The Navy Times reports that, with last year’s proposed 70% cut to the Naval Audit Services budget, the department could go from 290 personnel down to a mere 85 over the next two fiscal years. The proposed cuts, which are part of the Navy’s “Stem to Stern” budget review initiative that started in 2020, would severely limit the Audit Service’s oversight capabilities. Even with the release of President Joe Biden’s budget outline last Friday indicating a modest increase for Defense, the Navy appears to be holding fast on plans to reduce the size of one of its main internal oversight offices.
In contrast to the US Army and Air Force audit agencies, which each have comprehensive audit teams with more than 600 staff members, the Navy agency would be left with only a fraction of their capacity. While the Navy aims to focus much of the $206 billion in taxpayer dollars it received in 2020 on shipbuilding expenses, making the move to slash audit budgets shows poor foresight, as the agency has been crucial in identifying potential savings due to fraud, waste, and abuse. In the last six months of 2020, the service identified $192 million in potential monetary benefits—providing more than a 400% return on investment on the Naval Audit Service’s annual budget of $46.1 million.
How can Naval Audit Services prepare itself to do more with less in the event that the cuts take place as planned? And even in the absence of any cuts, how can they increase their audit capacity and impact to continue identifying wasteful spending, fraud, and other risk factors that will impact the Navy’s mission success? Modernization is the answer.
Making risk management more efficient
Many large organizations suffer from a lack of communication between teams within the risk management function, leading to duplication of efforts, delays, and lack of access to critical data. This could lead to fraud or inefficiencies within the organization, and a failure to recognize risks in a timely manner.
With fewer auditors on hand, an organization may focus solely on compliance, rather than on risk management. This means that newer risks may be overlooked, and that the organization may not have clear visibility into warning signs around different types of risk, including operational risk, third-party vendor risk, and cybersecurity risk. Different teams may have different benchmarks for assessment criteria, so it can be difficult to get clarity on whether controls are being met. And misalignment between internal audit and the enterprise-wide strategy and line of business priorities can lead to costly oversights and mistakes.
In order to ensure that an entire risk management team is focused on the same objectives and aligned to the same benchmarks, it’s important to implement technology that helps employees assess, manage, and monitor risk with a set framework in place. Naval Audit Services and other similar large organizations would benefit from an end-to-end governance, risk, and compliance (GRC) solution.
An end-to-end GRC platform provides high-end visibility into risk allowing management to monitor key controls and quickly identify vulnerabilities and remediate issues. By automating manual processes with robotic process automation, building continuous monitoring tools, and tapping into data from any data source across the enterprise, audit teams can leverage insights. These insights can improve operations, accomplish more with less, reduce audit cycles, uncover more fraud, waste and abuse, and powerfully demonstrate the value that audit delivers, helping to thwart future cuts.
The power of a GRC platform
By implementing a GRC solution, government organizations like Naval Audit Services will be able to maximize the value they can deliver, even with a small team. Federal government agencies can achieve many use cases through a machine-learning GRC platform, including:
- Automated control monitoring
Federal government agencies are subject to the policy recommendations for implementing internal controls listed in OMB Circular A-123. A GRC solution will come pre-loaded with the requirements for meeting A-123, and enable your team to easily track whether controls are being met at all times through real-time data feeds.
- Contracts oversight
Your solution will automate onboarding and compliance documentation, and scan public data feeds for potential risks, including credit reports or bankruptcy notifications. By monitoring and assessing vendor performance and procurement, you can mitigate contractor risks to prevent fraud and supply chain disruptions.
- Workpapers and audit management
Your GRC software provides the visibility and real-time data to help you increase your audit efficiencies and team collaboration, and helps you comply with Yellow Book standards.
- IT governance
Maintain Federal Information Security Management Act (FISMA) compliance by tracking your IT policies, controls, systems, processes, and people.
- Detect fraud and improper payments
Your solution should search public records and other datasets to detect evidence of fraud, waste, and abuse, and to stop improper payments.
- Continuous monitoring of financials
Your solution should be able to monitor all aspects of your organization’s financials, including procurement, payroll, purchase cards, spend risk, and more, with an intuitive analytics dashboard to get an easy snapshot of all your data.
- Program oversight
Monitor your KPIs and KRIs in real time and ensure compliance to improve program results.
Regardless of whether Naval Audit Services sees the predicted significant decline in head count, moving to a sophisticated GRC technology platform equipped with machine learning capabilities is a smart strategy. A GRC platform helps federal agencies streamline and automate compliance requirements, assess and continuously monitor risk, and save millions of taxpayer dollars by identifying fraud, waste, and other improper payments.
By making the move to modernize with machine learning-enabled technology, Naval Audit Services will be able to easily identify inefficiencies and potential risks, allowing it to conserve more of its budget for shipbuilding and staffing its team of officers.
Future-proofing internal audit
Explore the technologies that CAEs and internal audit teams must adopt to future-proof the audit function. Learn about:
- Audit's role in cyber risk mitigation
- Establishing strong data governance
- Shaping the future of audit with data analytics
- Machine learning and robotic process automation.