Financial Management: Federal Financial Management Improvement Act
Results for Fiscal Year 1999 (Letter Report, 09/29/2000,
GAO/AIMD-00-307).

Pursuant to a legislative requirement, GAO provided information on the
implementation of the Federal Financial Management Improvement Act
(FFMIA) in fiscal year (FY) 1999, focusing on: (1) compliance of the
Chief Financial Officers (CFO) Act agencies' financial systems with
FFMIA's requirements; (2) agencies' plans to bring their systems into
compliance; and (3) other efforts to improve the government's financial
management systems.

GAO noted that: (1) for FY 1999, auditors for 21 of the 24 CFO Act
agencies reported that the agencies' financial systems did not comply
substantially with FFMIA's requirements--federal financial management
systems requirements, applicable federal accounting standards, and the
U.S. Government Standard General Ledger (SGL); (2) as a result, the vast
majority of agencies' financial management systems fall short of the CFO
Act and FFMIA goal to provide reliable, useful, and timely information
on an ongoing basis for day-to-day management and decision-making; (3)
reasons for systems' noncompliance include: (a) nonintegrated systems;
(b) inadequate reconciliation procedures; (c) noncompliance with the
SGL; (d) lack of adherence to accounting standards; and (e) weak
security over information systems; (4) although the financial management
systems of most agencies do not yet comply with FFMIA's requirements,
the number of agencies receiving "clean" or unqualified audit opinions
is increasing; (5) 15 of the 24 CFO Act agencies received unqualified
audit opinions on their financial statements for FY 1999, up from 12 in
FY 1998 and 11 in FY 1997; (6) auditors of 12 of the 15 agencies that
received unqualified opinions reported that the agencies' financial
systems did not comply substantially with FFMIA's requirements in FY
1999; (7) through the rigors of the financial statement audit process
and the requirements of FFMIA, agencies have gained a better
understanding of their financial management weaknesses and the impetus
to resolve problems caused by those weaknesses; (8) at the same time,
agencies are slowly making progress in addressing their problems; (9)
while an increasing number of agencies are receiving "clean" audit
opinions on their financial statements, the continued widespread
noncompliance with FFMIA shows that there is still a long way to go to
having systems, processes, and controls that routinely generate
reliable, useful, and timely information for managers and other
decisionmakers; and (10) many leading finance organizations have a goal
to reduce the time spent on routine accounting activities, such as
financial statement preparation, so that financial management staff can
spend more time on activities such as business performance analysis or
cost analysis.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-00-307
     TITLE:  Financial Management: Federal Financial Management
	     Improvement Act Results for Fiscal Year 1999
      DATE:  09/29/2000
   SUBJECT:  Financial statement audits
	     Accounting standards
	     Federal agency accounting systems
	     Noncompliance
	     Financial management systems
	     Reporting requirements
	     Internal controls
IDENTIFIER:  Joint Financial Management Improvement Program
	     JFMIP
	     OMB Circular A-127 Program
	     U.S. Government Standard General Ledger

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO/AIMD-00-307

Accounting and Information
Management Division

B-286104

September 29, 2000

The Honorable Fred Thompson
Chairman
The Honorable Joseph I. Lieberman
Ranking Minority Member
Committee on Governmental Affairs
United States Senate

The Honorable Dan Burton
Chairman
The Honorable Henry A. Waxman
Ranking Minority Member
Committee on Government Reform
House of Representatives

The inability to produce the data needed to efficiently and effectively
manage the day-to-day operations of the federal government and provide
accountability to taxpayers historically has been a major weakness at most
of the largest federal agencies. The central challenge in generating such
data is overhauling inadequate and outdated accounting and financial-related
management information systems. To help focus attention on this challenge,
the Congress passed the Federal Financial Management Improvement Act of 1996
(FFMIA),1 which requires the 24 major departments and agencies named in the
Chief Financial Officers (CFO) Act to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards, and (3) the U.S. Government Standard General Ledger (SGL)2 at the
transaction level.

FFMIA requires auditors to report, as part of their audit reports on the
agencies' annual financial statements, whether their respective financial
management systems comply with FFMIA's requirements. FFMIA also requires
that we report annually on FFMIA implementation by October 1 of each year.
Our annual report addresses (1) compliance of CFO Act agencies' financial
systems with FFMIA's requirements, (2) agencies' plans to bring their
systems into compliance, and (3) other efforts to improve the government's
financial management systems. Last year, we issued the third of our annual
reports under FFMIA, which covered fiscal year 1998.3

For fiscal year 1999, auditors for 21 of the 24 CFO Act agencies reported
that the agencies' financial systems did not comply substantially with
FFMIA's requirements--federal financial management systems requirements,
applicable federal accounting standards, and the SGL. These results were
similar to those for fiscal years 1997 and 1998. As a result, the vast
majority of agencies' financial management systems fall short of the CFO Act
and FFMIA goal to provide reliable, useful, and timely information on an
ongoing basis for day-to-day management and decision-making. Reasons for
systems' noncompliance include nonintegrated systems, inadequate
reconciliation procedures, noncompliance with the SGL, lack of adherence to
accounting standards, and weak security over information systems.

Although the financial management systems of most agencies do not yet comply
with FFMIA's requirements, the number of agencies receiving "clean" or
unqualified audit opinions4 is increasing. Fifteen of the 24 CFO Act
agencies received unqualified audit opinions on their financial statements
for fiscal year 1999, up from 12 in fiscal year 1998 and 11 in fiscal year
1997. Auditors of 12 of the 15 agencies that received unqualified opinions
reported however that the agencies' financial systems did not comply
substantially with FFMIA's requirements in fiscal year 1999.

Through the rigors of the financial statement audit process and the
requirements of FFMIA, agencies have gained a better understanding of their
financial management weaknesses and the impetus to resolve problems caused
by those weaknesses. At the same time, agencies are slowly making progress
in addressing their problems. However, while an increasing number of
agencies are receiving "clean" audit opinions on their financial statements,
the continued widespread noncompliance with FFMIA shows that there is still
a long way to go to reach the end game--that is, having systems, processes,
and controls that routinely generate reliable, useful, and timely
information for managers and other decisionmakers.

As we testified in June,5 many of the clean opinions were obtained through
time-consuming, ad hoc programming and analysis of data produced by
inadequate systems that are not integrated and often require significant
adjustments. Such time-consuming procedures, which often represent "heroic
efforts," prevent financial management staff from doing other
financial-related work such as financial analyses, which could directly
support strategic decision-making and ultimately improve overall business
performance. In our Executive Guide: Creating Value Through World-class
Financial Management,6 we identified the success factors, practices, and
outcomes associated with world-class financial management efforts. We found
that many leading finance organizations have a goal to reduce the time spent
on routine accounting activities, such as financial statement preparation,
so that financial management staff can spend more time on activities such as
business performance analysis or cost analysis.

As required by FFMIA, the 19 agencies that determined their systems were not
in compliance during fiscal year 19987 prepared remediation plans describing
the actions they took or plan to take to overcome their problems and bring
their systems into compliance.8 We reviewed the 19 remediation plans and
determined that while overall the plans had improved slightly over the
fiscal year 1997 plans, some plans continued to lack specificity. The
corrective actions in the plans were not always detailed, target dates were
sometimes lacking, and information as to the type and amount of resources
needed to implement the corrective actions was not included in several of
the plans we reviewed.

The role of advisor established by FFMIA for the Office of Management and
Budget (OMB), with respect to agency remediation plans, is important for
ensuring that agencies prepare effective remediation plans that adequately
address their serious financial management weaknesses. To support that
effort, and because of the inadequacies we identified last year in agencies'
fiscal year 1997 remediation plans, we recommended that OMB review agencies'
plans for (1) detailed corrective actions that fully address reported
problems, (2) inclusion of resource requirements, and (3) specific time
frames needed to implement and resolve problems. OMB officials told us they
have adopted a new approach for reviewing agencies' remediation plans, which
is part of a comprehensive strategy for improving federal financial
management. The new approach includes meetings with agency officials to
discuss integrating the agency's plans for overhauling or replacing
financial management systems with the agency's information technology
capital planning processes. OMB has started meeting with agency officials;
however, because this approach is new, we cannot comment on whether it will
be successful in improving agencies' remediation plans and thus improving
financial management in general.

We also recommended last year that OMB work with the agencies to ensure that
the agencies' financial statements are audited and issued by the
March 1 statutory deadline. Officials from OMB, GAO, and the Department of
the Treasury met with agencies to discuss, among other things, the timely
preparation and audit of the agency financial statements. In addition, in
large part due to the "heroic efforts" by many agencies, the number of
agencies issuing their audited financial statements after March 1 decreased
from 11 for fiscal year 1997 to 5 for fiscal year 1999. Having to perform
such "heroic efforts" in order to issue financial statements by the
statutory deadline indicates the need for continued OMB attention.

Bringing financial management systems into compliance with the requirements
of FFMIA is a formidable challenge. Identifying the appropriate corrective
actions for inclusion in agencies' remediation plans is just the first step
toward that goal. Typically, the systems needs are complex and accordingly
require well-considered and sophisticated efforts to implement. We have
issued guidance to help agencies with such efforts, including guidance on
making information technology investment decisions and improving information
security management. Also, in order to aid in the selection of functional
and cost-effective applications, the Joint Financial Management Improvement
Program (JFMIP)9 tests commercial off-the-shelf software for compliance with
the current systems requirements. FFMIA compliance guidance is also
contained in an exposure draft of a guide issued by JFMIP and the CFO
Council and in checklists that we have published. And, finally, lessons
learned from the government's successful Year 2000 efforts, including the
importance of providing top management involvement and high-level
leadership, can be applied to efforts to help improve agencies' financial
management systems so that they can produce the reliable, useful, and timely
information needed by management and other decisionmakers.

In commenting on a draft of this report, OMB expressed concerns regarding
the seemingly "all or nothing" assessments of FFMIA compliance. Under OMB's
current implementing guidance, agencies' systems are determined to either
have substantially complied or not, without distinctions as to progress
toward that goal. Also, OMB commented that the report was negative and did
not give any credit for either progress made by agencies or current
improvement efforts underway. We agree that it is important to measure
progress toward achieving compliance with FFMIA to demonstrate that
agencies' systems are moving steadily toward compliance with FFMIA's
requirements. Our work, as well as that performed or directed by agency
Inspectors General (IG) shows that agencies are making an effort, and we
acknowledge that in the report. However, attaining the end goal of having
reliable data on demand for day-to-day decision-making is a distant goal for
many agencies. We plan to work with OMB as it contemplates various
approaches to measuring and reporting progress in achieving compliance with
FFMIA.

OMB also expressed concerns about the applicability of information security
requirements to certain systems in assessing compliance with FFMIA. OMB's
view is that for purposes of reviewing compliance with FFMIA, information
security controls should only be considered for financial systems under the
purview of the agency CFO, and not for mixed or enterprise systems, which
OMB states must be addressed on an agencywide level. However, to the extent
that financial and non-financial portions of mixed systems cannot be
separated for purposes of information security controls, the mixed systems
in their entirety are subject to FFMIA. Further, the applicability of FFMIA
is not limited to systems within the influence of the agency CFO. Rather,
FFMIA refers only to agency systems and vests ultimate responsibility in the
agency head for determining whether agency systems comply with FFMIA
requirements. Therefore, information security controls for not only
financial systems, but also mixed systems in their entirety should be
included in FFMIA reviews.

FFMIA and other financial management reform legislation, most notably the
CFO Act, have underscored the importance of improving financial management
across the federal government. The primary purpose of FFMIA is to ensure
that agency financial management systems routinely provide reliable, useful,
and timely financial information. With such information, government leaders
will be better positioned to invest resources, reduce costs, oversee
programs, and hold agency managers accountable for the way they run
government programs. Financial management systems' compliance with federal
financial management systems requirements, applicable accounting standards,
and the SGL are the building blocks to help achieve these goals.

FFMIA is part of a series of management reform legislation passed by the
Congress over the past two decades. This series of legislation started with
the Federal Managers' Financial Integrity Act of 1982 (Financial Integrity
Act), which the Congress passed to strengthen internal control and
accounting systems throughout the federal government, among other purposes.
However, as we reported in 1989,10 7 years after the Financial Integrity Act
was passed, while agencies had achieved some success in identifying and
correcting material internal control and accounting system weaknesses, their
efforts to implement the Financial Integrity Act had not produced the
results intended by the Congress. At that time, we also reported that the
government did not have the internal control systems necessary to
effectively operate its programs and safeguard its assets and that its
accounting systems were antiquated and second-rate.

So, in the 1990s, the Congress passed additional management reform
legislation to improve the general and financial management of the federal
government. The combination of reforms ushered in by (1) the CFO Act of
1990, (2) the Government Management and Reform Act of 1994, (3) FFMIA, (4)
the Government Performance and Results Act of 1993, and (5) the
Clinger-Cohen Act of 1996, if successfully implemented, provides a basis for
improving accountability over government operations and routinely producing
sound cost and operating performance information, thereby making it possible
to better assess and improve the government's financial condition and
operating performance. In addition, in November 1999 we updated our
Standards for Internal Control in the Federal Government,11 which is issued
pursuant to the Financial Integrity Act to help agency managers implement
effective internal control, an integral part of improving financial
management systems.

The financial management systems policies and standards prescribed for
executive agencies to follow in developing, operating, evaluating, and
reporting on financial management systems are defined in OMB Circular A-127,
Financial Management Systems. Circular A-127 references the series of
publications, entitled Federal Financial Management Systems Requirements
(FFMSR), issued by JFMIP as the primary source of governmentwide
requirements for financial management systems. JFMIP systems requirements,
among other things, provide a framework for establishing integrated
financial management systems to support program and financial managers.
These requirements documents were first issued in the early 1990s, and
several have been updated since then. Table 1 lists the current publications
in the FFMSR series and their issue dates.

                       FFMSR document                          Issue date

 FFMSR-0        Framework for Federal Financial Management   January 1995
                Systems
 FFMSR-7        Inventory System Requirements                June 1995

 FFMSR-8        Managerial Cost Accounting System            February 1998
                Requirements
 JFMIP-SR-99-4  Core Financial System Requirements           February 1999

 JFMIP-SR-99-5  Human Resources & Payroll Systems            April 1999
                Requirements
 JFMIP-SR-99-8  Direct Loan System Requirements              June 1999
 JFMIP-SR-99-9  Travel System Requirements                   July 1999

 JFMIP-SR-99-14 Seized Property and Forfeited Asset Systems  December 1999
                Requirements
 JFMIP-SR-00-01 Guaranteed Loan System Requirements          March 2000
 JFMIP-SR-00-3  Grant Financial System Requirements          June 2000

JFMIP is also developing systems requirements where none previously existed.
JFMIP issued an exposure draft on Property Management System Requirements in
April 2000. A large number of responses and comments were received, and as a
result, a second exposure draft was issued in July 2000. Also, efforts are
underway to develop system requirements documents for benefit programs and
acquisition systems.

Federal accounting standards, which agency CFOs use in preparing financial
statements and in developing financial management systems, are developed by
the Federal Accounting Standards Advisory Board (FASAB).12 FASAB develops
accounting standards after considering the financial and budgetary
information needs of the Congress, executive agencies, and other users of
federal financial information and comments from the public. FASAB forwards
the standards to the three principals--the Comptroller General of the United
States (Comptroller General), the Secretary of the Treasury, and the
Director of OMB--for a 90-day review. If there are no objections during the
review period, the standards are considered final and FASAB publishes them
on its Web site and in print.

The American Institute of Certified Public Accountants now recognizes the
federal accounting standards developed by FASAB as being generally accepted
accounting principles for the federal government. This recognition enhances
the acceptability of the standards, which form the foundation for preparing
consistent and meaningful financial statements both for individual agencies
and the government as a whole.

Currently, there are 18 statements of federal financial accounting standards
(SFFAS) and 3 statements of federal financial accounting concepts (SFFAC).13
The concepts and standards are the basis for OMB's guidance to agencies on
the form and content of their financial statements and the government's
consolidated financial statements. Table 2 lists the concepts, standards,
and interpretations14 along with their respective effective dates.

 Concepts
 SFFAC No. 1 Objectives of Federal Financial Reporting
 SFFAC No. 2 Entity and Display
 SFFAC No. 3 Management's Discussion and Analysis

 Standards                                             Effective for fiscal
                                                       yeara
 SFFAS No. 1 Accounting for Selected Assets and
 Liabilities                                           1994
 SFFAS No. 2 Accounting for Direct Loans and Loan
 Guarantees                                            1994
 SFFAS No. 3 Accounting for Inventory and Related
 Property                                              1994
 SFFAS No. 4 Managerial Cost Accounting Concepts and
 Standards                                             1998
 SFFAS No. 5 Accounting for Liabilities of the Federal
 Government                                            1997
 SFFAS No. 6 Accounting for Property, Plant, and
 Equipment                                             1998
 SFFAS No. 7 Accounting for Revenue and Other
 Financing Sources                                     1998
 SFFAS No. 8 Supplementary Stewardship Reporting       1998
 SFFAS No. 9 Deferral of the Effective Date of
 Managerial Cost Accounting Standards for the Federal  1998
 Government in SFFAS No. 4
 SFFAS No. 10 Accounting for Internal Use Software     2001
 SFFAS No. 11 Amendments to Accounting for Property,
 Plant, and Equipment--Definitional Changes            1999
 SFFAS No. 12 Recognition of Contingent Liabilities
 Arising from Litigation: An Amendment of SFFAS No. 5, 1998
 Accounting for Liabilities of the Federal Government
 SFFAS No. 13 Deferral of Paragraph 65-2--Material
 Revenue-Related Transactions Disclosures              1999
 SFFAS No. 14 Amendments to Deferred Maintenance
 Reporting                                             1999
 SFFAS No. 15 Management's Discussion and Analysis     2000
 SFFAS No. 16 Amendments to Accounting for Property,
 Plant, and Equipment                                  2000
 SFFAS No. 17 Accounting for Social Insurance          2000
 SFFAS No. 18 Amendments to Accounting Standards for
 Direct Loans and Loan Guarantees in SFFAS No. 2       2001
 Interpretations
 No. 1 Reporting on Indian Trust Funds
 No. 2 Accounting for Treasury Judgment Fund Transactions
 No. 3 Measurement Date for Pension and Retirement Health Care Liabilities
 No. 4 Accounting for Pension Payments in Excess of Pension Expense
 No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue

aEffective dates do not apply to Statements of Federal Financial Accounting
Concepts and Interpretations.

FASAB's Accounting and Auditing Policy Committee (AAPC)15 assists in
resolving issues related to the implementation of accounting standards.
AAPC's efforts result in guidance for preparers and auditors of federal
financial statements in connection with implementation of accounting
standards and the reporting and auditing requirements contained in OMB's
Form and Content Bulletin and Audit Bulletin. To date, AAPC has released
four technical releases (TR), which are listed in table 3 along with their
release dates.

                    Technical release                    AAPC release date
 TR-1 Audit Legal Letter Guidance                        March 1, 1998
 TR-2 Environmental Liabilities Guidance                 March 15, 1998
 TR-3 Preparing and Auditing Direct Loan and Loan
 Guarantee Subsidies under the Federal Credit Reform Act July 31, 1999
 TR-4 Reporting on Non-Valued Seized and Forfeited
 Property                                                July 31, 1999

The SGL was established by an interagency task force through the direction
of OMB and mandated for use by OMB and Treasury regulations in 1986. The SGL
promotes consistency in financial transaction processing and reporting by
providing a uniform chart of accounts and pro forma transactions used to
standardize federal agencies' financial information accumulation and
processing, enhance financial control, and support budget and external
reporting, including financial statement preparation. The SGL is intended to
improve data stewardship throughout the government, enabling consistent
reporting at all levels within the agencies and providing comparable data
and financial analysis at the governmentwide level.16

FFMIA requires an agency head to determine, based on a review of the
auditor's report on the agency's financial statements and any other relevant
information, whether the agency's financial management systems substantially
comply with the act. The agency head is required to make this determination
no later than 120 days after (1) the receipt of the auditor's report or (2)
the last day of the fiscal year following the year covered by the audit,
whichever comes first. If the agency head disagrees with the auditor's
determination that the systems do not substantially comply, the Director of
OMB is to review the agency head's determination and report to the Congress.
If the agency head agrees that the systems do not substantially comply,
FFMIA requires that the agency head, in consultation with the Director of
OMB, establish a remediation plan to bring the systems into substantial
compliance with FFMIA's requirements.

According to FFMIA, remediation plans are to include corrective actions,
intermediate target dates, and resources necessary to bring the financial
management systems into substantial compliance with FFMIA's requirements
within 3 years of the date the agency head's noncompliance determination is
made. If, with the concurrence of the Director of OMB, the agency head
determines that substantial compliance cannot be reached within 3 years, the
remediation plan must specify the most feasible date by which the agency's
systems will achieve compliance and designate an official responsible for
effecting the necessary corrective actions.

In accordance with OMB guidance contained in Circular A-11, Preparing and
Submitting Budget Estimates, effective July 12, 1999, agencies are to
include their remediation plans in their annual budget submissions due to
OMB in October. The guidance requires that the plans include corrective
actions, resources needed, and interim target dates to bring the financial
management systems into substantial compliance within 3 years of the date of
the agencies' determination that their systems are not in substantial
compliance.17

We reviewed fiscal year 1999 audit reports for the 24 CFO Act agencies to
determine (1) which agencies had systems that their auditors found to be
noncompliant with FFMIA's requirements, (2) reasons why the systems were
found to be noncompliant, and (3) whether the audit reports were issued by
the March 1 statutory deadline. Our review included determining where
"heroic efforts" were used to meet the deadline. We interviewed agency
management and auditors at several CFO Act agencies to obtain their views on
FFMIA implementation, including what factors management considered in
determining whether their agencies' systems complied.

We reviewed OMB's guidance for FFMIA and interviewed OMB officials
responsible for FFMIA issues. Specifically, we reviewed the guidance for
preparing remediation plans for fiscal year 1998 contained in OMB Circular
A-11, Preparing and Submitting Budget Estimates. We reviewed agencies'
fiscal year 1998 remediation plans to determine if they contained the
required elements and if the corrective actions in the plans would resolve
agencies' systems problems. Fiscal year 1999 remediation plans are not due
to OMB, and therefore will not be available, until December 2000. We
compared the fiscal year 1998 remediation plans to those for fiscal year
1997 to determine if they had improved. We interviewed OMB officials and
staff to determine what actions OMB has taken regarding agencies'
remediation plans. We also reviewed a draft of the revised guidance in OMB
Bulletin 98-08, Audit Requirements for Federal Financial Statements.

We reviewed applicable federal accounting standards and systems requirements
documents. We made inquiries of FASAB and JFMIP staff to determine recent
developments in their respective efforts to develop accounting standards and
issue new systems requirements documents.

We conducted our work from February through August 2000 at the 24 CFO Act
agencies and OMB in Washington, D.C., in accordance with generally accepted
government auditing standards. We requested comments on a draft of this
report from the Director of OMB or his designee. The Deputy Controller of
OMB provided us with written comments. These comments are discussed in the
"Agency Comments and Our Evaluation" section and are reprinted in appendix
I.

Problems Remain

Agencies have a better understanding of their financial management
weaknesses and are slowly making progress in addressing their problems.
However, while an increasing number of agencies are issuing their audited
financial statements on time and receiving unqualified (clean) audit
opinions, financial management systems of the vast majority of CFO Act
agencies do not yet comply with FFMIA's requirements and, therefore, fall
short of the CFO Act and FFMIA goal to provide reliable, useful, and timely
information to assist in day-to-day management. This continuing widespread
noncompliance with FFMIA is indicative of the overall long-standing poor
condition of agency financial systems.

Auditors for 21 of the 24 CFO Act agencies reported that for fiscal year
1999, the agencies' systems still did not comply substantially with federal
financial systems requirements, federal accounting standards, or the SGL.18
Auditors for three agencies--the Department of Energy,19 the National
Aeronautics and Space Administration, and the National Science
Foundation--reported the agencies' systems to be in substantial compliance.
These FFMIA compliance results were similar to those for fiscal years 1997
and 1998.

Fifteen of the 24 CFO Act agencies received unqualified audit opinions on
their financial statements for fiscal year 1999, up from 12 in fiscal year
1998 and 11 in fiscal year 1997. Yet, FFMIA noncompliance has been fairly
consistent since fiscal year 1997 when the systems of 20 of the 24 CFO Act
agencies were reported to be noncompliant.20 Auditors for 12 of the 15
agencies that received unqualified opinions reported that the agencies'
financial systems did not comply substantially with FFMIA's requirements in
fiscal year 1999. In many cases, these agencies spent considerable resources
and often performed "heroic efforts" to obtain a clean opinion because their
financial statements could not be produced from their financial systems.

Not only has the number of clean opinions increased, the number of agencies
issuing their audited financial statements on time has also increased. To
emphasize the importance of timely preparation and audit of agency financial
statements, officials from OMB, GAO, and the Department of the Treasury held
meetings with cognizant agency officials. For fiscal year 1999, 5 of the 24
CFO Act agencies issued their audited statements after the statutory due
date of March 1, compared to fiscal year 1997, when 11 agencies were late
issuing their audited financial statements. However, as was the case in
obtaining clean opinions, many agencies relied on "heroic efforts" just to
meet the statutory due date. Having to perform such efforts indicates the
need for continued OMB attention.

Table 4 summarizes the auditors' FFMIA determinations and financial
statement opinions for fiscal year 1999 and highlights the 12 agencies that
received clean audit opinions despite their systems problems.

                   Auditors'
                 determination   Areas of reported substantial           Audit opinion
                 of substantial          noncompliance
                  compliance

     Agency       Yes     No       Systems    Accounting  SGL   Unqualified Qualified Disclaimer
                                requirements  standards
 Department of
 Agriculture            √ √       √   √                       √
 Department of
 Commerce               √ √                 √ √
 Department of
 Defense                √ √       √   √                       √
 Department of
 Education              √ √       √                       a
 Department of
 Energy         √                                         √
 Department of
 Health and             √ √                         √
 Human Services
 Department of
 Housing and
 Urban                  √ √       √   √                       √
 Development
 Department of
 the Interior           √ √       √           √
 Department of
 Justice                √ √       √   √             √
 Department of
 Labor                  √ √       √   √ √
 Department of
 State                  √ √                         √
 Department of
 Transportation         √ √       √   √ √
 Department of
 the Treasury           √ √       √   √             √
 Department of
 Veterans               √ √       √   √ √
 Affairs
 Agency for
 International          √ √       √   √                       √
 Development
 Environmental
 Protection             √ √       √   √             √
 Agency
 Federal
 Emergency
 Management             √ √                         √
 Agency
 General
 Services               √ √                         √
 Administration
 National
 Aeronautics and
 Space          √                                         √
 Administration
 National
 Science        √                                         √
 Foundation
 Nuclear
 Regulatory             √ √       √   √ √
 Commission
 Office of
 Personnel              √ √       √   √                       b
 Management
 Small Business
 Administration         √ √       √   √ √
 Social Security
 Administration         √ √                         √
 Total          3       21      21            15        14      15          4         5

Financial statement audit results are key indicators of the quality of
agency financial data at year-end and provide an annual public scorecard on
accountability. Agencies are to be commended for receiving unqualified audit
opinions. At the same time, a clean audit opinion is not an end in itself. A
clean audit opinion indicates to financial statement users only that the
information is fairly presented as of the date of the financial
statements--the last day of the fiscal year. However, financial statement
users generally do not get this information until 5 months after the close
of the fiscal year--around March 1, the statutory deadline--which is when
most agencies issue their financial statements. As illustrated below, this
time lag often results from the numerous adjustments and other "heroic
efforts" needed to prepare these statements. Although a clean opinion
indicates that year-end financial information is fairly presented, it
provides no assurance about the effectiveness and efficiency of financial
systems used to prepare the statements or whether use of the same or other
information generated by the financial systems for management use throughout
the year would be appropriate. The results shown in table 4 indicate that
although auditors reported that the financial statements of 15 of the 24 CFO
Act agencies were fairly presented and reliable at the end of the fiscal
year, as we discuss later in this report, the financial systems of 21 of the
24 agencies have weaknesses, some of which are so serious that they are not
able to routinely provide reliable, useful, and timely information on an
ongoing basis.

In order to receive an unqualified opinion, many agencies whose financial
management systems did not comply with FFMIA had to rely on "heroic efforts"
consisting of time-consuming, ad hoc programming and analysis of data
produced by inadequate systems that are not integrated or routinely
reconciled and often require significant audit adjustments. For example, the
Department of Transportation (DOT) received its first unqualified opinion on
its fiscal year 1999 departmentwide financial statements. However, like
several other agencies, despite the clean opinion, DOT's IG reported that
DOT's systems did not comply substantially with FFMIA.21 DOT's existing core
accounting system--designed to be the primary system for producing financial
information and financial statements--was not the primary source of
information used to prepare the financial statements. Because the core
system did not provide the necessary data, DOT made about 800 adjusting
entries totaling $36 billion. Also, according to the IG, the Federal
Aviation Administration's property systems were not designed as an
integrated system to accurately account for property costs. 22 Therefore,
DOT hired additional contractors, detailed employees, and used extensive
overtime and compensatory time to provide sufficient evidence to support the
amounts of property, plant, and equipment shown on its financial statements.
The IG reported that these manual and labor-intensive methods are expensive;
prone to errors, mistakes, and inaccuracies; and cannot be sustained.

As we discuss below, one of the main problems agencies face is the lack of
an integrated financial management system. Having an effective, integrated
financial management system that can produce financial statements in a
timely manner prevents the need for time-consuming and costly procedures. In
our Executive Guide: Creating Value Through World-class Financial
Management, we identified the success factors, practices, and outcomes
associated with world-class financial management efforts. We found that many
leading finance organizations have a goal to reduce the time spent on
routine accounting activities, such as financial statement preparation, so
that financial management staff can spend more time on activities such as
business performance analysis or cost analysis.

Based on our review of fiscal year 1999 audit reports for the 21 agencies
whose financial management systems were reported to be noncompliant, we
identified five primary reasons cited by the auditors:

ï¿½ nonintegrated financial management systems,

ï¿½ inadequate reconciliation procedures,

ï¿½ noncompliance with the SGL,

ï¿½ lack of adherence to federal accounting standards, and

ï¿½ weak security over information systems.

Table 5 shows the 21 agencies with noncompliant systems and the problems
relevant to FFMIA that were reported by their auditors.23 Auditors reported
these problems among the weaknesses identified during the audits; however,
the auditors may not have reported the problems as specific reasons for why
they concluded that the agencies' systems did not comply with FFMIA.
Further, the weaknesses reported by auditors ranged from serious, pervasive
systems problems to less serious problems that may affect one aspect of an
agency's accounting operation. We included all weaknesses relevant to FFMIA
identified by the auditors because such problems must be resolved in order
for the agencies' systems to generate the reliable, useful, and timely
information needed by decisionmakers.

                Nonintegrated                                 Lack of      Weak
                                 Inadequate                  adherence   security
     Agency       financial    reconciliation Noncompliance to federal     over
                  management                  with the SGL
                   systems      procedures                  accounting  information
                                                            standards    systems
 Department of
 Agriculture    √       √         √       √    √
 Department of
 Commerce       √       √         √                  √
 Department of
 Defense        √       √         √       √    √
 Department of
 Education      √       √                       √    √
 Department of
 Health and     √       √                                  √
 Human Services
 Department of
 Housing and
 Urban          √       √         √       √    √
 Development
 Department of
 the Interior                                               √    √
 Department of
 Justice        √       √         √       √    √
 Department of
 Labor          √       √         √       √    √
 Department of
 State          √       √                                  √
 Department of
 Transportation √                       √       √    √
 Department of
 the Treasury   √       √         √       √    √
 Department of
 Veterans       √       √         √       √    √
 Affairs
 Agency for
 International  √       √         √       √    √
 Development
 Environmental
 Protection                   √         √       √    √
 Agency
 Federal
 Emergency
 Management     √       √                                  √
 Agency
 General
 Services                                                              √
 Administration
 Nuclear
 Regulatory                                   √       √    √
 Commission
 Office of
 Personnel                    √         √       √    √
 Management
 Small Business
 Administration √                       √       √    √
 Social Security
 Administration                                                        √
 Totals         15            15              14            15         21

Source: GAO analysis of agency audit reports for fiscal year 1999. We did
not independently verify or test the data in the agency audit reports.

To understand how these weaknesses affect agencies' financial management
efforts and to bring about any lasting improvements, it is important to
understand what these weaknesses mean and how they affect the government's
operations. The following sections describe the five types of weaknesses and
provide examples identified by the agencies' auditors.

Nonintegrated Financial Management Systems

One of the federal financial systems requirements is that agencies'
financial management systems be integrated.24 According to the CFO Act,
agencies are to develop and maintain an integrated accounting and financial
management system that complies with federal systems requirements and
provides for (1) complete, reliable, consistent, and timely information that
responds to the financial information needs of the agency and facilitates
the systematic measurement of performance, (2) the development and reporting
of cost information, and (3) the integration of accounting, budgeting, and
program information. In this regard, OMB Circular A-127, Financial
Management Systems, requires agencies to establish and maintain an
integrated financial management system that conforms with JFMIP's functional
requirements.

When agencies do not have an integrated financial management system--which
includes a budget system and program systems that maintain financial
information, such as logistics, personnel, and acquisition systems--they are
often forced to rely on ad hoc programming, analysis, or actions--such as
taking physical inventories solely for the purpose of determining what
assets they have on hand rather than verifying amounts recorded in the
financial system--to satisfy financial reporting and analysis
responsibilities. In these situations, agencies must expend major effort and
resources, and some agencies rely heavily on external consultants to develop
information that their systems should be able to provide on a daily or
recurring basis. In addition, opportunities for errors are significantly
increased when agencies' systems are not integrated.

Modern, integrated financial systems rely on transaction-based entries to
update all relevant accounts, be they for budgetary control, proprietary
accounting objectives, or program management. In these modern, integrated
systems, financial data are carried in a common format, and the effects of
financial transactions in one application are accurately transmitted to
other affected applications. Accordingly, aside from the timeliness in
recording transactions, the use of integrated systems largely negates the
risk of out-of-balance situations and data-entry errors. Thus, agencies can
have at their disposal information that can quickly provide year-to-date
balances, mitigate the need for extensive reconciliation procedures, and
more important, can be used for analysis throughout the year.

A continuing, serious problem is that agencies lack modern, integrated
financial management systems. As shown in table 5, auditors for 15 of the 21
agencies with noncompliant systems reported this as a problem. For example,
as we testified in February 2000,25 the Internal Revenue Service (IRS) had
to focus substantial efforts on developing compensating processes to work
around its serious systems and internal control weaknesses to derive
year-end balances for its financial statements.26 Because IRS' aging
financial management systems have not been redesigned to meet current
systems requirements and financial reporting standards, IRS' approach to
preparing financial statements relied heavily on costly, time-consuming
processes; statistical projections; and external consultants to derive
year-end balances. For instance, IRS continues to have pervasive problems in
managing and reporting unpaid assessments.27 IRS does not have a subsidiary
ledger that tracks and accumulates unpaid assessments and their status on an
ongoing basis. The absence of the subsidiary ledger adversely affects IRS'
ability to effectively manage and accurately report these assessments.
Typically, an entity's accounts receivable balances would be supported by
detailed records, listings, or a subsidiary ledger of individual amounts,
which are all part of an integrated financial management system. To
compensate for the lack of an unpaid assessment subsidiary ledger, IRS uses
ad hoc programs that extract data from the tax master files--its database of
taxpayer information. However, as in past years, the results still required
significant adjustments totaling tens of billions of dollars before taxes
receivable could be reliably reported on the balance sheet. IRS' top
management recognizes this and has demonstrated a strong commitment to
developing an integrated system as part of tax systems modernization.

Inadequate Reconciliation Procedures

A reconciliation process, even if performed manually, is a valuable part of
a sound financial management system. In fact, the less integrated the
financial management system, the greater the need for adequate
reconciliations because data for the same transaction may be separately
entered in multiple systems. Reconciliation of records from the multiple
systems would ensure that transaction data were entered correctly in each
one. Reconciliation is also an important control for establishing agreement
between two sets of independently maintained but related records because it
helps to ensure the integrity of the underlying accounting data supporting
the financial statements. For example, in a private company, the ledger
account for Cash in Bank is reconciled with the bank statement received from
the bank, and the home office record of shipments to a branch office is
reconciled with the record of receipts maintained by the branch. Our
recently updated Standards for Internal Control in the Federal Government
highlight reconciliation as a key control activity.

As shown in table 5, auditors for 15 of the 21 agencies with noncompliant
systems reported that the agencies had reconciliation problems, including
difficulty reconciling their Fund Balance with Treasury accounts28 with the
Department of the Treasury's records. Treasury policy requires agencies to
reconcile their accounting records with Treasury records monthly, which is
comparable to individuals reconciling their checkbooks to their monthly bank
statements. However, such reconciliations are not being routinely performed.

For example, the Department of Education's auditors reported that Education
did not perform proper or timely reconciliations of its financial accounting
records throughout fiscal year 1999.29 And, at fiscal year-end, the balance
in Education's Fund Balance with Treasury account varied considerably from
the related balance reported by Treasury. In order to make the account
balances agree, Education made an unsupported adjustment of a net amount of
about $244 million to its Fund Balance with Treasury account. This means
that Education simply changed its records to agree with Treasury balances
without adequately researching the causes and reconciling the differences.
Because Education had not been performing periodic reconciliations and
discerning reasons for differences on an ongoing basis, it could not
determine which records, if any, were correct and, accordingly, relied on
Treasury's records, not its own.

Noncompliance With the SGL

Implementing the SGL at the transaction level is one of the major
requirements of FFMIA. However, as shown in table 5, auditors for 14 of the
21 agencies with noncompliant systems reported that the agencies' systems
did not comply with SGL requirements. By not implementing the SGL, agencies
are challenged to provide consistent financial information across their
component entities and functions. The effect of such differences is further
compounded at the governmentwide level and contributed to our disclaimer of
opinion on the U.S. government's consolidated financial reports for fiscal
years 1997, 1998, and 1999 because the government could not ensure that the
information in its financial statements was properly and consistently
compiled.30

In March, a Treasury official testified that the federal government needs to
increase the use of the SGL in agency accounting systems to improve the
reliability and accuracy of financial information.31 The official stated

"Our ability to prepare the consolidated financial report using SGL data so
that it is consistent with data in agency statements is hampered by the fact
that a large number of agencies do not properly use the SGL. In many
instances, agencies cannot adequately produce and send the SGL data to
Treasury because their systems do not record accounting events using the SGL
at the transaction level as mandated by the FFMIA. This results in
additional workload and processes to ensure that amounts are recorded in the
proper accounts. Additionally, this frustrates attempts to maximize
efficiency through the creation of automated analytical tools."

For example, the Agency for International Development's (AID) IG reported
that AID did not record accounts receivable in accordance with the SGL at
the transaction level.32 AID relied on data calls33 to obtain the total
amount of outstanding accounts receivable because it did not have integrated
financial management systems. These data calls were posted to the general
ledger at the summary level as opposed to the transaction level as required.
According to the IG, by using data calls to determine outstanding accounts
receivable, AID is at risk that the information obtained is not accurate or
complete.

Lack of Adherence to Federal Accounting Standards

One of FFMIA's requirements is that agencies' financial management systems
comply with applicable federal accounting standards. As shown in table 5,
auditors for 15 of the 21 agencies with noncompliant systems reported that
the agencies had problems complying with one or more of these standards.
Some agencies have experienced difficulty implementing the standards because
their financial management systems are not capable of producing the
financial data needed. FASAB continues to deliberate on new and emerging
accounting issues that could result in its issuing additional standards;
therefore, agencies' systems also must be able to accommodate any standards
that may be issued in the future.

For example, the processes and procedures used by the Department of
Agriculture's (USDA) lending agencies to estimate and reestimate loan
subsidy costs do not comply with SFFAS No. 2, Accounting for Direct Loans
and Loan Guarantees. SFFAS No. 2, which generally mirrors the requirements
of the Federal Credit Reform Act of 1990, contains guidance for agencies to
estimate the cost of direct and guaranteed loan programs when preparing
their annual budgets. The data used for these budgetary estimates are
generally reestimated after the fiscal year-end to reflect any changes in
actual loan performance since the budget was prepared. SFFAS No. 2 also
contains guidance for recording the reestimated cost of direct loans and the
reestimated liability for loan guarantees in the agency's financial
statements. Further, SFFAS No. 2 states that agencies should use historical
experience as a primary factor upon which to develop estimates of future
loan performance.

We testified in March that USDA was unable to develop reasonable estimates
of the costs of its loan programs because its financial systems were not
able to capture the data needed to make these estimates.34 Also, USDA lacked
historical information on borrower behavior, such as how many borrowers will
pay early, pay late, or default on their loans and at what point in time. As
a result, the Congress and other decisionmakers do not know whether they can
rely on the agency-reported costs of USDA's loan programs included in the
agency's budget request and in its annual financial statements--estimated to
be in excess of $27.3 billion as of September 30, 1999--for programmatic and
budgetary decision-making. Cost estimates based on unreliable data can
affect the availability of credit programs to potential borrowers because
changes in these estimates can affect the number and amount of loans and
guarantees that can be made.

Weak Security Over Information Systems

Information security weaknesses are one of the primary causes of systems'
noncompliance with FFMIA and a huge concern for federal agencies and the
general public. Even if agencies' systems were integrated, complied with the
SGL, and stringently adhered to federal accounting standards, without strong
information security controls, there is still the risk that the systems
would not be able to provide reliable, useful, and timely data. As we
testified last year and earlier this year, hacker attacks have shown just
how quickly computer viruses--such as Melissa and ILOVEYOU--can spread and
just how vulnerable federal information systems are to such computer
attacks.35 These hacker attacks have clearly highlighted the urgent and
serious need for stronger agency and governmentwide protection over agency
data.

As shown in table 5, auditors for all 21 agencies with noncompliant systems
reported information security weaknesses as a problem in fiscal year 1999.
Further, our analyses as well as those of agency IGs show that virtually all
of the largest federal agencies have significant computer security
weaknesses.36 These weaknesses, which we designated as a governmentwide
high-risk area in 1997 and 1999,37 are placing enormous amounts of federal
assets at risk of inadvertent or deliberate misuse, financial information at
risk of unauthorized modification or destruction, sensitive information at
risk of inappropriate disclosure, and critical operations at risk of
disruption. Our recent update to the federal government's internal control
standards highlights the need for adequate control over automated
information systems to ensure protection from inappropriate access and
unauthorized use by hackers and other trespassers or inappropriate use by
agency personnel.

The most serious reported information security problem is inadequately
restricted access to agency data, including sensitive data such as taxpayer
records, personal medical information, and law enforcement data. Other types
of information security weaknesses include inadequacies in segregating
duties to help ensure that people do not conduct unauthorized actions
without detection, preventing unauthorized software from being implemented,
and mitigating and recovering from unplanned interruptions in computer
service. Unresolved information security weaknesses could adversely affect
the ability of agencies to produce accurate data for decision-making and
financial reporting because such weaknesses could compromise the reliability
and availability of data that are recorded in or transmitted by an agency's
financial management systems.

For example, the Department of Health and Human Services' (HHS) IG cited
weaknesses in the entitywide security structure at the Health Care Financing
Administration (HCFA), which administers the Medicare program.38 HCFA relies
on extensive computer operations at both its central office and the Medicare
contractors to administer the Medicare program and to process and account
for Medicare expenditures, which totaled more than $200 billion in fiscal
year 1999. Controls over these operations are essential to ensure the
integrity, confidentiality, and reliability of critical data while reducing
the risk of errors, fraud, and other illegal acts. These control weaknesses
do not effectively prevent unauthorized access to and disclosure of
sensitive Medicare information.

In recognition of these serious security weaknesses, we have issued guides
to help agencies improve security over their information systems. As
mentioned previously, auditors for the 21 agencies with noncompliant systems
reported weaknesses in information systems security as a cause of FFMIA
noncompliance. We have identified best practices for improving information
security management, which we published in two guides:

ï¿½ Information Security Management: Learning From Leading Organizations
(GAO/AIMD-98-68, May 1998) and

ï¿½ Information Security Risk Assessment: Practices of Leading Organizations
(GAO/AIMD-00-33, November 1999).

Our guides are consistent with guidance on information security program
management provided to agencies by OMB and the National Institute of
Standards and Technology (NIST).39 In addition, the May 1998 guide has been
endorsed by the federal Chief Information Officers Council as a useful
resource for agency managers.

All of these financial systems problems date back many years and agencies
recognize the extent and severity of these financial management
deficiencies. The serious and pervasive nature of these issues emphasizes
the importance of developing and implementing a strategy to overcome these
problems. As we discuss in the next section, agencies have prepared
remediation plans to address their problems, but these plans need to be more
detailed to guide agency management and staff as they resolve their
agencies' financial management problems.

As required by FFMIA, agencies prepared remediation plans describing the
corrective actions they plan to take to resolve their problems and bring
their systems into substantial compliance with FFMIA's requirements. For our
report on FFMIA compliance last year,40 we reviewed remediation plans
agencies prepared to address problems identified in the fiscal year 1997
financial statement audits. We concluded that the majority of the plans
lacked sufficient detail to be adequate tools for agency management and
staff to use in resolving financial management problems. For this report, we
reviewed agencies' fiscal year 1998 remediation plans41 and determined that
while overall the plans improved slightly over those for fiscal year 1997,
many plans still lacked detailed steps, target dates, and descriptions of
the resources needed for executing the corrective actions. Further, some of
the corrective actions included in the remediation plans we reviewed did not
fully address the problems they are intended to correct. As we reported last
year, remediation plans need to be sufficiently detailed to provide a "road
map" for agency management and staff to resolve financial management
problems. The severity of problems facing agencies as they attempt to
replace or overhaul old and outdated financial systems and resolve serious
information security weaknesses, among other things, highlights the need for
detailed remediation plans.

Of the 21 agencies whose systems were reported to be noncompliant with FFMIA
in fiscal year 1998, 19 prepared remediation plans.42 Two agencies--the
Social Security Administration (SSA) and the Federal Emergency Management
Agency (FEMA)--did not submit remediation plans for fiscal year 1998 to OMB
because agency management determined that their systems were in substantial
compliance with FFMIA. While SSA and FEMA management acknowledged that the
weaknesses identified by the auditors exist, they did not agree with the
auditors that the weaknesses resulted in lack of "substantial" compliance.
SSA and FEMA have provided comments, including corrective actions, in
response to the auditors' recommendations.

FFMIA provides that if the compliance determination of the agency head
differs from the auditors' findings, the Director of OMB is to review the
determinations and provide a report on the findings to the appropriate
committees of the Congress. Based on discussions with OMB officials, OMB is
not reviewing and has not reviewed such determinations in order to report to
the Congress. According to OMB, if there is a disagreement between agency
heads and auditors, agency heads can contact OMB, and OMB will work with
them on the issue. Further, although FFMIA does not require a remediation
plan if an agency head determines the agency's systems comply substantially,
agencies are directed to address systems weaknesses in their financial
management improvement plans in accordance with OMB Circular A-11.

We reviewed the 19 available remediation plans to determine whether
(1) they included all the instances of noncompliance identified in the
fiscal year 1998 financial statement audit reports, (2) the planned
corrective actions were accompanied by detailed steps, (3) the corrective
actions, if successfully implemented, would resolve the problems, (4) they
included information about resources needed, and (5) they provided target
dates for completing the corrective actions. Figure 1 shows the results of
our analysis.

As shown in figure 1, 13 agencies' remediation plans included corrective
actions for all the reported instances of noncompliance identified during
the fiscal year 1998 financial statement audits, and 6 agencies' remediation
plans did not. IRS is an example of an agency that did not include
corrective actions for all reported instances of noncompliance. During our
audit of IRS' fiscal year 1999 financial statements, we reviewed its fiscal
year 1998 remediation plan dated December 1999.43 We reported that although
we identified noncompliance with the SGL and the inability to report cost
accounting information as two reasons why IRS' systems did not substantially
comply with FFMIA in fiscal year 1998, IRS' remediation plan did not include
corrective actions to address these problems. However, in a June 2000 update
to its remediation plan, IRS included actions to address the SGL and cost
accounting issues.

Another problem we found with some remediation plans is that the corrective
actions were not always detailed. As shown in figure 1, corrective actions
in 14 of the 19 remediation plans were broadly stated and did not include
detailed steps describing how actions are to be accomplished. An example of
a plan with detailed corrective actions is HHS' remediation plan. In its
plan, HHS has proposed eight corrective actions for improving its financial
reporting weaknesses, including

ï¿½ "Implement additional software to fully interface with [operating
divisions'] systems by providing an electronic interface," and

ï¿½ "Perform payroll reconciliations three times a year."

In contrast, one of the corrective actions in DOT's remediation plan is to
implement an integrated financial management system that substantially
complies with federal financial management systems requirements. Based on
our review of DOT's remediation plan, we found no detailed steps for guiding
this system's implementation. As we discuss later, when an agency's
corrective actions involve implementing or replacing financial management
systems, it is important to have a detailed plan that includes adopting
sound information technology investment and control processes.

While there is a substantial amount of professional judgment associated with
assessing the adequacy of these plans, we determined that planned corrective
actions would likely not always resolve problems identified by agencies'
auditors. As shown in figure 1, we determined that the corrective actions in
the remediation plans of nine agencies, if successfully implemented, would
probably resolve the problems. It is uncertain whether the corrective
actions in the plans of four agencies would resolve their problems, and for
six of the agencies, we determined that the corrective actions described in
the agencies' remediation plans probably would not resolve the problems. For
example, we testified in May44 that the Department of Defense's (DOD) fiscal
year 1998 remediation plan, while an improvement over the previous plan, did
not address, among other things, how the planned and ongoing improvement
initiatives will result in the target financial management environment,
including how the feeder systems' data integrity will be improved. Until
DOD's remediation plan addresses this and other key elements there can be no
assurance that the corrective actions taken will fully resolve the
underlying problems.

Although OMB guidance and FFMIA state that remediation plans are to include
intermediate target dates and resources necessary to achieve substantial
compliance, several of the remediation plans were lacking resource
information and a few of the plans were lacking target dates. As shown in
figure 1, 13 of the 19 remediation plans we reviewed did not include
resources needed. In the six plans that did include resources needed, the
information was not always included for every corrective action. Five of the
19 plans did not include target dates; however, as was the case with
resource information, when target dates were included, they were not always
included for individual corrective actions. Resource information is
important for agencies and OMB to determine whether corrective actions can
realistically be undertaken. Setting specific intermediate target dates will
help keep agencies on track as they implement corrective actions.

The importance of having a good remediation plan becomes more evident when
corrective actions in remediation plans involve information technology (IT)
investments, such as implementing or replacing financial management systems
or software. We have reported that in the past, agencies have struggled to
develop and implement new systems on time and within budget and that
billions of dollars have been wasted on systems development projects.45

Planning for and executing systems development projects present major
challenges for many agencies. For example, the Department of Education
implemented a new accounting system that was intended to be operational for
fiscal year 1998. In a December 1999 testimony,46 we reported that pervasive
weaknesses in the design and operation of Education's financial management
systems, among other things, prevented Education from reliably reporting on
the results of its operations in fiscal year 1998. Weaknesses in the new
accounting system included the inability to perform an automated year-end
closing process and directly produce consolidated financial statements as
would normally be expected from such systems. The systems limitations
contributed to the delay in Education submitting its fiscal year 1998
financial statements to the auditors and to Education's failure to meet the
statutory due date for issuing its audited financial statements for fiscal
year 1998. Because of these problems, Education's auditors recommended,
among other things, that Education define and document the information
system requirements needed to manage its operations efficiently.47

The Department of Housing and Urban Development (HUD) also experienced
problems after it failed to successfully plan and implement a new system. To
correct financial management deficiencies, HUD initiated a project to design
and implement an integrated financial system, HUD's Central Accounting and
Program System (HUDCAPS); however, the IG found problems with the project.48
The IG reported that the decision to implement HUDCAPS as the core
accounting system for the department was made without a complete and
thorough analysis of alternatives. After much effort, schedule delays, and
cost increases, HUDCAPS was prepared to operate as a departmentwide system
beginning in fiscal year 1999. However, the IG determined that as
implemented, HUDCAPS did not fully comply with federal financial management
systems requirements and that a lack of integration between program and
accounting systems necessitated duplicate data entry. Further, data in a
separate system at HUD's Federal Housing Authority were not updated in
HUDCAPS in a timely manner. The problems with HUDCAPS caused HUD to delay
closing of the general ledger and preparation of the financial statements,
which, in turn, contributed to the IG's disclaimer of opinion49 on HUD's
fiscal year 1999 financial statements.

Fourteen agencies have plans to implement or overhaul their core financial
management systems or to install new software. Some of these 14 agencies are
in the process of implementing new systems or software, while others are in
the planning stages. Implementing or overhauling financial management
systems will understandably take time, and the systems may not be
operational for several years. For example, HCFA has several projects
planned and underway that are intended to correct problems identified during
financial statement audits. As we reported in March,50 these projects
include (1) developing an integrated accounting system to include both the
tracking of Medicare overpayments and financial reporting and (2) developing
two new systems to improve oversight and financial reporting over Medicare
receivables. While the integrated accounting system has the potential to
provide major improvements in HCFA's financial management, successful
implementation will require well-defined plans and sustained management
focus over the 3- to 5-year implementation period. HCFA hired an experienced
systems development specialist to help ensure successful implementation of
this integrated accounting system.

To ensure that IT dollars are directed toward prudent investments designed
to achieve cost savings, increase productivity, and improve the timeliness
and quality of service delivery, agencies need to apply the framework
outlined in the Clinger-Cohen Act of 1996 and implementing guidance.51 This
includes adopting sound IT investment and control processes, designing
well-developed architectures to guide information flows and technical
standards, and establishing disciplined approaches for developing and
acquiring computer software.

In this regard, we have worked on strengthening federal agency management of
IT investment and have developed guidance based on best practices in the
public and private sectors related to IT investment. Two guides resulting
from our work are

ï¿½ Assessing Risks and Returns: A Guide for Evaluating Agencies' IT
Investment Decision-making (GAO/AIMD-10.1.13, February 1997) and

ï¿½ Executive Guide: Measuring Performance and Demonstrating Results of
Information Technology Investments (GAO/AIMD-98-89, March 1998).

However, it is important to remember that these guides are not a "silver
bullet" to guarantee success. Rather, the key is for organizations to adopt
and effectively implement policies and procedures, such as those described
in the guides, that foster the necessary discipline for the organizations to
produce predictable and repeatable results. Therefore, it is critical that
each organization first choose the practices that are compatible with its
culture and then effectively implement those practices.

OMB officials told us that they are working with agencies regarding the
application of the framework outlined in the Clinger-Cohen Act. According to
the OMB officials, OMB's review of agencies' IT capital asset planning
processes is linked to its review of agencies' remediation plans. This
review process is discussed further in the next section.

Implementation Issues

OMB plays a vital role in providing agencies and auditors with guidance and
ensuring that agencies have adequate resources to effect the necessary
corrective actions. Specifically, OMB provides (1) guidance and assistance
to agencies related to preparing remediation plans, (2) FFMIA implementation
guidance for agencies and auditors, and (3) requirements for auditors of
agency financial statements, including requirements for reporting compliance
with FFMIA.

The advisory role FFMIA established for OMB with respect to agency
remediation plans is important for addressing the types of problems we noted
in the remediation plans we reviewed. Therefore, last year we recommended
that OMB work with the agencies to ensure that all remediation plans are
prepared and submitted timely. We also recommended that OMB review agencies'
plans for (1) detailed corrective actions that fully address reported
problems, (2) inclusion of resource requirements, and (3) specific time
frames needed to implement and resolve problems.

OMB officials told us that they have adopted a new approach for reviewing
agencies' remediation plans.52 An integral part of this new approach is
integrating FFMIA and financial management systems issues, especially plans
to overhaul or replace financial management systems, with agencies' IT
capital planning and budgeting processes. OMB officials told us that they
met with officials from 20 agencies this summer to discuss their upcoming
budget submissions and FFMIA remediation plans. The purpose of these
meetings was to present OMB's new approach and to let managers know that
FFMIA remediation plans would be considered in conjunction with agencies'
capital asset plans and overall systems architectures. According to OMB
officials, these meetings were attended by officials and staff from three
OMB offices--the Office of Federal Financial Management, the Office of
Information and Regulatory Affairs, and the Office of Federal Procurement
Policy--as well as OMB's resource management officers (formerly known as
budget examiners) assigned to the agencies. Agency officials attending the
meetings included the agencies' CFOs, chief information officers, and budget
and procurement executives. In addition to the meetings held this summer,
OMB has conducted training for agency managers and staff about its new
approach of integrating financial management systems planning with IT
strategies and capital budgeting.

OMB's new approach should help it carry out its advisory role established by
FFMIA. The meetings between OMB and agency officials can provide a strategic
perspective on financial and technical issues related to developing and
implementing fully integrated financial management systems. With this new
approach, OMB intends to ensure that remediation plans are
(1) integrated into the agency's IT strategy, (2) well documented, and
(3) supported by the agency's budget requests. However, because the approach
is new, we cannot comment on whether it will be successful in improving
agencies' remediation plans and thus improve financial management in
general.

OMB has recently proposed revisions to OMB Bulletin No. 98-08, Audit
Requirements for Federal Financial Statements. We have reviewed the proposed
revisions relating to the (1) implementation guidance for agencies and
auditors and (2) FFMIA compliance reporting requirements for auditors of
agencies' financial statements. We are working with OMB to address our
concerns.

Other efforts across government are also underway to help agencies improve
their systems and financial management overall. JFMIP tests commercial
off-the-shelf software for compliance with current systems requirements and
updates and issues systems requirements documents. Also, tools for auditors
and agencies to use when reviewing systems for compliance with FFMIA are
contained in an exposure draft of a review guide issued by JFMIP and the CFO
Council and in checklists that we have published.

An important effort focused specifically on improving federal financial
systems is the work of the JFMIP. In a governmentwide cooperative effort to
improve federal financial systems, JFMIP established its Program Management
Office (PMO) in 1998 with resources provided by the 24 CFO Act agencies to
assist agencies and vendors in developing and implementing commercial
off-the-shelf software that complies with current financial management
system requirements. PMO's responsibilities include, among other things,
developing comprehensive testing vehicles, interpreting requirements,
serving as an information clearinghouse for federal financial systems, and
facilitating communication with the private sector.

In fiscal year 1999, PMO implemented a new software testing process in which
it tests vendor products to certify that they meet current JFMIP systems
requirements. PMO publishes the testing results in its Web-based electronic
repository, called the Knowledgebase, which also includes information for
agencies and vendors about financial systems requirements, business
practices, and certified vendor products. JFMIP-compliant systems help
assure an agency that the system properly records transactions defined in
JFMIP's Core Financial System Requirements. However, agencies will still
need to define their business requirements and then compare the various
applications against those requirements to identify gaps. Once these gaps
are identified, agencies need to determine the cost, schedule, and
performance impacts associated with these gaps and determine the best
approach to accomplishing the requirement--modifying the system or, if the
desired functionality is not cost effective, eliminating the requirement.
OMB Circular A-127, Financial Management Systems, requires that agencies
replacing software to meet core financial system requirements use
off-the-shelf software that has been tested and certified through the JFMIP
software certification process as meeting JFMIP core financial system
requirements.

JFMIP, in cooperation with the CFO Council, has issued an exposure draft of
a guide53 to assist agencies in reviewing financial management systems as
required by FFMIA and other legislation. This guide serves as a tool to
assist agency managers in determining whether their agencies' financial
management systems comply with FFMIA, as well as the Financial Integrity Act
and OMB Circular A-127. Although the guide is written for use by agency
managers, the guide will also assist auditors conducting reviews under FFMIA
by helping them understand how financial and program managers evaluated
their systems. As of September 2000, the exposure draft was being revised to
incorporate final comments of the JFMIP Steering Committee.54

We have also published checklists to assist agencies in implementing and
monitoring their systems and to assist management and auditors in reviewing
systems to determine whether they are in substantial compliance with FFMIA.
The checklists are based on JFMIP systems requirements documents. We issue
them when JFMIP requirements are published for the first time and when
requirements are updated. Table 6 lists the checklists we have issued in
final form or as exposure drafts.

                          Checklist                            Issue date
 GAO/AIMD-98-21.2.1 Framework for Federal Financial
 Management System Checklist                                 May 1998
 GAO/AIMD-00-21.2.2 Core Financial System Requirements
 Checklist                                                   February 2000
 GAO/AIMD-00-21.2.3 Human Resources and Payroll Systems
 Checklist                                                   March 2000
 GAO/AIMD-98-21.2.4 Inventory System Checklist               May 1998
 GAO/AIMD-21.2.5 Seized Property and Forfeited Assets System
 Requirements Checklist (exposure draft)                     April 2000
 GAO/AIMD-21-2.6 Direct Loan System Requirements Checklist   April 2000
 GAO/AIMD-21-2.7 Guaranteed Loan System Requirements
 (exposure draft)                                            August 2000
 GAO/AIMD-21.2.8 Travel System Requirements Checklist        May 2000
 GAO/AIMD-99-21.2.9 System Requirements for Managerial Cost
 Accounting Checklist                                        January 1999

The leadership and partnerships established to successfully address the Year
2000 computing problem provide valuable lessons that can also be used to
address financial management reform across government. In our October 1999
FFMIA report,55 we noted that addressing Year 2000 conversion issues was
understandably a priority for federal agencies and that Year 2000
preparation had resulted in delaying financial systems changes in some
agencies. We also reported that over the long term, there should be residual
benefits from Year 2000 efforts. Now that the federal government has made
the successful conversion to Year 2000, it can apply those valuable lessons
to other critical management challenges.

We testified in January about the Year 2000 computing challenge, including
lessons that can be carried forward to improve the management of information
technology activities.56 Among the lessons learned were the importance of
(1) providing high-level congressional and executive branch leadership, (2)
understanding the importance of computer-supported operations, (3) providing
standard guidance, (4) establishing partnerships, (5) facilitating progress
and monitoring performance, and (6) implementing fundamental IT
improvements. The Year 2000 efforts have reinforced an understanding of the
importance of consistent and persistent top management attention, which is
essential to solving any intractable problem. In a recently issued report on
how lessons learned can be applied to other management challenges, we
reiterated that high-level management attention was key to successfully
meeting the Year 2000 challenge.57 We reported that while the Year 2000
problem was technical in nature, it was primarily a management problem, with
organizations facing the risk of disruptions of their core business
processes. Federal officials and other participants in a Year 2000 lessons
learned summit cited high-level leadership and top management involvement as
key to Year 2000 success.

According to officials at OMB, the Year 2000 problem also gave agency chief
information officers a "crash course" in how to accomplish projects. Many
chief information officers were relatively new in their positions, and
expediting Year 2000 efforts required many of them to quickly gain an
understanding of their agencies' systems, work extensively with agency
program managers and CFOs, and become familiar with budgeting and financial
management practices. Addressing these issues, in turn, provided them with
real-time experience in responding to far-reaching management problems and
in finding solutions. These experiences could prove valuable to resolving
the systems issues impeding compliance with FFMIA.

Long-standing problems with agencies' financial systems make it difficult
for the agencies to produce reliable, useful, and timely financial
information and hold managers accountable. Federal managers need this
important information for formulating budgets, managing government programs,
and making difficult policy choices. The extraordinary efforts that many
agencies go through to produce auditable financial statements are not
sustainable in the long term. These efforts use significant resources that
could and should be used for other important financial-related work. For
these reasons, the widespread systems problems facing the federal government
need top management attention. We learned from the Year 2000 experience that
proactive leadership at the highest levels of government is one of the most
important factors in prompting attention and action on a widespread problem.

The federal government's size and complexity and the discipline needed to
overhaul or replace its financial management systems present a significant
challenge--not simply a challenge to overcome a technical glitch, but a
demanding management challenge that requires attention from the highest
levels of government. We recognize that it will take time, investment, and
sustained emphasis on correcting deficiencies to improve federal financial
management systems to the level required by FFMIA and to effectively manage
government funds. The significance of the issues facing agencies, now and in
the future, emphasizes the need for detailed remediation plans. As
envisioned by the act, these remediation plans would help agencies establish
seamless systems and processes to routinely generate reliable, useful, and
timely information that would improve agencies' accountability and help them
to meet the statutory deadline for issuing audited financial statements.

Because OMB's approach for reviewing agencies' remediation plans is new, we
cannot yet determine whether it will be successful. As part of our next
annual review of FFMIA compliance, we will evaluate whether this new
approach fully addressed our recommendation in our prior report regarding
OMB's role related to ensuring the adequacy of agencies' remediation plans.

Also, until all 24 CFO Act agencies can meet the statutory deadline for
issuing audited financial statements, OMB and agencies' efforts must
continue. Therefore, we reaffirm the recommendation we made in our prior
report that the Director of OMB require the Deputy Director for Management
to work with the agencies to ensure that the agencies' financial statements
are audited and issued by the March 1 statutory deadline. With concerted
effort, including attention from top agency management and the Congress, the
federal government can improve its financial management systems and thus
achieve the goals of the CFO Act and provide accountability to the nation's
taxpayers.

In comments on a draft of this report, OMB stated that it concurs with
FFMIA's compliance requirements, but believes our report does not give
credit for progress made or improvement efforts underway by agencies. OMB
also expressed concern that, as currently written in OMB guidance,
compliance requirements were black and white--meaning an agency was either
compliant or not compliant. OMB stated that such an approach does not
measure the progress many agencies are making in one or more of the three
compliance areas--federal financial management systems requirements,
applicable federal accounting standards, and the SGL at the transaction
level. We agree with OMB's comment that it is important to measure progress
toward improvement and acknowledge that the agencies are moving in the right
direction. Accordingly, our report states that agencies are slowly making
progress towards compliance with FFMIA's requirements. While FFMIA requires
reporting on whether or not an agency's systems comply with the act's
requirements, a number of avenues exist for reporting progress. We plan to
work with OMB to enhance the reporting by agencies, auditors, and OMB on
progress made in achieving compliance with FFMIA.

In its comments, OMB also discussed the applicability of information
security requirements in assessing compliance with FFMIA. OMB stated that
some problems relating to systems security must be addressed at a
departmentwide level by the Chief Information Officer. OMB stated that many
of the problems with information security that we highlighted in the report
are in mixed or enterprise systems well beyond the influence of the CFO. We
agree that information security is an agencywide responsibility, not limited
to efforts directly under the purview of the agency CFO. However, it is
important to recognize that FFMIA not only applies to financial systems, but
also to the financial portion of mixed systems. To the extent the financial
and non-financial portions of mixed systems cannot be separated for purposes
of information security controls, the mixed systems in their entirety
necessarily are subject to FFMIA. Further, nothing in FFMIA limits its
application to systems within the influence of the agency CFO. Rather, FFMIA
refers only to agency systems and vests ultimate responsibility in the
agency head for determining whether agency systems comply with FFMIA
requirements and for establishing remediation plans. Therefore, we continue
to believe that when reviewing financial management systems for compliance
with FFMIA, security controls over financial and mixed systems would
appropriately be included.

OMB also had numerous other comments that we incorporated into the report as
appropriate. Appendix I includes OMB's comments and our responses.

We are sending copies of this report to Senator George V. Voinovich,
Chairman, and Senator Richard J. Durbin, Ranking Minority Member,
Subcommittee on Oversight of Government Management, Restructuring, and the
District of Columbia, Senate Committee on Governmental Affairs; and to
Representative Stephen Horn, Chairman, and Representative Jim Turner,
Ranking Minority Member, Subcommittee on Government Management, Information
and Technology, House Committee on Government Reform. We are also sending
copies to the Honorable Jacob J. Lew, Director of the Office of Management
and Budget; the Honorable Lawrence H. Summers, Secretary of the Treasury;
the heads of the 24 CFO Act agencies; and agency CFOs and IGs. Copies will
also be made available to others upon request.

This report was prepared under the direction of Gloria L. Jarmon, Director,
Health, Education, and Human Services Accounting and Financial Management
Issues, who may be reached at (202) 512-4476 or by e-mail at
[email protected] if you have any questions. Key contributors to this
assignment were Kay Daly, Diane Morris, Sandra Silzer, and Meg Mills.
David M. Walker
Comptroller General
of the United States

Comments From the Office of Management and Budget

The following are GAO's comments on the Office of Management and Budget's
September 21, 2000, letter.

1. See "Agency Comments and Our Evaluation" section.

2. The report was revised to address OMB's comment.

3. The report was revised to address OMB's comment.

4. The report was revised to address OMB's comment.

5. See "Agency Comments and Our Evaluation" section.

6. We disagree that a correlation between clean opinions and FFMIA
compliance cannot be drawn. The report is intended to convey the message
that some agencies had to use "heroic efforts" to produce financial
statements because their systems could not produce them. One of the reasons
the systems could not produce the financial statements is because they do
not comply with FFMIA's requirements.

7. The main source for this section of the report is agency audit reports.
Therefore, table 4 summarizes auditors' FFMIA determinations and financial
statement opinions. To address this concern, we added a note to the table
that discusses determinations made by agency management. We also discuss the
agencies that disagreed with their auditors' FFMIA determinations in
footnote 18 on page 14 and in the remediation plans section on page 30.

8. The report was revised to address OMB's comments.

9. We agree that the ability to provide financial data to program managers
that is timely and useful is a key indicator of the quality of financial
data. This is the end game that we discuss in our report. At the same time,
we do not agree that results of financial statement audits do not provide a
measure of accountability to the public. Audit results show whether the
information in the financial statements is reliable and fairly presented.
Audit results have been one of the key indicators for both government and
private industry to provide accountability.

10. Language was added to the report to show that the basis for this
conclusion is discussed in the sections that follow.

11. The purpose of table 5 is to show the most commonly reported problems
relevant to FFMIA, as explained in the paragraph preceding the table. As
discussed in the text, this table covers more than specific reasons for
noncompliance with FFMIA, so a discussion of agencies' FFMIA determinations
is not appropriate here. Table 4 shows the three requirements in the
law--systems requirements, applicable federal accounting standards, and SGL
compliance--and what auditors reported regarding these three areas.

12. The changes suggested by OMB in its comments illustrate the need to
clarify guidance to auditors for reporting on compliance with FFMIA. We note
that OMB's recently proposed revisions to the audit guidance in Bulletin
98-08 should help to do this.

We have revised tables 4 and 5 to show that NRC experienced difficulties
complying with the SGL requirements of FFMIA. We agree that the consolidated
audit report for the Department of Justice did not specifically mention
noncompliance with the SGL. However, the consolidated audit report referred
to component audit reports. The auditors of the Immigration and
Naturalization Service (INS), a major component of the Department of
Justice, cited noncompliance with the SGL in the INS' audit report;
therefore, we included this as a problem reported by auditors (table 5).
Regarding the Environmental Protection Agency (EPA), the audit report stated
that, in most cases, EPA could not report its intragovernmental assets and
liabilities by trading partner because finance offices were not coding
transactions to show this information. We interpret this as a SGL
noncompliance issue because reporting intragovernmental transactions by
trading partner is an SGL requirement.

13. We did not intend to imply that other systems requirements are less
significant. Our intention was to highlight major areas needing attention
that were most often cited by auditors.

14. See "Agency Comments and Our Evaluation" section.

15. The report was revised to address OMB's comment.

16. The report was revised to address OMB's comment.

17. The report was revised to address OMB's comment.

18. We reviewed fiscal year 1998 remediation plans that were prepared before
OMB adopted this new approach for reviewing the plans. Fiscal year 1999
remediation plans are not due to OMB, and therefore will not be available,
until December 2000. We believe that OMB's approach to consider the whole IT
capital investment plan has merit, and as part of our work for next year's
report, we will review this approach. At the same time, FFMIA requires that
remediation plans contain resources, and therefore, elements of the
remediation plan that are included in other documents should be referred to
in order to assist the plan's users and fulfill the requirements of FFMIA.
The fiscal year 1998 remediation plans we reviewed generally did not refer
the reader to IT capital investment plans to identify resources needed.

19. The report was revised to address OMB's comments.

20. The report was revised to address OMB's comments.

21. The report was revised to address OMB's comments.

22. The report was revised to address OMB's comments.

(916337)
  

1. Title VIII of Public Law 104-208 is entitled Federal Financial Management
Improvement Act of 1996.

2. The SGL provides a standard chart of accounts and standardized
transactions that agencies are to use in all their financial systems.

3. Financial Management: Federal Financial Management Improvement Act
Results for Fiscal Year 1998 (GAO/AIMD-00-3 , October 1, 1999).

4. In an unqualified opinion, the auditor concludes that the principal
statements and accompanying notes present fairly, in all material respects,
the assets, liabilities, and net position of the entity at the end of the
period, and the net costs, changes in net position, budgetary resources, and
reconciliation of net costs with budgetary obligations for the period then
ended.

5. Financial Management: Agencies Face Many Challenges in Meeting the Goals
of the Federal Financial Management Improvement Act (GAO/T-AIMD-00-178 ,
June 6, 2000).

6. GAO/AIMD-00-134 , April 2000.

7. Auditors for 21 of the 24 CFO Act agencies reported that the agencies'
systems did not substantially comply with FFMIA in fiscal year 1998. Two
agencies did not submit remediation plans for fiscal year 1998 because
agency management determined that their systems were in substantial
compliance with FFMIA. While agency management acknowledged that the
weaknesses identified by the auditors existed, they did not agree that the
weaknesses resulted in lack of "substantial" compliance.

8. Fiscal year 1998 remediation plans, addressing instances of noncompliance
with FFMIA identified in financial statement audits covering fiscal year
1998, were due to the Office of Management and Budget (OMB) in October 1999.
Remediation plans covering fiscal year 1999 instances of noncompliance are
due to OMB in December 2000.

9. JFMIP is a cooperative undertaking of OMB, the Department of the
Treasury, the Office of Personnel Management (OPM), and GAO working with
operating agencies to improve financial management practices throughout the
government. The program was initiated in 1948 by the Secretary of the
Treasury, the Director of the Bureau of the Budget (now OMB), and the
Comptroller General and was given statutory authorization in the Budget and
Accounting Procedures Act of 1950. The Civil Service Commission, now OPM,
joined JFMIP in 1966.

10. Financial Integrity Act: Inadequate Controls Result in Ineffective
Federal Programs and Billions in Losses (GAO/AFMD-90-10 , November 28,
1989).

11. GAO/AIMD-00-21.3.1, November 1999.

12. In October 1990, the Secretary of the Treasury, the Director of OMB, and
the Comptroller General established FASAB to recommend a set of generally
accepted accounting standards for the federal government.

13. Accounting standards are authoritative statements of how particular
types of transactions and other events should be reflected in financial
statements. SFFACs explain the objectives and ideas upon which FASAB
develops the standards.

14. Occasionally, FASAB clarifies existing federal accounting standards by
providing interpretations. An interpretation is a document of narrow scope
that provides clarifications of original meaning, additional definitions, or
other guidance pertaining to an existing federal accounting standard.

15. In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the CFO Council,
and the President's Council on Integrity and Efficiency, established AAPC to
assist the federal government in improving financial reporting.

16. SGL guidance is published in the Treasury Financial Manual. Treasury's
Financial Management Service is responsible for maintaining the SGL and
answering agency inquiries.

17. The most current revision of Circular A-11, effective July 19, 2000,
requires that in addition to corrective actions, resources, and target
dates, agencies also identify responsible officials in their remediation
plans. The guidance changes the due date for budget submission documents due
in 2000 to December rather than October because of the presidential
transition.

18. Management of 3 of the 21 agencies--the Federal Emergency Management
Agency, the Social Security Administration, and the Office of Personnel
Management (OPM)--disagreed with their auditors' determinations that their
agencies' systems did not comply substantially with FFMIA's requirements.
Management of these three agencies acknowledged that the weaknesses
identified by the auditors exist but did not agree that the weaknesses
caused "substantial noncompliance." (In the case of OPM, management
determined that the systems for the Retirement, Health Benefits Insurance,
and Life Insurance programs did comply substantially with FFMIA. For the
Revolving Fund and Salaries and Expenses, OPM management agreed with its
auditors that the systems did not comply substantially with FFMIA.)

19. According to OMB guidance in OMB Bulletin 98-08, material weaknesses in
internal controls that affect an agency's ability to prepare auditable
financial statements and related disclosures are an indication of
noncompliance with FFMIA. In its fiscal year 1999 Report on Internal
Controls, the Department of Energy's IG reported a material weakness related
to the Western Area Power Administration's new financial management system.
The report states, "While the Department's systems as a whole substantially
comply with FFMIA, the new financial management system implemented by
Western was not in compliance with the FFMIA requirements as of September
30, 1999. . . . Thus, Western was unable to adequately track and report on
budget execution and meet external reporting requirements, including
preparation of financial statements."

20. In fiscal year 1998, the systems of 21 of the 24 CFO Act agencies were
reported to be noncompliant.

21. Office of Inspector General Audit Report, Fiscal Year 1999 Consolidated
Financial Statements, Department of Transportation, Report No. FE-2000-062,
March 8, 2000.

22. Fiscal Year 1999 Financial Statements, Federal Aviation Administration,
Report No. FE-2000-060, February 29, 2000.

23. Based on further review of agency audit reports, we have updated
information in this table, which first appeared in our June testimony on
FFMIA, Financial Management: Agencies Face Many Challenges in Meeting the
Goals of the Federal Financial Management Improvement Act (GAO/T-AIMD-00-178
, June 6, 2000).

24. Federal financial system requirements define an integrated financial
system as one that coordinates a number of previously unconnected functions
to improve overall efficiency and control. Characteristics of such a system
include (1) standard data classifications for recording financial events,
(2) common processes for processing similar transactions,
(3) consistent internal controls over data entry, transaction processing,
and reporting, and (4) a system design that eliminates unnecessary
duplication of transaction entry.

25. Internal Revenue Service: Results of Fiscal Year 1999 Financial
Statement Audit (GAO/
T-AIMD-00-104 , February 29, 2000).

26. The Department of the Treasury is 1 of the 21 agencies whose systems
were reported as noncompliant. The noncompliance was due, among other
things, to IRS' systems problems.

27. Unpaid assessments consist of amounts for which (1) IRS can support the
existence of a receivable through taxpayer agreement or a favorable court
ruling (federal taxes receivable), (2) neither the taxpayer nor the court
has affirmed that the amounts are owed (compliance assessments), and (3) IRS
does not expect further collections due to factors such as the taxpayer's
death, bankruptcy, or insolvency (write-offs).

28. Agencies record their budget spending authorizations in their Fund
Balance with Treasury accounts. Agencies increase or decrease these accounts
as they collect or disburse funds.

29. The U.S. Department of Education, Audited Financial Statements, Year
Ended
September 30, 1999, Report of Independent Auditors, Ernst & Young LLP,
February 2, 2000. Also see Financial Management: Financial Management
Weaknesses at the Department of Education (GAO/T-AIMD-00-50 , December 6,
1999), Financial Management: Education Faces Challenges in Achieving
Financial Management Reform (GAO/T-AIMD-00-106 ,
March 1, 2000), and Financial Management: Education's Financial Management
Problems Persist (GAO/T-AIMD-00-180 , May 24, 2000).

30. Financial Audit: 1997 Consolidated Financial Statements of the United
States Government (GAO/AIMD-98-127 , March 31, 1998), Financial Audit: 1998
Financial Report of the United States Government (GAO/AIMD-99-130 , March
31, 1999), and Financial Audit: 1999 Financial Report of the United States
Government (GAO/AIMD-00-131 , March 31, 2000).

31. Are the Financial Records of the Federal Government Reliable? Testimony
of Donald V. Hammond, Fiscal Assistant Secretary, Department of the
Treasury, March 31, 2000.

32. Reports on USAID's Consolidated Financial Statements, Internal Controls,
and Compliance for Fiscal Year 1999 (Report No. 0-000-00-006-F, February 18,
2000).

33. Data calls is a term used to describe the process of requesting that
various offices provide outstanding balances as of year-end. The resulting
reports are prepared from data contained outside the formal accounting
system.

34. Financial Management: USDA Faces Major Financial Management Challenges
(GAO/
T-AIMD-00-115 , March 21, 2000).

35. Information Security: The Melissa Computer Virus Demonstrates Urgent
Need for Stronger Protection Over Systems and Sensitive Data
(GAO/T-AIMD-99-146 , April 15, 1999) and Information Security: "ILOVEYOU"
Computer Virus Emphasizes Critical Need for Agency and Governmentwide
Improvements (GAO/T-AIMD-00-171 , May 10, 2000).

36. Critical Infrastructure Protection: Comments on the National Plan for
Information Systems Protection (GAO/T-AIMD-00-72 , February 1, 2000) and
Federal Information Security: Actions Needed to Address Widespread
Weaknesses (GAO/T-AIMD-00-135 , March 29, 2000).

37. High-Risk Series: An Overview (GAO/HR-97-1 , February 1997) and
High-Risk Series: An Update (GAO/HR-99-1 , January 1999).

38. Report on the Financial Statement Audit of the Department of Health and
Human Services for Fiscal Year 1999 (Report No. A-17-99-00002, February
2000).

39. OMB guidance is contained in its Circular A-130, Appendix III, Security
of Federal Automated Information Resources, updated February 1996. NIST has
issued numerous Federal Information Processing Standards as well as a
comprehensive description of basic concepts and techniques entitled An
Introduction to Computer Security: The NIST Handbook, Special Publication
800-12, October 1995, and Generally Accepted Principles and Practices for
Securing Information Technology Systems, published in September 1996.

40. Financial Management: Federal Financial Management Improvement Act
Results for Fiscal Year 1998 (GAO/AIMD-00-3 , October 1, 1999).

41. Remediation plans addressing issues identified in the fiscal year 1999
financial statement audits were not due to OMB until December 2000.

42. The Department of the Treasury did not prepare a departmentwide
remediation plan. Rather, the bureaus and offices of the department,
including the IRS, that had noncompliant systems prepared their own separate
plans. For purposes of this report, we considered the individual plans
together as the overall Treasury plan.

43. Financial Audit: IRS' Fiscal Year 1999 Financial Statements
(GAO/AIMD-00-76 ,
February 29, 2000).

44. Department of Defense: Progress in Financial Management
(GAO/T-AIMD/NSIAD-00-163 , May 9, 2000).

45. Major Management Challenges and Program Risks: A Governmentwide
Perspective (GAO/OCG-99-1 , January 1999).

46. Financial Management: Financial Management Weaknesses at the Department
of Education (GAO/T-AIMD-00-50 , December 6, 1999).

47. Department of Education, Fiscal Year 1998 Consolidated Financial
Statements, Ernst & Young LLP, November 1999.

48. Report on Efforts to Audit the U.S. Department of Housing and Urban
Development's Fiscal Year 1999 Financial Statements (00-FO-177-0003, March
1, 2000).

49. A disclaimer of opinion means the auditors are unable to determine the
overall fairness of the financial statements. This type of result might
occur if the audit revealed the system of internal control to be grossly
inadequate or if the auditors for any reason did not or could not perform
sufficient work to have a basis for an opinion.

50. Medicare Financial Management: Further Improvements Needed to Establish
Adequate Financial Control and Accountability (GAO/AIMD-00-66 , March 15,
2000).

51. The Clinger-Cohen Act builds on the best practices of leading public and
private organizations by requiring agencies to better link IT planning and
investment decisions to program missions and goals.

52. Although this approach is new, according to OMB officials, remediation
activities underway at agencies previously reported to OMB are considered in
this process.

53. Financial Management Systems Compliance Review Guide, JFMIP-MI-99-15,
October 1999, exposure draft.

54. The Steering Committee is responsible for the general direction of JFMIP
and is comprised of representatives from GAO, Treasury, OMB, OPM, and a
program agency.

55. Financial Management: Federal Financial Management Improvement Act
Results for Fiscal Year 1998 (GAO/AIMD-00-3 , October 1, 1999).

56. Year 2000 Computing Challenge: Leadership and Partnerships Result in
Limited Rollover Disruptions (GAO/T-AIMD-00-70 , January 27, 2000).

57. Year 2000 Computing Challenge: Lessons Learned Can Be Applied to Other
Management Challenges (GAO/AIMD-00-290 , September 12, 2000).
*** End of document. ***