United States Capitol Police: 1999 Financial Audit Highlights Need to
Address Internal Control Weaknesses (Letter Report, 05/15/2000,
GAO/AIMD-00-153).

Pursuant to a congressional request, GAO reviewed the United States
Capitol Police's (USCP) fiscal year (FY) 1999 financial statement audit,
focusing on USCP's: (1) effectiveness of the safeguarding, compliance,
and financial reporting controls; (2) compliance with selected
provisions of laws and regulations; (3) receipt and use of FY 1999
appropriated funds as reflected in a statement of receipts and
disbursements prepared on a modified cash basis; and (4) actions to
respond to Booz-Allen & Hamilton's recommendations. GAO contracted with
PricewaterhouseCoopers (PwC) to conduct the audit.

GAO noted that: (1) USCP's internal control was not effective in
ensuring that: (a) assets are safeguarded against loss or
misappropriation; (b) transactions are executed in accordance with
management's authority and with laws and regulations; and (c) there are
no material misstatements in the financial reports; (2) on three
occasions involving its salaries appropriations, the USCP violated the
Anti-Deficiency Act, which prohibits an officer or employee of the
United States from, among other things, making an expenditure from an
appropriation that exceeds the amount available in the appropriation;
(3) the USCP's combining statement of receipts and disbursements for FY
1999, prepared for purposes of this audit, presents fairly the receipts
and disbursements of FY 1999 appropriated funds on a modified cash
basis, which is another comprehensive basis of accounting; (4) in
addition, with respect to USCP action on the Booz-Allen & Hamilton 1999
recommendations, PwC obtained from the USCP its response to the
recommendations and the status of efforts needed to address them; and
(5) while the USCP is in the process of making improvements in response
to the previous recommendations, substantial work remains.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-00-153
     TITLE:  United States Capitol Police: 1999 Financial Audit
	     Highlights Need to Address Internal Control Weaknesses
      DATE:  05/15/2000
   SUBJECT:  Law enforcement personnel
	     Internal controls
	     Financial statement audits
	     Noncompliance
	     Financial management
	     Appropriated funds
	     Reporting requirements
	     Financial records
	     Auditing standards
	     Auditing procedures

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO/AIMD-00-153

12

20

21

22

Combining Statement of Receipts and Disbursements--Modified
Cash Basis 22

Notes to the Combining Statement 23

Appendix I: Management Report on Internal Control

28

Appendix II: Auditor's Update on the Status of Booz-Allen &
Hamilton's Recommendations

31

Appendix III: Comments From the U.S. Capitol Police

39

NFC National Finance Center

PwC PricewaterhouseCoopers

USCP United States Capitol Police

Accounting and Information
Management Division

B-285218

May 15, 2000

The Honorable Charles H. Taylor
Chairman
The Honorable Ed Pastor
Ranking Minority Member
Subcommittee on Legislative
Committee on Appropriations
House of Representatives

In November 1999, you requested a financial audit of the United States
Capitol Police (USCP), an assessment of the USCP's accounting and
recordkeeping controls over appropriated funds, and the status of USCP's
progress in addressing the problems and related recommendations identified
in Booz-Allen & Hamilton's January 1999 management review of the USCP.

To satisfy your request, we contracted with the independent public
accounting firm of PricewaterhouseCoopers (PwC) to

ï¿½ assess the effectiveness of the USCP's safeguarding, compliance, and
financial reporting controls;

ï¿½ test the USCP's compliance with selected provisions of laws and
regulations;

ï¿½ audit the USCP's receipt and use of fiscal year 1999 appropriated funds as
reflected in a statement of receipts and disbursements prepared on a
modified cash basis; and

ï¿½ follow up on the USCP's actions to respond to Booz-Allen & Hamilton's
recommendations.

The contract required that the audit be done in accordance with generally
accepted government auditing standards and GAO's financial audit
methodology. PwC has completed its audit and issued its final reports. In
connection with PwC's audit of the USCP, we reviewed and monitored the
audit's progress, including attending key meetings, holding discussions with
PwC representatives and USCP management, and reviewing PwC's reports and
related working papers.

The 1,511 sworn officers and civilian personnel of the USCP are responsible
for protecting and securing the Congress, its members, its staff, and
visitors to the Capitol; congressional office buildings; and the surrounding
area. The USCP Board, which consists of the Sergeants at Arms of the House
of Representatives and Senate and the Architect of the Capitol, provides
management direction and oversight. Congressional oversight is provided by
the Committee on House Administration, the Senate Committee on Rules and
Administration, the Subcommittee on Legislative of the House Committee on
Appropriations and the Subcommittee on Legislative Branch of the Senate
Committee on Appropriations. The Congress provides the USCP with annual
appropriations for salaries and general expenses. In addition, the Congress
has recently provided the USCP with two no-year appropriations to be used to
improve physical security and make other security enhancements on Capitol
Hill. With respect to use of its appropriations, the USCP does not prepare
periodic financial reports or statements that present its use of these
funds.

In its audit, PwC found the following.

ï¿½ USCP's internal control was not effective in ensuring that (1) assets are
safeguarded against loss or misappropriation, (2) transactions are executed
in accordance with management's authority and with laws and regulations, and
(3) there are no material misstatements in the financial reports.

ï¿½ On three occasions involving its salaries appropriations, the USCP
violated the Anti-Deficiency Act, which prohibits an officer or employee of
the United States from, among other things, making an expenditure from an
appropriation that exceeds the amount available in the appropriation.

ï¿½ The USCP's combining statement of receipts and disbursements for fiscal
year 1999, prepared for purposes of this audit, presents fairly the receipts
and disbursements of fiscal year 1999 appropriated funds on a modified cash
basis, which is another comprehensive basis of accounting.

In addition, with respect to USCP action on the Booz-Allen & Hamilton 1999
recommendations, PwC obtained from the USCP its response to the
recommendations and the status of efforts needed to address them. While the
USCP is in the process of making improvements in response to the previous
recommendations, substantial work remains.

PwC's report also includes additional recommendations that are designed to
address internal control weaknesses noted during its audit. The USCP
management concurs with PwC's findings and conclusions and the thrust of its
recommendations.

PwC's audit found, consistent with USCP management's assertion on internal
control, that the USCP's internal control, during fiscal year 1999, was
ineffective in assuring that assets were properly safeguarded from loss or
misappropriation; transactions were executed in accordance with management's
authority and with laws and regulations; and transactions were properly
recorded, processed, and summarized to permit the preparation of reliable
financial and management reports. USCP management based its assertion that
internal control was ineffective on control criteria set forth in the
Standards for Internal Control in the Federal Government, issued by the
Comptroller General of the United States.1 Management concluded that
internal control was ineffective because of material weaknesses2 in USCP
policies, procedures, and systems; controls over appropriated funds; and
controls over processing and supporting payroll activity. Specifically, PwC
found the following.

ï¿½ USCP's financial and human resource management policies, procedures, and
systems were inadequate, incomplete, and contributed to poor financial
management and accountability. In addition, where procedures existed, they
were not consistently implemented. Also, the USCP's current financial
systems were unable to produce basic financial reports needed by management
to manage operations effectively.

ï¿½ USCP controls did not allow management to accurately determine the
available balance for each of its two salaries appropriations at any given
time or to reconcile approved payroll transactions processed by the National
Finance Center (NFC) to payment-related information processed by the
Treasury. These internal control inadequacies contributed to the USCP
authorizing payroll-related disbursements in excess of the amounts available
in the appropriations which violated of the Anti-Deficiency Act (as
discussed below).

ï¿½ USCP systems, policies, and procedures did not ensure that payroll
activity was properly supported, processed, and controlled. The USCP's
outdated systems and control procedures failed to keep up with additional
payroll-related requirements associated with managing payroll activities
processed by NFC and implementing a significantly more complex pay rate
structure. In addition, PwC found that
(1) personnel folders did not always contain the documentation needed to
support employee payroll deductions, (2) the USCP could not provide all the
daily sign-in/sign-out sheets needed to support selected hourly payroll
charges, and (3) sign-in/sign-out sheets that were provided did not always
contain evidence of supervisory review of the total hours worked as required
by USCP procedures.

PwC's compliance tests found that on three occasions, the USCP violated the
Anti-Deficiency Act, which prohibits an officer or employee of the United
States from, among other things, making an expenditure from an appropriation
that exceeds the amount available in the appropriation. Specifically, with
respect to the USCP's two fiscal year 1999 salaries appropriations and one
of its fiscal year 1998 salaries appropriations, the USCP authorized payroll
disbursements in excess of the amounts available in those appropriations.
While the deficiencies have subsequently been resolved with approved
transfers from other appropriated funds available to the USCP, the
violations occurred because the USCP could not accurately and promptly
determine the amount of authorized payroll disbursements and the remaining
balance in its salaries appropriations.

Because the USCP does not prepare traditional financial statements or
reports, a combining statement of receipts and disbursements of fiscal year
1999 appropriated funds, on a modified cash basis, was prepared for this
audit. The combining statement and explanatory notes were prepared by using
records and information maintained by the House of Representatives' Finance
Office, the Senate's Disbursing Office, the NFC, and the USCP. Given the
three material weaknesses noted above and the lack of a routine financial
reporting function at the USCP, significant time and effort were required to
prepare and audit the combining statement and related notes. While, through
this effort, PwC was able to complete its audit and conclude that the
combining statement was fairly presented, the three material internal
control weaknesses demonstrate the substantial difficulty the USCP faces in
generating reliable financial information on a recurring timely basis. This
impairs the USCP's ability to manage its financial operations effectively
and limits effective oversight of the USCP.

PwC concluded that the internal control and system weaknesses documented
during the audit confirm Booz-Allen & Hamilton's 1999 assessment that the
USCP's financial management infrastructure was fragile and unlikely to be
able to provide adequate service in the future. While efforts are underway
to deal with the USCP's system limitations,3 PwC concluded that the USCP
needs to have effective financial management leadership and staff with
appropriate knowledge, skills, and abilities to realize the financial
management improvements envisioned in Booz-Allen & Hamilton's
recommendations.

With respect to USCP's actions taken to address the recommendations made in
Booz-Allen & Hamilton's 1999 management review of selected USCP
administrative operations, PwC inquired with the USCP on the status of the
recommendations. Appendix II provides the USCP's response to each
recommendation and USCP's actions--planned, underway, or completed--in
response to the recommendations. To the extent that USCP's description of
actions indicated that action had been taken on individual recommendations,
PwC requested and reviewed evidence of the action taken. However, it was
beyond the scope of PwC's audit to validate the merits or effectiveness of
USCP-reported actions.

To address the three material weaknesses and the related violations of law,
PwC made a series of recommendations to the USCP. Principal among PwC's
recommendations are (1) the need to develop and implement comprehensive
policies and procedures covering USCP financial operations and performance,
including a system of tracking and monitoring the availability and use of
all USCP funds, and (2) the need to enforce existing procedures requiring
supervisory review and approval of hours worked information prior to
authorizing payroll processing.

PwC made additional, overarching recommendations focusing on the fundamental
need to build a sound financial management infrastructure. These
recommendations call for the USCP to identify and analyze its operational
and control requirements applicable to financial operations and its existing
financial management resources and capabilities as a basis for developing a
financial management improvement plan that

ï¿½ documents existing financial management resources and capabilities and how
they can be applied to meet requirements,

ï¿½ identifies requirements not being met with existing resources and
capabilities, and

ï¿½ documents the additional resources and capabilities needed to enable the
USCP to meet its operational and control requirements consistently.

The USCP management concurs with PwC's findings and conclusions and the
thrust of its recommendations.

The USCP's Management Report on Internal Control4 and written comments on
PwC's draft report reflect the USCP's agreement with PwC's findings and
conclusions related to ineffective internal control, material weaknesses,
and Anti-Deficiency Act violations. In commenting on PwC's draft report,
management stated that PwC's findings and conclusions confirm the inadequacy
of the USCP financial management system--a conclusion USCP management noted
was reached previously by the USCP in 1997 and Booz-Allen & Hamilton in
1999. Management's Report on Internal Control and comments on PwC's draft
report also noted recent USCP efforts to improve its financial management
practices and a commitment--by USCP management and board--to institute
measures intended to ensure effective internal control.

However, the USCP's Management Report on Internal Control also noted that
additional management and administrative responsibilities taken on by the
USCP in recent years have further strained the USCP's fragile financial
management infrastructure. In its comments on the draft report, management
observed that in the absence of resources needed to fully implement
Booz-Allen & Hamilton's recommendations, it was not surprising that PwC's
audit revealed material weaknesses and violations of laws. Management
expressed its belief that the USCP's inability to implement Booz-Allen &
Hamilton's recommendations related, in part, to an inability to obtain
congressional approval for proposed increases in financial management
staffing levels. In this regard, PwC's overarching recommendations call for
the USCP to (1) identify its operational and control requirements, (2)
determine how existing resources and capabilities can best be applied to
meet those requirements, and (3) to the extent necessary, document any
additional resources and capabilities needed to satisfy unmet requirements.

The full text of the USCP's Management Report on Internal Controls is
reprinted in appendix I. The USCP's comments on PwC's draft report are
reprinted in appendix III.

In connection with PwC's audit, our review and monitoring effort, as
differentiated from an audit performed in accordance with generally accepted
government auditing standards, was not intended to enable us to express, and
we do not express, opinions on management's assertion on internal control
effectiveness or on the USCP's Combining Statement of Receipts and
Disbursements--Modified Cash Basis, nor do we conclude on the USCP's
compliance with applicable provisions of laws and regulations. PwC is
responsible for the attached audit reports and for the conclusions expressed
therein. However, our review disclosed no instance in which PwC did not
comply, in all material respects, with generally accepted government
auditing standards.

This report is a matter of public record and is intended for the use of the
members of the Subcommittee on Legislative, House Committee on
Appropriations; other members of Congress; USCP management; members of the
USCP Board; and other interested parties. We are sending copies of the
report to the USCP Board and Chief. Copies will be made available to others
upon request. Should you or your staffs have any questions concerning our
review of PwC's audit, please contact me or John Reilly, Assistant Director,
on (202) 512-9508.

Linda M. Calbom
Director

Independent Report on Management's Assertion on Internal Control

Report on Compliance With Laws and Regulations

Report of Independent Accountants

Financial Statement

Combining Statement of Receipts and Disbursements--Modified Cash Basis
Notes to the Combining Statement
Management Report on Internal Control

Auditor's Update on the Status of Booz-Allen & Hamilton's Recommendations

Comments From the U.S. Capitol Police

(917653)

  

1. The Federal Managers' Financial Integrity Act of 1982 requires GAO to
issue standards of internal control for the federal government. The
standards provide the overall framework for establishing and maintaining
internal control and for identifying and addressing major performance and
management challenges and areas of greatest risk of fraud, waste, abuse, and
mismanagement. In November 1999, we issued an update of these standards to
recognize, among other things, the increased importance of managing human
capital and information technology as significant parts of internal control.

2. A material weakness is a condition in which the design or operation of
internal control does not reduce to a relatively low level the risk that
losses, noncompliances, or misstatements in amounts that would be material
in relation to the financial statement may occur and not be detected within
a timely period by employees in the normal course of their assigned duties.

3. The USCP has entered into a cross-servicing agreement with GAO that will
enable it to begin processing initially non-payroll transactions through the
financial management system maintained by GAO.

4. In assessing the USCP's internal control, PwC evaluated management's
assertion on internal control effectiveness that is included in the USCP's
Management Report on Internal Control. Management's report describes its
responsibilities for internal control and its assessment of and conclusion
on the effectiveness of the USCP's internal control.
*** End of document. ***