The Defense Auditability and Accountability Act

A practical, enforcement-backed roadmap to a clean Pentagon audit by 2028—and measurable savings, readiness gains, and fraud reduction along the way.¹²

Executive Summary

The United States Department of Defense (DoD) is the largest organization in the federal government—and among the largest organizations on Earth. Yet it remains the only major federal agency that has never achieved an unmodified ("clean") audit opinion on its consolidated financial statements.³⁴ This is not a mere accounting embarrassment. It is a national-security management risk: when systems cannot reliably track money, inventory, property, and obligations, leaders lose decision-quality visibility, vulnerabilities persist, and fraud risk rises.³⁴⁸

Congress has already set the target. The National Defense Authorization Act (NDAA) for Fiscal Year 2024 requires DoD to obtain an unmodified audit opinion by December 31, 2028.⁵ The missing ingredient is not aspiration—it is accountability architecture: transparent metrics, enforceable corrective-action deadlines, leadership ownership, and consequences and incentives strong enough to change behavior across a vast enterprise.¹²

This paper proposes the Defense Auditability and Accountability Act (DAAA): a single, integrated reform that merges (a) public-facing transparency and (b) internal enforcement mechanics into a coherent system that drives measurable audit remediation outcomes without exposing classified information.¹² The Act's core concept is simple:

Make audit progress measurable, comparable, and non-optional—then align authority, deadlines, and incentives so that "auditability" becomes a management discipline rather than an annual press release.

What the Act does (in plain English)

1. Creates a public DoD Auditability Dashboard that, on a fixed schedule, reports standardized metrics such as component-level audit opinions, counts and aging of Notices of Findings and Recommendations (NFRs), material weaknesses, remediation milestone performance, and business-system modernization status—using machine-readable formats where feasible.¹²
2. Mandates Corrective Action Plans (CAPs) for scope-limiting material weaknesses and other priority findings, with named accountable officials, funded milestones, and quarterly progress updates.¹²
3. Publishes quarterly scorecards that grade components on objective auditability metrics (closure rates, aging backlogs, milestone performance, internal control maturity), enabling Congress and the public to see who is improving and who is stalling.¹²
4. Enforces consequences for chronic nonperformance (e.g., leadership attestations, targeted restrictions on discretionary spending flexibility, mandatory hearings/briefings, increased Inspector General follow-up) while offering bounded incentives for verified progress (e.g., expanded reprogramming flexibility, accelerated approval pathways, public recognition).¹²
5. Integrates fraud-risk management into audit remediation by requiring a department-wide antifraud strategy aligned to leading practices and by reporting confirmed-fraud figures and controls progress alongside audit metrics.¹²¹⁰¹⁵
6. Accelerates the retirement and consolidation of noncompliant legacy business systems where they are proven impediments to auditability and cost-effective modernization paths exist—because auditability is ultimately a systems and controls problem.⁹¹³

Why this is worth doing (benefits you can explain to a non-expert)

• Cleaner audits are not the goal; better decisions are. Reliable financial statements improve operational planning, asset visibility, cybersecurity posture, and funds control.⁴⁸
• Fraud exposure is real and measurable. GAO has reported $10.8 billion in confirmed DoD fraud (FY2017–FY2024), while also warning the full extent is unknown—precisely the scenario that demands stronger controls and transparency.¹⁰
• Modernization choices can pay for themselves. Oversight work has identified large recurring costs from maintaining redundant/noncompliant systems; targeted retirement of outdated systems has been associated with potential savings on the order of hundreds of millions annually in certain plans and timelines.¹³
• Public confidence improves when progress is visible. Americans broadly perceive corruption and government inefficiency as major problems; transparent, comparable performance reporting is a trust-building mechanism when paired with enforcement.¹¹¹²

In short: the Defense Auditability and Accountability Act makes DoD's legally mandated audit deadline achievable by turning auditability into a governed, measurable, enforced management system—without compromising national security.¹²⁵

---

The Problem Statement

1) DoD's audit status reflects persistent enterprise control and systems weaknesses

DoD has undergone full-scope, department-wide audits since FY2018, yet continues to receive a disclaimer of opinion at the agency-wide level when auditors cannot obtain sufficient appropriate evidence.³⁴ Persistent problems include material weaknesses, significant deficiencies, and noncompliance findings that impede reliable reporting and indicate broader internal control issues.³⁴

This matters because DoD reports trillions of dollars in assets and liabilities and operates through many components, each with its own systems, processes, and control environments.⁴ The result is not just a "bad audit"—it is an environment in which leaders cannot consistently answer basic stewardship questions with high confidence at enterprise scale: What do we own? Where is it? What condition is it in? What do we owe? What have we already paid for?³⁴

2) Audit remediation work exists, but monitoring and comparability remain insufficient

DoD and its auditors generate thousands of findings and recommendations. Yet progress is often difficult for outsiders (and even insiders) to evaluate because reporting can be fragmented, non-standardized across components, and not consistently tied to measurable outcomes that can be compared quarter to quarter.¹²⁸ GAO has noted that audits can yield financial and operational benefits—but also that DoD can do more to systematically collect, monitor, and share outcomes and lessons learned across the department.⁸

3) Legacy business systems are a structural barrier to auditability

Auditability is inseparable from business systems modernization. GAO has reported long-running weaknesses in DoD's oversight of business and financial systems and has emphasized that systems and financial management modernization has been a high-risk area for decades.⁹ When systems are redundant, poorly governed, or noncompliant, the department risks spending billions to maintain tools that still cannot produce auditable data.⁹

4) Fraud risk is not fully knowable in a weak-controls environment

Even "confirmed fraud" figures are substantial, and GAO has explicitly warned that the full extent of fraud affecting DoD is unknown and potentially significant—an argument for making antifraud controls, analytics, and transparency a first-class part of the auditability program rather than a separate silo.¹⁰¹⁵

5) Trust costs are real, even when readiness is the core mission

While national defense is not a popularity contest, democratic governance depends on legitimacy. Public skepticism about corruption and trust in government is measurable and persistent.¹¹¹² A reform that produces visible, audited improvement in stewardship is a practical trust intervention that does not require partisan alignment.

---

The Proposed Reform

The Defense Auditability and Accountability Act (DAAA) is designed as a governance-and-execution statute, not a messaging bill. It merges the mechanics in Document A (operational requirements, dashboards, scorecards, enforcement levers) with the sourcing and evidentiary scaffolding in Document B (audit status context, oversight findings, fraud-risk framing, and precedent).¹²

A. A Public DoD Auditability Dashboard (standard metrics, fixed cadence)

The Act creates a centralized, public dashboard hosted by DoD (updated quarterly, with semi-annual summaries published in standardized machine-readable formats).¹² The dashboard displays:

• Component-level audit opinions (e.g., unmodified, qualified, disclaimer)
• Count and aging of Notices of Findings and Recommendations (NFRs) and material weaknesses by component
• Corrective action plan (CAP) milestone performance: on-time, late, at-risk, completed
• Internal control maturity grades (using a standardized framework aligned to COSO or similar)
• Business system modernization status (counts of legacy systems flagged as auditability impediments, retirement timelines, modernization spend)
• High-level auditability scores (composite metrics that roll up closure rates, backlog aging, and milestone execution)

Security-sensitive details are excluded; the focus is aggregate progress metrics, not granular operational data.¹²

B. Mandatory Corrective Action Plans with named accountability

For scope-limiting material weaknesses and high-priority findings, DoD components must submit formal CAPs that identify:¹²

• The accountable official (name and title) responsible for remediation
• Funded milestone schedules with interim deliverables and completion dates
• Resource requirements and proposed funding sources
• Risk mitigation plans for dependencies or anticipated obstacles

CAP status is updated quarterly and included in both the dashboard and scorecards.¹²

C. Quarterly Scorecards (graded, comparable, published)

DoD publishes component-level scorecards (quarterly) that assign objective letter grades (A–F) based on:¹²

• NFR closure rate vs. aging backlog
• CAP milestone performance (on-time vs. late/at-risk)
• Material weakness remediation progress
• Internal control maturity trend (improving, stable, declining)
• Business system modernization execution (on track, delayed, stalled)

Scorecards are designed to make relative performance transparent: Congress and the public can see which components are improving and which are chronically underperforming.¹²

D. Enforcement mechanisms: consequences for chronic nonperformance

When a component receives a failing scorecard grade (F) for two consecutive quarters or fails to meet critical CAP milestones without adequate justification, the Act triggers graduated consequences:¹²

1. Leadership attestation requirement: The component head must personally certify (in writing to congressional committees) the reasons for nonperformance and the corrective plan.
2. Targeted spending flexibility restrictions: Congress may direct that a specified percentage of discretionary O&M or similar accounts be held in reserve pending verified milestone completion.
3. Mandatory oversight hearings/briefings: Component leadership is required to appear before oversight committees to explain remediation delays.
4. Increased IG follow-up: The DoD Inspector General conducts targeted reviews of the underperforming areas and publishes findings.

These mechanisms are designed to create accountability without micromanaging day-to-day operations.¹²

E. Incentives for verified progress

Components that achieve sustained improvement (e.g., two consecutive quarters with B or higher grades and on-time CAP milestones) become eligible for:¹²

• Expanded reprogramming flexibility (within existing legal limits)
• Accelerated approval pathways for business system modernization investments that further auditability
• Public recognition (formal commendations in oversight reports and budget documents)

The incentives are bounded and subject to verification—progress must be auditable, not self-certified.¹²

F. Accelerated retirement of noncompliant legacy systems

The Act requires DoD to maintain and publish a Legacy System Retirement Plan that identifies business systems proven to be auditability impediments and sets aggressive retirement timelines where cost-effective modernization paths exist.¹²⁹¹³

DoD must report quarterly on:

• Systems targeted for retirement
• Replacement/consolidation status
• Cost savings realized or projected
• Auditability improvements achieved

This provision is directly tied to GAO findings that DoD's business systems environment is a persistent high-risk area and that system rationalization can unlock significant recurring savings.⁹¹³

G. Fraud-risk management integrated into the auditability program

The Act requires DoD to implement and publish an antifraud strategy aligned to leading federal practices and to report progress through the same dashboard/scorecard infrastructure used for audit remediation.¹²¹⁰¹⁵ This prevents "auditability" from becoming a narrow compliance exercise and instead frames it as a program-integrity and stewardship mission.

H. Privacy, security, and classification safeguards

The Act explicitly limits disclosures to avoid operational and classified harm. Public reporting is aggregated and redacted as needed, while oversight committees receive fuller detail through secure channels.¹² This mirrors established federal practice: transparency about controls and outcomes without exposing sensitive tactical information.

---

Impact Analysis

1) Operational and management benefits are documented—and scalable

GAO has reported that DoD audits and remediation efforts have already produced and are expected to continue producing benefits such as cost savings/avoidances, improved asset visibility, cybersecurity risk mitigation, data improvements, and process efficiencies.⁸ The Act's contribution is to scale these benefits by requiring uniform monitoring and department-wide learning rather than component-by-component reinvention.⁸¹²

2) Fraud reduction and prevention: measurable downside-risk protection

GAO has reported $10.8 billion in confirmed DoD fraud (FY2017–FY2024) while emphasizing that the total fraud exposure is not fully known.¹⁰ In risk-management terms, this is a classic case for strengthening internal controls, data quality, monitoring, and transparency—because unknown risk in a massive spend environment is not "zero risk," it is unmeasured risk.¹⁰¹⁵

3) Systems rationalization can reduce recurring waste

Oversight reporting has repeatedly highlighted the cost and complexity of DoD's business systems environment and the need for stronger oversight and modernization discipline.⁹ Additional oversight has associated retirement of certain outdated/noncompliant systems with potential savings on the order of hundreds of millions annually under specific retirement plans and timelines—exactly the kind of tradeoff that should be visible and governed.¹³

4) Public trust benefits: transparency that is performance-based, not rhetorical

Americans widely report that corruption and government inefficiency are major problems, and trust in government remains low.¹¹¹² While DoD's core mission is readiness, not popularity, legitimacy supports recruitment, budgeting credibility, and civic cohesion. The Act's dashboard-and-scorecard design makes trust-building evidence-based: the public can see audited progress, not slogans.¹¹¹²

5) Precedent and legal alignment: the law already expects auditable agencies

The CFO Act created the modern expectation of audited federal financial statements.⁶ Congress has now reinforced that expectation for DoD with a hard deadline.⁵ The Defense Auditability and Accountability Act is designed as the missing implementation layer: it is not a new mission, it is the management system that makes an existing legal mandate realistically achievable.¹²⁵⁶

---

Conclusion

DoD's audit deadline is not hypothetical. It is written into law, with an end-of-2028 requirement for a clean opinion.⁵ Each year without a stronger accountability mechanism increases the likelihood of last-minute, low-quality remediation efforts that do not sustain—a costly pattern in large-scale transformations.

The Defense Auditability and Accountability Act is the pragmatic middle path:

• It does not compromise national security.¹²
• It does not pretend the problem is solved by slogans or by a single technology purchase.⁹¹²
• It does make progress measurable, comparable, and enforced—so that good-faith teams are supported, chronic underperformance is surfaced, and Congress can oversee with precision rather than frustration.¹²

America can run the world's most capable military and still keep reliable books. In fact, the first requires the second. The Defense Auditability and Accountability Act makes that standard real.

---

Reference List

1. Document A (provided) - "15 - Defense Auditability and Accountability Act" (uploaded attachment; see link in chat)

2. Document B (provided) - "Defense Auditability and Accountability Source Library" (uploaded attachment; see link in chat)

3. DoD Office of Inspector General, Report No. DODIG-2025-074 - Part I: Understanding the Results of the Audit of the FY 2024 DoD Financial Statements (Feb. 28, 2025)
   Link: https://media.defense.gov/2025/Mar/04/2003654455/-1/-1/1/DODIG-2025-074_SECURE.PDF

4. U.S. Government Accountability Office, GAO-25-108052 - DOD Financial Management: Insights into the Auditability of DOD's Fiscal Year 2024 Balance Sheet (Sep. 18, 2025)
   Link: https://www.gao.gov/products/gao-25-108052

5. National Defense Authorization Act for Fiscal Year 2024, Pub. L. 118-31 (2023) (clean audit deadline provision cited in GAO discussion)
   Link: https://www.congress.gov/public-law/118th-congress/31

6. Chief Financial Officers Act of 1990, Pub. L. 101-576 (1990)
   Link: https://www.congress.gov/bill/101st-congress/house-bill/5687

7. Congressional Research Service, IF10913 - Defense Primer: Department of Defense Financial Audit (updated Mar. 29, 2024)
   Link: https://crsreports.congress.gov/product/pdf/IF/IF10913

8. U.S. Government Accountability Office, GAO-24-106890 - Financial Management: DOD Has Identified Benefits of Financial Statement Audits and Could Expand Its Monitoring (Sep. 24, 2024)
   Link: https://www.gao.gov/products/gao-24-106890

9. U.S. Government Accountability Office, GAO-23-104539 - Financial Management: DOD Needs to Improve System Oversight (Mar. 7, 2023)
   Link: https://www.gao.gov/products/gao-23-104539

10. U.S. Government Accountability Office, GAO-25-108191 - DOD Financial Management: Accelerated Timelines Needed to Address Long-standing Issues and Fraud Risk (Apr. 29, 2025)
    Link: https://www.gao.gov/products/gao-25-108191

11. AP-NORC, Topline (Jan. 2025) - "Corruption in Government" (poll topline)
    Link: https://apnorc.org/wp-content/uploads/2025/01/Topline_Corruption-in-Government_01.09.25.pdf

12. Pew Research Center - Public Trust in Government (tracking)
    Link: https://www.pewresearch.org/topic/politics-policy/political-attitudes-values/political-trust/

13. DoD Office of Inspector General, Report No. DODIG-2024-114 - Audit of DoD's Modernization Plans for Financial Management Systems (Sep. 30, 2024)
    Link: https://media.defense.gov/2024/Oct/07/2003563415/-1/-1/1/DODIG-2024-114.PDF

14. Digital Accountability and Transparency Act of 2014 (DATA Act), Pub. L. 113-101 (2014)
    Link: https://www.congress.gov/bill/113th-congress/senate-bill/994

15. U.S. Government Accountability Office, GAO-15-593SP - A Framework for Managing Fraud Risks in Federal Programs (Jul. 28, 2015)
    Link: https://www.gao.gov/products/gao-15-593sp

16. Reuters - "Pentagon says it fails eighth audit, targets 2028 to pass" (Dec. 19, 2025)
    Link: https://www.reuters.com/world/us/pentagon-fails-eighth-audit-targets-2028-pass-pentagon-says-2025-12-19/

Changelog

• December 28, 2024 — Initial draft published