Complexity of Security Assistance and Foreign Military Sales Cases Poses Challenges for Financial Statement Auditability

June 2022

BY

Tammara BuckeySenior Manager, Public Sector

The Department of Defense (DoD) is in the middle of a multi-year financial transformation necessitated by the requirement to achieve an unqualified audit opinion. Separate financial statements are being reviewed annually by external auditors for DoD and the Military Departments (MILDEPs), including an audit of the Foreign Military Sales (FMS) Trust Fund statements. The FMS Trust Fund is used to transact the procurement and sale of defense articles and services to foreign partners through various Security Assistance programs, such as FMS and Building Partner Capacity (BPC), as authorized by the Arms Export Control Act (AECA) and the Department of State (DoS). 

Security Assistance programs and FMS cases can take years to financially execute, which adds to the complexity of achieving full financial statement auditability. That’s why it’s especially important for DoD organizations managing Security Assistance programs to understand and follow the best practices listed below to help improve auditability.
 

Navigating the Complexity of FMS Cases


An FMS sale, known as a case, includes all products and services that together provide the "Total Package Approach," which can include everything from the weapon system itself to manuals, spare parts, training instruction and even facility construction, depending on the needs of the foreign partner. Defense Security Cooperation Agency (DSCA) officials reported at the end of fiscal year (FY) 2020 that the DoD FMS program included 15,365 open cases valued at $620 billion, and it involved 163 countries and international organizations.1 According to the State Department, new FMS cases signed in FY2021 totaled $34.8 billion.2

A case may have 200 or more individual lines with specific items, purposes and responsibilities that all support one weapon system. Often, cases will span across multiple commands, Program Executive Offices (PEOs) or MILDEPs. The volume of military stakeholders, coupled with the large number of transactions and systems involved, creates operational complexities that are potential audit impediments.

To add to the complexity, FMS funding is a mix of Title 22 and Title 10 monies based on established authorities and appropriations, and each funding type comes with its own set of rules. Unlike most other federal funding authorities, FMS dollars do not expire and are classified as “no-year” dollars since they are funded directly by foreign partners. In contrast, BPC funding is authorized by law and appropriated by Congress, therefore it does expire and is canceled after a certain number of years as designated in the specific appropriation and corresponding law.

As a result of procurement lead times, the complexity of case management and multi-year production schedules, FMS cases take years — sometimes decades — before funding is fully executed and all articles and services are delivered. In fact, some FMS cases are still open from the 1980s. Each year that the case executes dollars may result in one of its transactions being audited. The ability to trace each dollar throughout the various processes and systems with proper supporting documentation is crucial to passing an audit.

Due to the different legal authorities, weapon system requirements, funding sources, the timeline of the no-year funding and operational complexities across the impacted organizations, there is no one-size-fits-all solution for addressing audit risks. However, there are best practices that can be applied across the board, given the right understanding of the operating environment coupled with audit requirements.
 

8 Best Practices to Help DoD FMS Programs Improve Auditability

PubSec_FMS-Article_Icons_Web_.png Become familiar with operational internal controls that are designed to help mitigate risk to the financial statements. This familiarity will assist in the identification of audit impediments when an edit check (i.e., internal control) fails.
PubSec_FMS-Article_Icons_Web_2.png Actively participate in the command’s Risk Management Internal Control (RMIC) program to help ensure internal controls are in place and operating effectively and that identified audit impediments are being remediated. This program provides external auditors reasonable assurance that funding is being properly executed and tracked.
PubSec_FMS-Article_Icons_Web_3.png Case and line reconciliation should begin as soon as case funding is executed. As items are requisitioned, fulfilled and delivered, FMS case financial records should be reviewed, verified, updated, reconciled and tracked to ensure proper accountability and accurate billing.
PubSec_FMS-Article_Icons_Web_4.png Active participation in programs and meetings, such as the Joint Reconciliation Program (JRP), Command Accountability and Execution Review (CAER), annual Financial Management Reviews (FMRs) and Security Assistance Reviews (SARs), will help manage outstanding Unliquidated Obligations (ULO) by case and program. The successful implementation of these programs is crucial to long-term operational success in compliance with auditability requirements.
PubSec_FMS-Article_Icons_Web_5.png Develop or update procedures that enforce the proper execution of internal controls across the enterprise. These include, but are not limited to, authorizations, reviews, reconciliations, document retention and training on the importance of the reliability of internal controls.
PubSec_FMS-Article_Icons_Web_6.png Learn from past mistakes. Historical audits have revealed many challenges and problem areas that must be addressed to achieve a clean audit opinion. Use past Notice of Findings and Recommendations (NFRs) to strengthen internal controls, implement Corrective Action Plans (CAPs) that address the root of the issue, improve business processes, and take the proper steps to resolve impediments associated with information technology (IT) infrastructure.
PubSec_FMS-Article_Icons_Web_7.png Embrace technology. Leverage robotic process automation (RPA), artificial intelligence (AI) and other IT tools to improve data management and communication between business processes, systems and commands. Alleviating manual steps not only saves time and labor, but it also improves the reliability of the process while reducing audit risk.
PubSec_FMS-Article_Icons_Web_8.png Actively maintain oversight of BPC expiring and canceling funds to ensure all lines and cases are fully executed, financially reconciled and marked supply/services complete. Also ensure any residual funding has been returned as appropriate in anticipation of closing activities each year.

Using the eight best practices outlined above, DoD organizations managing Security Assistance programs can continue to close the gaps impeding positive FMS Trust Fund financial statement audit results. Like security assistance, achieving auditability is not a one-and-done goal. It is an iterative process of incremental improvements. Audit efforts will continue until the Department obtains a clean audit opinion and will likely become a permanent annual requirement after that.

BDO offers an array of services that can help — from financial management, case and line reconciliation, retrospective reviews, audit readiness, and audit remediation to data management, decision support, policy analysis, and continuous process improvement. We are committed to helping the defense community continue to make progress on their FMS audit goals.

For more information on our service offerings, visit www.bdo.com/defense or send us an email with any questions you may have on how your organization may benefit from our insight into FMS business processes that lend themselves to a clean audit opinion.
 


1 As reported in Jan. 2022 by DoD Office of Inspector General (DoD OIG) in its report titled “Audit of the Department of Defense Foreign Military Sales Acquisition Process” (DODIG-2022-053).
2 As reported in Dec. 2022 by DSCA in its article titled “Fiscal Year 2021 Security Cooperation Figures”.