In 2018, external auditors identified 2,300-plus Notice of Findings and Recommendations (NFRs) across the Department of the Navy (DON) enterprise as detailed in the FY18 Financial Improvement Audit Remediation (FIAR) report. Roughly 48% of the findings pertained to financial management systems. To achieve audit readiness, speed decision-making and control costs the Assistant Secretary of the Navy (Financial Management and Comptroller), Mr. Thomas Harker, made it a priority to leverage an Application Programming Interface (API)-led approach for all financially relevant systems. Using an API-led approach to connect and expose data assets to applications in a reusable and purposeful way provides seamless speed, functionality and auditability across Navy financial systems.
Leveraging API-Led Connectivity
Digital transformation leads to explosive data growth. As technology is incorporated into operational processes, data management becomes critical to future growth and success. Transitioning away from a point-to-point architecture to an API-led approach enables auditability, scalability, and governance of data from a single platform.
An API-led approach is a systematic way to connect and share data between databases and applications through reusable and purposeful APIs. An API is a set of subroutine definitions, communications, protocols and tools for seamlessly integrating systems. In general terms, it is a set of clearly defined communication protocols for answering specific, repeatable organizational questions. Implementing APIs across the DON provides reusable interfaces that can be leveraged by various department stakeholders, reducing the rework among interfacing systems while adding enhanced security and transparency into data transmission to support future audits.
Leveraging an API-led approach provides a seamless way for DON FMS to exchange data through a three-layer API architecture that consists of Experience APIs, Process APIs, and System APIs, as highlighted in Figure 1. This results in modular components that can be created once and automatically published to multiple channels, enabling reusability of APIs. This automates DON transaction tracking between the interfacing systems, making it easy to validate system transactions. Realizing the API-led approach will streamline business operations across Financial Management and Comptroller and address the identified NFRs and Material Weaknesses.
Improving Integration Through an Enterprise Integration Platform
An Enterprise Integration Platform (EIP) is an integration platform for developing, managing, and integrating disparate systems across FM&C through an API-led approach. This will modernize legacy point-to-point infrastructure via reusable APIs to enable enhanced governance, auditability, and monitoring of data exchanges from a single platform.
FMS-1 has implemented an EIP, the Central Data Exchange (CDX), built on a commercial off-the-shelf (COTS) platform in a Federal Risk and Authorization Management Program (FedRAMP)-compliant deployment environment hosted in the cloud. The CDX integrates all financially relevant systems on-premise and on-cloud. The CDX embodies an API-led approach for connectivity. Designed to remediate existing NFRs, comply with DON audit requirements and enable governance at an enterprise level, the CDX represents an important step toward modernizing FM&C’s core infrastructure to facilitate audit readiness and data-driven decision making.
The CDX uses a three-layered API structure, as illustrated in Figure 1, to promote reusability and confirm data is shared according to standardized business rules and organizational requirements. The CDX provides a central repository (API Library) for API developers to use and re-use APIs utilizing these policies. Since CDX is housed in the cloud, vulnerability-scanning and remediation are performed as part of the FedRAMP accreditation package on the infrastructure, which saves time, effort and money for the federal government and cloud service providers (CSPs). Additionally, CDX will address FM&C’s current audit challenges through its key capabilities, including access enforcement, audit logging, continuous monitoring, enforced security, and incident reporting.
The Future of DON FM&C Integration
The DON needs to efficiently and effectively manage its financial systems while controlling costs and complying with the department’s audit standards. In the past, the DON Financial Management System (FMS) organization leveraged point-to-point interfaces, which provided an efficient way to integrate two systems, but quickly became too complex and costly to manage due to substantial growth of the Navy’s IT portfolio. The point-to-point architecture places limitations on the DON FMS’ ability to provide governance at the enterprise level and fully support the department’s audit requirements.
Looking ahead, an API-led approach will be leveraged for interfaces between financially relevant systems and pave the way for leveraging reusable API assets across the Navy. This approach allows for reusability of API assets (e.g., coding, connectors, API templates, etc.) that will reduce costs and drive standardization across the Navy while providing governance, security, and scalability from a single platform. This effort will remediate many of DON’s outstanding Material Weaknesses and NFRs and allow the Navy to be a more audit-compliant organization.