NSA’s Clusterfuck Financial Management

I’m reading through the Senate Select Committee on Intelligence’s report on what it did last Congress. Among a number of interesting details, the report describes really really bad accounting at the National Security Agency (NSA).

The report describes how the Intelligence Authorization Bill of 2002 required that our big intelligence agencies produce auditable financial statements by 2005. Most agencies at least showed improvement; the National Reconnaissance Office (NRO) actually fixed its books so they were auditable. But when the Committee looked at NSA’s books in 2009, they were still a complete clusterfuck.

The NSA‘s annual financial report was the exception, in that it showed no apparent improvement. In particular, the Committee was concerned about the failed implementation of NSA‘s new financial system. An NSA Inspector General report found that this system was put into operation before it was adequately tested and that operators were not properly trained to use it. The NSA also made $7 million in duplicative invoice payments, and the agency could not successfully reconcile its financial books at the end of fiscal year 2008. Further, a July 2008 Army Finance Command report, referenced by the NSA IG, found that the NSA‘s accounting system was in violation of public laws, Treasury Department financial manuals, and DoD regulations, and was inconsistent with the Federal Managers Financial Integrity Act.

After SSCI cracked heads, the NSA claimed it had fixed the problems in June 2009. Only they hadn’t.

In June 2009, the Director of NSA wrote to the Chairman and Vice Chairman, claiming that the NSA was now ―fully compliant with the laws, regulations, and manuals referenced in the U.S. Army Finance Command report and the Federal Financial Managers Integrity Act. The NSA Director‘s letter also stated that the NSA had been able to reconcile its fiscal year 2008 financial records. In July 2009, the Chairman and Vice Chairman wrote to the Secretary of Defense concerning the NSA Director‘s letter. They stated that in light of the NSA‘s past difficulties in producing auditable financial statements, the Committee believed the progress claimed by the NSA should be independently confirmed by the DoD Inspector General. Specifically, the letter requested that the DoD IG conduct a form and content review of the NSA‘s fiscal year 2009 financial statements to determine whether they were supported by reliable and accounting data and supporting information.

The Committee received the results of the DoD IG‘s review in November 2009, which was very critical of NSA‘s claims. Overall, the IG found that the NSA‘s financial statements were not adequately supported by reliable accounting data and supporting information. An even more disturbing finding was that the NSA‘s ―remediation plans do not fully address audit impediments. Specific findings included an inability to reconcile critical general ledger balances, failure to perform required accounting processes, and inconsistencies between the information contained in the notes to the financial statements and the information provided to the IG. The IG‘s findings raised serious questions about the assertions made by the NSA Director in his June 2009 letter and the support he is receiving from the administrative staff involved.

The report doesn’t actually say whether NSA has since fixed its auditing systems such that someone can actually tell whether the telecoms paid to spy on us are paid what they are supposed to be paid. So the most up-to-date information the report provides is that in late 2009, the NSA wasn’t really planning to fix the things that made it difficult to audit its books.

Along the way, some lucky telecoms (or other contractors) got paid twice. Or maybe got paid for stuff that is not on the books, who knows?

Now, $7 million is small potatoes in the great pot of money the NSA doles out to contractors. It’s not like they lost $9 billion in cash, like some other entities at DOD.

But at the same time as SSCI was discovering how bad NSA’s book-keeping practices were, they were overseeing the assignment to NSA of our Cyber Command. Keith Alexander, the guy who oversaw this book-keeping clusterfuck, is now in charge of even more secret contracts to people who spy on activities that might sweep up Americans.

Call me crazy, but NSA’s apparently inability or unwillingness to fix its book-keeping seems rather ripe for abuse.

image_print
  1. bobschacht says:

    Not a flaw, but a design feature?
    Maybe they learned from Deep Throat’s admonition to “follow the money” by making it impossible to follow the money?

    Thanks for another great piece of reporting!

    Bob in AZ

    • BoxTurtle says:

      Great minds think alike. Our minds think alike, too.

      Boxturtle (Do you suppose the telco’s are declaring that income on their taxes?)

      • WilliamOckham says:

        I don’t think this is intentional. If we were talking about the CIA, I might buy it. Those guys hand out large sums of cash to masked men they meet in the mountains of places with no functioning government. That’s pretty much the antithesis of generally accepted accounting procedures. But the NSA is a totally computerized agency. In some ways, I find their technical incompetence scarier than some of their illegal shenanigans.

        • emptywheel says:

          I’m agnostic whether it’s by design or not.

          Yeah, they’re computerized. But they were involved in so much stuff that we probably aren’t ever supposed to know about. The seeming refusal to fix the auditability issues, IMO, suggests design.

  2. WilliamOckham says:

    This is very, very disturbing. The organization that is leading efforts to defend our networks can’t even implement a new accounting system because of inadequate testing and training. You didn’t even quote the scariest part:

    the breakdown in internal controls at the NSA following its attempts to implement its commercial, off-the-shelf accounting system.

    Your IT decision-making process has be pretty, um, suboptimal to have a breakdown in internal controls from the implementation of COTS accounting software. Either you should have known going in that you needed custom software or the people who implemented the system are criminally incompetent.

    We’ll all be lucky if these jokers don’t take down the entire internet by accident.

    • eCAHNomics says:

      This is very, very disturbing. The organization that is leading efforts to defend our networks can’t even implement a new accounting system because of inadequate testing and training.

      This is the agency that thinks you look for a needle in a haystack by adding more hay. IIRC that comes from Bamford’s Shadow Factory.

  3. earlofhuntingdon says:

    Call me crazy, but NSA’s apparently inability or unwillingness to fix its book-keeping seems rather ripe for abuse.

    An understatement worthy of an English aristocrat.

  4. earlofhuntingdon says:

    The potential for abuse is considerable, and there hasn’t been critical oversight at least since Cheney came into office. Joe Lieberman isn’t the only guy who fails to conduct hearings.

    Modern accounting systems such as SAP can be extremely complex. I have seen private companies spend millions and struggle with them for years, even with the SEC and outside auditors looking over their shoulders. That said, America’s spy agencies would be the last ones in line to more carefully account to Congress for what they spend.

  5. Teddy Partridge says:

    No surprise.

    When I worked contracts for the Air Force, systems-testing, in the 1980s, we had some NSA database/systems contractors around to help with the spooky parts of the application. They acted all secretive and hush-hush but were generally incompetent. Couldn’t follow a workplan to save their lives. And these people were highly thought of within their work circles: “Oh, you work with her? She’s very talented, really knows her stuff.” Except, none of them really did.

    No reason to think this culture of systems incompetence has changed in 25 years. It was culturally endemic to the organization then, probably still is.

  6. Gitcheegumee says:

    Thye lack of auditable acounting provides financial cover for the” masked men” among other entities,too.

    This brings to mind :

    http://www.businessweek.com/bwdaily/dnflash/may2006/nf2

    President George W. Bush has bestowed on his intelligence czar, John Negroponte, broad authority, in the name of national security, to excuse publicly traded companies from their usual accounting and securities-disclosure obligations. Notice of the development came in a brief entry in the Federal Register, dated May 5, 2006, that was opaque to the untrained eye.

    Unbeknownst to almost all of Washington and the financial world, Bush and every other President since Jimmy Carter have had the authority to exempt companies working on certain top-secret defense projects from portions of the 1934 Securities Exchange Act.The timing of Bush’s move is intriguing. On the same day the President signed the memo, Porter Goss resigned as director of the Central Intelligence Agency amid criticism of ineffectiveness and poor morale at the agency. Only six days later, on May 11, USA Today reported that the National Security Agency had obtained millions of calling records of ordinary citizens provided by three major U.S. phone companies. Negroponte oversees both the CIA and NSA in his role as the administration’s top intelligence official.

    William McLucas, the Securities & Exchange Commission’s former enforcement chief, suggested that the ability to conceal financial information in the name of national security could lead some companies “to play fast and loose with their numbers.” McLucas, a partner at the law firm Wilmer Cutler Pickering Hale & Dorr in Washington, added: “It could be that you have a bunch of books and records out there that no one knows about.”

  7. basilbeast says:

    I have a simple, effective and fast way to solve this situation at the NSA, if I ran things.

    Eliminate NSA.

  8. SanderO says:

    I’d like to see audits and some value engineering with respect to these expenses. Clearly this entire MIC is a money conduit from the DOD and the alphabets to the private sector.

    We live in a truly insane world…a depressing one and with some many good people out there being ignored it’s even more depressing.

    The inmates are running the asylum.

  9. eCAHNomics says:

    It’s all a secrud anyhow. Who cares. Dya think even if the books were auditable, they’d be honest?

  10. Gitcheegumee says:

    Consider the strange case of Thomas Drake…apparently not all whistleblowers are created equal:

    Thomas Andrews DrakeFrom Wikipedia, the free encyclopedia

    Thomas Andrews Drake (born 1957)[1] is a former senior official of the U.S. National Security Agency (NSA), computer software expert, management and leadership specialist, and whistleblower.

    He is one of a handful of officials in U.S. history to be indicted under the Espionage Act of 1917 (under Obama administration) He is the 2011 recipient of the Ridenour Prize for Truth-Telling.[8] Wiki

    NOTE:In light of this thread’s subject, the entire Wikipedia entry on Drake is VERY much worth a read.

  11. Jinx says:

    When you take into consideration that a lot of the data management work of the US Government is now performed by defense contractors such as Lockheed it makes more sense that money goes missin’.

    This article from the Thailand Times reveals a depressing reach wrt Lockheed’s tentacles. How strange that the programs designed to ensure financial compliance on the part of average citizens seems to be incredibly effective but the programs to monitor and account for government financial expenditures seem to under perform woefully. Hmm….

    Jinx

  12. Jinx says:

    Not to pile on but here’s a link to a DemocracyNow! piece where Amy is congratulating Juan Gonzalez upon his winning a Polk Award for his reporting on “CityTime” which was sold as way to decrease paperwork and prevent time card abuses in NYC. To say that there have been massive overruns is an understatement. Hired to perform this task? SAIC.

    At the end of the transcript with Juan, Amy links to all of his pieces from the New York Daily News that laid out the rampant abuses.

    There are several links but the articles are short and edifying. I read them all in about 45 minutes.

    While this is arguably OT in a discussion thread re: the NSA I think it lays bare just how profitable these contracts are even without concluding sinister motives to the defense contractor tasked with performing them. Sometimes it may be all about the “benjamins” sometimes it’s also that private entities are gaining access to the public’s data and rendering it off limits to them.

    Jinx

    • Gitcheegumee says:

      sometimes it’s also that private entities are gaining access to the public’s data….

      Have you read up on fusion centers lately ?