United States General Accounting Office GAO Report to the Secretary of Defense September 1997 FINANCIAL MANAGEMENT Review of the Military Retirement Trust Fund’s Actuarial Model and Related Computer Controls GAO/AIMD-97-128 United States GAO General Accounting Office Washington, D.C. 20548 Accounting and Information Management Division B-277418 September 9, 1997 The Honorable William S. Cohen The Secretary of Defense Dear Mr. Secretary: The Department of Defense (DOD) Military Retirement Trust Fund was authorized by Public Law 98-94 for the accumulation of funds to finance, on an actuarially sound basis, DOD’s liabilities for military retirement and survivor benefit programs. The DOD Office of Inspector General (DOD IG) audited the Fund’s financial statements for fiscal years 1995 and 1996 in accordance with the requirements of the Chief Financial Officers (CFO) Act of 1990, as expanded by the Government Management Reform Act of 1994 (GMRA), and rendered an unqualified opinion on those statements on May 5, 1997. Also, we will audit the consolidated financial statements of the federal government beginning with fiscal year 1997. With total actuarial liabilities of $548 billion as reported in its financial statements for fiscal year 1996, the Fund is expected to be material to the consolidated governmentwide financial statements. In preparation for our audit of the consolidated governmentwide financial statements, we contracted with an independent public accounting firm, KPMG Peat Marwick LLP, to review (1) the methods and assumptions used by the DOD Office of the Actuary to calculate the Fund’s pension liability as of September 30, 1996, and (2) the effectiveness of general electronic data processing (EDP) controls at the computer processing locations managed by the Defense Manpower Data Center that are responsible for receiving, formatting, and processing the actuarial information. These two areas are critical to verifying the reasonableness of the Fund’s reported liabilities. In order to rely on the work of the KPMG specialists, we • evaluated the qualifications and independence of the review staff; • reviewed and approved the contractor’s approach plans and work programs; • attended key meetings between the contractor and DOD personnel; and • reviewed the contractor’s working papers to determine (1) the nature, timing, and extent of work performed, (2) the extent of quality control methods used, and (3) whether evidence in the working papers supported Page 1 GAO/AIMD-97-128 Military Retirement Trust Fund B-277418 the contractor’s conclusion concerning the reliability of the Fund’s actuarial liability and related computer controls. We performed our oversight of KPMG’s work from November 1996 through May 1997, in accordance with generally accepted government auditing standards. DOD provided written comments on a draft of this report. These comments are presented and evaluated in the “Agency Comments and Our Evaluation” section and are reprinted in appendix II. To avoid duplication of effort, we made KPMG’s results available to the DOD IGfor its reliance in performing the required fiscal year 1996 financial statement audit and in rendering its opinion on May 5, 1997. Appendix I presents KPMG’s report to us on the results of its work. Based on our review, we concur with KPMG’s conclusion that the Results in Brief methodology and actuarial assumptions used by the DOD Office of the Actuary to calculate the pension liability as of September 30, 1996, and the annual actuarial activity for the Fund were reasonable and reliable. We also concur with KPMG’s identification of numerous control weaknesses related to (1) the data gathering and preparation process and (2) EDP activities. Due to the serious nature of the computer-related weaknesses identified, we agree with KPMG’s conclusion that there is a lack of overall security administration and management governing access to Fund data files. In particular, DOD has not adequately implemented security policies and procedures, controlled the ability of computer programmers to make changes to systems, and controlled access to information on pension fund participants. Such uncontrolled access affects other sensitive personal and career-related information as well. The computer that houses the Fund’s data files also stores information on social security numbers, pay rates, child and spousal abuse allegations, and medical test results for both active duty and retired personnel. Although DOD regulations require that sensitive data be housed only on computers meeting specific security guidelines, the Fund processing sites reviewed by KPMG do not comply with those guidelines. Despite the weaknesses identified, KPMG believed that a material misstatement of the pension liability was unlikely to occur because of compensating controls Page 2 GAO/AIMD-97-128 Military Retirement Trust Fund B-277418 that hinge largely on the experience and tenure of staff in the Office of the Actuary. We agree that compensating controls currently exist in the Office of the Actuary but caution DOD against long-term reliance on controls that depend largely on the retention of a few key employees. Actuarial Data Gathering Although the actuarial results were reasonable and reliable for fiscal year and Preparation Process 1996, weaknesses exist in the controls over the data gathering and Control Weaknesses preparation process. Most notably, this process is not adequately documented and, as a result, is heavily dependent on the knowledge of experienced staff members. If significant staff changes were to occur, the annual data update—which is critical to determining the pension liability—might not be performed timely or correctly. Also, as part of the data preparation process, the Office of the Actuary must estimate the number of eligible inactive reservists because complete data are not provided for inactive reservists who may have earned a vested benefit but have not yet begun to receive benefit payments. Even though the number is small in comparison to total retirees and such an estimate probably would not materially affect the results, DOD should strive for complete and accurate data in order to ensure the correct calculation of its actuarial liabilities. In addition, the program used to calculate the pension liability does not allow the comparison of the actual results using current actuarial estimates and assumptions against the current anticipated results. Such comparison is a standard actuarial process. Instead, the actuary can only compare, for reasonableness, actual results of the current year calculation in total against prior year valuations. As a result, if prior year calculations were in error, current and future years’ calculations could be consistent but also incorrect. Further, no formal documentation exists for this program nor for the data input process and data flow organization/layout of the primary valuation spreadsheet. Here again, the process is dependent on the knowledge of current key staff members. General EDP Controls Significant weaknesses related to EDP access controls, security policies Weaknesses and procedures, and program change controls expose the Fund’s systems to unnecessary risk and diminish the reliability of its financial management information. Access to pension fund participant information Page 3 GAO/AIMD-97-128 Military Retirement Trust Fund B-277418 was not restricted to only those who required such access to perform their jobs. In addition, the activities of individuals who were permitted access to read or modify participant information were not adequately monitored. For example, security violations were not being logged, the ability to use previous passwords was not limited, and over 200 users were permitted to read all data sets on the system. As a result, DOD did not have reasonable assurance that the confidentiality of the data was protected. Security policies and procedures were either not formalized at data processing sites or, where they were formalized, the sites’ daily operations were not in compliance. Many of the control features of the access control software were not activated or the control parameters selected did not adequately restrict access to only authorized users. For example, procedures for both creating and deactivating user accounts were found to be inconsistent and lacking documented guidance. Features intended to identify users and their related computer activity (audit trails) were not enabled; therefore, if unauthorized activity did occur, there would be no system-generated audit trail to assist in a subsequent investigation. For example, 22 systems users were able to delete and modify files within a component of the operating system that is intended to serve as an audit trail for security-related events. As a result, they could inactivate the parameter that enables the auditing of security events. Typically, system users would not be able to change or delete the audit trail function. There were no formal controls governing how changes to systems could be made or who could make them. For the application system that calculates the pension liability, no comprehensive change management process has been developed. For the operating systems, although a change management process exists, it lacks procedures to ensure that changes are documented, tested, reviewed, and approved. Consequently, changes could be introduced to the operating system that would facilitate unauthorized access and those changes may not be detected promptly. DOD has not developed, tested, and implemented a comprehensive disaster recovery plan at the sites that process Fund data. Should a disaster occur, DOD has no assurance that the computer facilities and operations or the actuarial operations necessary to support the Fund could be restored in a timely manner. The Fund may be at further risk since the application that performs the actuarial calculations—an application that may be sensitive Page 4 GAO/AIMD-97-128 Military Retirement Trust Fund B-277418 to date changes—has not yet been assessed for Year 2000 impact.1 In assessing risk, DOD must determine the impact of the year 2000 on its systems and applications and initiate realistic contingency plans to ensure continuity of business processes if systems or applications fail to operate at the turn of the century. We concur with all of the recommendations made by KPMG to address the Recommendations actuarial process and EDP general controls weaknesses identified during the review. To improve the actuarial process, we recommend that you ensure that the Office of the Actuary • documents annual data preparation and processing steps in a formal, detailed manual; • determines the availability of complete data on inactive reservists; • tests a sample of current valuation results independently from prior year results; and • evaluates the efficiency of using the current spreadsheet analyses and documents those analyses. To address the EDP general controls weaknesses, we recommend that you ensure that the Defense Manpower Data Center • modifies the security program’s parameters to ensure participants’ data and actuarial programs are protected and that security requirements comply with regulations; • implements security features and parameters to ensure that unauthorized access to systems is reduced and that audit trails are activated and protected from unauthorized editing; • develops (or modifies) and implements security policies and procedures to ensure that (1) all users are authorized and have only the necessary access to facilities and data, (2) such access is reviewed periodically and removed promptly when warranted, and (3) access violations are researched; • develops and implements comprehensive change management procedures governing changes to both the Fund’s application programs and related operating systems; • designs, develops, tests, and implements a comprehensive disaster recovery plan; and 1 The Year 2000 problem is rooted in the way dates are recorded and computed in many computer systems. For the past several decades, systems have typically used two digits to represent the year, such as “97” representing 1997. With this two-digit format, the year 2000 is indistinguishable from 1900, 2001 from 1901, and so forth. As a result, system or application programs that use dates to perform calculations, comparisons, or sorting may generate incorrect results when working with years after 1999. Page 5 GAO/AIMD-97-128 Military Retirement Trust Fund B-277418 • formally assesses and documents the risk of the Year 2000 impact on the actuarial application and prepares contingency plans, if needed, to ensure operations are not disrupted. In addition, KPMG made other suggestions to address less significant weaknesses and provided them to DOD personnel under separate cover. We concur with those suggestions as well. In written comments on a draft of this report, DOD concurred with our Agency Comments recommendations to improve its actuarial process and EDP general and Our Evaluation controls. DOD’s response (see appendix II) cited numerous planned corrective actions to address the individual components of those recommendations. DOD’s corrective action plan addresses the weaknesses cited in our report. You are required by 31 U.S.C. 720 to submit a written statement on actions taken on these recommendations to the Senate Committee on Governmental Affairs and the House Committee on Government Reform and Oversight within 60 days of the date of this report. You must also send a written statement to the House and Senate Committees on Appropriations with the agency’s first request for appropriations made over 60 days after the date of this report. We are sending copies of this report to the Chairmen and Ranking Minority Members of the Senate Committee on Armed Services, the House Committee on National Security, the Senate Committee on Governmental Affairs, and the House Committee on Government Reform and Oversight and the Director of the Office of Management and Budget. We are also sending copies to the Acting Under Secretary of Defense (Comptroller) Page 6 GAO/AIMD-97-128 Military Retirement Trust Fund B-277418 and the DOD Inspector General. Copies will be made available to others upon request. Please contact Molly Boyle, Assistant Director, Defense Audits, on (202) 512-9524 if you or your staff have any questions. Sincerely yours, Gene L. Dodaro Assistant Comptroller General Page 7 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 8 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 9 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 10 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 11 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 12 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 13 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 14 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 15 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 16 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix I Review of the Military Retirement Trust Fund’s Actuarial Model Page 17 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix II Comments From the Department of Defense Page 18 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix II Comments From the Department of Defense Page 19 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix II Comments From the Department of Defense Page 20 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix II Comments From the Department of Defense Page 21 GAO/AIMD-97-128 Military Retirement Trust Fund Appendix II Comments From the Department of Defense (919066) Page 22 GAO/AIMD-97-128 Military Retirement Trust Fund Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC 20013 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: email@example.com or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
Financial Management: Review of the Military Retirement Trust Fund's Actuarial Model and Related Computer Controls
Published by the Government Accountability Office on 1997-09-09.
Below is a raw (and likely hideous) rendition of the original report. (PDF)