the audit is, that's a problem, and the auditors will come up
every year and poke them for that problem, and expose it,
because the audit requires that, if we have it, it's in our
system and it's properly recorded. That's why it goes both,
``Can you account for what you have? And do you account for
everything you have?'' This is valuable for readiness. This is
valuable for making sure we make the best use of taxpayers'
money.
We think that there's a connection between this and some of
the challenges of CRs, which is--a lot of this tends to be the
type of supplies you might order at year-end. The more we can
limit that, the more we can have the discipline over, ``When
you buy it, you log it into the system.'' Right? ``You make
sure that it's properly recorded.'' With the discipline--and
this is where I get to the value of the audit--they come every
year. It's not enough to clean out your office once. They're
coming next year. They're coming the year after. You've got to
make this a habit.
Senator Jones. Are you satisfied that the systems in place
are adequate? It's just a question of plugging them in, as
opposed to, we need to upgrade the systems?
Secretary Norquist. No, we're going to need to upgrade the
systems. In some of the comments I got--because I met with each
of the auditors, and one of them said, ``As you field your new
ERP [enterprise resource planning] systems, which are more
compliant and more effective, you need to make better use of
technology.'' A lot of people are doing this manually, filling
out paper forms and others. If they had tablets, where they
could just do it more directly, they could barcode scan, all of
those reduces the labor, and that increases compliance. What
we're looking for here is places where either people stop doing
it because they didn't have the labor and it was too hard,
where the automation solution speeds that up. But, it
highlights the very value of that, and that's important.
Senator Jones. All right. Well, thank you, Mr. Secretary. I
will follow up with written questions regarding the OMB
guidance.
Secretary Norquist. Okay.
Senator Jones. Thank you, Mr. Chairman.
Senator Sullivan. Senator Hirono.
Senator Hirono. Thank you, Mr. Chairman.
Considering how long it took for the DOD to undergo an
audit, thank you very much for expressing your firm belief that
audits are very important.
As you noted, your auditors conducted a number of site
visits, 600 site visits. Two of these visits were performed at
Joint Base Pearl Harbor-Hickam and the Marine Corps Base
Hawaii, and both of these came back 100 percent. And thank you
for also noting how important it is that the local leadership
buys in and cooperates with the audit. I want to give a shout-
out to the folks at Joint Base Pearl Harbor and the Marine
Corps Base.
Secretary Norquist. Excellent. Thank you for doing that.
Senator Hirono. Thank you.
One of the areas that were pointed out in the most recent
audit were newly identified high-risk areas involving
privatized housing programs and the F-35 program. I won't go
into my questions relating to those, but I assume that you are
going to be undergoing the things that you need to do to bring
those programs up to snuff. Because there's a lot of concern
about military housing. It's an ongoing----
Secretary Norquist. Absolutely.
Senator Hirono.--issue for us.
Senator Kaine touched on this other matter recently
regarding the threats to Alexander Vindman and also your Deputy
Assistant Secretary of Defense, Laura Cooper, who--I don't know
if she's already testified, but she certainly will be
testifying, and not to mention the constant efforts to out the
whistleblower, and, basically, the whistleblower feeling very
threatened by everything that is going on. So, I note that you
are doing everything you can to make sure that Colonel Vindman
and Ms. Cooper remain safe. What steps have you already taken
to send a clear message to DOD staff that their identity, their
jobs, and safety will be protected if they come forward to
report abuse or misconduct?
Secretary Norquist. This is something that we have as a
matter of practice on all sorts of things. We have IG reports,
we have GAO reports. This is just part of the culture of how
we--when people come forward, we expect them to be honest and
truthful in their dealings, and we expect them to be taken care
of in doing so. We look for, and the IG looks, if there's an
issue of reprisal, to make sure that those are held accountable
for it. We also look for their security. And again, as I
mentioned, I'm not going to go into the measures we take, but
if we think there's a security issue, we either deal with it,
we deal with local authorities. These are the types of things
that occur in different forums, and we provide the same
standard and approach across them. I think it's an important
signal that we send in the way we deal with organizations.
Senator Hirono. I think, in this environment, it's very
important for the DOD, from the top, to say that the
whistleblowers who come out of the DOD, or anyone who
participates in appropriate proceedings, that they will be
safe. I think it's really important for that message to be
quite obvious and put out there, and I hope that that's what
you will do.
On October 22, the day before Ms. Cooper was scheduled to
testify before the House in a deposition, you signed a letter
to Ms. Cooper's lawyer prohibiting her from participating in
the impeachment inquiry. At her deposition, she was asked
whether she was concerned about the repercussions against her
at DOD for testifying, under subpoena, after receiving your
letter. She stated, ``This is a challenging environment, and
for a civil servant who is trying--who is just trying to
fulfill my obligations, this is a challenge. This is
challenging in both respects.'' This is quoting Ms. Cooper.
In light of H. Res. 660 [House Resolution], which lays out
the procedure for public impeachment hearings, will you refrain
from prohibiting any other DOD official from cooperating with
Congress, going forward?
Secretary Norquist. I did not prohibit her. I forwarded to
her lawyer the information we had received from the White House
that expressed their views about the impeachment process. One
of the challenges, we wouldn't be able to send a lawyer with
her. I wanted her to have that available information. But, we
understand each of the individuals are making their own
decision on how to----
Senator Hirono. So, even if you were just forwarding a
letter that came, not out of your department, but it came out
from--I forget where it emanated, but for you to send it, it
does create a chilling effect. Are you intending to continue to
forward these kinds of letters from the White House or from any
other----
Secretary Norquist. I don't know of any other individuals--
--
Senator Hirono.--source?
Secretary Norquist.--being called. My only point is, I
would have felt it inappropriate to not have their lawyer be
aware of this information. That's why we shared it.
Senator Hirono. But, you can understand why it----
Secretary Norquist. Oh, I understand. I understand the--
that that's----
Senator Hirono.--it comes from the number-two person.
Secretary Norquist.--which is, if you don't send it, it you
do send it, what do you do? So, what we tried to do is set the
right tone in the letter.
Senator Hirono. So, in the letter, did you say, ``We're
just forwarding this, we're not going to''----
Secretary Norquist. I will check the language, and I will
send it to you.
[The information referred to follows:]
Secretary Norquist. Please refer to Appendix B on page 48.
Senator Hirono. Thank you.
Secretary Norquist. But, I think we tried to be clear about
the nature of it. We try to be very professional in it, and
factual in the way we handle these.
Senator Hirono. Could I just ask one more question? I have
no idea what my time is.
During his nomination hearing, I asked Secretary Esper
whether he would commit to reinstating Parole in Place for
undocumented family members of Active Duty servicemembers.
Secretary Esper said that he would, ``look into it, for sure.''
We are still waiting for some response on this issue. But, we
did receive a response from Acting Under Secretary of Defense
for Personnel and Readiness, Mr. James Stewart, who deferred
comment on the program to the Department of Homeland Security,
but committed to working closely with DHS on the future of the
policy.
Well, you can understand why Active Duty servicemembers
would be very concerned if the administration is going ahead--
Department of Homeland Security is going ahead and deporting
undocumented members even as they are serving our country. I'd
like to know what steps the DOD has taken to coordinate with
DHS, as referred to in this letter from James Stewart on this
issue, and whether DOD has urged DHS to reinstate this program
not to deport undocumented family members of Active Duty
personnel.
Secretary Norquist. Senator, let me take that one for the
record. I don't know the answer to your question.
[The information referred to follows:]
Secretary Norquist. Any significant event that impacts the
readiness of servicemembers and their families is of concern.
As such, the Department has worked closely with the Department
of Homeland Security (DHS) as they reviewed the future of the
Military Parole in Place policy and are not aware of any
pending DHS termination. I note the passage of Section 1758 in
the fiscal year 2020 National Defense Authorization Act that
encourages DHS to continue to support Military Parole in Place
and thank the Committee for its support.
Senator Hirono. Well, I hope you get the message that we
certainly don't want Active Duty servicemembers' families to be
deported. That is not a good thing, and that program should be
reinstated.
Thank you.
Senator Sullivan. Senator Ernst.
Senator Ernst. Thank you, Mr. Chair.
This is a really important hearing, I think, for all of us.
And, Secretary Norquist, thank you for appearing today and
testifying on this often overlooked topic. And Senator Sullivan
and I were having a discussion yesterday, and we're just so
thrilled actually to have some results to be put in front of
us.
You have done, really, what your predecessors haven't been
able to do, or did not do at the Pentagon, which is making the
audit a priority. We've had past Comptrollers and Chief
Financial Officers at the Pentagon, of both political parties,
and they have whined, they've complained, they've dragged their
feet on this issue, and found every last excuse under the sun
not to get it done. And so, we've had Pentagon hearings going
on and on and on, here on the Hill, for decades. So, again,
thanks for doing the hard job and getting this audit done, and
not delaying it further. Despite the disclaimer of opinion from
the last 2 years, we are much further along in this progress
toward a clean opinion, and I just wanted to make that
statement and thank you very much for your leadership on this
topic.
Now, the National Defense Strategy makes it clear that the
United States has a very distinct challenge to maintain its
supremacy in the global arena, and this has implications on our
homeland defense, overseas operations, and the vibrancy of a
free and open society. Before we dive into these strategic
goals, it's good to take a step back and maybe do a little bit
of housekeeping. What I'd like you to explain, Mr. Secretary,
is, in addition to fiscal responsibility, how do you think the
audit's findings actually fit into the NDS and benefit our
operational and war mission capabilities?
Secretary Norquist. Sure. So----
Senator Ernst. Why do we need to do this?
Secretary Norquist. Absolutely. The NDS has three lines of
effort: enhancing lethality, working by, with, and through
allies, and the third one is reform in the way we defend--
operate for more efficiency. The reason for that is twofold.
One is, we can see the same deficit numbers everyone else can,
and we understand the fiscal limits with which the Department
needs to operate. The second is, we have a responsibility,
regardless of what level of funding we receive, to make sure
that we're using it with the maximum benefit to lethality. That
includes both driving inefficiencies out of our business
processes, as well as simply cutting low-priority items and
moving it to high-priority items. You know, some of the things,
they're not bad things, they're just not as essential as
others.
What the audit is helping us do is not only identify those
inefficiencies where individual systems have been built that
don't talk to each other--so, if you get to the point where you
only enter the data once, and it flows through the system,
there is a lot of labor savings and costs that come out of the
way you operate, versus manual entries and transfers where they
create data errors.
The other part of the National Defense Strategy as you go
through this is, you're trying to improve readiness. That gets
to the issue of the spare parts: can I get the spare parts in
the people's hands, can I get things through depot maintenance
faster?
And the last part is the data analytics. One of the big
leaps in what the private sector's been able to do is to use
terms--you can use ``big data,'' you can--"cloud,'' whatever
you want to call them--but, they're able to manipulate
incredibly large sums of data. Well, DOD, we have tens of
billions of transactions. When we get audited, it goes back to
funds Congress appropriate to us 8 or 9 years ago, because
those funds are still available for payment or disbursement.
The ability to organize those in a dataset, to search them, to
track them, to be able to find errors, that allows us to adopt
some of the best practice from the private sector on inventory
and other things you can't do when you don't trust your data.
Senator Ernst. Yeah.
Secretary Norquist. And so, I think those types of reforms,
we--we can't adopt private-sector best practices unless we can
get to the quality of the data they have so that we can rely on
it.
Senator Ernst. Yes. And thank you. Kind of along that
quality-versus-quantity issue, the DOD has closed 22 percent of
the Notice of Findings and Recommendations from the fiscal year
2018----
Secretary Norquist. Correct.
Senator Ernst.--Audit. But the number has actually
increased. Should we interpret that as ``the system is
working,'' or should we be worried that we're not making enough
progress?
Secretary Norquist. The first answer is, the system is
working. There were, I think, 200 more auditors this year than
last year. One of the things that we took as a lesson learned
from my time at Homeland was, we set up these contracts--
normally, an auditor, when they think you're not going to pass,
they stop working. They say, ``You have a disclaimer. We're
done.'' We worked with our IG, who's been a tremendous help in
this whole process, and the contracts basically say, ``Keep
auditing. Even if you think we're going to fail, keep auditing.
We want as many problems as you can find.'' And so, the thing I
tell everyone inside the building is, when the auditors find, I
think, 1,300 additional findings, those were always there.
Right? The more clearly they identify them, the sooner we can
make sure we have corrective action plans to address them. I
expect, for the first couple of years, they will find more. We
will keep closing them. We will get better and more efficient.
At a certain point, they will have been able to fully go
through it, and those numbers will come down. But, I see this
as exactly what we're paying them for and what I hope we would
get out of them.
Senator Ernst. My time is expiring, so I just want to say,
again, thanks for your leadership on this issue. It is such a
bureaucratic beast, and trying to sort through that, boil it
down, you've been able to take this on, and we, as Congress,
truly do appreciate your effort. Thank you very much, Mr.
Secretary.
Thank you, Mr. Chair.
Senator Sullivan. Thank you, Senator Ernst.
Senator Shaheen.
Senator Shaheen. Well, thank you.
I would add my appreciation to what you've heard from my
colleagues about the work that you're doing.
You talked about the list of examples of successes based--
that you've already uncovered as the result of the audit. At
some point, it would be helpful for us to get more of that list
so that we can share that with others and let people know
what's been successful, to date, about the audit.
I want to go back to your early comment, though, about the
CR, and preaching to the choir about the CR, because I do agree
you're preaching to the choir, but I also think there doesn't
seem to be a universal appreciation in Congress and in the
administration for what the impact of a continuing resolution
for the remainder of this year would be. And at what point--are
you concerned that that might trigger the budget cap so it
would kick us back into sequestration? Can you just talk about
what the impacts are that you see if we are not able to get
appropriations bills through?
Secretary Norquist. Sure. So, let me take them--first, the
CR, and then I'll go to sequestration.
The CR is designed to be destructive. It is----
Senator Shaheen. Right.
Secretary Norquist.--designed in order to get you not to
want to do it. So, the first thing it says is, no new-starts.
So, if we have ammunition that we would like to buy more of
that the Congress--the House, the Senate, the Republicans, and
Democrats have all agreed, ``You need more,'' we get to October
1, and we say, ``Let's not start buying it yet. Let's wait to
place that order.'' We have research technologies, artificial
intelligence, our hypersonic missiles. Republicans, Democrats,
House, and Senate all agree, ``Let's give the Chinese a 3-more-
month headstart. Let's make it harder for our people to keep up
in that technology race by letting this drag out.'' And then,
the last part is, you've got families in training that
constantly get disrupted because they don't--we may believe
that there's a deal at the top-line, but they don't know what
that means to the installation. And so, in good fiscal sense,
they withhold the money, they delay training, they minimize
what they are going to do, and then sometime in December or in
a previous year's March, we then hand them all of that money
and say, ``Now do it in 6 months.'' Well, they can't get back
their October training exercise, they can't recover the time
lost. Then we start having the challenges with inventory and
others. It is a misuse of taxpayers' money to manage it in this
way.
The sequestration is even worse, because the sequestration
is just a catastrophic cut that undermines everything. And
again, they don't know whether you're going there, so they have
to be very cautious about how they spend money. But, you'd have
problems making payroll under sequestration. You'd have--you
know, we could wait, but then we take an even cut in everything
else. And then you've completely lost readiness. For anyone who
has ship maintenance in their district--and they know the
importance of the ships coming in on time, the maintenance
happening on time--you can't recover. The ship depot--the ship
facility can't take twice as many ships the next year. If they
don't come in on time, you've lost it. This is something we
need to avoid. This is something we need to minimize the
length, if at all possible.
Senator Shaheen. Thank you. I certainly agree, 100 percent.
I want to ask about another issue that's outside of the
audit, but it goes to your current role. And that is, as you're
aware, I'm sure, there are a number of--virtually all military
facilities have an issue with PFAS [Perfluorooctanoic acid]
chemicals. Secretary Esper, to his credit, appointed a task
force, the day he got sworn in, to address that on military
installations. My understanding is that the Navy is very close
to a breakthrough on finding a replacement for the element in
firefighting foam that would be equally effective. Can you give
us any update on that? And, if not, can you take that for the
record?
Secretary Norquist. Let me take the particular question of
how close they are to the record.
[The information referred to follows:]
Secretary Norquist. The Environmental Security Technology
Certification Program (ESTCP) is supporting two series of
large-scale tests of fluorine-free alternatives to Aqueous Film
Forming Foam (AFFF). The tests will be of both commercially-
developed alternatives, as well as alternatives being developed
by the Strategic Environmental Research and Development Program
(SERDP). The first test series is being conducted by the Naval
Research Laboratory (NRL) and is 50 percent complete. The team
of Tyndall Air Force Base and Battelle have just received
approval of their test plans and will conduct their first test
in January 2020. Both teams are slated to submit their initial
test reports in February 2020.
Secretary Norquist. I know this is an area very important
to us. We have been researching alternatives. I think we spent
$22 million on that. But, we'll continue, because we need a
foam that protects armed service members when they're in high-
risk areas, but we also need it to be one that's
environmentally safe. And so, we will definitely get you the
answer on how they stand.
As you pointed out, this is a high-priority area for the
Secretary. He's got the task force working on 40 different
actions. But, this is something--we're getting to that
solution--is ultimately the right--the best place to end up.
Senator Shaheen. Good. Thank you.
Finally, in June, the Department released new standards for
defense contractors called the Cybersecurity Maturity Model
Certification, the CMMC, program. And I appreciate the need for
this program, to ensure that there is cybersecurity in place
for our contractors. But, can you talk about the extent to
which the Department is working with those contractors? One of
the things that we've heard from some of the businesses that we
work with is that they're very concerned about the timeframe
within which they have to comply with those standards, and also
with the assistance. For the big folks, it's not an issue as
much as for some of the smaller people who subcontract or who
work with Defense, who don't have the capacity and the
assistance that they need in order to comply. Can you talk
about what's happening on that?
Secretary Norquist. Sure. For those who are unfamiliar with
this, one of the issues we have is vulnerabilities in our
supply chain in the businesses we deal with. And so, other
countries tend to attack their networks to try and extract
important data. CMMC is a set of standards that they're
expected--and, much like a financial statement audit, they
would hire a firm to come in and check their controls and be
able to verify the quality. Part of the intent of this is to
recognize that the larger firms are going to have an easier
time. We need to work with the small businesses. In some cases,
like when we have requirements that a firm has a SCIF
[Sensitive Compartmented Information Facility], they are able
to hire a firm that--whose SCIF they have access to so that
they can work with folks who can set up a network that meets
this compliance. So, if you have a very small firm, you don't
try and build your own network. You just subscribe to one
that's already certified. Now you know you can count on it, and
that firm then just provides it to you as part of their IT
services. But, this is something that I know the CIO [Chief
Information Officer] and the Under Secretary for A&S
[Acquisition and Sustainment] are going to work very closely
with the small business community. We need them, most of all,
to get up to that standards, and we don't want this to be a
barrier to entry.
Senator Shaheen. Right. We don't want to lose all of the
innovation that's coming out of the----
Secretary Norquist. No, that's where a lot of the
innovation is coming from. You're absolutely right, Senator.
Senator Shaheen. Thank you.
Thank you, Mr. Chairman.
Senator Sullivan. Senator Ernst.
Senator Ernst. Thank you, Mr. Chair.
Mr. Secretary, along similar lines, but a little different
question, focusing on the purchase of unsecure commercial
items. Back in August, I had sent a letter to you highlighting
the threat that was posed by commercial off-the-shelf computers
and other types of electronic equipment, specifically those
that have been made in communist China and those that present
those cybersecurity risks. I appreciate the letter that you
sent back in reply, which discussed the ways in which the
Department is addressing those types of vulnerabilities, but
perhaps you could, maybe, just give us a quick update now on
the progress that the Department has actually made in that
area.
Secretary Norquist. Sure. So, one of the challenges you
have in buying, particularly, electronics is--it's one thing to
say this is a large Chinese-made product and it shouldn't be in
the system. But, then you start buying other ones, and you
start discovering components that were made--the company that
provides it to you is a U.S.-based company, but all of a sudden
there are components inside it. This is where the Department
has to do careful analysis of what it's buying. We look at the
threat intelligence, we look at their supply chains, and we
test the products for its adherence to security standards. In
some cases, we do penetration testing, red-teaming. But, we
need to understand those supply chains to understand where are
the places where we can't afford to have them bringing in those
types of parts, because it creates a vulnerability. And working
with those firms directly, in some cases, you can improve it if
you take out the middleman, you buy directly from the vendor.
But, in other cases, you have to understand if that vendor is
assembling parts that includes pieces. Now, some of those
pieces aren't a risk, others are. And that's where we have to
work very carefully. And that's the process that we're putting
in, both in--again, in cooperation between our CIO and our
Under Secretary for Acquisition.
Senator Ernst. Do you know, is the Department still
purchasing equipment that possibly could have been manufactured
in areas of concern?
Secretary Norquist. Let me take that for the record so I
know how far along in this we are.
[The information referred to follows:]
Secretary Norquist. Yes, the Department is still likely
purchasing equipment manufactured in areas of concern. Many
U.S. companies which produce cutting edge technologies also
manufacture their products overseas. However, DOD does factor
supply chain risk into our acquisition decisions, which
distinguishes between products ``made in'' a country of
concern, often as a routine business arrangement by U.S.
companies, versus products ``made by'' a country of concern,
where control and ownership may introduce extraordinary
opportunities for malicious intervention. Location of
manufacture is only one indicator of risk to the Department and
must be assessed in the larger context of company ownership,
board structures, security protocols, cybersecurity, financial
relationships, and other considerations, to include
counterintelligence. The Department is also participating in
the Federal Acquisition Security Council (FASC), established in
accordance with the 2018 SECURE Technology Act, with
responsibilities and authorities to identify and address supply
chain risks across the Federal Government.
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Senator Ernst. Okay. Wonderful.
Thank you very much, Mr. Chair.
Senator Sullivan. Senator Kaine.
Senator Kaine. Thank you.
Mr. Secretary, what I said in my opening comments, that I
wanted to try to get your opinion about when it might be
reasonable to expect--as we work through the process of these
annual audits and then, you know, engage in corrective
activities, when might it be reasonable for the committee to
expect that the Department would have a completely clean set of
audits?
Secretary Norquist. So, here's the trajectory you should
expect. We have 24 organizations. I would expect, every year,
to see movement forward, another one getting a clean opinion,
people moving to modified. Within 5 or so years, I'd expect you
to see the majority of them with a clean opinion. The
Department itself won't get a clean opinion till the very last
one falls. It took DHS 10 years to get a clean opinion. Five of
those were waiting on the Coast Guard. Everyone else got to a
clean opinion, and there was 5 years. And then, for several
years, it was just Coast Guard property. Everything else was
okay.
So, you'll start to see the number come down. I found it
very helpful, by the way, because, in the hearings, the Coast
Guard used to get that as an opening question, when they were
the one left out, as to, ``Why are you holding it up?'' That
helped focus everybody's attention. But, that will--you'll see
that over time. You'll see different parts get to a clean
opinion. You'll see the number of problems going down. You'll
see some where they have only a single issue holding them up.
That's very helpful for focusing it. I don't know how it takes
to get to the last one, because it's really who's the slowest
and takes the longest, and that will be the final pin to drop.
Senator Kaine. Thank you.
Mr. Chair, I would just like to ask to be introduced in the
record--in response to Senator Hirono's questions, Secretary
Norquist talked about the letter that he sent to--under--over
his signature, to Daniel Levin, who is the attorney for Laura
Cooper, and there was a reference to that letter. The letter is
about a page-and-a-half long, and the operative paragraph is
the penultimate one, which reads, in relevant part, ``This
letter informs you and Ms. Cooper of the administrationwide
direction that executive personnel,'' ``cannot participate in
the impeachment inquiry under these circumstances,'' period. I
would like to introduce this for the record. And I'm going to
have some additional followup via QFR [questions for the
record] about this letter.
Senator Sullivan. Without objection.
[The information referred to follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Senator Sullivan. Mr. Secretary, let me ask a couple of
other questions.
You mentioned that certain base commanders were very open
and willing to work--did you run into some obstinance or
resistance from other commanders? And was there a correlation
between that and maybe not scoring so well? Or was the word out
from the leadership in the Pentagon to make sure there was good
cooperation here?
Secretary Norquist. I think it's gotten better from year to
year. The auditors were the ones who gave me the feedback, and
they said the more they're engaged, the more likely that you
are to see the results. It's a question of them focusing on the
items in the process and what they need to be accountable for.
But, here was the big surprise for the audit. One of the
concerns we had, going in, from those of you advocating for
audit and those of us pushing it, is the risk that it would be
seen as a paperwork drill, ``You come, you audit me, and all
you're doing to check is a bunch of paper and whether it--my
bills match my invoices. This is just an admin drill.'' The
issue over inventory, things that had direct benefit to
readiness, this quickly turned around the views of the military
that we dealt with to understand is--this wasn't about
paperwork, this was about readiness, this was about being able
to do their mission. So, I never ended up getting the pushback
that I was afraid I was going to see and that everyone--until
you started it, everyone just assumed was going to be the
natural outcome of the audit. So, I think we've seen a change.
I think we've seen that level of emphasis. Some places are
stronger than others, but I think we're going to continue to
see it grow.
Senator Sullivan. Let me ask, related to that topic--you
know, some of the media, which I'm glad they covered it, but,
not surprisingly, the headlines were a little alarming. There
was a Reuters piece, a couple of days ago, ``Pentagon Gets
Failing Grade in its Second Audit.'' And then, a Bloomberg
piece, just--well, yesterday, I think--headline, ``Air Force's
Inventory Listed Wrong Sites for 79 Nuclear Missiles.'' So--
"misidentification of 79 Active Minuteman II nuclear-armed
missiles, almost a fifth of the fleet.'' That's pretty
alarming.
Can you talk to some of these headlines, and particularly
the one with regard to 79, ``missing nuclear missiles"?
Secretary Norquist. Right. So, these types of----
Senator Sullivan. Were they really missing? I'm a little
bit concerned, if that was the case.
Secretary Norquist. So, the proper title would have been,
``79 Uninstalled Missile Motors,'' because they aren't actual
ICBMs [Intercontinental Ballistic Missiles] and missiles. They
are the motors that are used in them. And when they are pulled
out and put into maintenance in the supply system, there was an
issue in the accuracy of the supply system, because it's
manual, tracking whether they were still on the base, and
whether they were at the depot. But, I don't think
``uninstalled missile motors in maintenance'' has the same
drama as the title that you read.
This comes up in the audit. Occasionally, you'll have some
story that references the Department and trillions of dollars,
even though that number is orders of magnitude larger than our
budget. There are these types of misunderstandings of what the
auditors--again, remember, these audit reports are written by
accountants. So, they are written with a level of detail that
makes sense to somebody of that background. But, to others,
these stories come out, and you try and translate it, and you
get it wrong. So, part of my job is, when these come up,
explaining, ``No, our missiles are in the ground. We know where
they are. They don't tend to move that often, for the ICBMs.
So, 79 would not have been relocated. But, this is missile
motors.'' And the answer is, it's still a problem, we still
have to get inaccuracy of our missile motors, but it's not
the--it's a regular supply issue and inaccuracy from a manually
updated database.
Senator Sullivan. Okay. So, on that headline, still useful,
and it--obviously, keeping track of the missile motors is
important, but it wasn't as if there was----
Secretary Norquist. Correct.
Senator Sullivan.--a loss of the----
Secretary Norquist. Correct. And they did a----
Senator Sullivan. We knew where these ICBMs were.
Secretary Norquist. Right. And the auditors did a site
visit at F.E. Warren, and they gave it 100 percent thumbs-up. I
met with them and asked them what issues. They didn't even
bring this one up. They just talked about supply issues, in
general.
Senator Sullivan. And ``failing grade"? That's accurate.
Was it----
Secretary Norquist. On the overall audit?
Senator Sullivan. Yes.
Secretary Norquist. Yeah, we didn't pass. I mean--well, let
me--in fairness, seven organizations did, and the leaders of
those should get credit, because many of them started those
audits before anybody else in the Department. The--some of the
funds, having clean opinions for 5 or 10 years. That was sheer
will by the leadership of that organization, because there was
not a pull signal from the Department level for many of those.
So, credit to those who got it. But, we've still got another,
you know----
Senator Sullivan. Let me ask a more parochial question,
from my perspective. You said you were at Fort Wainwright in
Alaska. What were the findings there? Positive? Negative? Any
good examples or things that need to be improved upon?
Secretary Norquist. Sure. So, it's a great example of the
test they did. They went to Fort Wainwright, and they had a
list of 108 items that they wanted to find. These were
everything from rotary-wing aircraft to coms gear. And then
they looked around and picked 25 items they found, and then
they went back to the database and said, ``Can you show me
these 25?'' They had 95.5-percent pass rate. There were six
things. Examples included: the serial number didn't match.
Okay, well, then we can't be certain this is the same item. You
have an item, but the serial doesn't match. Or the item was
there, but it wasn't recorded in the system. Okay, you've got a
missing piece entry. Six is somewhat small, but, again, this is
a sample, so the question becomes, What--if you extrapolate
that? But, it was 95.5-percent pass rate. That's a good example
of the visits they did around the country. And I think it's the
type of thing where that feedback is helpful, because the local
commander can figure out why, ``Why do I have these six
areas?'' And then they can determine, ``Is it in other areas,
as well? Do I have--if they came back and pulled a different
sample, would I be 100 percent or would I still have the same
errors?'' And then they have, you know, 6 to 9 months to work
on it before the auditors potentially sample them again.
Senator Sullivan. Great. Thank you.
Senator Perdue.
Senator Perdue. Well, first of all, I want to thank you for
your perseverance in here. You and the Ranking Member Kaine
have been warriors on this for years.
I want to thank you, Secretary, for giving us our first
audit in the history of the United States. I know it's a
laborious process, and I know it's expensive, to start with, to
do your first one. I just have a couple of quick questions.
When you look at the number--or the cost of this first
exercise, pretty substantial, as you might imagine. This is our
third-largest expense--item on our expense sheet, second only
to Social Security and Medicare. But, it's only a few--it's
only a little bit larger than some of our larger corporations.
They do this routinely, and it doesn't cost them a billion
dollars to do so. So, my question is, over time, do you see a
possibility, number one, that we can get to the answers, here,
quicker, now that we've got a start at it, we can get to a
clean report? And then, what's the quantitative--I know we've
talked about some of the subjective benefits of this, obvious--
that are obvious, but how do we quantify that? I mean, it seems
to me--you've mentioned, in a private conversation, that you've
pretty much already paid for this, in many regards,
quantitatively. Can you just tell the committee and get that on
the record for us?
Secretary Norquist. Sure. So, you talked about the cost.
Let's break it into the three parts.
There's the amount we pay to the public accounting firms--
--
Senator Perdue. Right.
Secretary Norquist.--about $195 million. Compared to our
size, not dramatically different than some of the other large
firms.
Senator Perdue. It's about right.
Secretary Norquist. From the Corps of Engineers, their
experience has been, though, that, as the audits move from
these heavy sampling to reliance on controls, those costs will
come down. So, we expect to see the amount we pay the auditors
go down.
We have a similar amount, about $250 million, that we spend
either in labor of Federal employees or in the contract support
that we use to support the audit. Some of that will come down.
Some of that's just the cost of doing business correctly.
When you look at what DFAS spends to process, they have
very good data over how much they spend fixing errors. Their
cost will go down by at least $400 million when they start
getting clean data, which will fully cover the cost of the
audit and the cost of our side of support.
Senator Perdue. The clean data is a byproduct of an audit
process.
Secretary Norquist. It absolutely is. And you think about
the labor we spend when a transaction comes through that's
unclean. Somebody has to research, they've got to figure out
why the codes are wrong----
Senator Perdue. Right.
Secretary Norquist.--which is an automatic--when the whole
thing flies through without a touch. Right? And you're all set.
The second half of that is the money we spend on fixing
problems. And again, we're doing this to comply with our
standards and with the law, so we were spending that money in
the past, and we are spending now. The difference is, we didn't
have the audit to tell us if it was right.
So, I'll just pick a system example. You're fielding a new
accounting system. In the past, you'd field it, and then you'd
start discovering it didn't post right, it didn't do what you
want to. The person fielding it now knows the auditors are
going to show every year and test that system, so you're not
going to be done with your implementation before the auditor's
given you a list of problems. And the program manager's
thinking, ``Am I paying you to make this system work?'' So,
that level of discipline benefits the taxpayer through these
fieldings to get it to the right level.
What I was surprised by was, when you look at the money
that the Navy has saved, the $167 million, when you look at the
$316 million that the Department was able to use data analytics
to recover as we did our budget scrubs, that's the cost of what
we're spending on the audit, and then some. So, in terms of
paying the auditors, we're already recovering that.
Senator Perdue. Right.
Secretary Norquist. Now we're just living off the benefit
of all of their findings, making sure the rest of the money we
spend is better, that our processes get better, and that we
bring discipline to the system. So, I had originally expected
that this would be a savings some years out. And I know the
patience with, ``Just wait, it will pass.'' But, we are seeing
that benefit now, and we are seeing the benefit to the taxpayer
immediately.
Senator Perdue. Can I ask one more, real quick?
I know you've talked about continuing resolutions since
you've taken this job. And we now know, because the SECNAV
[Secretary of the Navy], Secretary Spencer, has actually talked
to us quantitatively about that, and now the service heads--
Secretaries have also done that across the board. We now know
that it costs upwards of couple-hundred-billion dollars over 10
years, in terms of these--the CR practice that we've been under
for the last 45 years. Only 4 times in the last 45 years have
we actually funded the government on time. And that means no
need for a continuing resolution at the beginning of the year.
In the last decade, all but one year, we've--the first quarter
has been under a continuing resolution.
Now, this current debate that we'll have tomorrow, if we
have a vote on the next continuing resolution, will be the
188th continuing resolution. Can you describe to us how the
audit interacts with our growing awareness of how this
insidious thing called a continuing resolution just devastates
the military? It doesn't sound so onerous to me, as a business
guy, coming--you're going to spend no more than last year? That
doesn't sound so bad. But, because it ties the hands of the
military at the line-item level, seems to me we're building in
tremendous intrinsic costs there just because of our lack of
doing the job here in Congress. And I know you agree with that.
How would the audit help us identify, expose those wasteful
efforts? Like, $4 billion right now we're spending today, we're
spending against $4 billion of programs that the DOD has
already said are obsolete, we don't want to spend those
anymore, but we're obliged to under the continuing resolution
law.
Secretary Norquist. So, you think of a contract where
you're buying some supply. Normally, you might place the order
at the beginning of the year for the entire year. And instead,
you're going to take that, and somebody's going to make an
order that covers the first 6 weeks. And then, after your
contracting action, they have to do all the normal paperwork,
they've got to load it in the system, and then, when the CR is
extended, they do another contract for another 4 or 6 weeks. We
keep breaking this contract into multiple parts, increasing the
amount of manual labor that you have to do, increasing the
chance for data error, making it much harder on the vendor to
deliver the quantity at the right cost. What the audit will
show you is just the volume of transactions you have
artificially generated, the amount of additional work. We see
the consequences with some of these inventory issues at year-
end, where we held back money for 3 to 6 months, and then we
push it forward and expect people to move out and be able to
execute it with the 3 to 6 months left.
Senator Perdue. We're holding excess inventory in
anticipation of 3 months or more that we can't use.
Secretary Norquist. Or at the very end of the year, it's
the one thing I can order. Right? So, I order the inventory,
but it's a rush, because I didn't get it in a normal sequence
like I did, so I put it on the shelf. I'll get around to
loading it into the inventory system later. Life gets busy----
The other part is, the people doing the audit are the ones
most affected by the CR. It's the acquisition community, it's
the financial--all these folks who are now spending their time
over here, we want over on the other side, getting the data and
getting the process right.
It's very disruptive, and the audit highlights that. And
then, the whole effect on the mission side, on the families, on
the deployments, those are a pretty serious problem.
Senator Perdue. Thank you.
Thank you, Mr. Chair.
Senator Sullivan. Senator Blackburn.
Senator Blackburn. Thank you, Mr. Chairman.
And, Mr. Secretary, thank you for being with us today.
I'll have tell you, going back to my freshman year in the
House in 2003, we started working on the management initiative,
the DOD audit processes, trying to simplify this and get
everybody into a system where data would be interoperable, you
would be able to put a lot of this online at that point. Now we
want it all in the Cloud. But, what has frustrated me, and, I
think, what continues to frustrate some of our men and women in
uniform, is that you take two steps forward, you take a couple
of steps back, and you end up not making as much progress as
you would like to see made.
So, with our interests in Tennessee--Fort Campbell,
Millington Air Naval Station, Arnold Air, our National Guard
presence, the full-time National Guard Intel Unit--as I talk
with these men and women, one of the things that continues to
come up is having a standardized process, having best
practices, and being able to look, not just at what is
immediately in front of you, but looking out--further out.
Senator Perdue just talked about the necessity for having
budget authority and not running on a CR. That's a big part of
that. And we realize that. But, also, I think the--what comes
back to being an issue with DOD is the fact that they just
can't seem to get ahead of this process and get those best
practices in place.
So, what I'd like to hear from you is, if you've got a
system in place to really incentivize identification of cost
savings by DOD employees, if that would help. And also, what
about a best-practices database? Is that something that, as you
go through this and you pull this data, and you go in and
research this, are you building a best-practices database that
is going to be available systemwide? And then, the third thing
I would say is, leveraging leaders from the private sector who
can really come in, based on their experience, and help you
streamline processes and optimize operations for the
Department. Because right now--and this is one of the problems,
I think, that our units have when they're deployed, is the
number of hoops they have to jump through to get authority or
something that they need in a timely manner.
As you look, holistically, at this and what you intend to
glean from it, if you'll just answer those, it would be
helpful.
Secretary Norquist. Sure. One of the important things is
how the audit puts a spotlight on some of those problems. And
one of the things that we have set up at the Department is, we
have three forums that include the headquarters, but also Army,
Navy, and Air Force. One of them focuses on the IT aspects of
the audit; another, on the logistics, which is a lot of the
issue you're talking about; and the third is on financial
management. And part of the answer is, we're all going to find
the same problem. So, when we have the right fix, when we have
a solution that is usable across it--and so, for example, the
Army is experimenting with--it's a series of codes called a
BOT, a micro-thing--but, what it does is, it's software that,
when you depart, runs through the accounts and looks for every
place you had a login account, and turns it off instead of
waiting for six different organizations to get the paperwork to
go in and turn off your access. That works. Everybody can adopt
it. The similar thing we're looking at is, how do I make sure
somebody doesn't login as one user in one account, still login
as another. We're trying to design a control that prevents
somebody from doing both of those functions. All of those are
best practices, and we have a forum that shares those.
You talk about being in the private sector. Secretary
Spencer, at the Navy, bought in private-sector overview of how
you do aircraft maintenance and has been looking through and
adopting some of the best practices on the Navy aircraft in
order to fix the depot issues, the supply issues they have been
facing. And so, when they have those, they then share them with
the other services. But, each of these answers, there's a lot
of analogy to what we do, even though we're different, in the
private sector. And the more we can--we used to call it, you
know, best practices in government. I think it used to be
called plagiarism when I was in college. But, you take their
ideas, and you use them, and you use it to drive efficiency in
the process.
Senator Blackburn. Thank you.
I yield back.
Senator Sullivan. Thank you, Senator Blackburn.
Senator Perdue.
Senator Perdue. Well, thank you for accommodating. I just
have one more.
We could do this all day, Mr. Secretary, but you've got a
job to do, and we do, too.
But, this is so impactful. We're talking about big dollars
here, $160 billion that we spent. Where do we go from here? And
what do you think we're going to identify? If you're not ready
to quantify this today, I totally understand that. But, one of
the purposes of an audit is to look at operational
effectiveness and best practices Senator Blackburn just
mentioned. But, I'm looking at the top-line. This is our, sort
of, first deep-dive look at the broad base of the DOD. And,
when you look at the impacts of CRs and other things, given the
NDS, what do you think the potential is going to be for some
rationalization of this lost cause?
For example--and I will just highlight this quickly--we
spend about 14 percent of the total money on overhead. Now,
that's up from about 2 percent in about the Vietnam era. So,
it's 2 percent to 14. I'd like to know what that increase is.
That should be part of the audit process, as well. Then we
allocate the balance--a third, a third, a third--which is not
consistent with the NDS. And I would hope that the audit, in
getting more efficacy about where the money is spent and how
that's decided, will give us some flexibility in how to address
that.
So, my question, sir, is, where do we go from here? What's
the next step this year? And what do you hope to improve after
the first audit? And then, secondarily, what do you think the
rationalization potential could be in DOD? If you're not ready
to quantify a number there, I would totally understand. But, at
least directionally, give us some idea of what you're thinking.
Secretary Norquist. Sure. So, I think the next big step--I
mean, in the small steps, we're going to keep identifying the
errors, we're going to close them--the next big step is to take
advantage of the data we have. Part of it is, we used to do
transactions in blocks, thousands of transactions as a single
entry. Can't do that and pass an audit. So, we're doing
individual transactions. The advantage of that is, you can now
search on them. So, whereas, before, somebody looking at a
budget would see they had $100 million, they've spent 50; they
can now click on that and get every single transaction that
makes that up. Well, now if you want to get after overhead, if
you want to get after some of those other expenses, you can go
through those transactions and sort out, is this overhead, as
in logistics support and maintenance and essential things, or
is this overhead, as in I hired a consultant? Right? And am I
getting something? So, that level of transaction-level data.
Part of what I want to push for is, we should be able to
have a meeting in the Pentagon that looks like what you'd have
in a business company, where all the business units are there
and you've got a report from your CFO [Chief Financial
Officer], that there's no discussion about the report. It is an
accurate summary of the financial activities of each of the
organization. We're now going to have a discussion about what
it means. Right? If you don't trust the data, you can't get
there. But, if you start having this transaction level, we can
bring it up.
We use, in Defense, something called PPBE ``planning,
program, budget, execution.'' It doesn't have a backloop--
right?--where you go and you say, and here's what we did and
how it comes back. So, we may end up changing that to PPBA,
where we go from budgeting to the accountability, which is, did
you do with the money, what did you get for it? Before I do
programming for the next 5 years, how do I take that
information back into the system? And this is moving accounting
from being a note at the end that we send a report to somebody
to--and again, the audit report is just to somebody, but it's
the data that produces it that can come back to the leadership
in a usable format. And this is what private-sector companies
are able to do, because they trust their data. And that's what
we want to be able to get to from how you manage an entity.
Senator Perdue. Well, of all the people who come to the
Hill and testify, I have to tell you, you have consistently
been a straight shooter, and I so much appreciate that. Thanks
for all you're doing over there.
Thank you, Mr. Chair, for----
Senator Sullivan. Thank you, Senator Perdue.
And I want to thank the Secretary, as well.
I want to thank my colleagues. You're looking--three of the
leaders in the Senate on these audit and budget issues for the
Pentagon--Senator Ernst, Senator Blackburn, Senator Perdue. So,
thank you, to them.
And, you know, Mr. Secretary, you did raise the issue of
the CR, and heard bipartisan concern here today, which I think
is important, how you described it. There is a way to deal with
it, which is to allow us to get on the Defense appropriations
bill and have my colleagues on the other side stop
filibustering from getting on that, and we can just vote on it.
That would certainly help. That's what we're trying to do. So,
to the bipartisan concern, there's a simple answer: Let's get
on the bill and vote on the Defense approps bill that came out
of the Appropriations Committee with a strong bipartisan
support. But, we'll continue to press that. I certainly will.
Well, I want to thank you, again.
And members are requested to submit any additional
questions for the record by Friday at noon.
Mr. Secretary, I appreciate and respectfully ask that you
promptly respond to any of these additional questions from any
of the members of this committee.
With that, we are adjourned.
[Whereupon, at 10:49 a.m., the committee adjourned.]
[Questions for the record with answers supplied follow:]
Questions Submitted by Senator David Perdue
audit of digital assets
1. Senator Perdue. Secretary Norquist, the fiscal year 2018 and
fiscal year 2019 Department of Defense audits revealed problems
throughout DOD concerning inventory accuracy and complying with
cybersecurity discipline. While these audits have identified physical
assets, including properties and systems under DOD's management, I am
concerned that the department is failing to obtain a full account of
its digital assets, specifically Internet Protocol (IP) addresses owned
and operated by DOD. To what extent has the DOD audit included a
comprehensive inventory count of DOD's digital assets (e.g. IP
addresses, certificates, domains, and cloud instances, as well as
services and DOD assets hosted in contractor and cloud environments)?
Secretary Norquist. All DOD financial statement audits have been
performed by independent auditors in accordance with applicable
professional standards with the objective of rendering an opinion on
the fairness of presentation of the financial statements in accordance
with generally accepted accounting principles. The auditor's testing
may provide some feedback on the sufficiency of the controls over
digital assets, but a financial statement audit is not expected to
address all of the specific points above.
For those digital assets that are subject to inclusion on
the financial statements (expensed or capitalized), the financial
statement auditors perform testing of management's controls and
substantive testing of transactions on a sample basis which may
identify instances of incomplete or inaccurate accounting for these
assets.
This may include assets such as computing hardware and
software purchased / developed by DOD. However, this would not
typically include digital assets such as IP addresses and certificates
that are not recorded in the financial statements.
Furthermore, the DOD doesn't technically ``own'' IPv4 address space
such that we could sell the IPv4 addresses and keep proceeds. DOD has
an allocation of IPv4 address space, and IF some or all of that address
space were sold in accordance with statute and policy, the proceeds
would go to the U.S. Treasury and not DOD. While the Department may not
own IP addresses, it is the responsibility of management to perform
inventory counts of the Department's assets, including digital assets.
DOD is increasing enterprise-wide maturity in IT asset inventory
reporting for commercial software licenses and commodity IT laptop and
desktop computers by: improving property accountability for commercial
software license purchases; modernizing cybersecurity end-point
identification, management and asset reporting solutions; and,
implementing enterprise-wide purchasing and licensing solutions for the
most widely-used commercial software products and commodity laptop and
desktop computers.
While professional standards require auditors to obtain sufficient
knowledge of information systems relevant to financial reporting to
plan and perform the audit, they do not require the verification of
every single internet protocol address or digital asset.
2. Senator Perdue. Secretary Norquist, if not, what reasoning/
review is behind the Department's decision to not include digital
assets in the audit's purview?
Secretary Norquist. The objective of the DOD audit is to verify
that the Department's financial statements are fairly stated by
assessing the DOD's ability to capture, record and report its financial
activity and balances. All of the DOD's books and records are subject
to audit scrutiny, including digital assets that have a significant
impact on the financial statements. The DOD Office of Inspector General
(DOD OIG) auditors and the independent public accounting (IPA) firms
performing the audit determine the scope of the audit and the specific
procedures to perform.
3. Senator Perdue. Secretary Norquist, with regards to DOD audit
protocol, do auditors from outside firms, as well as auditors from
DOD's Office of Inspector General (OIG), include digital inventory when
conducting site visits?
Secretary Norquist. The DOD OIG auditors and the IPA firms
performing the audit determine the scope of the audit and the specific
procedures to perform. The DOD OIG has an oversight role for the audit,
including understanding the IPAs' site visit objectives, planned test
procedures, and samples selected. If the auditors, deem digital assets
to be significant (i.e., subject for inclusion on the financial
statements based on generally accepted accounting principles), they
will include them in the scope of the audit accordingly.
4. Senator Perdue. Secretary Norquist, what level of risk is the
Department assuming by not having a proper accounting of global DOD
digital assets?
Secretary Norquist. To the extent that the inability to account for
digital assets reflects an inability to monitor activity on Department
of Defense (DOD) networks, or is indicative of unevaluated software or
hardware operating on DOD networks, this would present a cybersecurity
risk. However, the ability to meet the financial/accounting requirement
would not necessarily reduce cybersecurity risk and vice versa.
Financial risks from weaknesses in accounting for digital assets
typically include increased likelihood of incurring higher costs for
purchasing and maintaining IT assets, when compared with IT asset costs
for entities with well-managed digital asset inventories. The potential
cost risks from poor inventory accounting can arise from purchasing
excess inventory, failing to maximize volume purchase discounts,
planning and negotiating procurements with incomplete price and
requirements data, and struggling to optimize asset utilization.
DOD software applications, hardware appliances, and hosting
locations / enclaves are required to undergo assessment and
authorization following the DOD Risk Management Framework (DOD
Instruction 8510.01) on an annual basis. DOD Authorizing Officials (AO)
are responsible for assuring that software and devices connected to
their networks are properly accredited. The workflow and evidence is
tracked and maintained in automated systems such as the Enterprise
Mission Assurance Support System (eMASS). Similarly, and as described
in greater detail below in response to QFR 6, DOD has long leveraged
network scanning technologies to evaluate status and configurations on
DOD networks. DOD is in the processes of migrating toward an
infrastructure of end-point management through comply-to-connect and
automated continuous monitoring technologies, further described below.
5. Senator Perdue. Secretary Norquist, how is the Department
quantifying that risk?
Secretary Norquist. Regarding the financial risks, the Department
of Defense (DOD) quantifies the risks of higher costs from weaknesses
in digital asset inventories by estimating the potential cost avoidance
that could be achieved by improving IT asset visibility, IT asset
management, and IT category management procurement processes. This
analysis includes estimating the potential cost improvements and
efficiencies that could be achieved by: implementing enterprise
software licensing and purchasing solutions that align purchases with
validated requirements; using category management and acquisition
strategies that optimize contract terms and prices for the most widely
used commercial assets; and, reducing duplicative procurement actions.
Regarding cybersecurity risks associated with status of devices,
software and systems operating on DOD Networks, DOD maintains its cyber
hygiene scorecard. Compiled from data provided from its legacy
information security continuous monitoring (ISCM) capability, that
scorecard tracks status of key configuration control and security
architecture metrics, and is leveraged by DOD to meet Federal
Information Security Management Act (FISMA) reporting requirements. The
importance to DOD of improving the ability to monitor and manage
network software and devices operating on its endpoints, is reflected
in this being an initiative within the DOD Top 10 Cyber Landscape
efforts, and is track within the DOD Top 10 Cyber Scorecard.
6. Senator Perdue. Secretary Norquist, if the Department is not
capturing digital inventory in the DOD audit, how does it intend to
continuously discover and monitor digital assets that are dynamic and
ephemeral?
Secretary Norquist. DOD is modernizing its capability to
continuously discover and monitor digital assets by transitioning from
the legacy information security continuous monitoring (ISCM) to Comply-
to-connect (C2C) and Automated Continuous Endpoint Monitoring (ACEM)
frameworks. ACEM enhances the existing end-point management solution by
providing a more effective means to discover end points that are not
currently managed using ISCM solutions, which will enable more complete
deployment of current and planned end-point management solutions.
Implementing C2C will ensure that all hosts--regardless of whether
asset is a physical device or virtual host--are authenticated as known
and authorized resources, and are configured in compliance with
applicable cybersecurity and asset management policies and standards.
ISCM, ACEM, and C2C are and will continue to be continuous monitoring
activities. The monitoring data could be leveraged at any point in time
to support audit requirements.
Implementation of the C2C framework, in particular, will improve
ability to manage static and ephemeral hosts by denying access to
network resources and services for hosts that fail to authenticate or
fail to meet minimum cybersecurity policy requirements. C2C, along with
ACEM and other planned cybersecurity modernization initiatives, will
increase the ability to automate remediation of deficiencies in policy
compliance for authorized hosts, regardless of whether the host is a
physical or virtual host. Operators will be required to intervene on an
exception basis to address unauthorized assets or assets that cannot be
brought into configuration compliance using automated solutions.
identifying huawei inventory oconus
7. Senator Perdue. Secretary Norquist, the U.S. military maintains
hundreds of military bases in more than 70 countries worldwide. Some of
these bases rely on the host nation's telecommunication networks to
provide the base with broadband services. Many of these countries
utilize equipment from Huawei to operate their telecommunications
network. When auditors conduct site visits OCONUS [Outside Continental
United States], are they evaluating the cybersecurity risks that
military installations are potentially incurring by relying on
telecommunication networks that utilize Huawei equipment, particularly
in light of recent legislation that has prohibited that use?
Secretary Norquist. Financial statement auditors test information
system controls in support of a financial statement audit. In such
instances, the testing generally involves assessing general and
application controls such as security management and configuration
management. The scope of a financial statement audit typically does not
include evaluating the cybersecurity risks related to use of specific
telecommunications networks unless those networks are relevant and
significant to the DOD's financial statements.
Even in those cases, the auditor's primary consideration
would be controls over the initiation of unauthorized transactions or
changes to data relevant to financial reporting and would not address
controls to prevent espionage (i.e., unauthorized ability to view data
transmitted over telecommunication networks).
8. Senator Perdue. Secretary Norquist, if not, what are the
potential risks that DOD could incur by failing to create cybersecurity
protocols that ensure military bases OCONUS are not operating on
networks that utilize Huawei equipment?
Secretary Norquist. The Department shares your concern regarding
the supply chain risk posed by Huawei, and other Chinese providers. DOD
is aware that there is likely proliferation of these technologies
within commercial telecommunications upon which DOD may be required to
rely, particularly in foreign countries. However, DOD always assumes
that its network traffic is vulnerable in foreign countries, takes
steps to reduce the risk to its network traffic through strong
encryption, and redundant and diverse communications.
__________
Questions Submitted by Senator Jack Reed
transparency of audit firms
9. Senator Reed. Secretary Norquist, as part of his confirmation
process, Secretary Esper noted that it is important for the Secretary
of Defense to know whether an auditor has been disciplined in the past
for poor performance before an auditor is selected to do work for DOD.
Do you agree with Secretary Esper?
Secretary Norquist. Yes, it would absolutely be prudent for the
Secretary of Defense to be aware of this information and for the DOD to
have a full understanding of the specific circumstances and any
remediating factors related to a case where an auditor has been
disciplined for poor performance in the past. This type of information
is relevant and should be closely examined in making procurement
decisions with taxpayer funds.
10. Senator Reed. Secretary Norquist, will you personally commit to
using your best efforts to ensure that as part of any contract action
(including awards, renewals, and amendments), the Department requires
any accounting firm providing financial statement auditing or audit
remediation services to the Department in support of the audit required
under section 3521 of title 31, United States Code, to provide the
Department with a statement setting forth the details of any
disciplinary proceedings conducted by any entity with the authority to
enforce compliance with rules or laws applying to audit services
offered by the accounting firm or its associated persons?
Secretary Norquist. Yes, in March 2019 a Defense Federal
Acquisition Regulation supplement rule was issued to implement section
1006 of the fiscal year 2019 National Defense Authorization Act (NDAA),
which requires these statements to be made part contracting process The
Department is continuing to refine the process whereby future
solicitations for audit services would require accounting firms to
verify that either they have not been subject to any such disciplinary
proceedings, or in the event that they have been subject to
disciplinary proceedings, fully disclose the related facts and
circumstances as part of the solicitation response.
__________
Questions Submitted by Senator Jeanne Shaheen
pfas-free firefighting foam research
11. Senator Shaheen. Secretary Norquist, I understand that the
Naval Research Laboratory is currently working on developing an
alternative fluorine-free firefighting foam. Can you provide an update
on the ongoing research and the status on its fielding and
implementation?
Secretary Norquist. The Environmental Security Technology
Certification Program (ESTCP) is supporting two series of large-scale
tests of fluorine-free alternatives to Aqueous Film Forming Foam
(AFFF). The tests will be of both commercially-developed alternatives,
as well as alternatives being developed by the Strategic Environmental
Research and Development Program (SERDP). The first test series is
being conducted by the Naval Research Laboratory (NRL) and is 50
percent complete. The team of Tyndall Air Force Base and Battelle have
just received approval of their test plans and will conduct their first
test in January 2020. Both teams are slated to submit their initial
test reports in February 2020.
__________
Questions Submitted by Senator Mazie K. Hirono
obstructing congress
12. Senator Hirono. Secretary Norquist, in response to my question
about whether you would refrain from prohibiting DOD officials, like
Ms. Laura Cooper, from participating in the House of Representatives'
impeachment inquiry, you stated: ``I did not prohibit her. What I did
was I forwarded her the information that we-- I forwarded to her lawyer
the information we had received from the White House that expressed
their views about the impeachment process.'' Your letter to Mr. Levin,
however, does more than forward the White House's letter. Your letter
states, ``This letter informs you and Ms. Cooper of the Administration-
wide direction that Executive Branch personnel `cannot participate in
[the impeachment] inquiry under these circumstances'.'' As I stated at
the hearing, a letter like this does create a chilling effect. Will you
refrain from prohibiting or deterring any other DOD officials from
cooperating with Congress going forward?
Secretary Norquist. On October 22, 2019, I wrote Ms. Cooper's
personal counsel to inform him of the Administration-wide direction
that Executive Branch personnel cannot participate in the impeachment
inquiry under the circumstances. Though interagency communications
remain confidential, I can say the Administration's guidance remains
the same.
13. Senator Hirono. Secretary Norquist, will you agree to formally
notify everyone who works at DOD of their legal right to report
misconduct to Congress without retaliation?
Secretary Norquist. Pursuant to the No FEAR Act, all personnel are
informed of the rights and protections available to them under Federal
antidiscrimination and whistleblower protection laws. New employees
receive No FEAR Act training within 90 calendar days of their
appointment to service. Further, all employees are required to complete
refresher training every two years to ensure continued understanding of
their rights and responsibilities.
14. Senator Hirono. Secretary Norquist, you stated at the hearing
that you ``take very seriously our responsibility to accurately and
responsibly respond to Congress.'' On November 3, 2019, the Department
of Defense General Counsel, Paul Ney, ordered the Pentagon to identify
and submit for review all documents about the distribution of military
aid to Ukraine. Will you allow your staff to cooperate with Congress
and provide documents collected by General Counsel Paul Ney to
Congress?
Secretary Norquist. The Department remains firmly committed to
accommodating congressional oversight. Most if not all the documents
collected internally pursuant to the DOD General Counsel's memorandum
of October 3, 2019, are also responsive to the House Permanent Select
Committee on Intelligence's subpoena of October 7, 2019. There are
legal and practical concerns with the subpoena as detailed in the White
House Counsel's letter of October 8, 2019, which must be addressed
prior to any responsive documents being supplied to Congress.
parole in place
15. Senator Hirono. Secretary Norquist, recent news reports
indicated that the Trump administration has been looking into
terminating the ``parole in place'' program for military families since
this summer. This program, which began under President George W. Bush,
has helped undocumented family members of servicemembers adjust their
legal status without being forced to leave the United States and face a
ban from entering the country for up to 10 years. According to a July
5, 2018, Military Times article, data showed that rejections of parole
in place requests for families of Active Duty members rose from 11
percent in fiscal year 2016 to about 14.5 percent in fiscal year 2018.
When I asked you about this program during the hearing, you said that
you would take my question for the record. Secretary Esper previously
committed to me that he would look into this issue. What steps has DOD
taken to coordinate with the Department of Homeland Security (DHS) on
this issue?
Secretary Norquist. Any significant event that impacts the
readiness of our servicemembers and their families is of concern. As
such, we have worked closely with the Department of Homeland Security
as they reviewed the future of the Military Parole in Place policy and
are not aware of any pending DHS termination. We note the passage of
Section 1758 in the Fiscal Year 2020 National Defense Authorization Act
that encourages DHS to continue to support Military Parole in Place and
thank the Committee for its support.
16. Senator Hirono. Secretary Norquist, has DOD urged DHS to
preserve this parole in place program or reconsider DHS's recent
increase in rates of denial of parole in place for families of Active
Duty servicemembers?
Secretary Norquist. The Department has worked closely with the
Department of Homeland Security (DHS) as they reviewed the future of
the Military Parole in Place policy, and is not aware of any pending
DHS termination.
17. Senator Hirono. Secretary Norquist, during his nomination
hearing, Secretary Esper indicated he would not expend any DOD
resources to help DHS identify and deport veterans. To your knowledge,
has DOD provided to DHS any information or resources related to
veterans who may be subject to deportation?
Secretary Norquist. The Defense Department is not aware of any such
information being provided to the Department of Homeland Security
related to veteran deportation. The Department does provide information
pertinent to the naturalization adjudications of qualifying
servicemembers as requested.
__________
Questions Submitted by Senator Tim Kaine
participation in the impeachment inquiry
18. Senator Kaine. Secretary Norquist, In your October 22, 2019,
letter to Daniel Levin, the counsel for Ms. Laura Cooper, you provided
the Administration's direction stating that Executive Branch personnel
``cannot participate in the impeachment inquiry'' and that even if
issued a Congressional subpoena to compel their appearance and
testimony that the Supreme Court Ruling in United States v. Rumely, 345
U.S. 41 (1953) held ``that a person cannot be sanctioned for refusing
to comply with a congressional subpoena unauthorized by a House Rule or
Resolution.'' Did you send this letter at the direction of the White
House?
Secretary Norquist. On October 22, 2019, I wrote Ms. Cooper's
personal counsel to inform him of the Administration-wide direction
that Executive Branch personnel cannot participate in the impeachment
inquiry under the circumstances. Though interagency communications
remain confidential, I can say the Administration's guidance remains
the same.
19. Senator Kaine. Secretary Norquist, In your October 22, 2019,
letter to Daniel Levin, the counsel for Ms. Laura Cooper, you provided
the Administration's direction stating that Executive Branch personnel
``cannot participate in the impeachment inquiry'' and that even if
issued a Congressional subpoena to compel their appearance and
testimony that the Supreme Court Ruling in United States v. Rumely, 345
U.S. 41 (1953) held ``that a person cannot be sanctioned for refusing
to comply with a congressional subpoena unauthorized by a House Rule or
Resolution.'' Did the White House draft this letter?
Secretary Norquist. On October 22, 2019, I wrote Ms. Cooper's
personal counsel to inform him of the Administration-wide direction
that Executive Branch personnel cannot participate in the impeachment
inquiry under the circumstances. To answer your question, respectfully,
interagency communications remain confidential.
20. Senator Kaine. Secretary Norquist, In your October 22, 2019,
letter to Daniel Levin, the counsel for Ms. Laura Cooper, you provided
the Administration's direction stating that Executive Branch personnel
``cannot participate in the impeachment inquiry'' and that even if
issued a Congressional subpoena to compel an appearance and testimony
that the Supreme Court Ruling in United States v. Rumely, 345 U.S. 41
(1953) held ``that a person cannot be sanctioned for refusing to comply
with a congressional subpoena unauthorized by a House Rule or
Resolution.'' Are other Departments of the Executive Branch providing
similar, or identical, letters to witnesses requested in the
impeachment inquiry?
Secretary Norquist. I respectfully refer you to the other
Departments you are referencing.
21. Senator Kaine. Secretary Norquist, In your October 22, 2019,
letter to Daniel Levin, the counsel for Ms. Laura Cooper, you provided
the Administration's direction stating that Executive Branch personnel
``cannot participate in the impeachment inquiry'' and that even if
issued a Congressional subpoena to compel an appearance and testimony
that the Supreme Court Ruling in United States v. Rumely, 345 U.S. 41
(1953) held ``that a person cannot be sanctioned for refusing to comply
with a congressional subpoena unauthorized by a House Rule or
Resolution.'' Why did you fail to state that witnesses who did comply
with the House impeachment inquiry, voluntarily or under subpoena,
would not be discouraged or subjected to adverse administrative action?
Secretary Norquist. The Department will not tolerate any unlawful
act of retaliation or reprisal against DOD personnel who have
participated in the House impeachment inquiry.
22. Senator Kaine. Secretary Norquist, in your October 22, 2019,
letter to Daniel Levin, the counsel for Ms. Laura Cooper, you provided
the Administration's direction stating that Executive Branch personnel
``cannot participate in the impeachment inquiry'' and that even if
issued a Congressional subpoena to compel an appearance and testimony
that the Supreme Court Ruling in United States v. Rumely, 345 U.S. 41
(1953) held ``that a person cannot be sanctioned for refusing to comply
with a congressional subpoena unauthorized by a House Rule or
Resolution.'' Will witnesses to participate with the House impeachment
inquiry, voluntarily or under subpoena, be subjected to retaliation or
adverse administrative action?
Secretary Norquist. The Department will not tolerate any unlawful
act of retaliation or reprisal against DOD personnel who have
participated in the House impeachment inquiry. Pursuant to the No FEAR
Act, all personnel are informed of the rights and protections available
to them under Federal antidiscrimination and whistleblower protection
laws. New employees receive No FEAR Act training within 90 calendar
days of their appointment to service. Further, all employees are
required to complete refresher training every two years to ensure
continued understanding of their rights and responsibilities.
resources to respond to audit findings
23. Senator Kaine. Secretary Norquist, the recent audit found a
number of deficiencies in DOD accounting practices, including with
respect to controlling access to informational technology (IT) systems,
inappropriate accounting for inventory on military installations, and
lack of supporting documentation for many transactions. The military
services have many competing budgetary priorities, when the fiscal year
2021 budget request is delivered to the Hill, can you commit to
providing this committee a list and accounting of the unfunded or
underfunded activities that would address and close the findings and
recommendations of the audit?
Secretary Norquist. Yes, I will commit to providing the committee
with a list of unfunded or underfunded activities that would help
address open audit findings.
Specific to the Services, there were fiscal year 2020 congressional
marks related to business systems modernization efforts for fiscal year
2020 that will impede progress towards an audit opinion. For example,
the Department of the Navy enacted funding reduction to Information
Technology Development totaled $123.6 million, including a $61.7
million cut to the Navy's new integrated military pay and personnel
system (NP2). The Air Force integrated personnel and pay system (IPPS)
was zeroed out by $20 million in the marks. These types of
congressional marks negatively impact the financial statement audit.
Details related to the marks are included in Appendix A on page 47.
metrics to ascertain progress towards a clean audit
24. Senator Kaine. Secretary Norquist, DOD has been under a mandate
to achieve a clean audit since the passage of the 1990 Chief Financial
Officers Act. We are closer now than we have ever been, but the path
forward is still unclear. What specific metrics should we be tracking
to see that forward progress is being made on the path to the clean
audit and that we are not backsliding or losing momentum?
Secretary Norquist. Maintaining consistent and continued audit
progress is a priority for the Department. Our leadership team is
tracking a broad array of metrics to monitor and measure that include
but are not limited to:
The number of material weaknesses that were validated by
external auditors as fully resolved or downgraded in the current fiscal
year over prior fiscal years,
Progression of audit opinions from disclaimer to modified
and/or unmodified,
The total number of open audit notices of findings and
recommendations (NFRs) for the most recent fiscal year and the
preceding two fiscal years,
The number of repeat or reissued NFRs from the most
recent fiscal year (trends), and
The number of closed NFRs in the current fiscal year and
prior fiscal years.
The Department's NFR Database consolidates and tracks the status of
NFRs from the DOD consolidated audit as well as Component audits and
examinations. The database encourages accountability and transparency
as it provides visibility of issued findings for the entire DOD
community. As part of complying with the fiscal year 2020 National
Defense Authorization Act (NDAA), we will provide you and your staff
information relating to these metrics.
__________
Questions Submitted by Senator Doug Jones
response to gao audits
25. Senator Jones. Secretary Norquist, in a memorandum to Agency
General Counsels dated November 5, 2019, entitled ``Reminder Regarding
Non-Binding Nature of GAO Opinions,'' the Office of Management and
Budget General Counsel Mark Paoletta advised that ``an Executive Branch
agency is under no obligation to report an action it has determined
does not constitute an Anti-deficiency Act (ADA) violation,'' despite a
finding by the Government Accountability Office (GAO) that the agency
has committed an ADA violation. This I believe to be a change in
practice, and I'm concerned that it will have a negative impact on
Congressional oversight. What guidance have you received about
implementing this ``reminder'' and what is the Department of Defense's
plan for reporting findings by the GAO or the Department of ADA
violations in the future?
Secretary Norquist. The Department of Defense (DOD) intends to
follow the guidance set forth in OMB Circular A-11, as explained by the
Office of Management and Budget (OMB) General Counsel. Specifically, in
cases where DOD, after consultation with OMB, agrees with the
Government Accountability Office (GAO) that an Anti-deficiency Act
(ADA) violation has occurred, the Department will report the violation.
In cases where DOD does not agree, after consultation with OMB,
with the GAO's finding that an ADA violation occurred, the Department
will exercise its discretion, on a case-by-case basis, as to whether to
report or otherwise communicate with GAO and Congress on the matter. I
understand that, over the past 10 years, there has been only one
instance where the GAO determined that DOD violated the ADA, contrary
to the Department's conclusion that no violation had occurred. In that
case, the OGC conducted a short fact-finding inquiry and prepared a
written opinion that was forwarded to GAO and OMB explaining its
conclusion that the ADA had not been violated.
Appendix A
details related to the service fiscal year 2020 marks
Air Force:
For AF related to unfunded and underfunded requirements, primary
concerns is to minimize impact to findings remediation related to IT
corrective actions. Reference, the discussion on marks against
programs. AF IPPS was zeroed out ($20M) in the marks. The major audit
issues in MIL Pay require transformation and integration of pay and
entitlements. AF needs support to minimize impacts to IT fixes and
avoid delays with business systems reform in support of audit.
Navy:
The Department of the Navy (DON) has a prioritized strategy to
consolidate systems, improve business processes, and financial
reporting--with the goal of an expedited favorable audit opinion. This
Department-wide undertaking was adequately funded in the President's
Budget for fiscal year 2020 and throughout upcoming budget years.
However, the Appropriations Act for fiscal year 2020 signed in December
reduced the funding for several crucial priorities. The marks focused
on business systems modernization efforts, a linchpin in DON's plan.
These reductions will significantly delay plans to streamline business
operations and implement automated controls necessary for audit
compliance. The marks will impede DON's progress toward an audit
opinion.
Enacted funding reduction to Information Technology Development
totaled $123.6 million. This mark in part included the following major
audit-related initiatives:
$61.7 million cut to the Navy's new integrated military
pay and personnel system (NP2);
$14.8 million reduction to the planned ships/subs
enterprise maintenance solution (NMMES-TR);
$11.9 million cut to a new Departmental contract-writing
system (ePS), which will integrate buying with accounting and contract
payments; and
$3.2 million reduction for the Naval Operation Supply
System (NOSS), which will integrate requisitioning, inventory, and
logistics services.
In addition to the above marks, Enterprise Information Technology
was given a $10 million Congressional mark, comprising in part the
modernization to DON's target accounting system (Navy ERP) and to the
primary civilian time and attendance system (SLDCADA). Congress also
marked an Operations and Maintenance, Navy, account (4A1M) by $15
million; this account contains funding for audit-related business
process improvements.
The Marine Corps' goal is to achieve a modified/qualified audit
opinion on its financial statements in fiscal year 2020. In order to
meet this goal in fiscal year 2020, the Marine Corps identified $44
million in requirements that are unfunded or underfunded. Funding these
requirements would speed the Marine Corps' progress toward a modified/
qualified opinion. Half of the amount would provide for government
employees and vendor personnel to correct deficiencies and respond to
auditors; the other half would improve inventory management systems.
DON leaders are analyzing options to mitigate this funding gap.
Appendix B
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]