Financial Management: FFMIA Implementation Critical for Federal
Accountability (01-OCT-01, GAO-02-29).
Effective management of the day-to-day operations of the federal
government are hampered by a lack of necessary data. The
accountability to taxpayers and Congress has been a long-standing
weakness at most federal agencies. The challenge is to produce
reliable, useful, and timely data throughout the year. Then, at
year-end, to overhaul financial and related management
information systems. The Chief Financial Officers (CFO) Act of
1990, calls for the modernization of financial management
systems, including the systematic measurement of performance, the
development of cost information, and the integration of program,
budget, and financial information. The Federal Financial
Management Improvement Act of 1996 (FFMIA) emphasizes the need
for agencies to have systems that generate timely, accurate, and
useful information with which to make informed decisions and to
ensure accountability on an ongoing basis. Auditors for 19 of the
24 CFO Act agencies reported that their agencies' financial
management systems did not comply substantially with certain
FFMIA requirements, compared to 21 agencies reported as not being
substantially compliant for 1999, and the auditors for five CFO
Act agencies reported no instances in which the agencies' systems
did not substantially comply with FFMIA. These auditors, however,
did not definitively state whether the agencies' financial
management systems substantially complied with FFMIA. FFMIA
requires agencies to prepare remediation plans to overcome
financial management systems problems. These plans have improved
over the fiscal year 1998 plans; however, further enhancements
are needed.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-02-29
ACCNO: A02088
TITLE: Financial Management: FFMIA Implementation Critical for
Federal Accountability
DATE: 10/01/2001
SUBJECT: Accountability
Financial management systems
Internal controls
Strategic planning
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Testimony. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-02-29
A
Report to Congressional Committees
October 2001 FINANCIAL MANAGEMENT FFMIA Implementation Critical for Federal
Accountability
GAO- 02- 29
Letter 1 Results in Brief 2 Background 9 Scope and Methodology 16 Continued
System Weaknesses Prevent Full Financial Management
Accountability 17 Reasons for Noncompliance 23 Criteria for Assessing
Compliance With FFMIA Should Be Made More Rigorous 38
Successful FFMIA Implementation Requires Top Management Commitment, Adequate
Resources, and Redesigned Processes
43 Remediation Plans Improved but Continue To Lack Important Details 45
OMB Plays an Important Role By Providing Advice on FFMIA Remediation Plans
53 Conclusions 54 Recommendations for Executive Action 56 Agency Comments
and Our Evaluation 57
Appendixes
Appendix I: Publications in the Federal Financial Management Systems
Requirements Series 62
Appendix II: Statements of Federal Financial Accounting Concepts, Statements
of Federal Financial Accounting Standards, and Interpretations 63
Appendix III: AAPC Technical Releases 64
Appendix IV: Checklists for Reviewing Systems Under the Federal Financial
Management Improvement Act 65
Appendix V: Comments From the Office of Management and Budget 66
Appendix VI: GAO Contacts and Staff Acknowledgements 68 GAO Contacts 68
Acknowledgements 68
Figures Figure 1: Framework for Providing Accountability and Good Management
Information 10
Figure 2: Agency System Architecture 12 Figure 3: Auditors? FFMIA
Determinations for Fiscal Year 2000 18
Figure 4: Framework for Providing Accountability and Good Management
Information 20 Figure 5: Problems Reported by Auditors for Fiscal Year 2000
25 Figure 6: Results of Review of Fiscal Year 1999 Remediation
Plans 47
Abbreviations
AAPC Accounting and Auditing Policy Committee ACF Administration for
Children and Families AID Agency for International Development CFO Chief
Financial Officer COTS Commercial Off- the- Shelf DOD Department of Defense
EPA Environmental Protection Agency FAA Federal Aviation Administration FAM
Financial Audit Manual FASAB Federal Accounting Standards Advisory Board
FEMA Federal Emergency Management Agency FFIS Foundation Financial
Information System FFMIA Federal Financial Management Improvement Act FFMSR
Federal Financial Management System Requirements FHA Federal Housing
Administration FIA Federal Managers? Financial Integrity Act FMIP Financial
Management Improvement Plan GAO General Accounting Office GISR Government
Information Security Reform GMRA Government Management Reform Act GPRA
Government Performance and Results Act GSA General Services Administration
HHS Health and Human Services HUD Housing and Urban Development IFMS
Integrated Financial Management System IG Inspector General IRS Internal
Revenue Service IT Information Technology JFMIP Joint Financial Management
Improvement Program NASA National Aeronautics and Space Administration NBC
National Business Center NIH National Institutes of Health NIST National
Institutes of Standards and Technology
NRC Nuclear Regulatory Commission NSF National Science Foundation OCFO/ NFC
Office of the Chief Financial Officer/ National Finance Center
OMB Office of Management and Budget OPM Office of Personnel Management PCIE
President?s Council on Integrity and Efficiency SBA Small Business
Administration SFFAC Statements of Federal Financial Accounting Concepts
SFFAS Statements of Federal Financial Accounting Standards SGL Standard
General Ledger SSA Social Security Administration USDA United States
Department of Agriculture VA Department of Veterans Affairs
Lett er
October 1, 2001 The Honorable Joseph I. Lieberman Chairman The Honorable
Fred Thompson Ranking Minority Member Committee on Governmental Affairs
United States Senate
The Honorable Dan Burton Chairman The Honorable Henry A. Waxman Ranking
Minority Member Committee on Government Reform House of Representatives
The inability to produce the data needed to efficiently and effectively
manage the day- to- day operations of the federal government and provide
accountability to taxpayers and the Congress has been a long- standing
weakness at most federal agencies. The central challenge to producing
reliable, useful, and timely data throughout the year and at year- end is
overhauling financial and related management information systems. One
of the key legislative underpinnings for addressing this issue is the Chief
Financial Officers (CFO) Act of 1990. 1 The CFO Act calls for the
modernization of financial management systems, including the systematic
measurement of performance, the development of cost information, and
the integration of program, budget, and financial information. The Federal
Financial Management Improvement Act of 1996 (FFMIA) 2 builds on the CFO Act
by emphasizing the need for agencies to have systems that can generate
timely, accurate, and useful information with which to make informed
decisions and to ensure accountability on an
ongoing basis. FFMIA requires the 24 major departments and agencies covered
by the CFO Act to implement and maintain financial management systems that
comply substantially with (1) federal financial management systems
requirements, (2) applicable federal accounting standards, 3 and
1 Pub. L. 101- 576, 104 Stat. 2838 (1990). 2 Title VIII of Public Law 104-
208 is entitled the Federal Financial Management Improvement Act of 1996.
the U. S. Standard General Ledger (SGL) 4 at the transaction level. FFMIA
also requires auditors to report in their CFO Act 5 financial statement
audit reports whether the agencies? financial management systems comply with
FFMIA?s requirements. We are required to report annually on the
implementation of the act. This, our fifth annual report, discusses (1) the
FFMIA determinations, (2) our assessment of the auditors? bases for the
determinations, and (3) agencies? plans to bring their systems into
compliance.
Results in Brief The government continues to face a range of serious
financial management system weaknesses. Agencies have recognized the
seriousness of their financial system problems, and many initiatives are
underway and planned to address them. The Office of Management and Budget
(OMB) has made financial management systems reform a priority and provided
renewed leadership in this area. Most importantly, improvement in financial
management systems is central to achieving improved financial performance-
one of the five governmentwide initiatives in the President?s Management
Agenda, Fiscal Year 2002. 6
Agencies continue to make some progress in addressing their financial
management systems weaknesses. At the same time, many have a long way to go.
In some cases, it could be years before corrective actions are completed.
The most difficult challenges are faced by the Department of
Defense (DOD), where financial management systems reform will have to be
part of a broader initiative to transform its overall business processes
that will take years to complete. The Secretary of Defense and the Defense
Comptroller have stated that such a transformation will be a priority and
3 The American Institute of Certified Public Accountants now recognizes the
federal accounting standards developed by the Federal Accounting Standards
Advisory Board (FASAB) as generally accepted accounting principles.
4 The SGL provides a standard chart of accounts and standardized
transactions that agencies are to use in all their financial systems. 5 As
part of a CFO Act agency?s financial statement annual audit report, the
auditor is to report whether the agency?s financial management systems
substantially comply with FFMIA. 6 The President?s Management Agenda, Fiscal
Year 2002, Executive Office of the President, Office of Management and
Budget.
efforts have begun to address DOD?s serious financial management system
weaknesses.
The fiscal year 2000 audit reports disclosed that most agencies? financial
management systems continue to have serious shortcomings. Auditors for 19 of
the 24 CFO Act agencies reported that their agencies? financial management
systems did not comply substantially with certain FFMIA requirements,
compared to 21 agencies reported as not being substantially compliant for
fiscal year 1999.
The primary reasons agencies? financial management systems were reported as
not being in substantial compliance are highlighted in table 1.
Table 1: Primary Reasons for FFMIA Noncompliance Number of agencies reported
Reasons for noncompliance
as noncompliant
Lack of integrated financial management systems 13 Inadequate reconciliation
procedures 16 Lack of accurate and timely recording of financial information
14 Noncompliance with the SGL 8 Lack of adherence to the accounting
standards 12 Weak security controls over information systems 19
As a result of these deficiencies, most agencies? financial management
systems are unable to routinely produce timely, reliable, and useful
financial information. Having such financial information is the goal of
FFMIA and the CFO Act. Agency managers and other decisionmakers need this
information for managing day- to- day operations effectively, efficiently,
and economically; measuring program performance; executing the budget;
maintaining accountability; and preparing financial statements. For example,
agency financial management systems are required to produce information on
the full cost of programs and projects. This is not a new expectation- the
requirement for managerial cost information has been in place for more than
a decade, since 1990, under the CFO Act and since 1998 stemming from
applicable accounting standards. Currently, some agencies are only able to
provide cost accounting information at the end of the fiscal year through
periodic cost surveys. The lack of timely
information on the full cost of operations precludes meaningful data such as
are needed for resource allocation choices, making contracting- out
decisions, determining program efficiencies, assessing user fees, and
reporting performance. In another key area, many agencies are not yet able
to link program, budget, and financial information, as required by the CFO
Act. Also in this regard, good information on financial program performance
is necessary for the full and effective implementation of the Government
Performance and Results Act (GPRA) of 1993. 7 The success of GPRA is crucial
to transitioning to a more results- oriented federal government where
agencies
are held accountable for achieving specified program results. Further, the
serious shortcomings reported for many agencies? financial management
systems result in their being unable to support annual financial statement
preparation. While 18 of the 24 CFO Act agencies produced annual financial
statements for fiscal year 2000 that received
auditors? unqualified opinions, 8 in many cases this occurred only by
agencies using costly, time- consuming, and inefficient processes. The
President?s Management Agenda calls these efforts ?extraordinary,
laborintensive assaults on financial records.? Moreover, auditors for 13 of
the 18 CFO Act agencies that received unqualified audit opinions reported
that the agencies? financial systems did not comply substantially with FFMIA
requirements in fiscal year 2000. 9
Because of the poor condition of accounting systems, agencies? extraordinary
efforts to produce annual financial statements also result in billions of
dollars in adjustments to derive financial statements 5 months after the end
of the fiscal year. This situation, which the Secretary of the Treasury has
called ?simply not good enough,? can be misleading and cause 7 Pub. L. 103-
62, 107 Stat. 285 (1993).
8 In an unqualified opinion, the auditor concludes that the principal
statements and accompanying notes present fairly, in all material respects,
the assets, liabilities, and net position of the entity at the end of the
period, and the net costs, changes in net position, budgetary resources, and
reconciliation of net costs with budgetary obligations for the
period then ended. 9 The 13 agencies with systems that were noncompliant
include the Social Security Administration (SSA). SSA?s independent public
accountant reported that SSA?s systems complied substantially with FFMIA.
However, SSA?s Inspector General reported that instances of substantial
noncompliance with federal financial management systems requirements under
FFMIA remain.
a false sense of security. Further, this is not a measure of financial
management success and requires resources that could otherwise be better
used to address underlying financial management systems and control
problems. The auditors for five CFO Act agencies reported that the results
of tests disclosed no instances in which the agencies? systems did not
substantially comply with FFMIA. These auditors, however, did not
definitively state whether the agencies? financial management systems
substantially complied with FFMIA. This distinction is important and
warrants further explanation. OMB Bulletin No. 01- 02, Audit Requirements
for Federal Financial Statements, does not require auditors to make an
affirmative
statement as to an agency?s financial management system?s substantial
compliance with FFMIA. Rather than requiring such a definitive statement,
OMB?s Bulletin permits auditors to report negative assurance, meaning that
their report can be based on limited incidental audit testing that disclosed
no substantial instances of FFMIA noncompliance. With negative assurance,
the auditor is not saying that they determined the systems to be
substantially compliant. If readers of the audit report do not understand
this distinction, which is important in terms of how much audit testing is
required, they may have a false impression that the auditor is stating that
they found the systems to be substantially compliant. To provide positive
assurance, or an opinion, which we believe is what the law requires and what
GAO does in the CFO Act financial statement audits it performs, auditors
need to perform sufficient testing to determine whether the system is in
substantial compliance.
Also, our discussions with the CFO and audit communities identified what
they viewed as some ambiguity with OMB?s Bulletin No. 01- 02 and, in
particular, with what they view as the lack of a clear definition of
substantial compliance. We have identified some ways that the OMB Bulletin
can be further clarified to make clear to auditors the scope of work
necessary for proper FFMIA reporting.
FFMIA also requires agencies to prepare remediation plans describing the
actions they took or plan to take to overcome financial management systems
problems and bring them into FFMIA compliance. 10 Such remediation plans
were prepared by 16 of the 19 agencies that determined
their systems were not in compliance during fiscal year 1999. 11 Our review
of these 16 remediation plans showed, overall, that the plans had improved
somewhat over the fiscal year 1998 plans, in part because of the leadership
of OMB staff in working with the agencies. Further enhancements in these
plans, though, are needed. Eleven of the plans continued to lack important
details describing the corrective actions, and 10 of the plans did not
disclose the type and amount of resources needed to execute the corrective
actions. Because of similar inadequacies we identified in reviewing prior
years? remediation plans, we have previously recommended that OMB review
agencies? plans to ensure they include this type of information. As
discussed in our FFMIA report last year, 12 OMB officials told us that their
approach for reviewing agencies? remediation plans now includes
integrating an agency?s plans for overhauling or replacing financial
management systems with an agency?s information technology capital planning
process. OMB has met with or contacted officials from the agencies to
discuss this strategy. When we talked to agency CFO officials,
we found many were aware of OMB?s strategy; but a number of the agency
officials we spoke with were unaware of the strategy. While OMB has worked
with the agencies to revise FFMIA remediation plans over the past year,
carrying out the recently issued President?s Management Agenda for
10 Fiscal year 1999 remediation plans, addressing instances of noncompliance
with FFMIA identified in financial statement audits covering fiscal year
1999, were due to OMB by December 15, 2000. The plans, addressing instances
of noncompliance identified in the financial statement audits covering
fiscal year 2000, were due to OMB by September 10, 2001. Therefore, in
reviewing remediation plans, we reviewed the fiscal year 1999 plans. 11
Auditors for 21 of the 24 CFO Act agencies reported that the agencies?
systems did not substantially comply with FFMIA in fiscal year 1999. Two
agencies did not submit remediation plans for fiscal year 1999 because
agency management determined that their systems were in substantial
compliance with FFMIA. While agency management acknowledged that the
weaknesses identified by the auditors existed, they did not agree that the
weaknesses resulted in a lack of ?substantial? compliance. Three other
agencies-
the Departments of Justice and State and the General Services
Administration- did not submit remediation plans for fiscal year 1999 for
various other reasons.
12 Financial Management: Federal Financial Management Improvement Act
Results for Fiscal Year 1999 (GAO/ AIMD- 00- 307, September 29, 2000).
improving financial management will require intensified, rigorous, and
aggressive collaborative efforts by OMB and the agencies. In this regard,
the President?s Management Agenda states that OMB will work with agencies to
ensure that federal financial systems produce accurate and timely
information to support operating, budget, and policy decisions. This will be
critical, since overhauling agency financial management systems is a world-
class management challenge. Our work to identify financial management best
practices 13 in world- class organizations has identified key factors for
successfully modernizing financial systems, including (1) reengineering
business processes in conjunction with
implementing new technology, (2) developing systems that support the
partnership between finance and operations, and (3) translating financial
data into meaningful information.
Agencies can help to ensure that financial management systems investments
deliver intended results by using Clinger- Cohen Act information technology
(IT) management requirements, undertaking financial management systems
modernization in a broad enterprise architecture 14 context, and making
appropriate use of commercial off- theshelf (COTS) financial management
systems. Other factors include having top management commitment, adequate
funding resources, and staff with the right skill mix. Our discussions with
CFO and Inspector General (IG) officials indicated
that the key success factors to FFMIA implementation followed many of these
same themes. Many CFO and IG officials acknowledged that past problems with
the lack of top management commitment have been detrimental to achieving
compliance with FFMIA. They also emphasized that the lack of sufficient
resources- funding and human capital- has been an overriding obstacle to
implementing modern financial management
systems and sustaining reliable financial management information on a timely
basis. 13 Best practices include the processes, practices, and systems that
perform exceptionally well in specific areas of public and private
organizations. 14 An enterprise architecture establishes an agency?s roadmap
to achieve its mission through optimal performance of its core business
practices within an efficient IT environment. Enterprise architectures are
?blueprints? used for defining an agency?s current (baseline) or desired
(target) environment.
On August 13, 2001, the Principals of the Joint Financial Management
Improvement Program 15 (JFMIP)- the Secretary of the Treasury, the Director
of OMB, the Director of the Office of Personnel Management (OPM), and the
Comptroller General- met to discuss financial management reform issues.
Commitment and cooperation among the highest levels of leadership in the
federal financial management community can provide the impetus for
accelerating the needed changes to financial
management systems and operations. The JFMIP Principals are developing an
agenda to address the long- standing challenges discussed in this report. We
anticipate that a number of recommendations and action items will come from
the initiatives contemplated by this group related to issues such as
addressing impediments to an opinion on the U. S. government?s
consolidated financial statements, defining success in financial management,
and modernizing financial management systems. Therefore, we are making no
specific recommendations in this report regarding OMB?s overall system
improvement strategy or any of these other matters, other than to reiterate
the importance of OMB?s continuing governmentwide leadership in this area.
We are, however, making several recommendations to OMB that Bulletin No. 01-
02 be clarified with respect to guidance to auditors on the scope of work
necessary for proper FFMIA review and
reporting. In commenting on a draft of this report, OMB agreed with our
overall observations and conclusions concerning the financial management
systems weaknesses faced by the government and the need for sustained
management commitment at the highest levels in order to overcome them. OMB
stated that it has begun to reexamine its approach to systems development
and implementation in the federal government, including its FFMIA guidance,
and believes that more emphasis should be placed on system performance and
results. We and OMB have differing views on the level of audit assurance
necessary for assessing compliance with FFMIA. We plan to continue to work
with OMB on this issue. In oral comments on a draft of this report, several
of the officials from the
24 CFO Act agencies expressed concern that our report did not acknowledge
all of their recent actions to address systems weaknesses. It was not our
objective to independently assess specific management actions 15 JFMIP is a
joint and cooperative undertaking of OMB, the Department of the Treasury,
OPM, and GAO working with executive agencies to improve financial management
practices throughout the government.
for the 24 CFO Act agencies. However, our report does acknowledge actions
taken and underway to address systems weaknesses and makes clear that
overall progress is being made. Finally, NASA officials disagreed with our
questioning of NASA?s compliance with FFMIA because of issues related to
cost accounting and the lack of an integrated financial management system.
Our position on this matter remains unchanged. Our
detailed evaluation of OMB?s and agencies? comments can be found at the end
of this letter.
Background FFMIA and other financial management reform legislation have
emphasized the importance of improving financial management across the
federal government. The primary purpose of FFMIA is to ensure that agency
financial management systems routinely provide reliable, useful, and timely
financial information. With such information, government leaders will be
better positioned to invest resources, reduce costs, oversee programs, and
hold agency managers accountable for the way they run government programs.
Financial management systems? compliance with federal financial management
systems requirements, applicable accounting
standards, and the SGL are building blocks to help achieve these goals.
Management Reform
FFMIA is part of a series of management reform legislation passed by the
Legislation
Congress over the past two decades. This series of legislation started with
the Federal Managers? Financial Integrity Act of 1982 16 (FIA), which the
Congress passed to strengthen internal control and accounting systems
throughout the federal government, among other purposes. Issued pursuant to
FIA, the Comptroller General?s Standards for Internal Control in the Federal
Government 17 provide the standards that are directed at helping agency
managers implement effective internal control, an integral part of improving
financial management systems. Effective internal control also helps in
managing change to cope with shifting environments and evolving demands and
priorities. As programs
change and as agencies strive to improve operational processes and implement
new technological developments, management must 16 Pub. L. 97- 255, 96 stat.
814 (1982).
17 GAO/ AIMD- 00- 21. 3.1, November 1999.
continually assess and evaluate its internal control to ensure that the
control activities being used are effective and updated when necessary.
While agencies had achieved some success in identifying and correcting
material internal control and accounting system weaknesses, their efforts to
implement the FIA had not produced the results intended by the Congress.
Therefore, in the 1990s, the Congress passed additional management reform
legislation to improve the general and financial management of the federal
government. As shown in figure 1, the combination of reforms ushered in by
(1) the CFO Act of 1990, (2) the Government Management
Reform Act (GMRA) of 1994, (3) FFMIA, (4) GPRA, and (5) the ClingerCohen Act
of 1996, if successfully implemented, provides a basis for improving
accountability of government programs and operations as well as routinely
producing valuable cost and operating performance
information, thereby making it possible to better assess and improve the
government?s effectiveness, financial condition, and operating performance.
Figure 1: Framework for Providing Accountability and Good Management
Information
Management Reform
Accountability Legislation
Provides and Good
Impetus for Management
Information
FIA Fully Integrated
CFO Act Financial Management
Yield Systems
Strong financial management GMRA
Reliable, Timely that provides
Clean opinions Financial on...
Yield reliable, timely,
FFMIA Statements
and useful information for GPRA
decisionmakers Effective Clinger- Cohen
Internal Control
Financial Management The financial management systems policies and standards
prescribed for
Systems Requirements executive agencies to follow in developing, operating,
evaluating, and
reporting on financial management systems are defined in OMB Circular A127,
Financial Management Systems. Circular A- 127 references the series of
publications entitled Federal Financial Management System Requirements
(FFMSR), issued by JFMIP as the primary source of governmentwide
requirements for financial management systems. JFMIP systems requirements,
among other things, provide a framework for establishing integrated
financial management systems to support program
and financial managers. JFMIP also issues financial system requirements for
both administrative and programmatic financial management systems.
Administrative systems include those generally common to all federal agency
operations such as budget, acquisition, travel, property, and payroll.
Agencies implement programmatic systems as needed to fulfill the agency?s
mission, such as inventory, grants, insurance and benefit payments, and
loans. For example, SSA would need a benefit payment system to fulfill its
mission of providing social security and disability payments to the elderly
and disabled. However, SSA would not need to implement a loan system since
it does not process loans. Figure 2 is the JFMIP model that illustrates how
these systems interrelate in an agency?s overall systems architecture.
Figure 2: Agency System Architecture
Source: JFMIP
The first of JFMIP?s system requirements documents covering the core
financial systems requirements was issued in 1988. Since then, JFMIP has
been issuing system requirement documents covering specific functional
areas, such as inventory systems. Most recently, JFMIP issued an exposure
draft on Benefit System Requirements in May 2001, and has an ongoing project
underway to develop system requirements for acquisition systems. Appendix I
lists the current publications in the FFMSR series and their
issue dates. JFMIP recently updated and revised the Core Financial System
Requirements and issued an exposure draft in June 2001.
JFMIP tests vendor COTS packages and certifies that they meet current
financial management system requirements for core financial management
systems. To maintain a certificate of compliance, vendors with qualified
software packages must successfully complete any incremental tests required
by JFMIP. These tests are conducted to ensure that vendor software offerings
are aligned with current federal financial management requirements.
Federal Accounting Federal accounting standards, which agency CFOs use in
preparing
Standards financial statements and in developing financial management
systems, are
promulgated by the Federal Accounting Standards Advisory Board (FASAB). 18
FASAB develops accounting standards after considering the financial and
budgetary information needs of the Congress, executive agencies, and other
users of federal financial information and comments from the public. FASAB
forwards the standards to the three principals-
the Comptroller General, the Secretary of the Treasury, and the Director of
OMB- for a 90- day review. If there are no objections during the review
period, the standards are considered final and FASAB publishes them on its
Web site and in print. The American Institute of Certified Public
Accountants now recognizes the federal accounting standards promulgated by
FASAB as being generally accepted accounting principles for the federal
government. This recognition enhances the acceptability of the standards,
which form the foundation for preparing consistent and meaningful financial
statements both for individual agencies and the government as a whole.
Currently, there are 19 statements of federal financial accounting standards
(SFFAS) and 3 statements of federal financial accounting concepts (SFFAC).
19 The concepts and standards are the basis for OMB?s guidance to agencies
on the form and content of their financial statements and the government?s
consolidated financial statements. Appendix II lists the concepts,
standards, and interpretations 20 along with their respective effective
dates.
18 In October 1990, the Secretary of the Treasury, the Director of OMB, and
the Comptroller General established FASAB to develop a set of generally
accepted accounting standards for the federal government.
19 Accounting standards are authoritative statements of how particular types
of transactions and other events should be reflected in financial
statements. SFFACs Explain the objectives and ideas upon which FASAB
develops the standards.
FASAB?s Accounting and Auditing Policy Committee (AAPC) 21 assists in
resolving issues related to the implementation of accounting standards.
AAPC?s efforts result in guidance for preparers and auditors of federal
financial statements in connection with implementation of accounting
standards and the reporting and auditing requirements contained in OMB?s
Form and Content Bulletin and Audit Bulletin. To date, AAPC has released
five technical releases, which are listed in appendix III along with their
release dates. Standard General Ledger The SGL was established by an
interagency task force through the direction
of OMB and mandated for use by agencies in OMB and Treasury regulations in
1986. The SGL promotes consistency in financial transaction processing and
reporting by providing a uniform chart of accounts and pro forma
transactions used to standardize federal agencies? financial information
accumulation and processing, enhance financial control, and support budget
and external reporting, including financial statement preparation. The SGL
is intended to improve data stewardship throughout the
government, enabling consistent reporting at all levels within the agencies
and providing comparable data and financial analysis at the governmentwide
level. 22
Remediation Plans FFMIA requires an agency head to determine, based on a
review of the auditor?s report on the agency?s financial statements and any
other relevant information, whether the agency?s financial management
systems
substantially comply with the act. The agency head is required to make this
determination no later than 120 days after (1) the receipt of the auditor?s
report or (2) the last day of the fiscal year following the year covered by
the audit, whichever comes first. If the agency head disagrees with the
auditor?s determination that the systems do not substantially comply, the
20 An interpretation is a document of narrow scope that provides
clarifications of original meaning, additional definitions, or other
guidance pertaining to an existing federal accounting standard. 21 In 1997,
FASAB, in conjunction with OMB, Treasury, GAO, the CFO Council, and the
President?s Council on Integrity and Efficiency, established AAPC to assist
the federal government in improving financial reporting.
22 SGL guidance is published in the Treasury Financial Manual. Treasury?s
Financial Management Service is responsible for maintaining the SGL and
answering agency inquiries.
Director of OMB is to review the agency head?s determination and report to
the Congress. If the agency head agrees that the systems do not
substantially comply, FFMIA requires that the agency head, in consultation
with the Director of OMB, establish a remediation plan to bring the systems
into substantial compliance with FFMIA?s requirements.
According to FFMIA, remediation plans are to include corrective actions,
intermediate target dates, and resources necessary to bring the financial
management systems into substantial compliance with FFMIA?s
requirements within 3 years of the date the agency head?s noncompliance
determination is made. If, with the concurrence of the Director of OMB, the
agency head determines that substantial compliance cannot be reached within
3 years, the remediation plan must specify the most feasible date by which
the agency?s systems will achieve compliance and designate an official
responsible for effecting the necessary corrective actions.
In accordance with the revisions to OMB guidance contained in Circular A11,
23 Preparing and Submitting Budget Estimates, effective July 19, 2000,
agencies are to include their remediation plans in their annual budget
submissions due to OMB by December 15, 2000. The guidance requires that the
plans include corrective actions, resources needed, and interim target dates
to bring the financial management systems into substantial
compliance within 3 years of the date of the agencies? determination that
their systems are not in substantial compliance. The plan must also list the
officials responsible for bringing the systems into substantial compliance
with FFMIA. OMB Guidance Related to
Under its mandate to set governmentwide financial management policies FFMIA
and requirements, OMB currently has two sources of guidance related to
FFMIA. First, OMB Bulletin No. 01- 02, Audit Requirements for Federal
Financial Statements, prescribes specific language auditors should use when
reporting on compliance with FFMIA. Second, in a January 4, 2001,
memorandum, OMB revised its implementation guidance for agencies and
auditors to use in assessing compliance with FFMIA.
The revised implementation guidance is to be used for financial reports and
audits for fiscal year 2000 and thereafter. This guidance (1) describes the
23 OMB Circular A- 11 was revised in July 2001 and required that remediation
plans for fiscal year 2000 be submitted in September 2001.
factors that should be considered in determining an agency?s systems
compliance with FFMIA and (2) provides guidance to agency heads to assist in
developing corrective action plans for bringing their systems into
compliance with FFMIA. Examples are also provided on the types of indicators
that should be used as a basis in assessing whether an agency is in
substantial compliance with FFMIA. Scope and We reviewed fiscal year 2000
financial statement audit reports for the 24 Methodology
CFO Act agencies to determine (1) which agencies had systems that their
auditors found to be noncompliant with FFMIA requirements, (2) the reasons
why the systems were found to be noncompliant, and (3) evidence of agencies?
progress in becoming compliant. Using structured interviews, we interviewed
agency management and auditors for each of the 24 CFO Act agencies to obtain
their perspectives on FFMIA implementation, including the factors that
contributed to agencies? systems compliance with FFMIA and the obstacles
faced by management in becoming compliant.
We also reviewed the auditors? workpapers for the 24 CFO Act agencies to
assess the nature and extent of FFMIA testing.
We reviewed OMB?s FFMIA guidance. To obtain an understanding of the fiscal
year 2000 audit requirements, we analyzed OMB?s January 4, 2001, memorandum
that revised FFMIA implementation guidance and reviewed OMB Bulletin No. 01-
02, Audit Requirements for Federal Financial Statements and predecessor
guidance. Further, we reviewed the guidance for preparing remediation plans
for fiscal year 1999 contained in revisions
to OMB Circular A- 11, Preparing and Submitting Budget Estimates. We
reviewed agencies? fiscal year 1999 remediation plans to determine if they
contained the required elements and if the corrective actions, if
implemented successfully, had a reasonable likelihood of resolving agencies?
systems problems. We did not review the agencies? fiscal year 2000
remediation plans because these plans were not due to OMB until September
10, 2001. We compared the fiscal year 1999 remediation plans to those for
fiscal year 1998 to determine if they had improved. We held
discussions with OMB officials to apprise them of the scope and nature of
our work and reviewed applicable federal accounting standards and systems
requirements documents. We made inquiries of JFMIP staff to determine recent
developments in their respective efforts to issue new system requirements
documents. We conducted our work from January through August 2001 at the 24
CFO Act agencies, OMB, and JFMIP in the Washington, D. C., area in
accordance
with generally accepted government auditing standards. We requested comments
on a draft of this report from the Director of OMB or his designee. The
Deputy Controller of OMB provided us with written comments. These comments
are discussed in the ?Agency Comments and Our Evaluation? section and
reprinted in appendix V. We also requested
oral comments from selected agency officials whose financial management
systems or audit procedures are specifically discussed in the report. These
comments have been incorporated as appropriate.
Continued System Overall, the government continues to face serious financial
management Weaknesses Prevent
systems weaknesses. Agencies have recognized the seriousness of their
problems, and OMB has made financial systems reform a priority. Today, Full
Financial there are many ongoing initiatives to address the overarching
financial Management
management systems problems that are at the heart of the serious financial
Accountability management weaknesses that are prevalent. Importantly,
financial management systems reform is a part of one of the five
governmentwide
initiatives in the President?s Management Agenda.
Agencies continue to make progress in addressing their financial management
system weaknesses. At the same time, they have a long way to go. The vast
majority of these agencies are still not substantially complying with
FFMIA?s requirements. Auditors for 19 24 of the 24 CFO Act agencies reported
that for fiscal year 2000, the agencies? systems did not
comply substantially with one or more FFMIA requirements- federal systems
requirements, federal accounting standards, or the SGL. 25 For fiscal year
2000, 7 agencies were reported not to be in substantial compliance with all
3 FFMIA requirements; 18 were reported not in 24 The 19 agencies whose
systems were reported in noncompliance with FFMIA include the Departments of
Agriculture, Commerce, Defense, Education, Health and Human Services (HHS),
Housing and Urban Development (HUD), and the Interior, Justice, Labor,
State, Transportation (DOT), the Treasury, and Veterans Affairs (VA), and
the Agency for International Development (AID), the Environmental Protection
Agency (EPA), Federal Emergency Management Agency (FEMA), the Nuclear
Regulatory Commission (NRC), OPM and SSA. 25 Management of 2 of the 19
agencies- EPA and SSA- disagreed with their agency auditor?s FFMIA
determination. Management of EPA disagreed with the OIG?s determination that
EPA was noncompliant with SFFAS No. 4. SSA management disagreed with the OIG
as to whether SSA?s information technology (IT) security issues were
instances of FFMIA noncompliance.
substantial compliance with systems requirements; 12 were reported not in
substantial compliance with accounting standards; and 8 were reported not in
substantial compliance with the SGL. Auditors for five agencies- the
Department of Energy, the National Aeronautics and Space Administration
(NASA), the National Science Foundation (NSF), the Small Business
Administration (SBA), and the General Services Administration (GSA)-
reported that the results of tests disclosed no instances in which the
agencies? systems did not substantially comply with the three requirements
of FFMIA. By reporting negative assurance, which is the form of reporting
called for in OMB Bulletin No. 01- 02, these auditors are not saying that
the
systems are in substantial compliance, but that the results of their tests
disclosed no instances in which the agencies? systems did not substantially
comply with FFMIA. We discuss this issue further in this report. Figure 3
summarizes the auditors? FFMIA determinations for fiscal year 2000.
Figure 3: Auditors? FFMIA Determinations for Fiscal Year 2000
Agencies- Noncompliant 24
20
18
16
12
12 8
8
4 0
System Accounting
SGL requirements
standards
Note: Management of 17 of the 24 agencies agreed with their auditors? FFMIA
compliance determinations. Management of two agencies- EPA and SSA- did not
agree with their auditors? FFMIA determination. Management of EPA disagreed
with the IG?s determination that EPA was noncompliant with SFFAS No. 4.
Management of SSA disagreed with the IG as to whether SSA?s IT security
issues were instances of FFMIA noncompliance.
Source: GAO analysis of agency audit reports
Eighteen of the 24 CFO Act agencies received unqualified audit opinions on
their financial statements for fiscal year 2000, up from 15 in fiscal year
1999, 12 in fiscal year 1998, and 6 in fiscal year 1997. This represents
steady progress and a lot of hard work by the agency CFOs and their staffs,
OMB, Treasury, and the audit community. At the same time, auditors for 13 of
the 18 agencies that received
unqualified opinions reported that the agencies? financial systems did not
comply substantially with FFMIA?s requirements in fiscal year 2000. In many
instances, agencies have been able to obtain unqualified audit opinions only
through extensive labor- intensive efforts, which include
expending significant resources to use extensive ad hoc procedures, and
making billions of dollars in adjustments to derive financial statements.
This is usually the case when agencies have inadequate systems that are not
integrated and routinely reconciled. The President?s Management
Agenda calls these efforts ?extraordinary, labor- intensive assaults on
financial records.? These time- consuming procedures must be combined with
sustained efforts to improve agencies? underlying financial
management systems and controls. If agencies continue year after year to
rely on significant costly and time- intensive manual efforts to achieve or
maintain unqualified opinions, it can serve to mislead the public as to the
true status of agencies? financial management capabilities. In such a case,
an unqualified opinion would become an accomplishment without much
substance.
Although the CFO Act agencies face challenges, some formidable, in preparing
financial statements, all issued their financial statements on time. In a
prior report, 26 we recommended that OMB work with the agencies to ensure
that the agencies? financial statements are audited and issued by the March
1 statutory deadline. For fiscal year 2000, all 24 of the CFO Act agencies
met the March 1 statutory due date, 5 months after the end of the fiscal
year. In comparison, in fiscal year 1999, 5 of the 24 CFO
Act agencies issued their audited statements after the statutory due date.
Going forward, we anticipate the timeframes becoming tighter and reporting
requirements earlier, which will intensify the need to overhaul the
financial management systems. The Director of OMB and the Secretary
of the Treasury have indicated that more timely and more frequent financial
statement reporting will be an objective to help improve financial 26
Financial Management: Federal Financial Management Improvement Act Results
for Fiscal Year 1998 (GAO/ AIMD- 00- 3, October 1999).
management. As a first step, OMB recently proposed that agencies prepare and
issue unaudited interim financial statements starting with the 6- month
period ending March 31, 2002, and submit these statements to OMB by May 31,
2002. Beginning with fiscal year 2003, OMB will require agencies to prepare
and submit unaudited interim financial statements on a quarterly basis.
Also, for fiscal year 2002, OMB has moved the reporting date from
March 1 to February 1. We support these actions by OMB. Financial statement
audit results are key indicators of the quality of agency financial data at
year- end and provide an annual public scorecard on accountability. While
the increase in the number of agencies that are receiving unqualified audit
opinions is noteworthy, it is only one of three indicators of the quality of
financial management information. Having effective internal controls to help
managers better achieve agencies? missions and program results and minimize
operational problems along
with financial management systems that routinely generate reliable, useful,
and timely information are also key indicators of the quality of an agency?s
financial management information. As shown in figure 4, fully integrated
financial systems, reliable and timely financial statements, and effective
internal control serve as indicators for an entity?s financial management
health.
Figure 4: Framework for Providing Accountability and Good Management
Information
Management Accountability
Reform Provides
and Good Legislation
Impetus for Management
Information
FIA Fully Integrated Financial
Strong financial CFO Act
Management Systems management
that provides GMRA
Reliable, Timely reliable, timely,
Financial Statements Yield
and useful information for FFMIA
decisionmakers Effective
GPRA Internal Control
Clinger- Cohen
A clean audit opinion alone only provides credibility to an agency?s
financial statements as of the date of the financial statements- the last
day of the fiscal year. It provides no assurance about the effectiveness or
efficiency of financial systems used to prepare the statements, the quality
of internal control, or whether the systems can produce reliable data for
decision- making purposes on demand throughout the year.
For example, the Department of the Treasury received its first unqualified
opinion on its fiscal year 2000 departmentwide financial statements.
However, like several other agencies, despite the unqualified opinion,
Treasury?s IG reported that Treasury?s systems did not comply substantially
with FFMIA. 27 For example, the Internal Revenue Service (IRS) continues to
face most of the pervasive systems and internal control weaknesses that we
have reported each year since we began auditing IRS? financial statements in
fiscal year 1992. 28 As discussed in our report 29 on the IRS fiscal year
2000 financial statements, IRS? unqualified opinion was the culmination of 2
years of extraordinary efforts on the part of IRS senior management and
staff to develop compensating processes to work around its serious systems
and
control weaknesses to derive year- end balances for its financial
statements. Top management at IRS and its staff are to be applauded for
their dedication that resulted in an unqualified opinion. While IRS? efforts
did address several management issues we raised in previous audits, its
approach to obtaining an unqualified opinion on its fiscal year 2000
financial statements relied heavily on costly, time- consuming, and
laborintensive efforts, including the need for statistical projections,
external contractor support, substantial adjustments, and monumental human
efforts that extended well after the fiscal year- end. This was particularly
the case for reporting amounts for both tax receivables and property and
equipment. Because IRS? systems cannot accurately track amounts representing
taxes receivable, IRS has for the past 4 years employed a complex
statistical 27 Audit of the Department of the Treasury?s Fiscal Year 2000
Financial Statements, Report No. OIG- 01- 050, February 28, 2001. 28
Financial Audit: Examination of IRS? Fiscal Year 1992 Financial Statements
(GAO/ AIMD- 93- 2, June 1993). 29 Financial Audit: IRS? Fiscal Year 2000
Financial Statements (GAO- 01- 394, March 2001).
sampling process to derive the balance reported on its financial statements;
this process takes months to complete, requires extensive human and
financial resources, and results in tens of billions of dollars in
adjustments
annually to present a balance that is good for one day only. Additionally,
because IRS does not have an adequate property management system, it had to
use contractors to (1) perform statistical sampling procedures to derive a
reliable balance for property and equipment in fiscal year 1999; and (2)
analyze fiscal year 2000 transactions to derive the September 30, 2000,
balance for property and equipment, a process that extended into February
2001.
Situations such as those at IRS demonstrate the tremendous efforts many
agencies make to produce auditable annual financial statements. These
agencies undertake far more work to prepare financial statements than
would be necessary if they had basic financial systems in place to routinely
provide both the data for financial statements and management information.
The financial statement preparation and audit process puts a
tremendous strain on the staff of the CFO and the auditors and diverts
resources from correcting the underlying problems. To quote the Secretary of
the Treasury, ?it takes the federal government 5 months to close our books?
This is not the stuff of excellence.?
As we discuss below, one of the main problems agencies face is the lack of
an integrated financial management system. Having an effective, integrated
financial management system that can produce financial information in a
timely manner minimizes the need for time- consuming and costly procedures
to prepare financial statements and, most importantly, provides the
information needed to manage on an ongoing basis. To remedy their problems,
agencies are in the process of either implementing
new core financial systems or upgrading their current systems to lay the
foundation for compliance with FFMIA.
In this regard, by far DOD faces the most complex and difficult challenges
of any agency. Today, DOD relies on an overly complex and error prone
network of systems that are not integrated. Millions of transactions must be
manually keyed and rekeyed into the vast number of systems involved in any
given DOD business process. Weak systems and controls leave DOD
vulnerable to fraud and improper payments. In addition, as we recently
testified, 30 lacking an effective network of systems and the related
inability to obtain reliable cost and budget information severely constrains
DOD?s ability to maintain adequate funds control, measure performance,
reduce costs, and maintain effective accountability over its estimated $1
trillion
investment in weapon systems and inventories. Because of the unparalleled
size and complexity of DOD?s operations along with the serious, deeply
entrenched nature of its financial management system
deficiencies, it will not be possible to fully implement an integrated
system structure overnight. Such a dramatic transformation will require a
sustained effort over a number of years. As discussed later in this report,
the Secretary of Defense and the DOD Comptroller have stated that priority
will be given to financial management reform.
Other agencies such as the Departments of Commerce, Agriculture, and
Education, SBA, GSA, and AID are planning or are in the process of
implementing new systems. And yet others, such as NASA, have failed in
recent attempts to successfully implement new systems, and are starting
over. One thing that stands out though is that across the board, agencies
have recognized their shortcomings and assisted by OMB and with input from
the audit community are working to modernize their financial management
systems and processes. In addition, several agencies have made progress in
other areas aimed at improving their financial management systems. For
example, in fiscal year 2000, the Department of Agriculture IG reported the
establishment of a Senior Executives group to develop a corporate strategy,
including a budget and timeframes, for administrative and financial system
changes to
the agency?s various systems. According to Agriculture officials, this was a
clear sign that senior level executives for the department were
acknowledging that there was a need to develop overall agency financial
systems rather than continue to rely on multiple stand- alone subsystems. In
another instance, auditors for the Department of Education reported that the
agency made progress in strengthening controls over IT processes. The
auditors also reported that the implementation of new controls and the
reinforcement of existing controls increased the effectiveness of internal
controls in areas such as IT planning and security management.
Reasons for Based on our review of fiscal year 2000 audit reports for the 19
agencies? Noncompliance
systems that were reported to be substantially noncompliant with FFMIA, we
identified 6 primary reasons either cited by the auditors or identified in
30 DOD Financial Management: Integrated Approach, Accountability, and
Incentives Are
Keys to Effective Reform (GAO- 01- 681T, May 8, 2001).
our structured interviews with agency officials as to why their systems were
noncompliant:
lack of integrated financial management systems,
inadequate reconciliation procedures,
lack of accurate and timely recording of financial information,
noncompliance with the SGL,
lack of adherence to federal accounting standards and/ or OMB
requirements, and
weak security controls over information systems. Figure 5 shows the
relative frequency of these problems at the 19 agencies with noncompliant
systems and the problems relevant to FFMIA that were reported by their
auditors or obtained through interviews with agency officials. Auditors
reported these problems among the weaknesses identified during the audits;
however, the auditors may not have reported the problems as specific reasons
for why they concluded that the agencies? systems did not substantially
comply with FFMIA. We included all
weaknesses relevant to FFMIA identified by the auditors because such
problems must be resolved in order for the agencies? systems to generate the
reliable, useful, and timely information needed for decision- making. Also,
the reported problems may not be all inclusive. For some agencies, the
problems are so serious and well known that the auditor can readily
determine the systems to be noncompliant without examining every facet
of FFMIA compliance.
Figure 5: Problems Reported by Auditors for Fiscal Year 2000 Agencies 24
20
19 16
16
14 13
12
12
8
8
4 0
of timely
Non SGL
of federal
ounting Weak over ntegrated
financial systems
Lack accurate reporting the Lack dherence
security systems to management Inadequate
reconciliation procedures
and compliance with a
acc standards
information Noni
Source: GAO analysis of agency audit reports and structured interviews with
agency officials
Nonintegrated Financial One of the federal financial management systems
requirements is that Management Systems
agencies? financial management systems be integrated. 31 The CFO Act calls
for agencies to develop and maintain an integrated accounting and financial
management system that complies with federal systems requirements and
provides for (1) complete, reliable, consistent, and timely information that
responds to the financial information needs of the agency
and facilitates the systematic measurement of performance; (2) the
development and reporting of cost information; and (3) the integration of
accounting, budgeting, and program information. In this regard, OMB Circular
A- 127, Financial Management Systems, requires agencies to 31 Federal
financial system requirements define an integrated financial system as one
that coordinates a number of previously unconnected functions to improve
overall efficiency and control. Characteristics of such a system include (1)
standard data classifications for
recording financial events; (2) common processes for processing similar
transactions; (3) consistent internal controls over data entry, transaction
processing, and reporting; and (4) a system design that eliminates
unnecessary duplication of transaction entry.
establish and maintain an integrated financial management system that
conforms with JFMIP?s functional requirements. An integrated financial
system coordinates a number of functions to improve overall efficiency and
control. When agencies do not have an integrated financial management
system- which includes administrative and program systems that maintain
financial information, such as budgeting, logistics, personnel, acquisition,
and property systems- they are often forced to rely on ad hoc programming,
analysis, or actions such as duplicative transaction entries. In these
situations, agencies must expend major efforts and resources to generate
financial information that their systems should be able to provide on a
daily or recurring basis. The lack of integrated financial systems is a
continuing serious problem for
most agencies. Based on discussions with agency officials at the 19 agencies
that were reported to be noncompliant with FFMIA, lack of an integrated
system and adequate funding to replace old systems were key obstacles in
achieving compliance with FFMIA. Some agencies rely heavily on external
consultants to develop financial information. The results of our
work showed that 13 of the 24 CFO Act agencies used the assistance of
contractors in preparing their financial statements because their systems
were not able to produce this information. Many of these officials agree
that a key to improving financial management and complying with FFMIA is to
have an integrated financial system that provides reliable, useful, and
timely information that managers can use for day- to- day operations.
However, according to these officials, to upgrade or replace existing
systems requires funding and a strong commitment from management, which many
of them said they did not have in the past. In this regard, the
President?s Management Agenda makes clear the commitment of the President to
ensure that federal financial systems produce accurate and timely
information.
As shown in figure 5, auditors for 13 of the 19 agencies with noncompliant
systems reported lack of integrated systems as a problem. To illustrate, VA
achieved an unqualified opinion on its fiscal year 2000 consolidated
financial statements, but to do so required a significant amount of
resources and manual processes. Auditors for VA noted continued difficulties
related to the preparation, processing, and analysis of financial
information to support the preparation of VA?s consolidated financial
statements. Considerable manual work- arounds and ?cuff,? or out- of- date
feeder systems are still in place as VA has not yet completed its transition
to a new fully integrated financial management system, Core Financial and
Logistics System. As a result, significant efforts were made at the
component and consolidated levels to assemble, compile, and review the
necessary financial information for annual financial reporting requirements.
Specifically, auditors noted that a significant number of adjustments were
recorded as part of the year- end closing process, many to record additional
activities- both budgetary and proprietary- not
reflected in the general ledger prior to the year- end close. The general
ledgers for some smaller funds are maintained outside the existing core
financial management system. Thus, until the new system is successfully
implemented and functional, a significant amount of resources will be
devoted to preparing the financial statements.
We recently reported 32 that NASA could not provide detailed support
required in time for our audit of its space station or shuttle obligations
because it does not have an integrated financial management system.
According to NASA officials, transaction- level obligation data are
available at NASA?s 10 space centers on separate and different financial
systems. NASA officials also told us that NASA has long- term plans for
implementing
an integrated financial management system that will make access to detailed
obligation data more readily available.
Further, as we discussed in our performance and accountability series
report, 33 according to NASA, the agency?s financial management environment
is comprised of decentralized, nonintegrated systems with policies,
procedures, and practices that are unique to its field centers. For the most
part, data formats are not standardized, automated systems are not
interfaced, and on- line financial information is not readily available to
program managers. Thus, it is difficult to ensure contracts are being
efficiently and effectively implemented and budgets are executed as planned.
In addition, NASA has pointed out that the cost to maintain these systems
has been high, since both data and software are replicated at each field
center.
Deficiencies in agencies? automated systems, including the lack of
integrated systems, can also contribute to improper payments. The reported
estimates of improper payments across the government totaled 32 NASA:
International Space Station and Shuttle Support Cost Limits (GAO- 01- 1000R,
August 31, 2001). 33 Performance and Accountability Series: Major Management
Challenges and Program Risks, National Aeronautics and Space Administration
(GAO- 01- 258, January 2001).
approximately $20 billion for both fiscal years 2000 and 1999. These
improper payments frequently occur because agency personnel lack needed
information, rely on inaccurate data, and/ or do not have timely
information. For example, we identified issues 34 related to the National
Institutes of Health?s (NIH) oversight and monitoring of grant recipients-
an area with
over $17 billion appropriated in fiscal year 2000 to conduct and sponsor
biomedical research. Among other things, there were discrepancies between
the data in NIH?s management, payment, and accounting systems. These
discrepancies affected the accuracy of grant award amounts. These system
deficiencies could result in NIH?s erroneously awarding grants to
ineligible grant receipts and in funds being used for improper purposes. If
these systems were integrated, NIH would have fewer discrepancies in its
data and would need to devote substantially less effort to assuring that the
data across those three functions were consistent. According to HHS
officials, NIH has implemented compensating controls to address these
systems deficiencies. Moreover, system deficiencies are also a factor for
DOD. DOD?s payment process suffers from nonintegrated computer
systems that require data to be entered multiple times, sometimes manually,
which poses substantial increases in the risk of incorrect payments and
overpayments.
Inadequate Reconciliation A reconciliation process, even if performed
manually, is a valuable part of a
Procedures sound financial management system. The general maxim would be
that the
less integrated the financial management system, the greater the need for
adequate reconciliations because data for the same transaction may be
separately entered in multiple systems. Reconciliation of records from the
multiple systems would ensure that transaction data were entered correctly
in each one. Reconciliation procedures are a control necessary in order to
maintain and substantiate the accuracy of the data reported in an
agency?s financial statements and reports. The Comptroller General?s
Standards for Internal Control in the Federal Government highlight
reconciliation as a key control activity. As shown in figure 5, auditors for
16 of the 19 agencies with reported noncompliant systems reported that the
agencies had reconciliation
34 NIH Research: Improvements Needed in Monitoring Extramural Grants (GAO/
HEHS/ AIMD- 00- 139, May 31, 2000).
problems, including difficulty reconciling their Fund Balance with Treasury
accounts 35 with the Department of the Treasury?s records. Treasury policy
requires agencies to reconcile their accounting records with Treasury
records monthly, which is comparable to individuals reconciling their
checkbooks to their monthly bank statements. However, such reconciliations
are not being routinely performed.
For example, Agriculture?s Office of the Chief Financial Officer/ National
Finance Center?s (OCFO/ NFC) Fund Balance with Treasury account had not been
properly reconciled with Treasury records since 1992. In its audit report 36
on Agriculture?s fiscal year 1998 financial statements, the IG reported that
the absolute value of the differences between OCFO/ NFC?s
and Treasury?s records was $4. 4 billion for disbursements and $383 million
for deposits as of September 30, 1998. In fiscal year 2000, Agriculture
contracted with a public accounting firm to assess OCFO/ NFC?s
reconciliation efforts, provide recommendations for resolving the
reconciliation problem, assist in leading the actual reconciliations, as
well as recommend ways to improve the overall reconciliation process. The IG
recently reported that the absolute value of the out- of- balance amount for
Agriculture?s Central Accounting System had been reduced to $226 million as
of September 30, 2000. The OCFO proposed a one- time adjustment to write off
$160 million of the total $226 million.
In another instance, the Department of Health and Human Services (HHS) made
numerous adjustments at year- end to correct errors and to develop accurate
financial statements. Many of these adjustments would not have been
necessary had management routinely reconciled and analyzed accounts
throughout the year. For example, the HHS IG reported 37 that differences
between the Administration for Children and Families? (ACF)
Fund Balance with Treasury account and Treasury?s records ranged from $200
million to $6. 3 billion at various times during fiscal year 2000. 35
Agencies record their budget spending authorizations in their Fund Balance
with Treasury accounts. Agencies increase or decrease these accounts as they
collect or disburse funds. 36 U. S. Department of Agriculture Consolidated
Financial Statements for Fiscal Year 1998 (Audit Report No. 50401- 30- FM,
February 1999).
37 Report on the Financial Statement Audit of the Department of Health and
Human Services for Fiscal Year 2000, (Audit Report No. A- 17- 00- 00014,
February 2001).
Lack of Accurate and Timely Accurate and timely recording of financial
information is key to successful Recording of Financial financial
management. Recording transactions in the general ledger in a Information
timely manner can facilitate accurate reporting in agencies? financial
reports and other management reports that are used to guide managerial
decisionmaking. The Comptroller General?s Standards for Internal Control in
the Federal Government state that transactions should be
promptly recorded to maintain their relevance and value to management in
controlling operations and making decisions. As shown in figure 5, auditors
for 14 of the 19 agencies with reported noncompliant systems found that the
agencies did not record transactions accurately and timely in the general
ledger.
For example, the Department of Commerce IG reported that $270 million in
appropriations for two of the agency?s programs was not recorded in the
general ledger until 6 months after the apportionment for these
appropriations was issued. According to SFFAS No. 7, Accounting for Revenue
and Other Financing Sources, appropriations should be recognized when
available to the agency to be apportioned. The IG reported that the
apportionment for these two programs was issued on September 30, 1999, and
should have been recorded in the general ledger at
that time. According to the IG, the failure to record these appropriations
was due to confusion among agency officials as to which fiscal year the
program was established and where the program should be recorded. Because
the agency did not include these appropriations in its fiscal year 1999
financial statements, during fiscal year 2000 a prior period adjustment of
$270 million was made to properly recognize the budget authority for the
two programs. In other instances, auditors for five agencies reported that
unliquidated obligations 38 were not deobligated on a timely basis due to
the lack of procedures for reviewing unliquidated obligations or the failure
to follow these procedures. For example, auditors for the EPA reported that
although EPA was aggressive during fiscal year 2000 in identifying and
deobligating invalid obligations, EPA?s annual process 39 for reviewing 38
The value of goods and services ordered and obligated which have not been
received. 39 EPA?s policies require that the agency review unliquidated
obligations at least once a year to ensure that these obligations are still
available and needed for the purpose and time period specified.
inactive unliquidated obligations for validity still needed improvement. The
annual review by EPA management revealed that due to significant backlogs,
EPA did not timely process and deobligate inactive unliquidated obligations.
As a result of the weaknesses identified in its annual review, a special
review was performed to obtain a more accurate accounting of its
unliquidated obligations. In fiscal year 2000, the special review identified
$26.5 million in open unliquidated obligations that should have been
deobligated by September 30, 2000. EPA had to make a $26.5 million
adjustment to more accurately present its Statements of Financing and
Budgetary Resources.
Noncompliance with the Implementing the SGL at the transaction level is one
of the specific
SGL requirements of FFMIA. Applying the SGL at the transaction level means
that a financial management system will process transactions following the
SGL definitions of the general ledger accounts. Specifically, compliance
with the SGL at the transaction level requires that (1) data used in
financial
reports be consistent with the SGL, (2) transactions be recorded
consistently with SGL accounting transaction definitions and processing
rules, and (3) transaction detail supporting SGL accounts be directly
traceable to specific SGL account codes. By not implementing the SGL,
agencies are challenged to provide consistent financial information across
their component entities and functions. The effect of such differences has
contributed to our disclaimer of opinion on the U. S. government?s
consolidated financial reports for the last 4 fiscal years because the
government could not ensure that the information in its financial statements
was properly and consistently compiled. 40 As shown in figure 5, auditors
for 8 of the 19 agencies with noncompliant systems reported that the
agencies? systems did not comply with the SGL
requirement for fiscal year 2000. This is compared to the 14 agencies that
were reported in noncompliance with SGL requirements in fiscal year 1999. An
example of improvement is the Department of Labor, where the IG reported
that for fiscal year 2000, management took steps to improve the financial
accounting for back wages with the design and implementation of 40 Financial
Audit: 1997 Consolidated Financial Statements of the United States
Government (GAO/ AIMD- 98- 127, March 31, 1998), Financial Audit: 1998
Financial Report of the United States Government (GAO/ AIMD- 99- 130, March
31, 1999), Financial Audit:
1999 Financial Report of the United States Government (GAO/ AIMD- 00- 131,
March 31, 2000), and U. S. Government Financial Statements: FY 2000
Reporting Underscores the Need to Accelerate Federal Financial Reform (GAO-
01- 570T, March 30, 2001).
Labor?s new Back Wage Collection and Disbursement System. With the
improvements made, the IG concluded that the new system was substantially in
compliance with the SGL. Other agencies are working to become SGL compliant.
For example, the
HUD IG reported that HUD was not compliant with the SGL at the transaction
level. The Federal Housing Administration (FHA), a major component of HUD,
provides consolidated summary level data to HUD?s Central Accounting and
Program System (HUDCAPS). FHA has 19 subsidiary systems that feed
transactions to its own commercial general ledger system. To provide
consolidated summary level data from FHA to HUDCAPS, FHA used numerous
manual procedures, including the use of
personal computer based software to convert its commercial accountsbased
general ledger to the government SGL and then transfer the account balances
to HUDCAPS. During fiscal year 2000, FHA purchased a COTS
financial system to replace its current system. FHA management anticipates
that the implementation of the new accounting system will result in FHA?s
compliance with the requirement for automated posting of transactions to SGL
accounts. Lack of Adherence to One of FFMIA?s requirements is that agencies?
financial management Federal Accounting systems comply with federal
accounting standards. Agencies face Standards significant challenges
implementing these standards. As shown in figure 5, auditors for 12 of the
19 agencies with reported noncompliant systems
reported that the agencies had problems complying with one or more of these
standards. Some agencies have experienced difficulty implementing the
standards because their financial management systems are not capable
of producing the financial data needed. The standards most often cited by
the auditors relate to managerial cost accounting; property, plant, and
equipment; accounting for inventory and related property; and accounting for
revenue and other financing sources. FASAB continues to deliberate on new
and emerging accounting issues that could result in its issuing
additional standards; therefore, agencies? systems also must be flexible
enough to be able to accommodate any standards that may be issued in the
future. A major cornerstone of FFMIA is good cost accounting information
that program managers can use in managing day- to- day operations.
Managerial cost accounting is aimed at providing reliable and timely
information on the full cost of federal programs, their activities, and
outputs. The cost information can be used by the Congress and federal
executives in making
decisions about allocating federal resources, authorizing and modifying
programs, and evaluating program performance. Developing the necessary
information, which is needed as well to support GPRA implementation, will be
a substantial undertaking.
Of the 12 agencies? systems reported to be noncompliant with one or more of
the federal accounting standards, 7 of these agencies were reported in
noncompliance with SFFAS No. 4, Managerial Cost Accounting Concepts and
Standards. However, as mentioned earlier, if an agency had serious problems
overall, the auditor may not have reviewed every area for compliance so the
extent of this specific shortcoming may be greater. Our sense is that today
few agencies may have good cost accounting
information. The seven agencies? systems that were reported by their
auditors as noncompliant with the cost accounting standard are not able to
provide timely full cost accounting information and at best can only provide
this information at the end of the fiscal year through periodic cost surveys
or other cost finding techniques. The lack of timely cost information
seriously impinges the capacity to make informed managerial decisions on a
daily basis, precludes meaningful and timely reporting on performance
measures, and could result in project cost overruns and program
inefficiencies. Performance information is necessary to determine the value
of government programs and their success in achieving
their goals. Further, the move to implementation of performance- based
budgeting highlights the need for cost accounting information at the program
level. If program managers are going to be more accountable for the
achievement of output targets, they will need timely, accurate information
on the cost of their programs. At the present, program
managers do not always have information on, or control of, the full costs of
support services, retirement, and other nondirect costs associated with
their programs. For example, the IG for AID reported that the agency did not
comply with the five fundamental elements of managerial cost accounting.
AID?s current financial management system does not provide complete,
reliable, timely, or consistent information. Specifically, missions 41
cannot determine the cost of their program strategic objectives.
Furthermore, AID does not have cost allocation tools to utilize detailed
administrative and program cost 41 An AID mission is a representative in a
cooperating country. AID has overseas missions and offices that manage
projects associated with this foreign assistance.
information from overseas accounting stations. As a result, AID is not able
to assign costs to organizations, locations, projects, programs, or
activities. The IG for DOT reported 42 that the Federal Aviation
Administration (FAA) has made progress implementing its cost accounting
system, but still has
much to do. FAA?s actual cost for air traffic controller and airways
facilities maintenance labor, estimated at $3. 4 billion for fiscal year
2001, cannot be broken down further to a specific shift of air traffic
control or airways facilities maintenance. Therefore, FAA cannot develop
potentially useful information such as the cost associated with a particular
shift. FAA?s labor
costs are more than half of its total costs. An effective cost accounting
system that fully accounts for labor cost by activities and services would
allow FAA to identify areas of low productivity and high cost, as well as
high productivity and cost efficiency. While we recently reported 43 that
NASA did not have needed cost accounting data for the actual costs of
completed space station
components, its auditors reported that the results of their tests disclosed
no instances in which NASA?s systems did not comply substantially with
FFMIA. The results of our work raise questions about NASA?s compliance
with SFFAS No. 4, Managerial Cost Accounting Concepts and Standards. NASA
systems do not track and maintain cost data for NASA?s completed space
station components. Because NASA does not attempt to track these costs, the
agency does not know the actual cost of completed space station components
and is not able to re- examine its cost estimates for validity once costs
have been realized. Further, as discussed earlier, NASA does not have an
integrated financial management system. These issues raise
questions about management?s assertion regarding compliance with FFMIA. Weak
Security Over Information security weaknesses are one of the primary causes
for Information Systems
agencies? systems noncompliance with FFMIA. As a result, federal assets
continue to be at risk of inadvertent or deliberate misuse, financial
information at risk of unauthorized modification or destruction, sensitive
42 Status Assessment of FAA?s Cost Accounting System and Practices, Federal
Aviation Administration, Office of Inspector General, Department of
Transportation (FI- 2001- 023), February 28, 2001. 43 NASA: International
Space Station and Shuttle Support Cost Limits (GAO- 01- 1000R, August 31,
2001).
information at risk of inappropriate disclosure, and critical operations at
risk of disruption. Significant computer security weaknesses in systems that
handle the government?s unclassified information continue to be reported in
each of the major federal agencies.
As shown in figure 5, auditors for the 19 agencies with reported
noncompliant systems reported information security weaknesses as a problem
in fiscal year 2000. Our high- risk series report 44 shows that all of the
24 CFO Act departments and agencies have significant computer security
weaknesses. The computer security weaknesses covered the full range of
computer security controls. For example, physical and logical
access controls 45 were not effective in preventing and detecting system
intrusions and misuse. In addition, software change controls 46 were
ineffective in ensuring that only properly authorized and tested software
programs were implemented. Further, duties were not adequately segregated to
reduce the risk that one individual could execute unauthorized transactions
or software changes without detection. Finally, sensitive operating system
software 47 was not adequately controlled, and
adequate steps had not been taken to ensure continuity of operations. The
risks associated with these weaknesses are heightened because of the
increasing interconnectivity of today?s computerized systems and use of the
Internet that further exposes them to outside hackers.
The Standards for Internal Control in the Federal Government highlight the
need for adequate control over automated information systems to ensure
protection from inappropriate access and unauthorized use by hackers and
other trespassers or inappropriate use by agency personnel. Unresolved
information security weaknesses could adversely affect the ability of
agencies to produce accurate data for decision- making and 44 High Risk
Series: An Update (GAO- 01- 263, January 2001). 45 Access controls are
designed to limit or detect access to computer programs, data, equipment,
and facilities to protect these resources from unauthorized modification,
disclosure, loss, or impairment. 46 Software change controls include
controls over the design, development, and modification of application
software to ensure that all programs and program modifications are properly
authorized, tested, and approved. Such controls help prevent security
features from being inadvertently or deliberately turned off and processing
irregularities or malicious code from being introduced. 47 System software
coordinates and helps control the input, processing, output, and data
storage associated with all of the applications that run on a system.
financial reporting because such weaknesses could compromise the reliability
and availability of data that are recorded in or transmitted by an agency?s
financial management system. The degree of risk caused by security
weaknesses is extremely high and places a broad array of federal operations
and assets at risk of fraud, misuse, and disruption. For example, weaknesses
at the Department of the
Treasury increase the risk of fraud associated with billions of dollars of
federal payments and collections, and weaknesses at DOD increase the
vulnerability of various military operations. Further, information security
weaknesses place enormous amounts of confidential data, ranging from
personal and tax data to proprietary business information, at risk of
inappropriate disclosure. One of our most recent reports 48 on computer
security highlights significant and pervasive computer security weaknesses
that place sensitive Department of Commerce systems at risk. Individuals
both within and outside Commerce could gain unauthorized access to these
systems and thereby read, copy, modify, and delete sensitive economic,
financial, personnel, and confidential business data. Moreover, intruders
could disrupt the operations of systems that are critical to the mission of
the department. Poor detection and response capabilities at the Commerce
bureaus we reviewed increase the likelihood that incidents of unauthorized
access to sensitive systems will not be detected in time to prevent or
minimize damage. Commerce?s weaknesses were attributable to the lack of an
effective information security program, that is, lack of centralized
management, a risk- based approach, up- to- date security policies, security
awareness and training, and the effectiveness of implemented controls. These
weaknesses are exacerbated by Commerce?s highly interconnected computing
environment in which the vulnerabilities of individual systems affect the
security of systems in the entire department, since a compromise in a single
poorly secured system can undermine the security of the multiple systems
that connect to it.
Similarly, in another recent report, 49 we reported that in spite of
progress made in correcting computer security weaknesses previously
identified by
48 Information Security: Weaknesses Place Commerce Data and Operations at
Serious Risk (GAO- 01- 751, August 2001).
the Interior IG and other steps to improve security, our review of
Interior?s information system general controls identified additional
weaknesses at its National Business Center (NBC) in Denver, CO. These
weaknesses affected the center?s ability to (1) prevent and detect
unauthorized changes
to financial information, including payroll and other payment data; (2)
control electronic access to sensitive personnel information; and (3)
restrict physical access to sensitive computing areas. The effect of these
weaknesses is to place sensitive NBC- Denver financial and personnel
information at risk of unauthorized disclosure, critical financial
operations at risk of disruption, and assets at risk of loss. These
weaknesses and risks also affect other agencies that use computer-
processing services at NBCDenver.
In recognition of these serious security weaknesses, we and the Inspectors
General have issued numerous reports that identify computer security
weaknesses in the federal government and have made recommendations to
agencies regarding specific steps they should take to make their security
programs more effective. Also, in 2001, we again reported information
security as a high- risk area across government, as we did in our 1997 and
1999 high- risk series. 50 In addition, we have identified best practices
for improving information security management, which we published in two
guides. 51 Our guides are consistent with guidance on information security
program management provided to agencies by OMB and the National
Institute of Standards and Technology (NIST). 52 Further, recognizing the
highly networked federal computing environment and the resulting need for
improved security management measures, the
49 Information Security: Weak Controls Place Interior?s Financial and other
Data at Risk (GAO- 01- 615, July 2001). 50 See, for example, GAO- 01- 263,
January 2001. 51 Information Security Management: Learning from Leading
Organizations (GAO/ AIMD98- 68, May 1998) and Information Security Risk
Assessment: Practices of Leading Organizations (GAO/ AIMD- 00- 33, November
1999). 52 OMB guidance is contained in its Circular A- 130, Appendix III,
Security of Federal Automated Information Resources, updated November 2000.
NIST has issued numerous Federal Information Processing Standards as well as
a comprehensive description of basic
concepts and techniques entitled, An Introduction to Computer Security: The
NIST Handbook, Special Publication 800- 12, October 1995, and Generally
Accepted Principles and Practices for Securing Information Technology
Systems, published in September 1996.
Congress enacted the Government Information Security Reform (GISR)
provisions as part of the fiscal year 2001 Defense Authorization Act. 53 The
legislation seeks to provide a comprehensive framework for establishing and
ensuring the effectiveness of information security controls over information
resources that support federal government operations and
assets. GISR requires agencies to implement an information security program
that is founded on a continuing risk management cycle and largely
incorporates existing security policies found in OMB Circular A- 130,
Appendix III. GISR also added an important new requirement by calling for
both annual management and independent evaluations of the information
security program and practices of an agency. The results of these reviews,
which are initially scheduled to become available in late 2001, will provide
a more complete picture of the status of federal information security than
currently exists, thereby providing the Congress and OMB an improved means
of overseeing agency progress and identifying areas needing improvement.
Criteria for Assessing OMB?s current FFMIA implementation guidance, which
was revised on
Compliance With January 4, 2001, and was effective for fiscal year 2000
audits, provides information for auditors to consider in evaluating and
reporting audit FFMIA Should Be
results. This guidance requires auditors to plan and perform their audit
Made More Rigorous
work in sufficient detail to enable them to determine the degree of
compliance and report on instances of noncompliance for all of the
applicable FFMIA requirements. We agree with this objective. The guidance
describes specific minimum requirements that agency systems must meet to
achieve compliance and provides indicators of compliance.
The FFMIA implementation guidance also indicates that auditors should report
on FFMIA compliance as part of the financial statement audit process based
upon OMB Bulletin No. 01- 02, Audit Requirements for Federal Financial
Statements. OMB Bulletin No. 01- 02 states that auditors shall perform tests
of the entity?s compliance with FFMIA. In providing guidance on reporting on
substantial compliance with FFMIA, OMB Bulletin No. 01- 02 states that
auditors should report that ?the results of our tests disclosed no instances
in which the agency?s financial management systems did not substantially
comply? [with FFMIA]. In
contrast, FFMIA requires the auditors to ?? report whether the agency 53
Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001,
Pub. L. 106- 398, Title X, Subtitle G, 114 stat. 1654, 1654A- 266 (2000).
financial management systems comply with the requirements of [the act].?
This is an important distinction because under auditing standards the
terminology ?disclosed no instances? means that the auditor is providing
negative assurance. Under generally accepted government auditing standards,
only limited incidental testing is necessary for an auditor to give negative
assurance. However, to ?report whether,? or to provide positive assurance,
auditors need to perform sufficient testing to draw a conclusion. Auditors
for the five agencies that were not reported to be noncompliant with FFMIA
provided negative assurance in accordance with OMB
guidance. If the readers of the report do not understand this distinction,
they may have a false impression that the systems have been reported to be
substantially compliant by the auditors.
Today for most agencies, because their systems deficiencies are well known
and well documented and based on other audit work the auditor may have
performed outside of the financial statement audit, the auditor may have
sufficient knowledge to conclude that an agency is not in substantial
compliance with FFMIA without performing additional testing
beyond that needed for the financial statement audit opinion. The auditors
for the 19 agencies that reported agencies? systems to be noncompliant with
FFMIA for fiscal year 2000 told us they relied on knowledge obtained from
prior years? audits or the internal control and compliance with laws and
regulation testing performed during the current year financial statement
audits. However, to provide positive assurance when assessing substantial
compliance with FFMIA requirements, sufficient testing is needed. Some of
the promising audit procedures noted during our review included the use of
detailed audit programs and an assessment of financial systems?
functionality. For example, auditors for 7 of the 24 agencies- the
Department of Energy, AID, NSF, EPA, HUD, NRC, and OPM- designed and used
separate FFMIA audit programs to test for compliance. 54 Other procedures
that auditors could perform to provide positive assurance when assessing
compliance with FFMIA include using the GAO and JFMIP checklists that were
developed as assessment tools. For example, the auditors for NRC used the
GAO checklist to determine systems? 54 Auditors for two of the seven
agencies- the Department of Energy and NSF- provided negative assurance that
the agency systems were substantially compliant and auditors for five of
these agencies- AID, EPA, HUD, NRC, and OPM- reported the agencies? systems
to be noncompliant.
compliance with JFMIP systems requirements, while the auditors for the
Department of Labor used the JFMIP checklist to determine the agency?s core
financial system?s compliance with FFMIA. For both agencies, the auditor
reported that the agency systems were not compliant with FFMIA.
GAO and the President?s Council on Integrity and Efficiency (PCIE) 55
recently issued a joint Financial Audit Manual (GAO/ PCIE FAM). This manual
provides the methodology for performing financial statement audits of
federal entities. Section 350 of this manual describes the procedures
auditors should follow in determining the nature, timing, and extent of
control tests and of tests for systems? compliance with FFMIA requirements.
Specifically, the manual states that the auditor should use any management-
provided documentation of the work that management did for its assertion
about the systems? conformance with the agency?s
annual Financial Integrity Act report 56 and any work management may have
done for FFMIA as a basis for determining the nature and extent of audit
work needed. Management?s role is important and the comprehensive
nature of its determination as to whether it is in substantial compliance is
important in the audit process. For example, if management provides the
auditor with a checklist detailing the functions the systems are able to
perform, the auditor generally should select some significant functions from
the checklist and determine whether the systems perform them. Overlap exists
between testing for FFMIA compliance and testing internal controls. The GAO/
PCIE FAM cites a
number of techniques, such as observation, inspection, and walkthroughs that
the auditor can employ when performing this work. Further, to achieve
maximum efficiency, these tests for FFMIA compliance generally
should be done concurrently with other nonsampling control tests. The nature
of FFMIA will always require a certain degree of judgement on the part of
auditors and management. OMB's revised implementation guidance provides
examples for auditors and management to consider when assessing compliance
with FFMIA. For example, the guidance states
55 The PCIE was established to address integrity, economy, and effectiveness
issues that transcend individual federal agencies and increase the
professionalism and effectiveness of IG personnel throughout the government.
The PCIE is comprised of all presidentially appointed IGs, and members from
OMB, the Federal Bureau of Investigation, the Office of Special Counsel, the
Office of Government Ethics, and OPM. 56 31 U. S. C. sec. 3512 (d)( 2)( B).
that an agency?s systems are substantially compliant with FFMIA, if they
can, (1) prepare financial statements and other required financial and
budget reports using information generated by the financial management
systems; (2) provide reliable and timely financial information for managing
current operations; (3) account for their assets reliably, so that they are
properly protected from loss, misappropriation, or destruction; and (4) do
all of the above in a way that is consistent with the federal accounting
standards and the SGL. Nonetheless, auditors for 10 agencies and financial
management officials at 4 agencies told us that they encountered problems in
interpreting the guidance including OMB?s definition of ?substantial
compliance.? 57 FFMIA states that agencies? financial management systems
should ?comply substantially? with the systems? requirements, accounting
standards, and SGL requirements but does not elaborate on the meaning of
?comply substantially.? Some in the CFO and audit communities believe that
without further guidance, the interpretation and application of the guidance
will likely remain inconsistent throughout the federal government.
Auditors for seven agencies told us that, in their view, OMB?s January 2001
revised guidance appeared to lower the threshold for determining compliance
with FFMIA, providing more agencies an opportunity to become compliant with
FFMIA. For example, the auditor for one agency believes that the revised
guidance is too subjective, while the auditor for
another agency told us that the guidance eliminated specific systems
requirements. Further, officials at one agency told us that they believed
the change in the guidance related to the systems security indicators
lowered the threshold. In fact, according to the auditors and agency
officials for this same agency, the change in OMB?s revised guidance, which
was retroactive for fiscal year 2000, was the reason for the agency?s
reported
systems? compliance in fiscal year 2000. In fiscal years 1999 and 1998, the
auditor reported that the agency was not in substantial compliance with
FFMIA because of reportable conditions related to IT security control
weaknesses. OMB?s previous guidance characterized IT security controls 57 As
we previously discussed, at two agencies, the auditor and agency management
publicly disagreed about whether an agency?s systems were in substantial
compliance with FFMIA. Further, at several other agencies, the auditors
mentioned that it was a point of contention.
that were considered reportable conditions 58 as an indicator of an instance
of noncompliance with FFMIA. In contrast, the revised guidance states that
only material IT security control weaknesses 59 should be considered as
indicators of noncompliance with FFMIA. According to the auditors and agency
officials, because the revised guidance no longer characterized IT
security controls that were reportable conditions as indicators of instances
of noncompliance, the auditors determined that the agency was compliant with
FFMIA for fiscal year 2000. Moreover, although the compliance indicators in
OMB?s revised implementation guidance were meant only as examples of
compliance, auditors for three of the agencies which ultimately reported the
agencies? systems to be noncompliant with FFMIA and two auditors that
provided negative assurance used the indicators in OMB?s revised guidance as
a
prescriptive checklist for determining an agency?s systems compliance. These
auditors compared the material weaknesses and reportable conditions
identified through the financial statement audit process to the OMB
compliance indicators, and if no deficiencies in a specifically listed
indicator had been identified as part of the financial statement audit work,
no noncompliance with FFMIA was reported. If a deficiency in a specific
indicator was noted, noncompliance was reported. This was not the way the
OMB indicators should have been used because just applying the indicators is
too limiting and was not OMB?s intention. Without a comprehensive approach,
key systems? functionalities may not be assessed and the extent of
noncompliance will remain uncertain. Without testing the
functionality of a financial management system, auditors cannot be assured
that the agencies? systems are operating as designed and that the systems
substantially comply with FFMIA.
58 Reportable conditions are matters coming to our attention that, in our
judgement, should be communicated because they represent significant
deficiencies in the design or operation of internal controls that could
adversely affect the organization?s ability to provide
reasonable assurance of the reliability of its financial reporting,
performance reporting, and compliance with laws and regulations. It is a
significant, yet less severe, category of internal control deficiency than a
material weakness.
59 A material weakness is a condition that precludes the entity?s internal
control from providing reasonable assurance that misstatements, losses, or
noncompliance material in relation to the financial statements or to
stewardship information would be prevented or detected on a timely basis.
Successful FFMIA Bringing agency financial management systems into
compliance with
Implementation FFMIA requirements is a formidable challenge that requires
sustained top
management commitment, adequate funding resources, skilled financial
Requires Top management staff, and meaningful management information. Our
Management
Executive Guide: Creating Value Through World- class Financial Management 60
identifies these factors, among others, as key success Commitment,
factors and practices associated with world- class financial management.
Adequate Resources, Agency officials we interviewed repeatedly emphasized
the need for top
and Redesigned management commitment and adequate resources to effect the
changes
needed to upgrade or replace financial management systems. To enhance
Processes
their capabilities of providing meaningful information to decisionmakers,
leading organizations included in GAO?s Executive Guide reengineered their
business processes in conjunction with implementing new technology. The
Executive Guide further points out that at world- class financial
management organizations, top executives demonstrate their commitment by
ensuring that the necessary resources needed to effect the changes for
improved financial management are available. However, 11 of the 19 agencies
with reported noncompliant systems cited lack of funds as an obstacle in
achieving compliance with FFMIA. Our interview results
showed that agencies also need adequate human capital resources, which
includes not just enough staff but also skilled staff for critical
positions. Many of the officials we interviewed told us that having enough
staff with the right skill mix was a problem for the agencies in achieving
their FFMIA
goals. Officials at 14 of the 19 agencies with noncompliant systems cited
the lack of adequate human capital resources as an obstacle to achieving
FFMIA compliance. It is crucial that the federal government has a qualified
workforce with the right mix of skills to successfully implement financial
systems. A key factor is having a well- qualified project manager to lead
this
effort. The Core Competencies for Project Managers Implementing Financial
Systems in the Federal Government 61 identifies competencies in 60 Executive
Guide: Creating Value Through World- class Financial Management (GAO/ AIMD-
00- 134, April 2000). To help promote effective implementation of federal
financial management reform, GAO studied the financial management practices
and improvement efforts of nine leading public and private sector finance
organizations to identify the success factors, practices, and outcomes
associated with world- class financial management. 61 The Financial Systems
Committee and Human Resources Committee of the CFO Council worked with JFMIP
in identifying the knowledge, skills, and abilities for project managers.
three areas: financial management, human resources, and technical. Pursuit
of these competencies will enable project managers to meet the challenge of
today?s changing environment and prepare for the future.
Strategic human capital management is a pervasive challenge in the federal
government. To highlight the urgency of this governmentwide challenge, in
January 2001 we added strategic human capital management to our list of
federal programs and operations identified as high risk. 62 As stated in the
high- risk series report, human capital shortfalls are eroding and
threatening the ability of many agencies to effectively, efficiently, and
economically perform their missions. As a result, this area needs greater
attention to ensure maximum government performance and accountability.
Another key success factor for world- class financial management is
meaningful management information. Financial information is meaningful when
it is reliable, useful, and timely. However, as discussed earlier, most
federal agencies lack the systems and processes required to produce
meaningful financial information needed for management decision- making. To
remedy their financial management systems problems, many agencies are
implementing COTS software packages. In this regard, JFMIP tests
vendor COTS packages and certifies that they meet current financial
management system requirements for core financial management systems. 63
Agencies who have or are currently implementing COTS packages include the
Departments of Agriculture, Education, Transportation, and Veterans Affairs,
DOD components such as the Defense Finance and Accounting Service 64 and the
Military Sealift Command, HUD?s FHA, and AID.
A key to successful implementation of COTS systems, according to leading
finance organizations, is reengineering business processes to fit the new
software applications that are based on best practices. The Clinger- Cohen
Act requires agency heads to modernize inefficient mission- related and
administrative processes (as appropriate) before making a significant 62
High- Risk Series: An Update (GAO- 01- 263, January 2001). 63 To maintain a
certificate of compliance, vendors with qualified software packages must
successfully complete any incremental tests required by JFMIP. These tests
are conducted to ensure that vendor software offerings are aligned with
current federal financial management requirements.
64 DFAS: Oracle Project and Financials, Perfecting the Recipe for Success,
Defense Finance and Accounting Service, May 23, 2001.
investment in IT systems to support them. Thus, an assessment of current
processes should be completed before any decision is made about acquiring
technology. As a result, federal agencies are beginning to consider the
merits of information technology approaches that involve reengineering
business processes in conjunction with implementing COTS software without
significant modification.
Remediation Plans The CFO Act requires OMB to prepare and submit to the
Congress a Improved but Continue
governmentwide 5- year financial management plan, including annual status
updates. Among other requirements, the governmentwide plan is to To Lack
Important describe strategies for improving financial management. To help
compile Details the governmentwide 5- year plan, OMB uses agency- specific
financial management plans that agencies prepare as part of their budget
submissions and are also required by the CFO Act. FFMIA requires agency
management to prepare remediation plans, in consultation with OMB, that
describe the corrective actions they plan to take to resolve their instances
of noncompliance, target dates, and resources necessary to bring financial
systems into substantial compliance with FFMIA requirements. Further, the
recently issued President?s Management Agenda for improving financial
management states that OMB will work with agencies to ensure that federal
financial systems produce accurate and timely information to support
operating, budget, and policy decisions.
For our report on FFMIA compliance last year, 65 we reviewed remediation
plans agencies prepared to address problems identified in the fiscal year
1998 financial statement audits. We concluded that the majority of the
plans lacked sufficient detail to be adequate tools for agency management
and staff to use in resolving financial management problems. For this year?s
report, we reviewed agencies? fiscal year 1999 remediation plans. 66 Overall
the plans improved slightly over those for fiscal year 1998. While OMB has
worked with many agencies to prepare or revise these plans,
which helped improve the plans, many still lacked sufficient detail and
descriptions of the resources needed for executing the corrective actions.
Further, some of the corrective actions included in the remediation plans
65 Financial Management: Federal Financial Management Improvement Act
Results for Fiscal Year 1999 (GAO/ AIMD- 00- 307, September 29, 2000). 66
Remediation plans addressing issues identified in the fiscal year 1999
financial statement audits were due to OMB by December 15, 2000.
we reviewed did not fully address the problems they are intended to correct.
As we reported last year, remediation plans need to be sufficiently detailed
to provide a ?road map? for agency management and staff to resolve financial
management problems. The severity of problems facing agencies as they
attempt to replace or overhaul old and outdated financial systems and
resolve serious information security weaknesses, among other things,
highlights the need for detailed remediation plans. Of the 21 agencies whose
systems were reported to be noncompliant with FFMIA in fiscal year 1999, 16
prepared remediation plans. Two agencies- SSA and FEMA- did not submit
remediation plans for fiscal year 1999 to OMB because agency management
determined that their systems were in substantial compliance with FFMIA.
While SSA and FEMA management
acknowledged that the weaknesses identified by the auditors exist, they did
not agree with the auditors that the weaknesses resulted in lack of
?substantial? compliance. However, SSA and FEMA have provided comments,
including corrective actions, in response to the auditors? recommendations.
In addition, 3 of 21 agencies- the Departments of Justice and State and GSA-
did not prepare separate remediation plans to address reported fiscal year
1999 instances of noncompliance. The Department of Justice addressed
instances of FFMIA noncompliance for both fiscal years 1999 and 2000 in its
Financial Management Status Report and Five- Year Plan dated May 2001.
Department of State officials decided not to issue a
separate remediation plan for fiscal year 1999 67 but rather to focus on
implementing actions in its March 2000 plan and on updating its remediation
plan to address the fiscal year 2000 instances of noncompliance. Lastly, GSA
officials told us that management did not prepare a remediation plan for
fiscal year 1999 because the agency?s
systems were determined to be in compliance for fiscal year 2000, and the
severity of the problems for fiscal year 1999 no longer warranted
development of a plan.
FFMIA provides that if the compliance determination made by the agency head
differs from the auditors? findings, the Director of OMB is to review the
determinations and provide a report on the findings to the appropriate 67
The Department of State issued its first remediation plan in March 2000.
This plan addressed instances of noncompliance identified in both the fiscal
year 1998 and 1999 financial statement audits.
committees of the Congress. Further, although FFMIA does not require a
remediation plan if an agency head determines the agency?s systems comply
substantially, OMB Circular A- 11 requires agencies to address systems
weaknesses in their financial management improvement plans. We reviewed the
16 available remediation plans to determine whether (1) they included all
the instances of noncompliance identified in the fiscal year 1998 financial
statement audit reports; (2) the planned corrective
actions were accompanied by detailed steps; (3) the corrective actions, if
successfully implemented, could potentially resolve the problems; (4) they
included information about resources needed; and (5) they provided target
dates for completing the corrective actions. Figure 6 presents the results
of our analysis.
Figure 6: Results of Review of Fiscal Year 1999 Remediation Plans Number of
plans 16
16 15 14
14 12
11
10
10
8
6
6
5
4
2
2
1 0
0 Are corrective
Are corrective Will corrective
Are resources Are time frames
actions for all actions detailed?
actions likely included?
included? instances of
resolve the noncompliance
problems? included?
Yes No
As shown in figure 6, 14 of the agencies? remediation plans included
corrective actions that covered all of the reported instances of
noncompliance identified as a result of the fiscal year 1999 financial
statement audit. The remediation plans for two agencies, HUD and DOD, did
not include corrective actions to cover all of the instances of FFMIA
noncompliance reported. While HUD?s remediation plan covered virtually all
of its instances of noncompliance, it did not fully address computer
security weaknesses over its information systems. The corrective actions in
DOD?s plan, referred to as its Financial Management Improvement Plan (FMIP),
68 could not be specifically related to the reported instances of FFMIA
noncompliance.
Another limitation with a number of the remediation plans is that the
corrective actions were broadly stated and did not include sufficient
details describing how actions are to be accomplished. As shown in figure 6,
corrective actions in 11 of the 16 remediation plans fell into this
category. An example of a plan with sufficient details describing corrective
actions is HUD?s remediation plan. In its plan, HUD included specific
actions for
addressing FHA?s compliance with the SGL at the transaction level, which
includes completing the feeder system SGL financial transaction processes
for 19 systems, validating extracts from existing feeder systems, and
determining the appropriate SGL accounting treatment and data format.
In contrast, one of the corrective actions in AID?s remediation plan is to
develop cost allocation models with cost drivers to attribute costs to the
agency?s goals. Based on our review of AID?s remediation plan, we found no
information that describes, even in general terms, the cost drivers and how
the cost allocation models will be developed. As we discuss later, when an
agency?s corrective actions involve implementing or replacing
financial management systems, it is important to have a detailed plan that
includes adopting sound IT investment and control processes. While there is
a substantial amount of professional judgment associated with assessing the
adequacy of these plans, we determined that the corrective actions in the
remediation plans of 15 agencies, if successfully implemented, could
potentially resolve the problems, as shown in figure 6. For DOD, we
determined that the corrective actions described in the agency?s remediation
plan probably would not resolve the problems. For 68 DOD?s Financial
Management Improvement Plan represents DOD?s response to several mandated
annual reporting requirements, including FFMIA.
example, we recently reported 69 that while DOD?s fiscal year 2000 FMIP is a
significant effort and an improvement over prior plans, it largely
represents a compilation of the military services? and DOD components?
stovepiped
approaches, and therefore is not an effective management tool that
establishes a departmentwide strategic approach for developing an integrated
DOD- wide financial management system. Such stovepiped approaches have been
at the heart of previous DOD- wide reform initiatives
that have produced some incremental improvements, but have not resulted in
the fundamental reform necessary to resolve these long- standing management
challenges. As we recently testified, 70 DOD?s financial management
challenges must be addressed as part of a comprehensive, integrated, DOD-
wide business process reform, including an enterprisewide systems
architecture to guide and direct its financial management modernization
investment. If the hundreds of initiatives
outlined in the plan are not implemented as part of an overall financial
management architecture, DOD runs the risk that its system efforts will
result in perpetuating a system environment that is duplicative, not
interoperable, unnecessarily costly to maintain, and is unable to optimize
financial management performance and accountability. We are encouraged that
the Secretary of Defense has stated that he intends to include financial
management reform among his top priorities. Most recently, DOD has initiated
a number of actions that hold promise for addressing its longstanding
serious problems in this area. For example, DOD recently announced plans to
(1) dedicate significant funding to this area; (2)
establish a top level steering committee that is to include leaders of its
major components and Secretariat- level organizations; and (3) analyze
ongoing and planned financial management systems initiatives across the
Department to curtail high- risk efforts that will not lead to an integrated
financial management structure.
OMB?s guidance and FFMIA state that remediation plans are to include
resources and target dates necessary to achieve substantial compliance. As
shown in figure 6, 10 of the 16 remediation plans we reviewed did not
include a discussion of resources needed. Resource information is important
for agencies and OMB to determine whether corrective actions can
realistically be undertaken. 69 Financial Management: DOD Improvement Plan
Needs Strategic Focus (GAO- 01- 764,
August 17, 2001). 70 DOD Financial Management: Integrated Approach,
Accountability, and Incentives Are Keys to Effective Reform (GAO- 01- 681T,
May 8, 2001).
Finally, as shown in figure 6, all 16 of the remediation plans included
timeframes. This is an improvement over fiscal year 1998, where 14 of the 19
remediation plans included timeframes. The plans would be further enhanced
by including intermediate target dates. Setting specific intermediate target
dates help keep agencies on track as they implement corrective actions.
FFMIA, which was enacted 5 years ago, specifies that
agencies have 3 years to bring their systems into compliance after a
determination of noncompliance has been made. FFMIA also provides for
extending the time needed to complete the planned actions past 3 years with
the concurrence of OMB. As mentioned earlier, in our discussion of the
extent of long- term challenges facing DOD, 3 years will not be enough time
for some agencies to address their remaining problems. Therefore, OMB?s
continuing leadership and oversight of remediation efforts will be
important.
Systems Replacement The importance of having a good remediation plan becomes
more evident
Projects Emphasize a Need when corrective actions in remediation plans
involve IT investments, such for Comprehensive Plans
as implementing or replacing financial management systems or software.
Agencies invest more than $40 billion in IT for about 26,000 information
systems. 71 Technology now affects virtually every aspect of the way the
government operates, and IT investments are extremely important to the
success of e- government transforming the delivery of information and
services. To ensure that IT dollars are directed toward prudent investments
designed to achieve cost savings, increase productivity, and improve the
timeliness and quality of service delivery, agencies need to apply the
framework outlined in the Clinger- Cohen Act of 1996 and implementing
guidance. 72 The Clinger- Cohen Act requires agencies to use a capital
planning and
investment control process to compare and prioritize all IT projects using
explicit quantitative and qualitative decision criteria. Moreover, the
Clinger- Cohen Act requires agencies to adopt an IT architecture, a
welldefined
and enforced blueprint for operational and technological change. 71 A
Blueprint for New Beginnings, A Responsible Budget for America?s Priorities,
Office of Management and Budget, March 2001. 72 The Clinger- Cohen Act
builds on the best practices of leading public and private organizations by
requiring agencies to better link IT planning and investment decisions to
program missions and goals.
An enterprise architecture 73 provides an agency with a clear and
comprehensive picture of an entity and includes a capital investment road
map for transitioning from the current to the target, or the planned future
environment. In concert with an enterprise architecture, the Clinger- Cohen
Act requires agencies to have disciplined approaches for developing or
acquiring software, including an effective evaluation process for assuring
that the contractor- developed software satisfies the defined requirements.
OMB officials told us that they are working with agencies regarding the
application of the framework outlined in the Clinger- Cohen Act and that
OMB?s review of agencies? IT capital asset planning processes is linked to
its review of agencies? remediation plans. As discussed further in the next
section, OMB?s continuing leadership is critical to the efforts across
government to improve financial management systems. Many agencies are
planning or are in the process of implementing new core financial management
systems. Implementing or overhauling financial management systems can
understandably take time, and the systems may not be
operational for several years. For example, as previously discussed, VA is
planning to replace its ?patchwork? of computer systems 74 and correct its
FMFIA material systems weaknesses by implementing a single commercial
financial management and logistics system. This system implementation
effort, called the Core Financial and Logistics System, is targeted to be
completed by the end of 2003. Similarly, the Centers for Medicare and
Medicaid Services 75 have efforts underway to implement the Integrated
General Ledger Accounting System and expects to complete
implementation in fiscal year 2007. NASA has found implementation of new
financial management systems to be a challenge. In describing its need for
an integrated financial management system, NASA has stated that its
financial management environment was comprised of decentralized,
nonintegrated systems, with policies, procedures, and practices unique to
its field centers. 76 The
Integrated Financial Management System (IFMS) is expected to correct these
problems. NASA is undertaking its third attempt to implement an
73 OMB Circular A- 130 requires that executive agencies implement an
enterprise architecture. 74 Department of Veterans Affairs Annual
Accountability Report Fiscal Year 2000.
75 On July 1, 2001, the Health Care Financing Administration was renamed as
the Centers for Medicare and Medicaid Services.
integrated financial management system. In a prior attempt, a former
contractor working on the IFMS had difficulties upgrading its software to
support new technologies and to meet all federal requirements. This contract
was eventually terminated, and the program to implement the system has been
changed so that implementation of the new system is broken into individual
software modules. NASA CFO officials told us that NASA is now moving to a
COTS package for its core financial system. NASA expects to implement the
core financial system at its centers in fiscal year 2003.
Agriculture encountered problems in implementing a COTS package to provide a
departmentwide accounting system, due to inadequate project planning and
inexperienced management coupled with insufficient business process
reengineering. According to PriceWaterhouseCoopers, 77 Agriculture?s
implementation of the COTS package was impacted by
insufficient strategic planning. For example, Agriculture did not have a
single, strong strategic plan to guide the implementation of its Foundation
Financial Information System (FFIS). The strategic implementation plan
should have been developed in concert with its component agencies and
communicated throughout the Department. Moreover, Agriculture did not do
sufficient analysis of its business processes before attempting to implement
the FFIS at the Forest Service. As a result, significant effort was expended
automating existing and complex business processes, some of which needed to
be reengineered. Agriculture hired experienced financial systems program
management staff in the fourth quarter of 1998. This staff reoriented the
FFIS project and has implemented the FFIS in six major
Agriculture agencies since the beginning of fiscal year 2000. Agriculture
expects to implement the FFIS at another eight agencies on October 1, 2001.
According to Agriculture officials, the keys to progress for this project,
required knowledgeable staff, management support, and resources.
76 NASA is comprised of its headquarters offices, nine Centers located
throughout the country, and the Jet Propulsion Laboratory. The Jet
Propulsion Laboratory is operated by the California Institute of Technology.
77 USDA Framework for the FFIS Project Management Office,
PriceWaterhouseCoopers L. L. P., August 11, 1998.
OMB Plays an The advisory role FFMIA established for OMB with respect to
agency remediation plans is important for addressing the types of problems
we
Important Role By noted in the remediation plans we reviewed. Therefore, in
a prior report 78 Providing Advice on
we recommended that OMB work with the agencies to ensure that all FFMIA
Remediation
remediation plans are prepared and submitted timely. We also Plans
recommended that OMB review agencies? plans for (1) detailed corrective
actions that fully address reported problems, (2) inclusion of resource
requirements, and (3) specific time frames needed to implement and resolve
problems.
OMB officials have told us that OMB is moving toward full implementation of
its strategy to link financial management systems improvements detailed in
FFMIA remediation plans to key agency plans. For example, OMB is planning to
link its review of the remediation plans with agency 5- year financial
management plans, IT plans, and capital planning and investment control
processes. According to OMB officials, OMB is integrating its review of
FFMIA remediation plans with its capital planning and
investment control plans process. 79 By incorporating FFMIA remediation
reviews under this framework, OMB will be better able to analyze, track, and
evaluate FFMIA improvement efforts as part of the budget process.
OMB officials have told us that they met with each of the CFO Act agencies
to introduce OMB?s long- term strategy for incorporating FFMIA remediation
plans into the agencies? capital asset plans. In scheduling these meetings,
OMB requires multiple agency officials to attend such as
the Chief Financial Officers, Chief Information Officers, the Chief
Procurement officials and, in some instances, the Budget Officer. In
addition, changes were made to OMB Circular A- 11 in July 2000 to provide
guidance on integrating financial management systems improvements in
FFMIA remediation plans with agency information on IT capital projects.
Further, GAO and Treasury participate in annual meetings held by OMB with
the CFOs and IGs of each CFO Act agency that did not have an unqualified
audit opinion or had serious systems problems. At these meetings, financial
management systems initiatives are discussed, and
78 Financial Management: Federal Financial Management Improvement Act
Results for Fiscal Year 1998 (GAO/ AIMD- 00- 3, October 1999). 79 OMB
receives both FFMIA remediation plans and capital asset plans in agency
budget submissions prepared under the requirements of OMB Circular A- 11.
OMB stresses that the end game of the CFO Act is having systems that produce
reliable, useful, and timely information on an ongoing basis.
A number of agency CFO officials we interviewed, though, generally seemed
unsure about OMB?s strategy for integrating FFMIA remediation plans with
agencies? capital planning and investment control processes. Of the 16
agencies preparing remediation plans for fiscal year 1999, officials
from 9 were certain that OMB had met with or contacted officials from their
agencies to discuss its strategy related to remediation plans while 7 were
unaware of the meetings. Officials from 5 of the 16 agencies did say that
they implemented OMB?s strategy in preparing their fiscal year 1999
remediation plans due to OMB in December 2000, while 7 told us they had not
done so, and officials from 4 agencies did not know if the strategy had been
implemented. This lack of awareness of OMB?s strategy can result in agency
officials providing less- than- expected attention to the critical issue
of preparing and submitting remediation plans. Without appropriate
attention, agencies have a greater risk of failure when attempting to
implement the plans and the serious weaknesses in the financial management
systems will remain. With the new Presidential Management Agenda,
significant attention is expected to be devoted to these issues. OMB?s
continued leadership will be important to foster effective results.
On August 13, 2001, the JFMIP principals- the Comptroller General, the
Secretary of the Treasury, the Director of OMB, and the Director of OPM- met
to discuss federal financial management reform issues. Commitment and
cooperation among the highest levels of leadership in the federal financial
management community can provide the impetus for accelerating
changes to financial management reform in the federal government. This group
is developing an agenda to address the long- standing challenges discussed
in this report. We anticipate that a number of recommendations and action
items will come from the initiatives contemplated by this group related to
issues such as addressing impediments to an opinion on the U. S.
government?s consolidated financial statements, defining success in
financial management, and modernizing financial management systems.
Conclusions Long- standing problems with agencies? financial systems make it
difficult for the agencies to produce reliable, useful, and timely financial
information and hold managers accountable. Federal managers need this
important information for developing and executing budgets, managing
government programs based on results, and making difficult policy choices.
The extraordinary efforts that many agencies go through to
produce auditable financial statements are not sustainable in the long term.
These efforts use significant resources that could be used for other
important financial- related work.
For these reasons, the widespread systems problems facing the federal
government need top management attention. Sustained management commitment at
the highest levels of government is one of the most important factors in
prompting attention and action on a widespread problem. In addition to top
management commitment, additional refinements to OMB?s FFMIA implementation
guidance are needed to assure consistent and effective implementation of
FFMIA. OMB guidance should address the differing interpretations over (1)
the meaning of
substantial compliance, (2) the nature and extent of audit work necessary to
assess compliance with FFMIA, and (3) whether to provide an opinion on
agency?s systems FFMIA compliance. The size and complexity of many federal
agencies and the discipline needed to overhaul or replace their financial
management systems present a significant challenge- not simply a challenge
to overcome a technical glitch, but a demanding management challenge that
requires attention from
the highest levels of government along with sufficient human capital
resources to effect lasting change. We recognize that it will take time,
investment, and sustained emphasis on correcting deficiencies to improve
federal financial management systems to the level required by FFMIA and to
effectively manage government funds. The significance of the issues facing
agencies, now and in the future, emphasizes the need for detailed
remediation plans. As envisioned by the act, these remediation plans would
help agencies establish seamless systems and processes to routinely
generate reliable, useful, and timely information that would improve
agencies? accountability. Our analysis has shown that many agencies?
remediation plans lack key elements that could preclude the achievement of
establishing seamless systems. Therefore, we reaffirm the
recommendation we made in our prior report that OMB continue to work with
agencies to ensure that the remediation plans include all required elements
and are not making new recommendations at this time related to remediation
plans.
Improvements in federal financial management systems are in some cases a
long- term goal, but with sustained emphasis, the goals of the CFO Act and
FFMIA can be achieved. As mentioned earlier, the heads of GAO, OMB,
Treasury, and OPM recently met to discuss governmentwide financial
management reform issues. The leadership commitment and spirit of
cooperation among these top officials can provide the needed impetus to
accelerate financial management reform in the federal government.
Recommendations for
Given the ongoing efforts of the JFMIP Principals to develop an action
Executive Action
plan, we are making no specific recommendations at this time regarding OMB?s
overall financial management systems strategy, other than to reiterate the
importance of OMB?s continuing leadership in improving
financial management systems. We do recommend that the Director of the
Office of Management and Budget revise OMB?s current FFMIA audit guidance to
require agency auditors to provide a statement of positive assurance
when reporting an agency?s systems to be in substantial compliance with
FFMIA, which entails a more thorough examination of agencies? systems and
thus, amplifies financial managers? awareness of the importance of an
effective and efficient financial management system,
develop additional guidance, in accordance with the FAM, to specify the
expected procedures that auditors should perform when assessing FFMIA
compliance, which clearly outlines (1) the minimum scope of work and (2) the
procedures for auditors to perform in determining whether management has
reliable, timely, and useful financial information for managing day- to- day
operations.
We are also recommending that OMB work with the CFOs, the IGs, and GAO to
explore further clarification of the definition of ?substantial
compliance? to assist auditors and agency management to consistently apply
and evaluate an agency?s systems? FFMIA compliance, and
reiterate that the indicators of compliance in the January 4, 2001, FFMIA
implementation guidance are not meant to be all inclusive. We further
recommend that because of the importance of cost accounting to managers for
measuring the results of program performance, that OMB request that as part
of the FFMIA review, auditors pay special attention to agencies? ability to
meet the requirements of the Managerial Cost Accounting Concepts and
Standards and to report as to whether agencies? systems comply with the
standards.
Agency Comments and In written comments (reprinted in appendix V) on a draft
of this report,
Our Evaluation OMB agreed with our overall observations and conclusions
concerning the
financial management systems weaknesses faced by the federal government and
the need for sustained management commitment at the highest levels in order
to overcome them. OMB stated that good financial
management systems enable managers to have the financial and performance
information necessary to measure and effect current day- today operations
while fully meeting federal reporting requirements. OMB also stated, as
discussed in our report, that improving financial management is one of five
governmentwide initiatives included in the
President?s Management Agenda.
OMB stated that it has begun to reexamine its fundamental approach to
systems development and implementation in the federal government, including
its FFMIA implementation guidance, and believes that more emphasis should be
placed on system performance and results. OMB welcomed our participation on
this effort and we look forward to working with them. As we discuss in our
report, management reform legislation including the CFO Act, GPRA, and
FFMIA, if fully and effectively implemented, will collectively help achieve
strong financial management that provides reliable, timely, and useful
information for decisionmakers.
In its comments, OMB expressed concern as to how our report characterized
the level of testing currently contemplated by OMB Bulletin No. 01- 02. This
was not our intent, and we have clarified our report. OMB stated that
required tests of FFMIA in OMB Bulletin No. 01- 02, coupled with the
requirement to test internal controls over significant systems, results in
more than incidental testing. Our point is that under generally accepted
government auditing standards, auditors need to perform only limited
incidental testing to provide negative assurance. Our concern is that with
negative assurance, the auditor is not saying that they determined the
systems to be substantially compliant, but that the work performed did not
identify instances of noncompliance. We view the law as requiring a
definitive statement as to whether the systems susbstantially complied. It
is important that readers of the audit report understand this distinction,
or they may have a false impression that the auditor is stating that they
found the systems to be substantially compliant. We will continue to work
with OMB on this matter and recognize that we have differing views.
We agree with OMB that reorienting remediation plans towards measurable
performance would force a more integrated enterprisewide approach that
considers both financial and nonfinancial systems that support agency
missions. This provides a needed perspective and helps agencies to adopt an
information technology architecture that includes a well- defined blueprint
for operational and technological change. The Clinger- Cohen Act provides a
foundation that can be followed by agencies as they implement these
important systems initiatives. Remediation plans with sufficient detail,
that are linked to and support as agency?s strategic business plan,
provide a ?road map? for management and staff to resolve financial
management problems and hold managers accountable for needed improvements.
We reiterate the importance of OMB?s leadership as it moves towards bringing
about needed changes in the federal financial
management environment. We also provided excerpts from a draft of this
report to cognizant officials at the 24 CFO Act agencies to obtain oral
comments. Officials from DOT, AID, and Interior expressed concern that the
report did not fully recognize their efforts to address the systems
weaknesses discussed in various parts of our report. In these instances,
these corrective actions occurred after
fiscal year 2000, which is subsequent to the timeframe covered by our
report. Also, it was not our objective to independently assess specific
management actions for the 24 CFO Act agencies. However, in our report we
have acknowledged actions that have been taken throughout government and are
underway to address systems weaknesses.
Interior officials suggested we acknowledge that the weak information
security controls that were used as an example in the draft report have not
compromised financial or personnel data. In this regard, we previously
reported 80 that the Interior?s National Business Center had not fully
established a comprehensive program to routinely monitor access to its
computer facilities and data and to identify and investigate unusual or
suspicious access patterns that could indicate unauthorized access. EPA
officials were concerned that the example in the report related to EPA's
backlog of unliquidated obligations was (1) not reported by EPA?s IG as an
instance of noncompliance with FFMIA, and (2) not an example of the lack of
accurate or timely recording of financial information as
portrayed in the report. Regarding the first concern, as we state in the
report, we included all weaknesses relevant to FFMIA identified by the
80 Information Security: Weak Controls Place Interior?s Financial and other
Data at Risk (GAO- 01- 615, July 2001).
auditors because such problems must be resolved in order for the agencies'
systems to have the data to generate the reliable, useful, and timely
information needed for decision- making. Regarding the second concern, EPA
officials stated that the example in our report illustrates the lack of
timely processing of the deobligation actions and is not an example of the
lack of timely recording of a financial transaction. According to EPA
officials, the deobligation can only take place after an authorizing
official
closes the obligating document. EPA officials stated that the closeout
usually occurs after audits and other administrative requirements are
satisfied. As a result, a large backlog of grants has been awaiting
closeout. In our view, this example illustrates that the lack of timely
deobligations, which trigger the final transactions, can result in
misleading financial information, both at year- end and throughout the year.
NASA officials disagreed with our questioning of its compliance with
FFMIA because of issues related to cost accounting and the lack of an
integrated financial management system. NASA stated that contract cost
reports provided to the agency by its contractors, combined with cost
finding techniques that are permitted under Managerial Cost Accounting
Concepts and Standards, allow NASA to capture all costs related to the
multibillion dollar international space station program. However, as we
highlight and discuss in more detail in our August 31, 2001 report, 81
NASA's systems do not track the cost of individual space station subsystems
or elements. According to agency officials, NASA manages and tracks space
station costs by contract and does not need to know the cost of individual
subsystems or elements to effectively manage the program. However, our work
in this area found that NASA assigns potential and probable future costs in
order to estimate the impact of canceling, deferring, or adding
space station content. These cost estimates often assign the cost of
specific space station subsystems. However, because NASA does not attempt to
track costs by element or subsystem, the agency does not know the actual
cost of completed space station components and is not able to re- examine
its cost estimates for validity once costs have been realized. Further, in
the event of a cost overrun, it would be very difficult to identify which
component prompted the overrun, thus hampering management's ability to make
informed decisions. While cost finding techniques when clearly assigned to
81 NASA: International Space Station and Shuttle Support Cost Limits (GAO-
01- 1000R, August 31, 2001).
outputs are permitted under the Managerial Cost Accounting Concepts and
Standards, NASA appears to not have clearly defined the outputs- in this
case the space station components- to permit recognition and measurement of
costs appropriate for intended purposes, such as holding managers
accountable for differences between budgeted and actual costs. Therefore, it
remains unclear how NASA can conclude it is in compliance with cost
accounting standards.
NASA officials also stated that the fact that NASA does not have an
integrated financial management system does not preclude substantial
compliance with FFMIA. Specifically, they state that NASA's systems taken
as a whole, meet the objectives of FFMIA and the supplemental, compensating
procedures and practices employed by NASA substantially and materially
achieve federal requirements. Nonetheless, NASA reports its financial
management systems as a nonconforming significant area of
management concern because the systems are not fully automated and not fully
integrated. NASA?s labor- intensive, reconciliation/ compilation processes
are due to the fact that it has nonstandard systems that are not integrated
and were not designed to include the SGL accounts. In our view,
systems that are prone to errors and do not adhere to OMB's requirements for
an integrated financial management system as outlined in OMB Circular A-
127, preclude compliance with the goals and requirements of FFMIA. To
illustrate the challenges faced by NASA in trying to provide relatively
straightforward information, as we recently reported, for over 5 months NASA
has been unable to provide us with detailed transaction- based support for
amounts obligated against the space station and shuttle because it maintains
a separate accounting system at each of its nine field centers and
headquarters and cannot readily pull the information together. NASA also
took exception with the way the draft characterizes the centers' financial/
accounting policies, procedures, and practices as unique. NASA
stated that its Financial Management Manual prescribes standard financial
policies, procedures and practices and ensures the centers comply with those
through various quality assessment processes. NASA also added that the field
centers have lower level policies, practices, and procedures unique to each
center based on a center's mission and organization
structure. We agree that NASA's Financial Management Manual prescribes
standard financial policies, procedures, and practices, but our intent in
the report is to convey that each center has a unique operating environment.
This has permitted nonstandardized data formats, and nonintegrated systems,
thus prohibiting the access to readily available reliable, useful, and
timely financial information.
Several agencies also provided technical comments that we incorporated where
appropriate.
We are sending copies of this report to the Chairman, and Ranking Minority
Member, Subcommittee on Oversight of Government Management, Restructuring,
and the District of Columbia, Senate Committee on
Governmental Affairs; and to the Chairman, and Ranking Minority Member,
Subcommittee on Government Efficiency, Financial Management, and
Intergovernmental Relations, House Committee on Government Reform. We also
sending copies to the Director of the Office of Management and
Budget; the Secretary of the Treasury; the heads of the 24 CFO Act agencies;
and agency CFOs and IGs. Copies will also be made available to others upon
request. This report was prepared under the direction of Sally E. Thompson,
Director, Financial Management and Assurance, who may be reached at (202)
512- 9450 or by e- mail at thompsons@ gao. gov if you have any questions.
Staff contacts and other key contributors to this report are listed in
appendix VI.
David M. Walker Comptroller General Of the United States
Appendi xes Publications in the Federal Financial
Appendi x I
Management Systems Requirements Series FFMSR document Issue date
FFMSR- 0 Framework for Federal Financial Management Systems January 1995
FFMSR- 7 Inventory System Requirements June 1995 FFMSR- 8 Managerial Cost
Accounting System Requirements February 1998 JFMIP- SR- 01- 02 Core
Financial System Requirements February 1999 JFMIP- SR- 99- 5 Human Resources
& Payroll Systems Requirements April 1999 JFMIP- SR- 99- 8 Direct Loan
System Requirements June 1999 JFMIP- SR- 99- 9 Travel System Requirements
July 1999 JFMIP- SR- 99- 14 Seized Property and Forfeited Asset Systems
Requirements December 1999 JFMIP- SR- 00- 01 Guaranteed Loan System
Requirements March 2000 JFMIP- SR- 00- 3 Grant Financial System Requirements
June 2000 JFMIP- SR- 00- 4 Property Management Systems Requirements October
2000
Statements of Federal Financial Accounting Concepts, Statements of Federal
Financial
Appendi x II
Accounting Standards, and Interpretations Concepts
SFFAC No. 1 Objectives of Federal Financial Reporting
SFFAC No. 2 Entity and Display
SFFAC No. 3 Management?s Discussion and Analysis
Effective for fiscal Standards year a
SFFAS No. 1 Accounting for Selected Assets and Liabilities 1994 SFFAS No. 2
Accounting for Direct Loans and Loan Guarantees 1994 SFFAS No. 3 Accounting
for Inventory and Related Property 1994 SFFAS No. 4 Managerial Cost
Accounting Concepts and Standards 1998 SFFAS No. 5 Accounting for
Liabilities of the Federal Government 1997 SFFAS No. 6 Accounting for
Property, Plant, and Equipment 1998 SFFAS No. 7 Accounting for Revenue and
Other Financing Sources 1998 SFFAS No. 8 Supplementary Stewardship Reporting
1998 SFFAS No. 9 Deferral of the Effective Date of Managerial Cost
Accounting Standards for the Federal
1998
Government in SFFAS No. 4 SFFAS No. 10 Accounting for Internal Use Software
2001 SFFAS No. 11 Amendments to Accounting for Property, Plant, and
Equipment- Definitional Changes 1999 SFFAS No. 12 Recognition of Contingent
Liabilities Arising from Litigation: An Amendment of SFFAS No. 5,
1998
Accounting for Liabilities of the Federal Government SFFAS No. 13 Deferral
of Paragraph 65- 2- Material Revenue- Related Transactions Disclosures 1999
SFFAS No. 14 Amendments to Deferred Maintenance Reporting 1999 SFFAS No. 15
Management?s Discussion and Analysis 2000 SFFAS No. 16 Amendments to
Accounting for Property, Plant, and Equipment 2000 SFFAS No. 17 Accounting
for Social Insurance 2000 SFFAS No. 18 Amendments to Accounting Standards
for Direct Loans and Loan Guarantees in SFFAS No. 2 2001 SFFAS No. 19
Technical Amendments to Accounting Standards for Direct Loans and Loan
Guarantees in
2003
SFFAS No. 2 Interpretations
No. 1 Reporting on Indian Trust Funds
No. 2 Accounting for Treasury Judgment Fund Transactions
No. 3 Measurement Date for Pension and Retirement Health Care Liabilities
No. 4 Accounting for Pension Payments in Excess of Pension Expense
No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue
a Effective dates do not apply to Statements of Federal Financial Accounting
Concepts and Interpretations.
Appendi x I II
AAPC Technical Releases Technical release AAPC release date
TR- 1 Audit Legal Letter Guidance March 1, 1998 TR- 2 Environmental
Liabilities Guidance March 15, 1998 TR- 3 Preparing and Auditing Direct Loan
and Loan Guarantee Subsidies Under the Federal
July 31, 1999
Credit Reform Act TR- 4 Reporting on Non- Valued Seized and Forfeited
Property July 31, 1999 TR- 5 Implementation Guidance on SFFAS No. 10:
Accounting for Internal Use Software May 14, 2001
Checklists for Reviewing Systems Under the Federal Financial Management
Improvement
Appendi x I V
Act Checklist Issue date
GAO/ AIMD- 98- 21. 2. 1 Framework for Federal Financial Management System
Checklist May 1998 GAO/ AIMD- 00- 21. 2. 2 Core Financial System
Requirements Checklist February 2000 GAO/ AIMD- 00- 21. 2. 3 Human Resources
and Payroll Systems Requirements Checklist March 2000 GAO/ AIMD- 98- 21. 2.
4 Inventory System Checklist May 1998 GAO/ 01- 99G Seized Property and
Forfeited Assets Systems Requirements Checklist October 2000 GAO/ AIMD- 21-
2. 6 Direct Loan System Requirements Checklist April 2000 GAO/ AIMD- 21.2. 8
Travel System Requirements Checklist May 2000 GAO/ AIMD- 99- 21. 2. 9 System
Requirements for Managerial Cost Accounting Checklist January 1999 GAO- 01-
371G Guaranteed Loan System Requirements Checklist March 2001 GAO- 01- 911G
Grant Financial System Requirements Checklist September 2001
Comments From the Office of Management
Appendi x V and Budget
Appendi x VI
GAO Contacts and Staff Acknowledgements GAO Contacts Sally E. Thompson,
(202) 512- 9450 Kay L. Daly, (202) 512- 9312 Acknowledgements In addition to
those named above, Lee Carroll, Cary Chappell, Richard
Harada, Rosa R. Harris, Lisa Knight, Steve Lowrey, Meg Mills, Karlin
Richardson, and Sandra S. Silzer made key contributions to this report.
(190006) Lett er
GAO?s Mission The General Accounting Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of
the federal government for the American people. GAO examines the use of
public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance to
help Congress make informed oversight, policy, and funding decisions. GAO?s
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents is through the Internet. GAO?s Web site (www. gao. gov) contains
abstracts and full- text files of GAO Reports and current reports and
testimony and an expanding archive of older products. The Testimony Web site
features a search engine to help you locate documents using key words and
phrases. You can print these documents in their entirety, including charts
and other graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as ?Today?s Reports,? on its Web
site daily. The list contains links to the full- text document files. To
have GAO E- mail this list to you every afternoon, go to our home page and
complete the easy- to- use electronic order form found under ?To Order GAO
Products.?
Order by Mail or Phone The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out to
the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:
U. S. General Accounting Office P. O. Box 37050 Washington, D. C. 20013
To order by Phone: Voice: (202) 512- 6000 TDD: (301) 413- 0006 Fax: (202)
258- 4066
Visit GAO?s Document GAO Building Distribution Center
Room 1100, 700 4th Street, NW (corner of 4th and G Streets, NW) Washington,
D. C. 20013
To Report Fraud, Contact: Waste, and Abuse in
Web site: www. gao. gov/ fraudnet/ fraudnet. htm, E- mail: fraudnet@ gao.
gov, or
Federal Programs 1- 800- 424- 5454 (automated answering system).
Public Affairs Jeff Nelligan, Managing Director, NelliganJ@ gao. gov (202)
512- 4800 U. S. General Accounting Office, 441 G. Street NW, Room 7149,
Washington, D. C. 20548
a
GAO United States General Accounting Office
Page i GAO- 02- 29 FFMIA FY 2000 Results
Contents
Contents
Page ii GAO- 02- 29 FFMIA FY 2000 Results
Contents
Page iii GAO- 02- 29 FFMIA FY 2000 Results
Contents
Page iv GAO- 02- 29 FFMIA FY 2000 Results
Page 1 GAO- 02- 29 FFMIA FY 2000 Results United States General Accounting
Office
Washington, D. C. 20548 Comptroller General
of the United States A
Page 2 GAO- 02- 29 FFMIA FY 2000 Results
Page 3 GAO- 02- 29 FFMIA FY 2000 Results
Page 4 GAO- 02- 29 FFMIA FY 2000 Results
Page 5 GAO- 02- 29 FFMIA FY 2000 Results
Page 6 GAO- 02- 29 FFMIA FY 2000 Results
Page 7 GAO- 02- 29 FFMIA FY 2000 Results
Page 8 GAO- 02- 29 FFMIA FY 2000 Results
Page 9 GAO- 02- 29 FFMIA FY 2000 Results
Page 10 GAO- 02- 29 FFMIA FY 2000 Results
Page 11 GAO- 02- 29 FFMIA FY 2000 Results
Page 12 GAO- 02- 29 FFMIA FY 2000 Results
Page 13 GAO- 02- 29 FFMIA FY 2000 Results
Page 14 GAO- 02- 29 FFMIA FY 2000 Results
Page 15 GAO- 02- 29 FFMIA FY 2000 Results
Page 16 GAO- 02- 29 FFMIA FY 2000 Results
Page 17 GAO- 02- 29 FFMIA FY 2000 Results
Page 18 GAO- 02- 29 FFMIA FY 2000 Results
Page 19 GAO- 02- 29 FFMIA FY 2000 Results
Page 20 GAO- 02- 29 FFMIA FY 2000 Results
Page 21 GAO- 02- 29 FFMIA FY 2000 Results
Page 22 GAO- 02- 29 FFMIA FY 2000 Results
Page 23 GAO- 02- 29 FFMIA FY 2000 Results
Page 24 GAO- 02- 29 FFMIA FY 2000 Results
Page 25 GAO- 02- 29 FFMIA FY 2000 Results
Page 26 GAO- 02- 29 FFMIA FY 2000 Results
Page 27 GAO- 02- 29 FFMIA FY 2000 Results
Page 28 GAO- 02- 29 FFMIA FY 2000 Results
Page 29 GAO- 02- 29 FFMIA FY 2000 Results
Page 30 GAO- 02- 29 FFMIA FY 2000 Results
Page 31 GAO- 02- 29 FFMIA FY 2000 Results
Page 32 GAO- 02- 29 FFMIA FY 2000 Results
Page 33 GAO- 02- 29 FFMIA FY 2000 Results
Page 34 GAO- 02- 29 FFMIA FY 2000 Results
Page 35 GAO- 02- 29 FFMIA FY 2000 Results
Page 36 GAO- 02- 29 FFMIA FY 2000 Results
Page 37 GAO- 02- 29 FFMIA FY 2000 Results
Page 38 GAO- 02- 29 FFMIA FY 2000 Results
Page 39 GAO- 02- 29 FFMIA FY 2000 Results
Page 40 GAO- 02- 29 FFMIA FY 2000 Results
Page 41 GAO- 02- 29 FFMIA FY 2000 Results
Page 42 GAO- 02- 29 FFMIA FY 2000 Results
Page 43 GAO- 02- 29 FFMIA FY 2000 Results
Page 44 GAO- 02- 29 FFMIA FY 2000 Results
Page 45 GAO- 02- 29 FFMIA FY 2000 Results
Page 46 GAO- 02- 29 FFMIA FY 2000 Results
Page 47 GAO- 02- 29 FFMIA FY 2000 Results
Page 48 GAO- 02- 29 FFMIA FY 2000 Results
Page 49 GAO- 02- 29 FFMIA FY 2000 Results
Page 50 GAO- 02- 29 FFMIA FY 2000 Results
Page 51 GAO- 02- 29 FFMIA FY 2000 Results
Page 52 GAO- 02- 29 FFMIA FY 2000 Results
Page 53 GAO- 02- 29 FFMIA FY 2000 Results
Page 54 GAO- 02- 29 FFMIA FY 2000 Results
Page 55 GAO- 02- 29 FFMIA FY 2000 Results
Page 56 GAO- 02- 29 FFMIA FY 2000 Results
Page 57 GAO- 02- 29 FFMIA FY 2000 Results
Page 58 GAO- 02- 29 FFMIA FY 2000 Results
Page 59 GAO- 02- 29 FFMIA FY 2000 Results
Page 60 GAO- 02- 29 FFMIA FY 2000 Results
Page 61 GAO- 02- 29 FFMIA FY 2000 Results
Page 62 GAO- 02- 29 FFMIA FY 2000 Results
Appendix I
Page 63 GAO- 02- 29 FFMIA FY 2000 Results
Appendix II
Page 64 GAO- 02- 29 FFMIA FY 2000 Results
Appendix III
Page 65 GAO- 02- 29 FFMIA FY 2000 Results
Appendix IV
Page 66 GAO- 02- 29 FFMIA FY 2000 Results
Appendix V
Appendix V Comments From the Office of Management and Budget
Page 67 GAO- 02- 29 FFMIA FY 2000 Results
Page 68 GAO- 02- 29 FFMIA FY 2000 Results
Appendix VI
United States General Accounting Office Washington, D. C. 20548- 0001
Official Business Penalty for Private Use $300
Address Correction Requested Presorted Standard
Postage & Fees Paid GAO Permit No. GI00
*** End of document. ***