Financial Management: Sustained Efforts Needed to Achieve FFMIA  
Accountability (30-SEP-03, GAO-03-1062).			 
                                                                 
The ability to produce the data needed to efficiently and	 
effectively manage the day-to-day operations of the federal	 
government and provide accountability to taxpayers has been a	 
long-standing challenge to most federal agencies. To help address
this challenge, the Federal Financial Management Improvement Act 
of 1996 (FFMIA) requires the 24 Chief Financial Officers Act	 
agencies to implement and maintain financial management systems  
that comply substantially with (1) federal financial management  
systems requirements, (2) federal accounting standards, and (3)  
the U.S. Government Standard General Ledger (SGL). FFMIA also	 
requires GAO to report annually on the implementation of the act.
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-03-1062					        
    ACCNO:   A08630						        
  TITLE:     Financial Management: Sustained Efforts Needed to Achieve
FFMIA Accountability						 
     DATE:   09/30/2003 
  SUBJECT:   Accountability					 
	     Accounting standards				 
	     Data collection					 
	     Financial management				 
	     Strategic planning 				 
	     Financial management systems			 
	     Reporting requirements				 
	     Noncompliance					 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-03-1062

United States General Accounting Office

GAO

                       Report to Congressional Requesters

September 2003

FINANCIAL MANAGEMENT

            Sustained Efforts Needed to Achieve FFMIA Accountability

We revised this document on 11/12/03 to correct electronic Web links on
pages 11, 32, 53, 62, and 67.

                                       a

GAO-03-1062

Highlights of GAO-03-1062, a report to the Senate Committee on
Governmental Affairs and the House Committee on Government Reform

The ability to produce the data needed to efficiently and effectively
manage the day-to-day operations of the federal government and provide
accountability to taxpayers has been a long-standing challenge to most
federal agencies. To help address this challenge, the Federal Financial
Management Improvement Act of 1996 (FFMIA) requires the 24 Chief Financial
Officers Act agencies to implement and maintain financial management
systems that comply substantially with (1) federal financial management
systems requirements, (2) federal accounting standards, and (3) the U.S.
Government Standard General Ledger (SGL). FFMIA also requires GAO to
report annually on the implementation of the act.

GAO reaffirms its prior recommendations that OMB revise its FFMIA audit
testing and reporting guidance to:

(1) include a statement of

positive assurance when

reporting an agency's systems

to be in substantial

compliance with FFMIA, and

(2) clarify the definition of

"substantial compliance" to

promote consistent reporting

of FFMIA compliance. As in the past, OMB did not agree with our view on
the need for auditors to provide positive assurance on FFMIA, but agreed
to consider clarifying the definition of "substantial compliance" in
future policy and guidance updates.

www.gao.gov/cgi-bin/getrpt?GAO-03-1062.

To view the full product, including the scope and methodology, click on
the link above. For more information, contact Sally Thompson
(202)-512-9450 or [email protected].

September 2003

FINANCIAL MANAGEMENT

Sustained Efforts Needed to Achieve FFMIA Accountability

Federal agencies are making progress to address financial management
systems weaknesses. At the same time, for fiscal year 2002, 19 of the 24
CFO Act agency inspectors general or their contract auditors reported that
these agencies' financial management systems did not comply with FFMIA.
The nature and seriousness of the reported problems indicate that,
generally, agency management does not yet have the full range of reliable
information needed for accountability, performance reporting, and decision
making. As shown in the chart below, audit reports highlight six recurring
problems that have been consistently reported for those agencies whose
auditors reported noncompliant systems.

Problems Reported by Auditors for Fiscal Years 2000 through 2002

Following OMB's reporting guidance, auditors for 5 agencies provided
negative assurance on agency systems' FFMIA compliance for fiscal year
2002. This means that nothing came to their attention indicating that
these agencies' financial management systems did not meet FFMIA
requirements. GAO does not believe that this type of reporting is
sufficient for reporting under the act. FFMIA requires the auditor to
state "whether" the agency systems are in substantial compliance, which in
our view, requires the auditor to perform sufficient audit tests to be
able to provide positive assurance.

Agencies have recognized the seriousness of their financial systems
weaknesses, and as of September 30, 2002, 17 of the 24 CFO Act agencies
were planning to or were implementing a new core financial system. It is
imperative that agencies adopt leading practices, such as top management
commitment and business process reengineering, to ensure successful
systems implementation.

The JFMIP Principals, congressional oversight, and the President's
Management Agenda are driving governmentwide initiatives to transform
federal financial management. Modernization of agency financial systems
and continued attention is needed to sustain momentum on these
initiatives.

Contents

  Letter

Results in Brief
Background
Scope and Methodology
Continued Systems Weaknesses Impair Financial Management

Accountability Agency Efforts to Implement New Financial Systems
Successful Implementation of Financial Management Systems Is

Key for Improved Financial Reporting Status of Governmentwide Financial
Management Improvement

Efforts Conclusions Agency Comments and Our Evaluation

                                                                     1 2 8 11

13 34

37

42 52 54

Appendixes

                                       Appendix I: Appendix II: Appendix III:

Appendix IV: Appendix V:

Appendix VI: Appendix VII:

Requirements and Standards Supporting Federal Financial Management

Publications in the Federal Financial Management Systems Requirements
Series

Statements of Federal Financial Accounting Concepts, Statements of Federal
Financial Accounting Standards, and Interpretations

AAPC Technical Releases

Checklists for Reviewing Systems under the Federal Financial Management
Improvement Act

Comments from the Office of Management and Budget

GAO Contacts and Staff Acknowledgments

GAO Contacts Acknowledgments

                                       58

                                       63

                                     64 66

67

68

70 70 70

    Table      Table 1: Agency Status and Progress Scores for the Improved 
                          Financial Performance Initiative                 52 
Figures   Figure 1: Problems Reported by Auditors for Fiscal Years 2000    
                                                              through 2002  4
                 Figure 2: Pyramid to Accountability and Useful Management 
                                     Information                           10 

Contents

Figure 3: Auditors' FFMIA Assessments for Fiscal Years 2000, 2001,

and 2002 14 Figure 4: Problems Reported by Auditors for Fiscal Years 2000

through 2002 19 Figure 5: Agency Target Dates for Implementation of Core

Financial Systems as of September 30, 2002 36 Figure 6: Agency Systems
Architecture 59

Abbreviations

AAPC Accounting and Auditing Policy Committee
AID Agency for International Development
BPN Business Partner Network
CAP Commercial Activities Panel
CFO chief financial officer
CIM Corporate Information Management
COTS commercial off-the-shelf
DAFIS Departmental Accounting and Financial Information

System DHS Department of Homeland Security DOD Department of Defense DOL
Department of Labor DOT Department of Transportation E-gov Electronic
Government Initiative EPA Environmental Protection Agency FAA Federal
Aviation Administration FAM Financial Audit Manual FASAB Federal
Accounting Standards Advisory Board FEA Federal Enterprise Architecture
FEAPMO Federal Enterprise Architecture Program Management

Office FEMA Federal Emergency Management Agency FFMIA Federal Financial
Management Improvement Act FFMSR Federal Financial Management Systems
Requirements FHA Federal Housing Administration FIA Federal Managers'
Financial Integrity Act FISMA Federal Information Security Management Act
FMIS Fiscal Management Information System FTA Federal Transit
Administration GAAP generally accepted accounting principles

Contents

GISRA Government Information Security Reform
GSA General Services Administration
HHS Department of Health and Human Services
HUD Department of Housing and Urban Development
HUDCAPS Department of Housing and Urban Development Central

Accounting and Program System IAE Integrated Acquisition Environment IFMP
Integrated Financial Management Program IG inspector general IT
information technology JFMIP Joint Financial Management Improvement
Program NASA National Aeronautics and Space Administration NRC Nuclear
Regulatory Commission NSF National Science Foundation OMB Office of
Management and Budget OPM Office of Personnel Management PART Program
Assessment Rating Tool PCIE President's Council on Integrity and
Efficiency PMA President's Management Agenda PMO Program Management Office
SBA Small Business Administration SFFAC Statement of Federal Financial
Accounting Concepts SFFAS Statement of Federal Financial Accounting
Standards SGL U.S. Government Standard General Ledger SSA Social Security
Administration

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

Comptroller General of the United States

United States General Accounting Office Washington, D.C. 20548

September 30, 2003

The Honorable Susan M. Collins
Chairman
The Honorable Joseph I. Lieberman
Ranking Minority Member
Committee on Governmental Affairs
United States Senate

The Honorable Tom Davis
Chairman
The Honorable Henry A. Waxman
Ranking Minority Member
Committee on Government Reform
House of Representatives

The ability to produce the data needed to efficiently and effectively
manage
the day-to-day operations of the federal government and provide
accountability to taxpayers and the Congress has been a long-standing
challenge at most federal agencies. To address this challenge, the Chief
Financial Officers (CFO) Act of 19901 calls for the modernization of
financial management systems, so that the systematic measurement of
performance, the development of cost information, and the integration of
program, budget, and financial information for management reporting can
be achieved.

The Federal Financial Management Improvement Act of 1996 (FFMIA)2
builds on the foundation laid by the CFO Act by emphasizing the need for
agencies to have systems that can generate reliable, useful, and timely
information with which to make fully informed decisions and to ensure
accountability on an ongoing basis. FFMIA requires the major departments

1Pub. L. No. 101-576, 104 Stat. 2838 (1990).

2Title VIII of Public Law 104-208 is entitled the Federal Financial
Management Improvement Act of 1996.

and agencies covered by the CFO Act3 to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards,4 and (3) the U.S. Government Standard General Ledger (SGL)5 at
the transaction level. FFMIA also requires auditors to report in their CFO
Act financial statement audit reports whether the agencies' financial
management systems substantially comply with FFMIA's systems requirements.
We are required to report annually on the implementation of the act. This,
our seventh annual report, discusses (1) auditors' FFMIA assessments for
fiscal year 2002 and the problems, reported by the auditors, that continue
to impair agency accountability, (2) agency efforts to implement financial
systems, (3) key characteristics of successful systems implementation
efforts and the challenges federal agencies face, and (4) the status of
federal financial management improvement efforts.

Results in Brief	Federal agencies are making progress to address financial
management systems weaknesses. At the same time, the results of the fiscal
year 2002 FFMIA assessments performed and reported by the 24 CFO Act
agency inspectors general (IG) or their contract auditors show that most
agencies' financial management systems continue to have shortcomings.
While much more severe at some agencies than others, the nature and
seriousness of the reported problems indicate that, generally, agency
management does not yet have the full range of reliable information needed
for accountability, performance reporting, and decision making.

3There were initially 24 CFO Act agencies (see footnote 1 above). The
Federal Emergency Management Agency (FEMA), one of the 24 CFO Act
agencies, was subsequently transferred to the new Department of Homeland
Security (DHS) effective March 1, 2003. With this transfer, FEMA will no
longer be required to prepare audited stand-alone financial statements
under the CFO Act. We included FEMA in our review because FEMA was a CFO
Act agency as of September 30, 2002. DHS must prepare audited financial
statements under the Accountability of Tax Dollars Act of 2002, because it
is a "covered executive agency" for purposes of 31 U.S.C. 3515. However,
DHS was not established as a CFO Act agency and therefore is not subject
to FFMIA.

4The American Institute of Certified Public Accountants recognizes the
federal accounting standards promulgated by the Federal Accounting
Standards Advisory Board (FASAB) as generally accepted accounting
principles (GAAP).

5The SGL provides a standard chart of accounts and standardized
transactions that agencies are to use in all their financial systems.

Auditors for 19 of the 24 CFO Act agencies reported that their agencies'
financial management systems did not comply substantially with one or more
of the three FFMIA requirements for fiscal year 2002. Auditors'
assessments of financial systems' compliance with FFMIA for fiscal years
2001 and 2002 differed for three agencies. Auditors for the Environmental
Protection Agency (EPA) and the National Science Foundation (NSF) reported
that these agencies' systems were in substantial compliance6 for fiscal
year 2002, a change from the fiscal year 2001 assessments. Auditors for
the Department of Labor (DOL) concluded that the department's systems were
not in substantial compliance with the managerial cost standard and thus
not in compliance with FFMIA-also a changed assessment from fiscal year
2001.

Based on our review of the fiscal year 2002 audit reports for the 19
agencies reported to have noncompliant systems, we identified six
continuing, primary problems that affect FFMIA compliance. As a result of
these reported problems, most agencies' financial management systems are
not yet able to routinely produce reliable, useful, and timely financial
information. For example, agency financial management systems are required
to produce information on the full cost of programs and projects.
Currently, some agencies are only able to provide cost accounting
information at a high level, but not that needed to evaluate programs and
activities on their full costs and merits as envisioned by FFMIA. Agencies
are experimenting with methods of accumulating and assigning costs to
obtain the managerial cost information needed to enhance programs, improve
processes, establish fees, develop budgets, prepare financial reports,
make competitive sourcing decisions, and report on performance.

6Auditors for these two agencies provided negative assurance of FFMIA
compliance, meaning that nothing came to their attention indicating that
the financial management systems did not meet FFMIA requirements.

Figure 1: Problems Reported by Auditors for Fiscal Years 2000 through 2002

Auditors for the remaining five agencies-the Department of Energy, EPA,
the General Services Administration (GSA), NSF, and the Social Security
Administration (SSA)-provided negative assurance in reporting on FFMIA
compliance for fiscal year 2002. In their respective reports, they
included language stating that while they did not opine as to FFMIA
compliance, nothing came to their attention during the course of their
planned procedures indicating that these agencies' financial management
systems did not meet FFMIA requirements. If readers do not understand the
concept of negative assurance, which is the type of reporting specified in
the Office of Management and Budget's (OMB) auditing guidance, they may
have gained an incorrect impression that these systems have been fully
tested by the auditors and found to be substantially compliant. Because
the act requires auditors to "report whether" agency systems are
substantially compliant, we believe the auditor needs to provide positive
assurance, which would be a definitive statement as to whether agency
financial management systems substantially comply with FFMIA, as required
under the statute. This is what we will do for the financial

statement audits we perform when reporting that an entity's financial
management systems were in substantial compliance. To provide positive
assurance, auditors need to consider many other aspects of financial
management systems than those applicable for the purposes of rendering an
opinion on the financial statements.

Across government, agencies have many efforts underway to implement or
upgrade financial systems to alleviate long-standing problems in financial
management. As of September 30, 2002, 17 agencies7 advised us that they
were planning to or were in the process of implementing a new core
financial system.8 Target implementation dates for 16 of these 17 agencies
ranged from fiscal year 2003 to fiscal year 2008. The remaining agency,
the Department of Defense (DOD), had not yet determined its target date
for full implementation. Under OMB Circular A-127, agencies are required
to purchase commercial off-the-shelf (COTS) packages sold by vendors whose
core financial systems software have been certified.9 Some of the key
factors that affect the FFMIA compliance of an implemented COTS package
include how the software works in the agency's environment, whether any
customizations or modifications10 have been made to the software, and the
success of converting data from legacy systems to new systems.

Successful implementation efforts of financial management systems are
supported by the presence of several key characteristics, which apply to
both the public and private sectors. These characteristics include, among

7U.S. General Accounting Office, Core Financial Systems at the 24 Chief
Financial Officers Act Agencies, GAO-03-903R (Washington, D.C.: June 27,
2003).

8Core financial systems, as defined by the Joint Financial Management
Improvement Program (JFMIP), include managing general ledger, funding,
payments, receivables, and certain basic cost functions. Core financial
systems receive data from other financial and feeder systems-such as
acquisition, grant, and human resource and payroll systems-as well as from
direct user input, and provide data for financial performance measurement
and analysis and for financial statement preparation.

9The Program Management Office, managed by the Executive Director of the
JFMIP, with funds provided by the CFO Council agencies, tests vendor COTS
packages and certifies that they meet certain federal financial management
system requirements for core financial systems.

10Customization is the process of setting parameters within an application
to make it operate in accordance with the entity's business rules.
Customizations are normally supported by vendors in subsequent upgrades.
Modification is the process of writing or changing code and modifications
are not supported by vendors in subsequent upgrades.

others: (1) involvement by the users, (2) support of executive management,
(3) leadership provided by experienced project managers, (4) clear
definition and management of project requirements, (5) proper planning,
and (6) realistic expectations. Conversely, financial systems
implementation projects are often hindered by the lack of executive
support, poor communication between managers and stakeholders, poor
estimation and planning, and poor documentation and updating of user
requirements.

Agencies who have or are implementing new financial management systems
have faced some of the challenges mentioned above. For example, the
National Aeronautics and Space Administration (NASA) began its Integrated
Financial Management Program (IFMP) in April 2000, its third attempt in
recent years at modernizing financial management processes and systems.
NASA's previous two efforts were eventually abandoned after a total of 12
years and a reported $180 million in spending. We recently reported11 that
NASA is not following key best practices for acquiring and implementing
the IFMP and therefore faces increased risk of a third unsuccessful
attempt to transform its financial management and business operations. DOD
has begun and suspended a number of departmentwide reform initiatives to
improve its financial operations as well as other key business support
processes. While these initiatives produced some incremental improvements,
they did not result in the fundamental reform necessary to resolve these
long-standing management challenges. Our recent reports12 highlight
investment management and project weaknesses at DOD. As we recently
reported,13 Secretary of Defense Rumsfeld has initiated a program to
transform DOD's business processes, including establishing a new
management structure to oversee reform efforts. While DOD has already
taken a number of positive actions, it has not yet

11U.S. General Accounting Office, Business Modernization: Improvements
Needed in Management of NASA's Integrated Financial Management Program,
GAO-03-507 (Washington, D.C.: Apr. 30, 2003).

12U.S. General Accounting Office, DOD Business Systems Modernization:
Continued Investment in Key Accounting Systems Needs to Be Justified,
GAO-03-465 (Washington, D.C.: Mar. 28, 2003), and DOD Business Systems
Modernization: Improvements to Enterprise Architecture Development and
Implementation Efforts Needed, GAO-03-458 (Washington, D.C.: Feb. 28,
2003).

13U.S. General Accounting Office, Department of Defense: Status of
Financial Management Weaknesses and Progress Toward Reform, GAO-03-931T
(Washington, D.C.: June 2003).

developed an overarching plan tying key reform efforts together in an
integrated program.

Modern financial management systems are needed to produce reliable data
for competitive sourcing and congressional decisions on the budget, as
well as managing day-to-day operations. The JFMIP Principals,14
congressional oversight, and the President's Management Agenda (PMA) are
the driving forces behind several governmentwide efforts now underway to
improve federal financial management. For example, in fiscal year 2002,
the JFMIP Principals continued the series of regular, deliberative
meetings that focused on key financial management reform issues. The
Congress has demonstrated leadership in improving federal financial
management by enacting laws and through oversight hearings. The PMA, being
implemented by the administration as an agenda for improving the
management and performance of the federal government, targets the most
apparent deficiencies where the opportunity to improve performance is the
greatest. The PMA includes five crosscutting initiatives, which are (1)
improved financial performance, (2) strategic human capital management,
(3) competitive sourcing, (4) expanded electronic government, and (5)
budget and performance integration.

Several current governmentwide financial management improvement efforts
are directly related to the PMA's five crosscutting initiatives. For
example, arising from the electronic government initiative (e-gov), OMB
has established the Federal Enterprise Architecture Program Management
Office (FEAPMO), which is developing a federal enterprise architecture to
enable agencies to derive maximum benefit from applying information
technology (IT) to their missions. These types of efforts, aside from
systems enhancement, can also lead to positive cost reduction outcomes.
Moreover, as part of the e-gov initiative, the number of government
entities processing the federal civilian payroll is being reduced from 22
to 2 to standardize business processes and realize economies of scale.
Related to PMA's crosscutting initiative to integrate budget and
performance information, the administration has introduced a formal
assessment tool in its deliberations, the Program Assessment Rating Tool
(PART) to use performance information more explicitly in formulating the
federal budget. OMB, for PMA's competitive sourcing initiative, recently
released a revised Circular A-76, which is generally consistent with the
principles and

14The JFMIP Principals are the Secretary of the Treasury, the Directors of
OMB and the Office of Personnel Management (OPM), and the Comptroller
General of the United States.

recommendations made by the Commercial Activities Panel (CAP). As we
recently testified,15 implementation of the competitive sourcing
initiative will be challenging for many agencies. The modernization of
agency financial management systems is critical to the success of all of
these initiatives.

We reaffirm our prior recommendations16 aimed at enhancing OMB's audit
guidance related to FFMIA assessments. Specifically, we recommended that
OMB (1) require agency auditors to provide a statement of positive
assurance when reporting an agency's systems to be in substantial
compliance with FFMIA, and (2) further clarify the definition of
"substantial compliance" to encourage consistent reporting. In commenting
on a draft of this report, OMB agreed with our view that financial
management success encompasses more than agencies receiving unqualified
opinions on their financial statements. As in previous years, we and OMB
have differing views on the level of audit assurance necessary for
assessing compliance with FFMIA. We will continue to work with OMB on this
issue. Our detailed evaluation of OMB's comments can be found at the end
of this letter.

Background	FFMIA and other financial management reform legislation have
emphasized the importance of improving financial management across the
federal government. The primary purpose of FFMIA is to ensure that agency
financial management systems routinely generate timely, accurate, and
useful information. With such information, government leaders will be
better positioned to invest resources, reduce costs, oversee programs, and
hold agency managers accountable for the way they run government programs.
Financial management systems' compliance with federal financial management
systems requirements, applicable accounting standards, and the SGL are
building blocks to help achieve these goals.

15U.S. General Accounting Office, Competitive Sourcing: Implementation
Will Be Challenging for Federal Agencies, GAO-03-1022T (Washington, D.C.:
July 24, 2003).

16U.S. General Accounting Office, Financial Management: FFMIA
Implementation Critical for Federal Accountability, GAO-02-29 (Washington,
D.C.: Oct. 1, 2001).

Beginning in 1990, the Congress has passed management reform legislation
to improve the general and financial management of the federal government.
As shown in figure 2, the combination of reforms ushered in by the (1) CFO
Act of 1990, (2) Government Performance and Results Act of 1993, (3)
Government Management Reform Act of 1994, (4) FFMIA, (5) Clinger-Cohen Act
of 1996, and (6) Accountability of Tax Dollars Act of 2002,17 if
successfully implemented, provides a basis for improving accountability of
government programs and operations as well as routinely producing valuable
cost and operating performance information.

Figure 2 shows the three levels of the pyramid that result in the end
goal, accountability and useful management information. The bottom level
of the pyramid is the legislative framework that underpins the improvement
of the general and financial management of the federal government. The
second level shows the drivers that build on the legislative requirements
and influence agency actions to meet these requirements. The three drivers
are the (1) PMA, (2) congressional and other oversight, and (3) the
activities of the JFMIP Principals. The third level of the pyramid
represents the key success factors for accountability and meaningful
management information-integrating core and feeder financial systems,
producing reliable financial and performance data for reporting, and
ensuring effective internal control. The result of these three levels, as
shown at the top of the pyramid, is accountability and meaningful
management information needed to assess and improve the government's
effectiveness, financial condition, and operating performance.

17The Accountability of Tax Dollars Act of 2002 extends the requirement to
prepare and submit audited financial statements to most executive agencies
not subject to the CFO Act unless exempted by OMB. However, these agencies
are not required to have systems that are compliant with FFMIA.

Figure 2: Pyramid to Accountability and Useful Management Information

OMB sets governmentwide financial management policies and requirements and
currently has two sources of guidance related to FFMIA. First, OMB
Bulletin No. 01-02, Audit Requirements for Federal Financial Statements,
dated October 16, 2000, prescribes specific language auditors should use
when reporting on an agency system's substantial compliance with FFMIA.
Specifically, this guidance calls for auditors to provide negative
assurance when reporting on an agency system's FFMIA compliance. Second,
in a January 4, 2001, Memorandum, Revised Implementation Guidance for the
Federal Financial Management Improvement Act, OMB provided guidance for
agencies and auditors to use in assessing substantial compliance. The
guidance describes the factors that should be considered in determining an
agency's systems compliance with FFMIA. In addition, examples are provided
in the guidance as to the types of indicators that should be used as a
basis in assessing whether an agency's systems are in substantial
compliance with each of the three FFMIA requirements. The guidance also
discusses the corrective action

                                  Source: GAO.

FFMIA Guidance Issued by OMB

plans, to be developed by agency heads, for bringing their systems into
compliance with FFMIA.

Financial Audit Manual

Section on FFMIA

Relating to our recommendation18 that OMB develop specific procedures
auditors should perform when assessing FFMIA compliance, we worked with
representatives from the President's Council on Integrity and Efficiency
(PCIE) to develop a section for the joint GAO/PCIE Financial Audit Manual
(FAM). This section, part of the FAM update issued in April 2003, includes
detailed audit steps for testing agency systems' substantial compliance
with FFMIA. The FAM guidance on FFMIA assessments recognizes that while
financial statement audits offer some assurances regarding FFMIA
compliance, auditors should design and implement additional testing to
satisfy FFMIA criteria. For example, in performing financial statement
audits, auditors generally focus on the capability of the financial
management systems to process and summarize financial information that
flows into agency financial statements. In contrast, FFMIA requires
auditors to assess whether an agency's financial management systems comply
with system requirements. To do this, auditors need to consider whether
agency systems provide complete, accurate, and timely information for
managing day-to-day operations so that agency managers would have the
necessary information to measure performance on an ongoing basis rather
than just at year-end.

Scope and Methodology

We reviewed the fiscal year 2002 financial statement audit reports for the
24 CFO Act agencies to identify the (1) auditors' assessments of agency
financial systems' compliance, (2) problems that affect FFMIA compliance,
and (3) agency management's FFMIA assessments. While we did not
independently verify or test the data in the agency audit reports or make
efforts to validate auditor conclusions regarding agency systems'
compliance with FFMIA's requirements, our prior experience with these
auditors and our review of their reports provided the basis to determine
the sufficiency and relevancy of evidence provided in these documents.
Based on the audit reports, we identified problems reported by the
auditors that affect agency systems' compliance with FFMIA. The problems
identified in these reports are consistent with long-standing financial
management weaknesses that we have reported based on our work at agencies
such as

18GAO-02-29.

DOD, NASA, and the Departments of Agriculture, Education, and Housing and
Urban Development (HUD). However, we caution that the occurrence of
problems in a particular category may be even greater than auditors'
reports of FFMIA noncompliance would suggest because auditors may not have
included all problems in their reports.

To identify the status of agency efforts to modernize core financial
management systems, we reviewed publicly available information that we
then confirmed with agency officials. However, we did not validate the
information provided by agency officials on efforts to modernize these
core systems. Furthermore, we researched current literature on private
sector and other financial management systems implementations to identify
the key factors leading to success. We also reviewed reports issued by GAO
and the IGs to identify the challenges federal agencies face when
implementing new systems.

Based on publicly available information, we summarized the status of
governmentwide efforts to improve federal financial management. We also
summarized the status and progress scores received by the agencies for
PMA's five crosscutting initiatives. Furthermore, we reviewed documents
pertaining to governmentwide efforts to implement PMA, including the
efforts to develop a federal enterprise architecture and consolidate the
number of federal civilian payroll providers. We also obtained information
about OMB and its role in helping to integrate budget and performance
data. Finally, we held discussions with OMB officials to obtain current
information about its efforts to help agencies develop systems that will
comply with FFMIA.

We conducted our work from March through July 2003 in the Washington, D.C.
area in accordance with generally accepted government auditing standards.
We requested comments on a draft of this report from the Director of OMB
or his designee. These comments are discussed in the "Agency Comments and
Our Evaluation" section and reprinted in appendix

VI. We also requested oral comments from agency officials whose financial
management systems are discussed in the report. These comments, which are
of an editorial or technical nature, have been incorporated as
appropriate.

Continued Systems Weaknesses Impair Financial Management Accountability

Most agencies still do not have reliable, useful, and timely financial
information, including cost data, with which to make informed decisions
and help ensure accountability on an ongoing basis. While agencies are
making progress in producing auditable financial statements and addressing
their financial management systems weaknesses, most agency systems are
still not substantially compliant with FFMIA's requirements. Figure 3
summarizes auditors' assessments of FFMIA compliance for fiscal years 2000
through 2002 and suggests that the instances of noncompliance with FFMIA's
three requirements remain fairly constant. For fiscal year 2002, IGs and
their contract auditors reported that the systems of 19 of the 24 CFO Act
agencies did not substantially comply with at least one of FFMIA's three
requirements-federal financial management systems requirements, applicable
federal accounting standards, or the SGL.19 Auditors' assessments of
financial systems' compliance with FFMIA for three agencies-DOL, EPA, and
NSF-changed from fiscal years 2001 to 2002. For fiscal year 2002, the
auditors for DOL concluded that its systems were not in substantial
compliance with the managerial cost standard and thus were not in
compliance with FFMIA. Auditors for EPA and NSF found the agencies'
respective systems to be in substantial compliance, a change from the
fiscal year 2001 assessments.

19Of these 19 agencies, systems for 8 agencies were reported not to be in
substantial compliance with all three FFMIA requirements.

Figure 3: Auditors' FFMIA Assessments for Fiscal Years 2000, 2001, and
2002

Agencies' inability to meet the federal financial management systems
requirements continues to be the major barrier to achieving compliance
with FFMIA. As shown in figure 3, auditors most frequently reported
instances of noncompliance with federal financial management systems
requirements. These instances of noncompliance identified by auditors
affected not only the core financial systems, but also administrative and
programmatic systems.

The creation of DHS20 will affect future FFMIA reporting by the federal
agencies and components it has absorbed. While DHS must prepare audited
financial statements under the Accountability of Tax Dollars Act of
2002,21 DHS is not a CFO Act agency and therefore is not subject to FFMIA.
However, for fiscal year 2003, DHS has agreed to have its auditors report
on the FFMIA compliance of the department's systems, which we view as a
key positive action by the department. One CFO Act agency, FEMA, was moved
in its entirety to DHS, effective March 1, 2003. Accordingly, FEMA is no
longer a CFO Act agency and will not be required to prepare audited
stand-alone financial statements under the CFO Act and be subject to
FFMIA. DHS is also being formed from components of other CFO Act agencies.
For example, the Immigration and Naturalization Service, formerly part of
the Department of Justice, is merging into DHS. The U.S. Coast Guard and
the Transportation Security Administration are moving from the Department
of Transportation (DOT) to DHS. Finally, the U.S. Customs Service is
moving from the Department of the Treasury to DHS. As we reported,22 each
of these components faces at least one management problem, such as
strategic human capital risks, information technology management
challenges, or financial management vulnerabilities.

20Pub. L. No. 107-296, 116 Stat. 2135 (2002).

21Pub. L. No. 107-289, 116 Stat. 2049 (2002).

22U.S. General Accounting Office, Major Management Challenges and Program
Risks: Department of Homeland Security, GAO-03-102 (Washington, D.C.:
January 2003).

While more CFO Act agencies have obtained clean or unqualified audit
opinions on their financial statements, there is little evidence of marked
improvements in agencies' capacities to create the full range of
information needed to manage day-to-day operations. The number of
unqualified opinions has been increasing over the past 6 years, from 11 in
fiscal year 1997 to 21 for fiscal year 2002; but the number of agencies
reported to have substantially noncompliant systems has remained
relatively steady. As stated in OMB's May 2002 report23 on the status of
governmentwide financial management, many agencies have worked around
systems problems for years to obtain unqualified opinions by expending
significant resources and making extensive manual adjustments after the
end of the fiscal year. The result is a 5-month-old24 snapshot of an
agency's financial position as of September 30 of any given year, which is
not useful for dayto-day decision making. While the increase in
unqualified opinions is noteworthy, a more important barometer of
financial systems' capability and reliability is that the number of
agencies for which auditors provided negative assurance of FFMIA
compliance has remained relatively constant throughout this same period.
In our view, this has led to an expectation gap. When more agencies
receive clean opinions, expectations are raised that the government has
sound financial management and can produce reliable, useful, and timely
information on demand throughout the year, whereas FFMIA assessments offer
a different perspective.

23Office of Management and Budget, Financial Management Status Report and
Government-wide 5-Year Financial Management Plan (May 1, 2002).

24Agency audited financial statements for fiscal year 2001 were due to OMB
by February 27, 2002. The cited OMB report gives the results of the fiscal
year 2001 audits.

While all agencies met the February 1, 2003, deadline for fiscal year 2002
agency performance and accountability reports, the deadline for the fiscal
year 2004 reports is November 15, 2004, just 45 days after the close of
the fiscal year. Auditors have expressed concern that agencies will have
difficulty meeting the accelerated reporting dates for audited financial
statements generated from the agencies' existing financial management
systems because of nonintegrated systems and manual processes. In their
fiscal year 2002 reports, auditors for nine agencies-Agriculture,
Commerce, Education, the Department of Health and Human Services (HHS),
Justice, FEMA, GSA, NASA, and the Small Business Administration
(SBA)-reported concerns about the agencies meeting these accelerated
reporting deadlines. For example, Agriculture's IG cautioned that unless
management implements a departmentwide quality control process,25 there is
a high risk that the opinion on its financial statements could
deteriorate. Auditors for Commerce reported that an integrated financial
management system for Commerce will be key to achieving the accelerated
reporting dates in future years. Similarly, auditors for HHS reported that
they remain concerned that HHS's nonintegrated financial management
systems will be an obstacle to meeting the accelerated reporting dates.26

Crosscutting Reasons for Noncompliance Indicate Serious Problems Remain

Based on our review of the fiscal year 2002 audit reports for the 19
agencies reported to have systems not in substantial compliance with one
or more of FFMIA's three requirements, we identified several primary
reasons related to FFMIA noncompliance. The weaknesses reported by the
auditors, which we grouped into the following six categories, ranged from
serious, pervasive systems problems to less serious problems that may
affect one aspect of an agency's accounting operation:

o  nonintegrated financial management systems,

o  inadequate reconciliation procedures,

o  lack of accurate and timely recording of financial information,

25The offices of the IG and CFO are working to address audit concerns
related to the fiscal year 2003 audit.

26In its performance and accountability report for fiscal year 2002, HHS
management stated that timeliness in preparing financial statements will
become a greater focus for the department as it strives to comply with the
accelerated reporting requirements and deadlines.

o  noncompliance with the SGL,

o  lack of adherence to federal accounting standards, and

o  weak security controls over information systems.

Figure 4 shows the relative frequency of these problems at the 19 agencies
reported to have noncompliant systems and the problems relevant to FFMIA
that were reported by their auditors. The same six types of problems were
cited by auditors in their fiscal years 2000 and 2001 audit reports, as
highlighted in figure 4. However, the auditors may not have reported these
problems as specific reasons for lack of substantial compliance with
FFMIA. In addition, we caution that the occurrence of problems in a
particular category may be even greater than auditors' reports of FFMIA
noncompliance would suggest because auditors may not have included all
problems in their reports. As we discuss later, the FFMIA testing may not
be comprehensive and other problems may exist that were not identified and
reported. For some agencies, the problems are so serious and well known
that the auditor can readily determine that the systems are not
substantially compliant without examining every facet of FFMIA compliance.

Figure 4: Problems Reported by Auditors for Fiscal Years 2000 through 2002

Nonintegrated Financial The CFO Act calls for agencies to develop and
maintain an integrated

Management Systems	accounting and financial management system27 that
complies with federal systems requirements and provides for (1) complete,
reliable, consistent, and timely information that is responsive to the
financial information needs of the agency and facilitates the systematic
measurement of performance, (2) the development and reporting of cost
management information, and (3) the integration of accounting, budgeting,
and program information. In this regard, OMB Circular A-127, Financial
Management Systems, requires agencies to establish and maintain a single
integrated financial

27Federal financial system requirements define an integrated financial
system as one that coordinates a number of previously unconnected
functions to improve overall efficiency and control. Characteristics of
such a system include (1) standard data classifications for recording
financial events, (2) common processes for processing similar
transactions, (3) consistent control over data entry, transaction
processing, and reporting, and (4) a system design that eliminates
unnecessary duplication of transaction entry.

management system that conforms with functional requirements published by
JFMIP.

An integrated financial system coordinates a number of functions to
improve overall efficiency and control. For example, integrated financial
management systems are designed to avoid unnecessary duplication of
transaction entry and greatly lessen reconciliation issues. With
integrated systems, transactions are entered only once and are available
for multiple purposes or functions. Moreover, with an integrated financial
management system, an agency is more likely to have reliable, useful, and
timely financial information for day-to-day decision making as well as
external reporting.

Agencies that do not have integrated financial management systems
typically must expend major effort and resources, including in some cases
hiring external consultants, to develop information that their systems
should be able to provide on a daily or recurring basis. In addition,
opportunities for errors are increased when agencies' systems are not
integrated. Agencies with nonintegrated financial systems are more likely
to be required to devote more resources to collecting information than
those with integrated systems.

Auditors frequently mentioned the lack of modern, integrated financial
management systems in their fiscal year 2002 audit reports. As shown in
figure 4, auditors for 12 of the 19 agencies with noncompliant systems
reported this as a problem. For example, auditors for DOT reported that
its major agencies still use the Departmental Accounting and Financial
Information System (DAFIS), the existing departmentwide accounting
system28 and cannot produce auditable financial statements based on the
information in DAFIS. For example, DOT's IG reported that DOT made about
860 adjustments outside of DAFIS totaling $51 billion in order to prepare
the financial statements.29 DOT's IG also reported that there were
problems linking some information between DAFIS and the Federal Highway
Administration's Fiscal Management Information System (FMIS). DOT uses
FMIS to record initial obligations for federal aid grants to states.
However, due to problems resulting from upgrades and changes made to

28DOT is implementing a COTS-based core financial system called Delphi.
DOT management projects that the implementation will be complete in fiscal
year 2004.

29Office of Inspector General, Department of Transportation, Consolidated
Financial Statements for Fiscal Years 2002 and 2001, FI-2003-018 (Jan. 27,
2003).

the FMIS system, all obligations are not electronically transferred from
FMIS to DAFIS. As of September 30, 2002, valid obligations of about $388
million were understated. Moreover, problems linking information also
existed between Delphi, DOT's new financial management system, and the
Federal Transit Administration's (FTA) financial feeder systems that
prevented FTA from electronically processing about $350 million in
payments related to its Electronic Clearing House Operation. These
transactions had to be manually processed into Delphi. What is important
here is that the information developed to prepare auditable annual
financial statements is not available on an ongoing basis for day-to-day
management of DOT's programs and operations.

As we have reported,30 cultural resistance to change, military service
parochialism, and stovepiped operations have played a significant role in
impeding previous attempts to implement broad-based reforms at DOD. The
department's stovepiped approach is most evident in its current financial
management systems environment, which DOD recently estimated to include
approximately 2,300 systems and systems development projects-many of which
were developed in piecemeal fashion and evolved to accommodate different
organizations, each with its own policies and procedures. As DOD
management has acknowledged,31 the department's current financial
environment is comprised of many discrete systems characterized by poor
integration and minimal data standardization and prevents managers from
making more timely and costeffective decisions.

Inadequate Reconciliation A reconciliation process, even if performed
manually, is a valuable part of a

Procedures	sound financial management system. In fact, the less integrated
the financial management system, the greater the need for adequate
reconciliations because data are accumulated from various sources. For
example, the HHS IG reported32 that the department's lack of an integrated
financial management system continues to impair the ability of certain

30U.S. General Accounting Office, Department of Defense: Status of
Financial Management Weaknesses and Progress Toward Reform, GAO-03-931T
(Washington, D.C.: June 25, 2003).

31Department of Defense, Performance and Accountability Report, Fiscal
Year 2002 (Jan. 31, 2003).

32Office of Inspector General, Independent Auditor's Report on Financial
Statements, A-1702-0001, Fiscal Year 2002 Performance and Accountability
Report, U.S. Department of Health and Human Services.

operating divisions to prepare timely information. Moreover, certain
reconciliation processes were not adequately performed to ensure that
differences are properly identified, researched, and resolved in a timely
manner and that account balances were complete and accurate.
Reconciliations are needed to ensure that data has been recorded properly
between the various systems and manual records. The Comptroller General's
Standards for Internal Control in the Federal Government highlights
reconciliation as a key control activity.

As shown in figure 4, auditors for 11 of the 19 agencies with noncompliant
systems reported that the agencies had reconciliation problems, including
difficulty reconciling their fund balance with Treasury accounts33 with
Treasury's records. Treasury policy requires agencies to reconcile their
accounting records with Treasury records monthly, which is comparable to
individuals reconciling their checkbooks to their monthly bank statements.
As we recently testified,34 DOD had at least $7.5 billion in unexplained
differences between Treasury and DOD fund activity records. Many of these
differences represent disbursements made and reported to Treasury that had
not yet been properly matched to obligations and recorded in DOD
accounting records. In addition to these unreconciled amounts, DOD
identified and reported an additional $3.6 billion in payment recording
errors. These include disbursements that DOD has specifically identified
as containing erroneous or missing information and that cannot be properly
recorded and charged against the correct, valid fund account. DOD records
many of these payment problems in suspense accounts. While DOD made $1.6
billion in unsupported adjustments to its fund balances at the end of
fiscal year 2002 to account for a portion of these payment recording
errors, these adjustments did not resolve the related errors.

33Agencies record their budget spending authorizations in their fund
balance with Treasury accounts. Agencies increase or decrease these
accounts as they collect or disburse funds.

34GAO-03-931T.

Inadequate reconciliation procedures also complicate the identification
and elimination of intragovernmental activity and balances, which is one
of the principal reasons we continue to disclaim on the government's
consolidated financial statements. As we testified in April 2003,35
agencies had not reconciled intragovernmental activity and balances with
their trading partners36 and, as a result, information reported to
Treasury is not reliable. For several years, OMB and Treasury have
required CFO Act agencies to reconcile selected intragovernmental activity
and balances with their trading partners. However, a substantial number of
CFO Act agencies did not perform such reconciliations for fiscal years
2002 and 2001, citing such reasons as (1) trading partners not providing
needed data, (2) limitations and incompatibility of agency and trading
partner systems, and (3) human resource issues. For both of these years,
amounts reported for federal trading partners for certain
intragovernmental accounts were significantly out of balance. As discussed
later in this report, actions are being taken governmentwide under OMB's
leadership to address problems associated with intragovernmental activity
and balances.

Lack of Accurate and Timely Auditors for 17 agencies reported the lack of
accurate and timely recording

Recording of Financial of financial information for fiscal year 2002
compared to the 14 agencies37

Information	for which auditors noted similar problems last year. Accurate
and timely recording of financial information is key to successful
financial management. Timely recording of transactions can facilitate
accurate reporting in agencies' financial reports and other management
reports that are used to guide managerial decision making. The Comptroller
General's Standards for Internal Control in the Federal Government states
that transactions should be promptly recorded to maintain their relevance
and value to management in controlling operations and making decisions.

35U.S. General Accounting Office, Fiscal Year 2002 U.S. Government
Financial Statements: Sustained Leadership and Oversight Needed for
Effective Implementation of Financial Management Reform, GAO-03-572T
(Washington, D.C.: Apr. 8, 2003).

36Trading partners are U.S. government agencies, departments, or other
components that do business with each other.

37In our October 2002 FFMIA report, we stated that auditors had discussed
the lack of accurate and timely recording of transactions at 12 agencies.
As part of our analysis of most recent agency audit reports, it became
apparent that these problems were reported in prior years for 2 additional
agencies, but the earlier audit reports did not include sufficient detail
to make these assessments.

Untimely recording of transactions during the fiscal year can result in
agencies making substantial efforts at fiscal year-end to perform
extensive manual financial statement preparation efforts that are
susceptible to error and increase the risk of misstatements. Gathering
financial data only at year-end does not provide adequate time to analyze
transactions or account balances. Further, it impedes management's ability
throughout the year to have timely and useful information for decision
making. For example, auditors reported38 that, for fiscal year 2002,
Justice components did not adjust the status of obligations on a quarterly
basis as required, and as a result, extensive manual efforts had to be
performed at year-end to correct the status of obligation records. This
process of reviewing the status of obligations only at the end of the year
increases the risk that errors will go undetected, does not provide
managers with accurate information during the year for decision making,
and results in misstatements in the financial statements.

Noncompliance with the SGL	Implementing the SGL at the transaction level
is one of the specific requirements of FFMIA. However, as shown in figure
4, auditors for 9 of the 19 noncompliant agencies reported that the
agencies' systems did not comply with SGL requirements. The SGL promotes
consistency in financial transaction processing and reporting by providing
a uniform chart of accounts and pro forma transactions. Use of the SGL
also provides a basis for comparison at the agency and governmentwide
levels. These defined accounts and pro forma transactions are used to
standardize the accumulation of agency financial information, as well as
enhance financial control and support financial statement preparation and
other external reporting. By not implementing the SGL, agencies are
challenged to provide consistent financial information across their
components and functions.

38PricewaterhouseCoopers, Report of Independent Accountants, January 15,
2003, FY 2002 Performance & Accountability Report, U.S. Department of
Justice.

As in previous years, HUD's auditors reported that the Federal Housing
Administration's (FHA) systems were noncompliant with the SGL for fiscal
year 2002 because FHA must use several manual processing steps to convert
its commercial accounts to SGL accounts.39 FHA's 19 legacy insurance
systems, which fed transactions to its commercial general ledger system,
lacked the capabilities to process transactions in the SGL format.
Therefore, FHA provided only consolidated summary-level data to HUD's
Central Accounting and Program System (HUDCAPS). As we reported,40 FHA
used several manual processing steps to provide summary-level data,
including the use of personal-computer-based software to convert the
summary-level commercial accounts to government SGL, and transfer the
balances to HUDCAPS. This process did not comply with JFMIP requirements
that the core financial system provide for automated monthand year-end
closing of SGL accounts and the roll-over of the SGL account balances.

Lack of Adherence to Federal One of FFMIA's requirements is that agencies'
financial management

Accounting Standards	systems account for transactions in accordance with
federal accounting standards. Agencies face significant challenges
implementing these standards. As shown in figure 4, auditors for 13 of the
19 agencies with noncompliant systems reported that these agencies had
problems complying with one or more federal accounting standards. Auditors
reported that agencies are having problems implementing standards that
have been in effect for some time, as well as standards that have been
promulgated in the last few years. For example, auditors for three
agencies-DOD, Justice, and FEMA-reported weaknesses in compliance with
Statement of Federal Financial Accounting Standards (SFFAS) No. 6,
Accounting for Property, Plant, and Equipment, which became effective for
fiscal year 1998. Auditors for DOD reported that DOD did not capture the
correct acquisition date and cost of its property, plant, and equipment,
due to system limitations.

39To help address deficiencies with its legacy general ledger system, as a
first step in upgrading its overall financial management system, FHA
implemented the general ledger module of a COTS software package on
October 1, 2002. This module automates the monthly interface of
summary-level balances with HUDCAPS.

40U.S. General Accounting Office, Department of Housing and Urban
Development: Status of Efforts to Implement an Integrated Financial
Management System, GAO-03-447R (Washington, D.C.: Apr. 9, 2003).

Therefore, DOD could not provide reliable information for reporting
account balances and computing depreciation. Auditors for 2 agencies- HUD
and Justice-reported weaknesses in compliance with SFFAS No. 7, Revenue
and Other Financing Sources, which also became effective for fiscal year
1998. For example, auditors reported a material weakness for FHA's budget
execution and fund control. According to the auditors, FHA's financial
systems and processes are not capable of fully monitoring and controlling
budgetary resources. Finally, auditors for 3 agencies-the Agency for
International Development (AID), NASA, and NRC-reported trouble with
implementing SFFAS No. 10, Accounting for Internal Use Software, which
became effective at the beginning of fiscal year 2001. For example,
auditors reported that NASA's policies and procedures do not specifically
address purchasing software as part of a package of products and services.
In their testing, NASA's auditors identified errors for costs that were
originally recorded as expenses, but instead should have been capitalized
as assets.

The requirement for managerial cost information has been in place since
1990 under the CFO Act and since 1998 as a federal accounting standard.
Auditors for five agencies reported problems implementing SFFAS No. 4,
Managerial Cost Accounting Concepts and Standards. For example, auditors
for DOL reported that the department has not developed the capability to
routinely report the cost of outputs used to manage program operations at
the operating program and activity levels. Moreover, DOL does not use
managerial cost information for purposes of performance measurement,
planning, budgeting, or forecasting. At DOT, auditors stated that its
agencies, other than the Federal Aviation Administration (FAA) and the
U.S. Coast Guard,41 have begun to identify requirements for implementing
cost accounting systems. DOT's existing accounting system, DAFIS, does not
have the capability to capture full costs, including direct and indirect
costs assigned to DOT programs. The Secretary recently advised OMB that as
the remaining DOT agencies migrate to Delphi, DOT's new core financial
system, Delphi will provide them enhanced cost accounting capabilities.

41FAA has efforts underway to implement a cost accounting system as
required by the Federal Aviation Reauthorization Act of 1996 (Pub. L. No.
104-264, 110 Stat. 3213, 3248 (1996)). The U.S. Coast Guard has a cost
accounting system used for determining vessel documentation user fees.

Managerial cost information is critical for implementing the PMA.
According to the PMA, the accomplishment of the other four crosscutting
initiatives42 will matter little without the integration of agency budgets
with performance. Although the lack of a consistent information and
reporting framework for performance, budgeting, and accounting may obscure
how well government programs are performing as well as inhibit
comparisons, no one presentation can meet all users' needs. Any framework
should support an understanding of the links between performance,
budgeting, and accounting information measured and reported for different
purposes. However, even the most meaningful links between performance
results and resources consumed are only as good as the underlying data.
Moreover, this link between resources consumed and performance results is
necessary to make public-private competition decisions as part of
competitive sourcing. Therefore, agencies must address long-standing
problems within their financial systems. As agencies implement and upgrade
their financial management systems, opportunities exist for developing
cost management information as an integral part of the system to provide
important information that is timely, reliable, and useful.

As we recently reported,43 DOD's continuing inability to capture and
report the full cost of its programs represents one of the most
significant impediments facing the department. DOD does not have the
systems and processes in place to capture the required cost information
from the hundreds of millions of transactions it processes each year.
Lacking complete and accurate overall life-cycle cost information for
weapons systems impairs DOD's and congressional decision makers' ability
to make fully informed decisions about which weapons, or how many, to buy.
DOD has acknowledged that the lack of a cost accounting system is its
largest impediment to controlling and managing weapon systems costs.

Weak Security Controls over Information security weaknesses are one of the
frequently cited reasons

Information Systems	for noncompliance with FFMIA and are a major concern
for federal agencies and the general public. These weaknesses are placing
enormous amounts of government assets at risk of inadvertent or deliberate
misuse, financial information at risk of unauthorized modification or
destruction, sensitive information at risk of inappropriate disclosure,
and critical

42The other four crosscutting initiatives are improved financial
performance, strategic human capital management, competitive sourcing, and
expanded electronic government.

43GAO-03-931T.

operations at risk of disruption. Auditors for all 19 of the agencies
reported as noncompliant with FFMIA identified weaknesses in security
controls over information systems. Unresolved information security
weaknesses could adversely affect the ability of agencies to produce
accurate data for decision making and financial reporting because such
weaknesses could compromise the reliability and availability of data that
are recorded in or transmitted by an agency's financial management system.

General controls are the policies, procedures, and technical controls that
apply to all or a large segment of an entity's information systems and
help ensure their proper operation. The six major areas are (1) security
program management, which provides the framework for ensuring that risks
are understood and that effective controls are selected and properly
implemented, (2) access controls, which ensure that only authorized
individuals can read, alter, or delete data, (3) software development and
change controls, which ensure that only authorized software programs are
implemented, (4) segregation of duties, which reduces the risk that one
individual can independently perform inappropriate actions without
detection, (5) operating systems controls, which protect sensitive
programs that support multiple applications from tampering and misuse, and
(6) service continuity, which ensures that computer-dependent operations
experience no significant disruption. As we discussed in our April 2003
testimony,44 our analyses of audit reports issued from October 2001
through October 2002 for 24 of the largest federal agencies continued to
show significant weaknesses in federal computer systems that put critical
operations and assets at risk. Weaknesses continued to be reported in each
of the 24 agencies included in our review, and they covered all six major
areas of general controls. Although our analyses showed the most agencies
had significant weaknesses in these six control areas, weaknesses were
most often cited for access controls and security program management.

44U.S. General Accounting Office, Information Security: Progress Made, But
Challenges Remain to Protect Federal Systems and the Nation's Critical
Infrastructures, GAO-03564T (Washington, D.C.: Apr. 8, 2003).

Since 1997, GAO has considered information security a governmentwide
high-risk area.45 As shown by our work and work performed by the IGs,
security program management continues to be a widespread problem.
Concerned with reports of significant weaknesses in federal computer
systems that make them vulnerable to attack, the Congress enacted
Government Information Security Reform provisions46 (commonly known as
GISRA) to reduce these risks and provide more effective oversight of
federal information security. GISRA required agencies to implement an
information security program that is founded on a continuing risk
management cycle and largely incorporates existing security policies found
in OMB Circular A-130, Management of Federal Information Resources,
Appendix III. GISRA provided an overall framework for managing information
security and established new annual review, independent evaluation, and
reporting requirements to help ensure agency implementation and both OMB
and congressional oversight.

In its required fiscal year 2002 GISRA report to the Congress, OMB stated
that the federal government had made significant strides in addressing
serious and pervasive information technology security problems, but that
more needed to be done, particularly to address both the governmentwide
weaknesses identified in its fiscal year 2001 report to the Congress and
new challenges.47 Also, OMB reported significant progress in agencies'
information technology security performance, primarily as indicated by
quantitative governmentwide performance measures that OMB required
agencies to disclose beginning with their fiscal year 2002 reports. These
include measures such as the number of systems that have been assessed for
risk, have an up-to-date security plan, and for which security controls
have been tested.

As discussed in our June 2003 testimony,48 the governmentwide weaknesses
identified by OMB, as well as the limited progress in

45U.S. General Accounting Office, High-Risk Series: An Update, GAO-01-263
(Washington, D.C.: January 2001).

46These provisions are part of the Floyd D. Spence National Defense
Authorization Act for Fiscal Year 2001, Pub. L. No. 106-398, 114 Stat.
1654, 1654A-266 (2000).

47Office of Management and Budget, FY 2002 Report to Congress on Federal
Government Information Security Reform (May 16, 2003).

48U.S. General Accounting Office, Information Security: Continued Efforts
Needed to Fully Implement Statutory Requirements, GAO-03-852T (Washington,
D.C.: June 24, 2003).

implementing key information security requirements, continue to emphasize
that, overall, agencies are not effectively implementing and managing
their information security programs. For example, of the 24 large federal
agencies we reviewed, 11 reported that they had assessed risk for 90 to
100 percent of their systems for fiscal year 2002, but 8 reported that
they had assessed risk for less than half of their systems.

The information security program, evaluation, and reporting requirements
established by GISRA have been permanently authorized and strengthened
through the recently enacted Federal Information Security Management Act
of 2002 (FISMA).49 In addition, FISMA provisions establish additional
requirements that can assist the agencies in implementing effective
information security programs, help ensure that agency systems incorporate
appropriate controls, and provide information for administration and
congressional oversight. These requirements include the designation of and
establishment of specific responsibilities for an agency senior
information security officer, implementation of minimum information
security requirements for agency information and information systems, and
required agency reporting to the Congress. Agencies' fiscal year 2003
FISMA reports, due to OMB in September 2003, should provide additional
information on the status of agencies' efforts to implement federal
information security requirements. In addition, FISMA requires each agency
to report any significant deficiency in an information security policy,
procedure, or practice, if relating to financial management systems, as an
instance of a lack of substantial compliance under FFMIA.50

Auditors Provided Negative Assurance of Substantial Compliance

Auditors for five agencies-the Department of Energy, EPA,51 GSA, NSF, and
SSA-provided negative assurance in reporting on FFMIA compliance for
fiscal year 2002. In their respective reports, they included language
stating that while they did not opine as to compliance with FFMIA, nothing
had come to their attention indicating that these agencies' financial
management systems did not meet FFMIA requirements. While this form of
reporting has useful applications, it is not relevant or appropriate for
this particular type of engagement given the requirements of FFMIA.

49Pub. L. No. 107-347, title III, 116 Stat. 2899, 2946 (2002).

5044 U.S.C. 3544(c)(3).

51EPA's systems were found by its auditors to be in substantial compliance
with the managerial cost accounting standard.

Our fundamental concern is that this type of reporting may provide a false
impression that the systems have been found to be substantially compliant
by the auditors, which is not what the auditors are saying. In fact, the
provisions of FFMIA require auditors to "...report whether the agency
financial management systems comply with the requirements of [the act]."
In providing guidance on reporting on substantial compliance with FFMIA,
OMB Bulletin No. 01-02, Audit Requirements for Federal Financial
Statements, states that auditors should report that "the results of our
tests disclosed no instances in which the agency's financial management
systems did not substantially comply [with FFMIA]." If testing disclosed
that the agencies' systems are not substantially compliant, auditors are
required to report the instances of noncompliance identified. This is an
important distinction because the term "disclosed no instances" carries a
commonly accepted and well-known interpretation across the audit community
that providing negative assurance requires only limited testing because
the auditor is not giving an opinion on whether the systems are
substantially compliant.

While work performed in auditing financial statements would naturally
offer some perspective regarding FFMIA compliance, the work needed to
assess substantial compliance of systems with FFMIA would have to be more
comprehensive than that performed for purposes of rendering an opinion on
the financial statements. In performing financial statement audits,
auditors generally focus on the capability of the financial management
systems to process and summarize financial information that flows into the
financial statements. In contrast, FFMIA is much broader, and auditors
need to consider many other aspects of the financial management system
including whether an agency's systems comply with systems requirements and
provide reliable, useful, and timely financialrelated information for
managing day-to-day operations. FFMIA was designed to identify weaknesses
and lead to system improvements that would result in agency managers being
routinely provided with reliable, useful, and timely financial-related
information to measure performance and increase accountability throughout
the year, rather than just at yearend. One important consideration is that
the law does not specify when FFMIA compliance testing must be done. Thus,
auditors can perform FFMIA assessments at any time throughout the fiscal
year, as long as the assessment is updated to the end of the reporting
period. FFMIA assessments can be a separate review that could be staggered
throughout the year when the auditors' workloads are not as burdensome or
to spread out the work.

Today, for some agencies, the auditor may have sufficient knowledge to
conclude that an agency is not in substantial compliance with FFMIA
without performing additional testing beyond that needed for the financial
statement audit opinion, because systems deficiencies are well known and
well documented. Because not all areas were tested, additional weaknesses
might exist that were not identified and reported. However, as agencies'
systems move toward substantial compliance with FFMIA, auditors will need
to perform more comprehensive testing to assess agencies' systems
compliance with FFMIA.

In addition to recommending that OMB require agency auditors to provide a
statement of positive assurance when reporting substantial compliance, we
also previously recommended52 that OMB (1) explore further clarifications
of the definition of "substantial compliance" to help ensure consistent
application of the term, (2) reiterate that the indicators of compliance
in its January 4, 2001, guidance are not meant to be all inclusive, (3)
develop additional guidance, in accordance with the GAO/PCIE FAM,53 to
specify procedures that auditors should perform when assessing FFMIA
compliance, and (4) emphasize the importance of cost accounting to
managers by requesting that auditors pay special attention to agencies'
ability to meet the requirements of SFFAS No. 4, Managerial Cost
Accounting Concepts and Standards.

As mentioned previously, PCIE, working with GAO, has issued a new section
of its joint GAO/PCIE FAM that provided detailed audit steps for testing
agency systems' substantial compliance with FFMIA. The new FAM guidance
also emphasized the importance of assessing cost management and reiterated
that OMB's indicators of compliance were examples and therefore are not
all-inclusive. Appropriately implemented by agency auditors, this FAM
guidance would provide a sufficient basis to conclude whether agencies'
systems substantially comply with FFMIA. While the new FAM guidance
addresses three of our prior recommendations, the other two
recommendations have not yet been addressed.

52GAO-02-29.

53The Financial Audit Manual, jointly issued by GAO and the PCIE, provides
the methodology for performing financial statement audits of federal
entities.

Accordingly, we reaffirm the 54remaining two prior recommendations, aimed
at enhancing OMB's FFMIA audit guidance, relating to requiring agency
auditors to provide a statement of positive assurance when reporting an
agency's systems to be in substantial compliance with FFMIA, and further
clarifying the definition of "substantial compliance" to encourage
consistent reporting. As stated in its comments on a draft of this report,
OMB disagreed with our recommendation that it require agency auditors to
provide a statement of positive assurance when reporting that agency
systems substantially comply with FFMIA. OMB stated that, in its view,
positive assurance does not measure the quality or usefulness of the
financial information. To the contrary, in our view, positive assurance
can lead to improvements in both the quality and usefulness of the
financial information by providing a higher standard for the auditors'
FFMIA assessment. In response to our reaffirmation of our recommendation
to clarify the meaning of substantial compliance so that agency auditors
and management can consistently interpret the term, OMB commented that
clear performance and results standards are better at promoting such
consistency. OMB added that it will consider this recommendation in that
context in any future policy and guidance updates.

54GAO-02-29.

Agency Efforts to Implement New Financial Systems

Across government, agencies have many efforts underway to implement or
upgrade financial systems to alleviate long-standing weaknesses in
financial management. As we recently reported,55 as of September 30, 2002,
17 agencies advised us that they were planning to or were in the process
of implementing a new core financial system.56 Of these 17 agencies, 11
had selected a software product certified by the Program Management Office
(PMO).57 According to OMB Circular A-127, agencies are required to
purchase COTS packages sold by vendors whose core financial systems
software have been certified58 by the PMO. The other 6 agencies have not
reached the software selection phase of their acquisition process.

Implementing a core financial system that has been certified does not
guarantee that these agencies will have financial systems that are
compliant with FFMIA. One critical factor affecting FFMIA compliance is
the integration of the core system with the agency's administrative59 and

55GAO-03-903R.

56Core financial systems, as defined by JFMIP, include managing general
ledger, funding, payments, receivables, and certain basic cost functions.
Core financial systems receive data from other financial and feeder
systems-such as acquisition, grant, and human resource and payroll
systems-as well as from direct user input, and provide data for financial
performance measurement and analysis and for financial statement
preparation.

57The PMO, which is managed by JFMIP's Executive Director with funds
provided by the CFO Council agencies, tests vendor COTS packages and
certifies that they meet certain financial management system requirements
for core financial systems.

58The certification of a new core financial system software by the PMO is
applicable at the time of purchase. Agency management is responsible for
implementing and maintaining the software in accordance with JFMIP's core
financial system requirements. See app. I for a further discussion of
systems requirements.

59Examples of administrative systems are those common to all agencies such
as budget, acquisition, travel, property, and payroll.

programmatic60 systems and the validity and completeness of data from
systems. Another factor affecting the capability of agency systems to
comply with FFMIA is whether modifications or customizations61 have been
made to the certified core financial system software.

As of September 30, 2002, target implementation dates for 16 of the 17
agencies planning to implement new core financial systems ranged from
fiscal years 2003 to 2008. One agency-DOD-had not yet determined its
target date for full implementation. As shown in figure 5, 3 of the 16
agencies-Agriculture, GSA, and NASA-planned to complete implementation in
fiscal year 2003. Three other agencies-SSA, Commerce, and DOT-planned to
complete their implementations in fiscal year 2004. The Department of
Energy established fiscal year 2005 as its target implementation date and
3 agencies-the Departments of State and Veterans Affairs and AID-have
targeted fiscal year 2006 for completion. Moreover, as shown in figure 5,
4 agencies-DOL, HHS, EPA, and HUD- have set fiscal year 2007 as their
implementation target date. Finally, 2 agencies-the Departments of the
Interior and Justice62-projected fiscal year 2008 for completion of their
core financial systems implementation.

60Programmatic systems are those needed to carry out an agency's mission.
For example, HHS needs a grants management system to carry out its
mission.

61Customization is the process of setting parameters within an application
to make it operate in accordance with the entity's business rules.
Customizations are normally supported by vendors in subsequent upgrades.
Modification is the process of writing or changing code and modifications
are not supported by vendors in subsequent upgrades.

62Justice plans a staggered implementation approach of its new core
financial system in its component agencies with target completion dates
ranging from October 2004 to October 2007.

the myriad of problems affecting agencies beyond their core financial
systems. Nevertheless, it is imperative that agencies adopt leading
practices to help ensure successful systems implementation.

Successful Implementation of Financial Management Systems Is Key for
Improved Financial Reporting

Implementing new financial management systems provides a foundation for
improved financial management, including enhanced financial reporting
capabilities that will help financial managers meet OMB's accelerated
reporting deadlines and make better financial management decisions due to
more timely information. Successful implementation of financial management
systems has been a continuous challenge for both federal agencies and
private sector entities. In the past, federal agencies have experienced
setbacks and delays in their implementation processes. According to OMB's
former Associate Director for Information Technology and e-Government,
agencies have experienced lengthy or delayed deployment schedules and
implementation cost overruns. These delays were caused by various factors,
including a lack of executive level involvement, poor communication
between managers and users, and inadequate project planning. Our work at
NASA and DOD, for example, has also shown the need for consistent
executive support, communication with all stakeholders, full
identification of user requirements, and adequate planning.

Federal agencies, such as NASA and DOD, have experienced many of these
challenges in attempting to implement new financial management systems.
For example, NASA began its IFMP in April 2000, its third attempt in
recent years at modernizing financial processes and systems. NASA's
previous two efforts were eventually abandoned after a total of 12 years
and a reported $180 million in spending. As part of this effort, NASA
recently implemented a new core financial module that was expected to
provide financial and program managers with timely, consistent, and
reliable cost and performance information for management decisions.
However, earlier this year we reported65 that NASA's core financial module
was not being implemented to accommodate the information needed by program
managers, cost estimators, and the Congress. The need for ongoing
communication between project managers and systems users is crucial to any
successful systems implementation project. Project managers need to
understand the basic requirements of users while users should be involved

65GAO-03-507.

in the project's planning process. NASA's program officials chose to defer
the development of some functions and related user requirements in order
to expedite the systems implementation process. As a result, the new
system will not meet the needs of some key users who will continue to rely
on information from nonintegrated programs outside of the core financial
module, or use other labor-intensive means, to capture the data they need
to manage programs.

NASA has also not followed certain other best practices for acquiring and
implementing its new financial management system. NASA's implementation
plan calls for the system to be constructed using commercial components;
however, NASA has not analyzed the interdependencies of the various
subsystems. When constructing a system from commercial components, it is
essential to understand the features and characteristics of each component
in order to select compatible systems that can be integrated without
having to build and maintain expensive interfaces. By acquiring components
without first understanding their relationships, NASA has increased its
risks of implementing a system that will not optimize mission performance,
will cost more, and take longer to implement than necessary.

Past DOD initiatives to improve its financial operations and other key
business support processes, such as the Corporate Information Management
(CIM) initiative,66 failed in part because the department did not obtain
and sustain departmentwide senior management leadership, commitment, and
support. In recognition of the far-reaching nature of DOD's financial
management problems, on September 10, 2001, Secretary Rumsfeld announced a
broad, top-priority initiative intended to "transform the way the
department works and what it works on." For its current business
enterprise architecture, DOD established two executive committees to
provide program guidance; however, these committees are not responsible
for directing and overseeing the architecture effort, nor are they
accountable for approving the architecture. Our recent reports67 highlight
this and other investment management and project weaknesses at DOD. GAO
recommended68 that DOD ensure that the executive committee members are
singularly and collectively made accountable for the delivery and approval
of the enterprise architecture. DOD agreed and has a proposed governance
structure to implement the architecture.

Private sector entities have also encountered a number of challenges and
setbacks when implementing new systems. These challenges have included
competition between internal organizational units, user resistance to the
new systems, and frequent changes in management and to underlying
corporate strategy. Entities are overcoming their challenges because
better tools have been created to monitor and control progress and skilled
project managers with better management processes are being used.

66DOD intended CIM to reform all of its functional areas-including
finance, procurement, materials management, and human resources-through
the consolidation, standardization, and integration of its numerous,
duplicative information systems. After 8 years and about $20 billion in
expenditures, DOD abandoned the initiative.

67GAO-03-465 and GAO-03-458.

68GAO-03-458.

The Standish Group International, Inc69 has reported that the number of
successful systems implementation projects in the private sector is
increasing. From 1994 to 2000, successful projects increased from 28,000
to 78,000. The Standish Group,70 through its research, has identified 10
project success factors. These factors include

o  user involvement,

o  executive support,

o  experienced project managers,

o  firm basic requirements,

o  clear business objectives,

o  minimized scope,

o  standard software infrastructure,

o  formal methodology,

o  reliable estimates, and

o 	other, including small milestones, proper planning, competent staff,
and ownership.

Also, according to the Standish Group, although no project requires all 10
factors to be successful,71 the more factors that are present in the
project strategy, the higher the chance of a successful implementation. As
discussed above, many of these factors have been challenges for both
private sector and federal entities. By its very nature, the
implementation of a new financial management system is a risky
proposition. Therefore, it

69The Standish Group is a well-known research advisory firm that focuses
on missioncritical software applications, management techniques, and
technologies.

70The Standish Group's research is done through focus groups, in-depth
surveys, and extensive interviews with Fortune 500 Companies.

71Successful implementation is defined as a project that is completed on
time, on budget, and with all the features and functions originally
specified.

is crucial that federal departments and agencies follow accepted best
practices and embrace as many of the key characteristics for successful
implementation projects as possible to help minimize the risk of failed
projects and result in systems that provide the necessary data for
management's needs.

Our executive guide72 on creating value through world-class financial
management describes 11 practices critical for establishing and
maintaining sound financial operations. These practices include
reengineering processes in conjunction with new technology. As a result,
using commercial components such as COTS packages may require significant
changes in the way federal departments conduct their business. According
to the leading finance organizations that formed the basis for our
executive guide, a key to successful implementation of COTS systems is
reengineering business processes to fit the new software applications that
are based on best practices. Moreover, OMB's former Associate Director for
Information Technology and e-Government has stated that "IT will not solve
management problems - re-engineering processes will."

The conversion of data from an old system to a new system is also
critical. In December 2002, JFMIP issued its "White Paper: Financial
Systems Data Conversion - Considerations." The purpose of this JFMIP
document is to raise awareness of financial systems data conversion
considerations to be addressed by financial management executives and
project managers when planning or implementing a new financial management
system. The JFMIP paper addresses (1) key considerations regarding data
conversion and cutover to the new system, (2) best approaches for
completing the data conversion and cutover, and (3) ways to reduce the
risks associated with these approaches.

72U.S. General Accounting Office, Executive Guide: Creating Value Through
World-class Financial Management, GAO/AIMD-00-134 (Washington, D.C.: April
2000).

Status of Governmentwide Financial Management Improvement Efforts

In addition to individual agency efforts as discussed in a prior section,
the JFMIP Principals, congressional oversight, and the PMA are key drivers
of governmentwide efforts now underway to improve federal financial
management. In fiscal year 2002, the JFMIP Principals continued the series
of regular, deliberative meetings that focused in key financial management
reform issues. Legislation enacted by the Congress as well as its
oversight of federal financial management also has had a significant
impact on stimulating change. The PMA, being implemented by the
administration as an agenda for improving the management and performance
of the federal government, targets the most apparent deficiencies where
the opportunity to improve performance is the greatest. The success of
agency implementation of FFMIA impacts all five of the PMA's crosscutting
initiatives73 to a greater or lesser extent. Furthermore, the
modernization of agency financial management systems, as envisioned by
FFMIA, is critical to the success of all of these initiatives.

JFMIP Principals	Starting in August 2001, the JFMIP Principals74 have been
meeting regularly to deliberate and reach agreements focused on financial
management reform issues including (1) defining success measures for
financial performance that go far beyond an unqualified audit opinion,75
(2) significantly accelerating financial statement reporting to improve
timeliness for decision making, and (3) addressing difficult accounting
and reporting issues, including impediments to an audit opinion on the
federal government's consolidated financial statements. This forum has
provided an opportunity to reach decisions on key issues and undertake
strategic activities that reinforce the effectiveness of groups such as
the CFO Council in making progress toward federal financial management. In
fiscal year 2002, the JFMIP Principals continued the series of these
deliberative meetings. Continued personal involvement of the JFMIP
Principals is critical to the full and successful implementation of
federal financial

73These five crosscutting initiatives are (1) improved financial
performance, (2) strategic human capital management, (3) competitive
sourcing, (4) expanded electronic government, and (5) budget and
performance integration.

74The JFMIP Principals are the Secretary of the Treasury, the Directors of
OMB and OPM, and the Comptroller General of the United States.

75These success measures include financial management systems that
routinely provide timely, reliable, and useful financial information and
no material control weaknesses or material noncompliance with laws and
regulations as well as FFMIA.

management reform and to providing greater transparency and accountability
in managing federal programs and resources.

One effort attributable to the JFMIP Principals is the ongoing
governmentwide effort to resolve the problems accounting for
intragovernmental activity and balances. As we have reported,76 the
federal government's inability to properly account for intragovernmental
activity and balances impedes achieving the goal of a clean opinion on the
U.S. consolidated financial statements. OMB has identified the lack of
standardization in processing and recording intragovernmental activity as
a major contributing factor to the federal government's inability to
properly account for intragovernmental activity and balances. As a step to
resolve this weakness, OMB, which is providing important leadership for
this effort, and the Integrated Acquisition Environment (IAE)77 steering
committee have established basic requirements for processing and recording
intragovernmental activity for all agencies. The vision for
intragovernmental activity is that they will eventually be fed through a
central portal system and tracked. The IAE has established the Business
Partner Network (BPN)78 to provide information on all trading partners,
including commercial, government, and grantees. Moreover, a Web-based
portal, the Intragovernmental Transaction Portal, has been developed and a
small group of agencies will be testing two types of transactions-space
rental and information technology-as part of a pilot project.

Congressional Oversight	The leadership demonstrated by the Congress has
been an important catalyst to reforming financial management in the
federal government. As previously discussed, the legislative framework
provided by the CFO Act and FFMIA, among others, produces a solid
foundation to stimulate needed change. For example, in November 2002, the
Congress enacted the Accountability of Tax Dollars Act of 200279 to extend
the financial statements audit requirements of the CFO Act to additional
federal agencies. In addition, there is value in sustained congressional
interest in these issues, as demonstrated by hearings on federal financial
management

76GAO-03-572T.
77The Integrated Acquisition Environment is one of the 25 projects of the
e-gov initiative.
78The BPN is the single point of registration and validation of vendor
data for all agencies.
79Pub. L. No. 107-289, 116 Stat. 2049 (2002).

and reform held over the past several years. It will be key that the
appropriations, budget, authorizing, and oversight committees hold agency
top management accountable for resolving these problems and that they
support improvement efforts. The continued attention by the Congress to
these issues will be critical to sustaining momentum for financial
management reform.

President's Management Agenda

As stated in the PMA, there are few items more urgent than ensuring that
the federal government operates efficiently and is results-oriented.
Several of the governmentwide efforts underway to improve federal
financial management support the implementation of the PMA's five
crosscutting initiatives. While FFMIA implementation relates directly to
the improved financial performance initiative, development and maintenance
of FFMIAcompliant systems will also affect the implementation of the other
four initiatives. Notably, OMB is developing a federal enterprise
architecture that will impact the government's ability to make significant
progress across the PMA. For example, as part of the e-gov initiative, the
number of federal payroll providers is being consolidated. Numerous
agencies had targeted their payroll operations for costly modernization
efforts. According to OMB, millions of dollars will be saved through
shared resources and processes and by modernizing on a cross-agency,
governmentwide basis. The administration's implementation of its Program
Assessment Rating Tool (PART) relates specifically to the PMA initiative
of integration of budget and performance information. Reliable cost data,
so crucial to effective FFMIA implementation, is critical not only for the
improved financial performance and budget and performance integration
initiatives, but also for competitive sourcing. For effective management,
this cost information must not only be timely and reliable, but also both
useful and used.

The administration is using the Executive Branch Management Scorecard,
based on governmentwide standards for success, to highlight agencies'
progress in achieving the improvements embodied in the PMA. OMB uses a
grading system of red, yellow, and green to indicate agencies' status in
achieving the standards for success for each of the five crosscutting
initiatives. It also assesses and reports progress using a similar
"stoplight" system. Information about agencies' status scores and progress
scores will be provided later in this report.

Financial Performance Initiative	The PMA initiative to improve financial
performance is aimed at ensuring that federal financial systems produce
accurate and timely information to

support operating, budget, and policy decisions. It focuses on key issues
such as data reliability, clean financial statement audit opinions, and
effective financial management systems and internal control. The standards
for success used for scoring agency status and progress for the improved
financial performance initiative not only recognize the importance of
achieving an unqualified or "clean" opinion, but also focus on the
fundamental and systemic issues that must be addressed to routinely
generate timely, accurate, and useful financial information and provide a
sound environment of internal control and effective systems. For example,
the scorecard measures whether agencies have material internal control
weaknesses or material noncompliance with laws and regulations, and
whether agency systems meet FFMIA requirements. As stated in the PMA,
without sound internal controls and accurate and timely financial
information, it will not be possible to accomplish the President's agenda
to secure the best performance and highest measure of accountability for
the American people. FFMIA embodies the same things-systems that can
generate reliable, useful, and timely information with which to make fully
informed decisions and to ensure accountability on an ongoing basis.

E-gov Initiative	To implement this PMA initiative, OMB has selected 25
presidential e-gov efforts that focus on a wide variety of services,
aiming to simplify and unify agency work processes and information flows,
provide one-stop services to citizens, and enable information to be
collected online once and reused, rather than being collected many times.
One of the 25 presidential e-gov efforts is "e-payroll," which is intended
to consolidate the federal government's many incompatible payroll systems
into just two that would service all government employees. GAO has long
supported and called for such initiatives to standardize and streamline
common systems, which can not only reduce costs, but if done correctly,
can improve accountability. OMB and OPM, the managing partner for the
e-payroll initiative, announced on January 10, 2003, the selection of two
partnerships for federal civilian payroll processing--one partnership
between DOD's Defense Finance and Accounting Service and GSA, and another
between Agriculture's National Finance Center and Interior's National
Business Center. According to the former Director of OMB, the e-payroll
effort, by consolidating duplicative payroll modernization efforts, should
save the federal government an estimated $1.2 billion over the next decade
in future information technology investments given the economies of scale
and cost avoidance.

According to OMB, the need for a federal enterprise architecture80 has
arisen from the e-gov effort. OMB has stated that the development of a
Federal Enterprise Architecture (FEA) is a cornerstone to the federal
government's success in managing its nearly $60 billion81 in IT spending.
Among other things, the FEA, being developed by the Federal Enterprise
Architecture Program Management Office (FEAPMO),82 has been described as a
tool to enable the federal government to identify opportunities to
leverage technology and alleviate redundancy, or to highlight where agency
overlap limits the value of IT investments. OMB recently reported83 that
by using the FEA Business Reference Model to evaluate agency IT budget
requests for fiscal year 2004, it has been able to identify potential
redundancies in six business lines. According to OMB, the Business
Reference Model, one of five reference models, is the foundation of the
FEA and is intended to describe the business operations of the federal
government independent of the agencies that perform them.

Budget and Performance The PMA recognized that improvements in the
management of human

Integration Initiative	capital, financial performance, expanding
electronic government, and competitive sourcing matter little if they are
not linked to program performance and resource allocation decisions.
Although the lack of a consistent information and reporting framework for
performance, budgeting, and accounting may obscure how well government
programs are performing as well as inhibit comparisons, no one
presentation can meet all users' needs. Any framework should support an
understanding of the links between performance, budgeting, and accounting
information measured and reported for different purposes. However, even
the most meaningful links between performance results and resources
consumed

80An enterprise architecture provides a clear and comprehensive picture of
an entity, whether it is an organization (e.g., federal department or
agency) or a functional or mission area that cuts across more than one
organization (e.g., financial management). This picture consists of
snapshots of both the enterprise's current or "As Is" operational and
technological environment and its target or "To Be" environment, as well
as a capital investment road map for transitioning from the current to the
target environment. These snapshots further consist of "views," which are
basically one or more architecture products that provide conceptual or
logical representations of the enterprise.

81The President's budget request for IT spending was $59.4 billion for
fiscal year 2004.

82OMB has established the FEAPMO to develop a comprehensive,
business-driven blueprint for modernizing the federal government.

83Office of Management and Budget, Implementing the President's Management
Agenda for E-Government, E-Government Strategy (April 2003).

are only as good as the underlying data. Therefore, agencies must address
long-standing problems within their financial systems. As agencies
implement and upgrade their financial management systems, opportunities
exist for developing cost management information as an integral part of
the system to provide important information that is timely, reliable, and
useful.

The administration has set forth an ambitious agenda for performance
budgeting, calling for agencies to better align their budgets with their
performance goals and focus on capturing full budgetary cost and matching
these costs with output and outcome goals. Performance-based budgeting can
help shift the focus of debate from inputs to outcomes and results,
enhancing the government's ability to gauge performance and assess
competing claims for scarce resources. While budget reviews have always
involved discussions of program performance, such discussions have not
always been conducted in a common language or with transparency. Last
year, the administration introduced a formal assessment tool into its
deliberations, PART, that is the central element of the PMA's performance
budgeting initiative. PART represents a step toward more structured
involvement of program and performance analysis in the budget and includes
general questions on (1) program purpose and design, (2) strategic
planning, (3) program management, and (4) program results. It also
includes a set of more specific questions that vary according to the type
of delivery mechanism or approach the program uses, and calls for timely,
reliable data to perform those assessments.

PART was applied during the fiscal year 2004 budget cycle to 234
"programs."84 OMB's four-point scale rated programs as "effective,"
"moderately effective," "adequate," or "ineffective" based on program
design, strategic planning, management, and results. Programs that do not
have acceptable performance measures or have not yet collected performance
data generally received a fifth rating of "results not demonstrated." In
the fiscal year 2004 President's budget request, OMB rated 50 percent of
PART-assessed programs as "results not demonstrated" because OMB found
that the programs did not have adequate performance goals and/or data to
gauge program performance were not available. The administration plans to
review approximately one-fifth of all federal programs every year, so that
every program will have been evaluated using PART by the fiscal year 2008
budget submission.

84There is no consistent definition for the term "program." For purposes
of PART, the unit of analysis (program) should have a discrete level of
funding clearly associated with it.

PART could be useful in focusing discussions about progress toward planned
performance; about what progress has been made toward achieving specific
program goals and objectives; and about what tools and strategies may be
used to bring about improvements. Furthermore, performance budgeting
should not be expected to provide the answers to resource allocation
questions in some automatic or formula-driven process. Because budgeting
is the allocation of resources, it involves setting priorities-making
choices among competing claims. Performance information is an important
factor, but it cannot substitute for difficult political choices. It can,
however, help move the debate to a more informed plane-one in which the
focus is on competing claims and priorities. As OMB has stated, "The PART
serves its purpose if it produces an honest starting point for spending
decisions that take results seriously."

Competitive Sourcing Initiative 	Among the factors that agencies must
consider as they determine how best to meet their missions is whether the
public or private sector would be the most appropriate provider of the
services the government needs. As we recently testified,85 the
government's competitive sourcing process-set forth in OMB Circular
A-76-has been difficult to implement and has profoundly impacted the
morale of the federal workforce. Due to these difficulties, the Congress
enacted legislation mandating a study of the government's competitive
sourcing process. In April 2002, following a yearlong study, the
Commercial Activities Panel (CAP), chaired by the Comptroller General,
reported its findings on competitive sourcing in the federal government.
The report lays out 10 sourcing principles and several recommendations,
which provide a road map for improving sourcing decisions across the
federal government. On May 29, 2003, OMB issued a revised Circular A-76 to
simplify and improve the procedures for evaluating public and private
sources. Overall, the revised circular is generally consistent with the
CAP principles and recommendations.

Implementing the revised circular, however, will likely be challenging.
Agencies will need to consider how competitive sourcing relates to the
other four PMA crosscutting initiatives. For example, accurate cost
information from financial management systems and other sources clearly
will be needed to make reliable cost calculations in conducting
publicprivate competitions.

85GAO-03-1022T.

DOD has been at the forefront of federal agencies in using the A-76
process and, since the mid-to-late 1990s, we have tracked DOD's progress
in implementing its A-76 program. While the revised circular includes a
major section on calculating public-private competition costs, DOD's
experiences with public-private competitions suggest important lessons on
financial calculations that agencies should consider as they implement
their competitive sourcing initiatives.86 Notably, we have found that
costs and resources required for the competitions were underestimated, and
determining and maintaining reliable estimates of savings were difficult.

In addition, DOD's IG recently issued a report87 regarding errors in a
public/private competition for the department's military retired and
annuitant pay functions. Although DOD awarded the contract to a private
contractor, more accurate cost estimates may have led to a different
decision. The cost estimate for performing this function in-house included
$33.7 million of overhead costs. In calculating this estimate, DOD
followed OMB Circular A-76 guidance that required the department to use
the standard 12 percent cost factor for overhead costs. This was because
DOD had not developed and submitted for OMB approval a reliable overhead
factor for the department. The DOD IG stated that using the mandatory
overhead factor affected the results of the competition because a reduced
overhead cost factor would have lowered the in-house cost estimate.
According to the IG, two of the main premises of OMB Circular A-76 cost
comparison studies are fairness of the competitions and achieving
realistic cost savings. These premises can only be achieved when
supportable cost data are used.

Strategic Human Capital People are an agency's most important
organizational asset, and strategic

Management	human capital management should be the centerpiece of any
serious change management initiative or any effort to transform the
cultures of government agencies. One step in meeting the government's
human

86U.S. General Accounting Office, Competitive Sourcing: Challenges in
Expanding A-76 Governmentwide, GAO-02-498T (Washington, D.C.: Mar. 6,
2002).

87Office of the Inspector General, Department of Defense, Infrastructure
and Environment: Public/Private Competition for the Defense Finance and
Accounting Service Military Retired and Annuitant Pay Functions,
D-2003-056 (Mar. 21, 2003).

capital challenges is for agency leaders to identify and make use of all
the appropriate administrative authorities available to them to manage
their people both effectively and equitably. As we reported,88 much of the
authority agency leaders need to manage human capital strategically is
already available under current laws and regulations, as recognized by
PMA.

Another step in meeting the government's human capital challenges is for
policymakers to continue to pursue incremental legislative reforms to give
agencies additional tools and flexibilities to hire, manage, and retain
the human capital they need, particularly in critical operations.

As more agency systems are automated and integrated, those working in the
federal financial management community will require new skills. In its
recent final report,89 JFMIP mentioned a skill imbalance as one of the
challenges facing today's financial management workforce. Specifically,
the federal financial management workforce will shift from primarily
transaction processing support to performing multiskilled analysis for
decision making. According to JFMIP, to meet this skill imbalance,
agencies must not only acquire the right skills, but must develop them.
One of several ways to do this is to design a broader financial management
career concept to support the new culture.

Proud To Be Initiative	Specific goals to be achieved by July 1, 2004, have
been established for each of the five crosscutting initiatives under the
"Proud To Be" initiative. According to an April 2003 memorandum from the
OMB Deputy Director for Management-designate, progress on the PMA had
reached a point where it is appropriate to think about where the
administration would be proud to be a year or so from now, after 3 full
years of implementing the PMA. To begin this effort, the owners90 of the
five crosscutting initiatives assessed where he/she would be "proud to be"
on July 1, 2004. For example, for the improved financial performance
initiative, specific goals

88U.S. General Accounting Office, Management Reform: Continuing Progress
in Implementing Initiatives in the President's Management Agenda,
GAO-03-556T (Washington, D.C.: Mar. 26, 2003).

89Joint Financial Management Improvement Program, The Federal Financial
Management Workforce Of the Future--Building a World Class Financial
Workforce (September 2003).

90The owner of the improved financial performance initiative is Linda M.
Springer, Controller, Office of Federal Financial Management, Office of
Management and Budget.

include (1) 50 percent of agencies completing their fiscal year 2003
financial statement audits by November 15, 2003, (2) all CFO Act agencies,
except for DOD, having unqualified audit opinions on their fiscal year
2003 financial statements, and (3) financial audits for fiscal year 2003
achieving a 50 percent reduction in material weaknesses.

Financial Performance Metrics	The CFO Council has developed a draft list
of financial performance metrics to be reviewed monthly for all agencies.
The financial performance metrics under consideration include (1)
reconciled and unreconciled balances relating to fund balance with
Treasury accounts, (2) delinquent accounts receivable from the public, (3)
purchase and travel card delinquency trends, and (4) electronic payments.
According to OMB officials, an online system has been developed to capture
this information and the agency-level metrics reported will roll up into
governmentwide metrics.

Executive Branch Management As mentioned previously, the administration
assesses agency status91 in

Scorecard	achieving the standards for success for each of the five
crosscutting initiatives using a grading system of red, yellow, and
green.92 It also assesses progress93 using a similar "stoplight" system.94
Although we collaborated in some cases with OMB and the lead agencies
regarding the broad standards for success, we have not had the opportunity
to review the more specific criteria that OMB uses to assess each agency's
progress on these initiatives nor have we examined the specific evidence
that OMB used to assess the agency's accomplishments. Table 1 shows the
Scorecard status and progress scores for the improved financial
performance initiative at the CFO Act agencies starting with the December
2002 scorecard.

91The "status" is assessed against the standards of success developed for
each initiative and published in the fiscal year 2003 budget.

92As defined by OMB, green is the appropriate score when all of the
standards for success are met. Yellow is the score given when some, but
not all, of the criteria have been achieved. Red is given when there are
any one of a number of serious flaws.

93The administration assesses "progress" on a case-by-case basis against
the deliverables and timelines, established for the five initiatives,
agreed upon with each agency.

94As defined by OMB, green is the appropriate score when implementation is
occurring according to plans. Yellow is given when some slippage or other
issues requiring adjustment by the agency is needed to achieve the
initiative objectives on a timely basis. The red score is given when the
initiative is in serious jeopardy and the objectives are unlikely to be
realized unless there is significant management intervention.

Table 1: Agency Status and Progress Scores for the Improved Financial
Performance Initiative

                            December 2002 scorecard

March 2003 scorecard

                              June 2003 scorecard

             Score     Status Progress Status Progress        Status Progress 
               Red                15 2                15 1         15         
            Yellow                 6 2                 6 3         4          
             Green                1 18                1 18         3          
             Total               22 22               22 22         22         

Source: GAO analysis of the OMB Executive Branch Management Scorecards for
three quarters.

Note: The Federal Emergency Management Agency, which was consolidated into
DHS, and NRC were not scored. While DHS received red status scores in
improving financial performance as of December 31, 2002, and March 31,
2003, the department was scored as green in progress for those two
quarters.

The focus that the administration's scorecard approach brings to improving
management and performance, including financial management performance, is
certainly a step in the right direction. The value of the scorecard is not
in the scoring per se, but the degree to which the scores lead to
sustained focus and demonstrable improvements. This will depend on
continued efforts to assess progress and maintain accountability to ensure
that the agencies are able to, in fact, improve their performance. It will
be important that there be continuous rigor in the scoring process for
this approach to be credible and effective in providing incentives that
produce lasting results. Also, it is important to recognize that many of
the challenges the federal government faces, such as improving financial
management, are long-standing and complex, and will require sustained
attention.

Conclusions	The ultimate objective of FFMIA is to ensure that agency
financial management systems routinely provide reliable, useful, and
timely financial information, not just at year-end or for financial
statements, so that government leaders will be better positioned to invest
resources, reduce costs, oversee programs, and hold agency managers
accountable for the efficiency of their programs. To achieve the financial
management improvements envisioned by the CFO Act, FFMIA, and more
recently, the PMA, agencies need to modernize their financial management
systems to generate reliable, useful, and timely financial information
throughout the year and at year-end. Meeting the requirements of FFMIA
presents longstanding, significant challenges that will be attained only
through time,

investment, and sustained emphasis on correcting deficiencies in federal
financial management systems.

To provide positive assurance when reporting on compliance with FFMIA,
auditors need to perform detailed audit procedures that are more
comprehensive than those necessary to render an opinion in a financial
statement audit. Such an assessment of an agency's financial management
system is essential to improving the performance, productivity, and
efficiency of federal financial management and achieving the PMA. If
auditors do more comprehensive testing for FFMIA compliance, as described
in the GAO/PCIE FAM, they will be able to provide positive assurance when
reporting on substantial compliance with FFMIA, which is what we believe
the law requires. Therefore, we reaffirm our prior recommendation that OMB
require agency auditors to provide a statement of positive assurance when
reporting an agency's systems to be in substantial compliance with FFMIA.
While the current language that auditors are using to report substantial
compliance with FFMIA may have useful applications, it is not relevant or
appropriate given the requirements of FFMIA. The term "disclosed no
instances" carries a commonly accepted and well-known interpretation among
the audit community that only limited testing is required because the
auditor is not giving an opinion on whether the systems are substantially
compliant. However, our concern is that this type of reporting may give
the general public the false impression that the systems have been found
to be substantially compliant. We also reaffirm our other prior
recommendation for OMB to explore further clarification of the definition
of "substantial compliance" in its FFMIA guidance to encourage consistent
reporting among agency auditors. As we stated95 last year, auditors we
interviewed had concerns about providing positive assurance in reporting
on agency systems' FFMIA compliance because of a need for clarification
regarding the meaning of substantial compliance.

Agencies that do not have integrated financial systems typically must
expend major efforts and resources to develop information that their
systems should be able to provide on a daily and recurring basis. Across
government, agencies have many efforts underway to implement or upgrade
financial systems to alleviate long-standing weaknesses in financial
management. However, the size and complexity of many federal agencies and
the discipline needed to upgrade or replace their financial

95GAO-03-31.

management systems present a significant challenge. While progress
continues to be made to improve financial management systems, for some
agencies there is a long way to go. To be successful, agencies need to
identify the root causes as to why systems have these continuing financial
management weaknesses.

The widespread systems problems facing the federal government need
sustained management commitment at the highest levels of government.
Today, we are seeing a strong commitment from the President, the JFMIP
Principals, and the secretaries of major departments, such as DOD-which
has taken positive steps to transform its business operations and systems-
to ensuring that needed modernization efforts come to fruition. This
commitment is critical to the success of these efforts underway, as well
as those still in a formative stage, to achieve the goals of the CFO Act
and FFMIA.

Agency Comments and Our Evaluation

In written comments (reprinted in app. VI) on a draft of this report, OMB
agreed with our view that financial management success encompasses more
than agencies receiving unqualified opinions on their financial
statements. However, as indicated by its comments, OMB and GAO continue to
have a philosophical difference as to the breadth and nature of activities
related to FFMIA compliance. In discussing FFMIA compliance, OMB focuses
on the compliance requirements of FFMIA. We have a broader view when
considering agency systems' FFMIA compliance. From our viewpoint, the
primary purpose of FFMIA is to ensure that agency financial management
systems routinely provide reliable, useful, and timely financial
information for managerial decision making on a day-to-day basis. With
such information, government leaders will be better positioned to invest
resources, reduce costs, oversee programs, and hold agency managers
accountable for the way they run government programs. By enacting FFMIA,
Congress envisioned that agency managers would have necessary financial
information to measure performance on an ongoing basis rather than just at
year-end. Financial management systems' compliance with federal financial
management systems requirements, applicable accounting standards, and the
SGL at the transaction level are the building blocks to help achieve these
goals.

Specifically, OMB disagreed with our recommendation that OMB require
agency auditors to provide a statement of positive assurance when
reporting that agency systems substantially comply with FFMIA. OMB stated
that, in its view, positive assurance does not measure the quality or

usefulness of the financial information. To the contrary, positive
assurance does provide a more meaningful measure of the quality and
usefulness of the financial information by providing a higher standard for
the auditors' FFMIA assessment. When providing negative assurance with
FFMIA, auditors state that nothing came to their attention indicating that
these agencies' financial management systems did not substantially meet
FFMIA requirements. Providing positive assurance, as we believe the law
requires, means that the auditors must report unequivocally whether the
agency financial management systems substantially comply with the act's
requirements. OMB also pointed out that preliminary data suggest such an
additional reporting burden would raise audit costs without a commensurate
improvement in financial information. As discussed in the FAM, there are a
number of techniques auditors could use to minimize the burden and
associated cost of providing positive assurance. For example, under 31
U.S.C. 3512(c),(d) (commonly referred to as the Federal Managers'
Financial Integrity Act of 1982 (FIA)), agency management is responsible
for systematically developing, assessing, and reporting on internal
controls and financial management systems. Auditors can review the related
FIA documentation to determine the degree of reliance that can be placed
on management's FIA process. Depending on the thoroughness and
completeness of the annual FIA assessment of agency financial management
systems done by management, auditors may not need to significantly
increase their workload to provide positive assurance.

In its comments, OMB also stated that FFMIA compliance is determined by
the agency head, after considering all relevant information, including the
results of the independent audit. While we agree that the law requires
agency heads to make an FFMIA determination, the auditor's FFMIA
assessment is a key element of this FFMIA determination due to auditor
independence. The act specifically states that the determination should be
based on a review of the auditor's report on the applicable agencywide
audited financial statements as well as other information the agency head
considers relevant and appropriate. Moreover, as the legislative history
shows, Congress intended to use the financial statement audit process to
assure that FFMIA's requirements are implemented and maintained in agency
financial management systems. As with financial statement audits, an
auditor's FFMIA assessment provides an objective and independent view of
an agency systems' compliance with FFMIA.

OMB, in reference to our recommendation that it explore further
clarifications of the definition of "substantial compliance" to help
ensure the consistent application of this term, suggested that clear
performance and results standards are better at promoting such
consistency. OMB added that it will consider our recommendation in that
context in any future policy and guidance updates. As we previously
reported,96 auditors we interviewed that performed FFMIA assessments saw a
need for clarification of the meaning of substantial compliance to help
them perform the assessments.

OMB also stated that the report overlooks progress agencies have made
across all areas of IT security performance measures. Similarly, in its
fiscal year 2002 report to the Congress, OMB reported that the federal
government had made significant strides in addressing serious and
pervasive IT security problems, but that much work remained. However, our
analyses of governmentwide performance measures showed more limited
progress. Further, our analyses of individual agency reports showed that
significant challenges remained in implementing information security
requirements. OMB also commented that this progress has been demonstrated
in the federal government's general success in withstanding malicious code
activity. As we recently testified,97 the federal government has taken
several steps to address security vulnerabilities that affect federal
agency systems, but we identified additional steps that can be taken to
address software vulnerabilities.

In its comments, OMB stated that we should limit the scope of this report
to agencies' efforts to implement and maintain financial systems that
comply with the act in fulfilling our statutory requirement to report
annually on FFMIA compliance. We disagree with OMB's view that this report
includes considerable information that is not germane to our statutory
reporting requirements. To the contrary, the governmentwide financial
management improvement efforts, discussed in our report, have a direct
impact on agency systems' compliance with FFMIA and provide additional
context on the importance of financial management systems in achieving
certain initiatives. For example, the e-payroll effort, part of the egov
initiative, if successful, should substantially reduce the number of

96GAO-03-31.

97U.S. General Accounting Office, Information Security: Effective Patch
Management Is Critical to Mitigating Software Vulnerabilities,
GAO-03-1138T (Washington, D.C.: Sept. 10, 2003).

individual agency payroll systems, which affects agencies' financial
systems architecture and the flow of information through their financial
management systems. Similarly, as we discuss in the report, PART
represents a step toward more structured involvement of program and
performance analysis in the budget. This initiative is dependent upon
meaningful links between performance results and resources consumed that
are supported by reliable, useful, and timely underlying information,
including financial data. In our view, it will be difficult, if not
impossible, to achieve success with these governmentwide financial
management improvement efforts without the modernization of agency
financial systems envisioned by the CFO Act and FFMIA.

OMB and several agencies also provided other technical comments that we
incorporated as appropriate.

We are sending copies of this report to the Chairman and Ranking Minority
Member, Subcommittee on Financial Management, the Budget, and
International Security, Senate Committee on Governmental Affairs; and to
the Chairman and Ranking Minority Member, Subcommittee on Government
Efficiency and Financial Management, House Committee on Government Reform.
We are also sending copies to the Director of the Office of Management and
Budget, the Secretary of the Department of Homeland Security, the heads of
the 23 CFO Act agencies, and agency CFOs and IGs. Copies will also be made
available to others upon request.

This report was prepared under the direction of Sally E. Thompson,
Director, Financial Management and Assurance, who may be reached at (202)
512-9450 or by e-mail at [email protected] if you have any questions.
Staff contacts and other key contributors to this report are listed in
appendix VII.

David M. Walker Comptroller General of the United States

Appendix I

Requirements and Standards Supporting Federal Financial Management

                   Financial Management Systems Requirements

The policies and standards prescribed for executive agencies to follow in
developing, operating, evaluating, and reporting on financial management
systems are defined in OMB Circular A-127, Financial Management Systems.
The components of an integrated financial management system include the
core financial system,1 managerial cost accounting system, and
administrative and programmatic systems. Administrative systems are those
that are common to all federal agency operations2 and programmatic systems
are those needed to fulfill an agency's mission. JFMIP has issued federal
financial management systems requirements (FFMSR)3 for the core financial
system and managerial cost accounting system, and is in the process of
issuing these requirements for the administrative and programmatic
systems. Appendix II lists the federal financial management systems
requirements published to date. Figure 6 is the JFMIP model that
illustrates how these systems interrelate in an agency's overall systems
architecture.

1Core financial systems, as defined by JFMIP, include managing general
ledger, funding, payments, receivables, and certain basic cost functions.
JFMIP's most recent update of its core financial system requirements
publication was issued in November 2001.

2Examples of administrative systems include budget, acquisition, travel,
property, and human resources and payroll.

3Circular A-127 references the series of publications entitled Federal
Financial Management Systems Requirements, issued by JFMIP, as the primary
source of governmentwide requirements for financial management systems.

 Appendix I Requirements and Standards Supporting Federal Financial Management

Figure 6: Agency Systems Architecture

Source: JFMIP.

OMB Circular A-127 requires agencies to purchase commercial off-the-shelf
(COTS) software that has been tested and certified through the JFMIP
software certification process when acquiring core financial systems.
JFMIP's certification process, however, does not eliminate or
significantly reduce the need for agencies to develop and conduct a
comprehensive testing effort to ensure that the COTS software meets their
requirements. Moreover, according to JFMIP, core financial systems
certification does not mean that agencies that install these packages will
have financial management systems that are compliant with FFMIA. Many
other factors can affect the capability of the systems to comply with
FFMIA, including modifications made to the JFMIP-certified core financial
management systems software, and the validity and completeness of data
from feeder systems.

 Appendix I Requirements and Standards Supporting Federal Financial Management

Federal Accounting Standards

The Federal Accounting Standards Advisory Board (FASAB)4 promulgates
federal accounting standards that agency CFOs use in developing financial
management systems and preparing financial statements. FASAB develops the
appropriate accounting standards after considering the financial and
budgetary information needs of the Congress, executive agencies, and other
users of federal financial information and comments from the public. FASAB
forwards the standards to the three Sponsors-the Comptroller General, the
Secretary of the Treasury, and the Director of OMB-for a 90day review. If
there are no objections during the review period, the standards are
considered final and FASAB publishes them on its Web site and in print.

The American Institute of Certified Public Accountants has recognized the
federal accounting standards promulgated by FASAB as being generally
accepted accounting principles for the federal government. This
recognition enhances the acceptability of the standards, which form the
foundation for preparing consistent and meaningful financial statements
both for individual agencies and the government as a whole. Currently,
there are 25 statements of federal financial accounting standards (SFFAS)
and 4 statements of federal financial accounting concepts (SFFAC).5 The
concepts and standards are the basis for OMB's guidance to agencies on the
form and content of their financial statements and for the government's
consolidated financial statements. Appendix III lists the concepts,
standards, and interpretations6 along with their respective effective
dates.

4In October 1990, the Secretary of the Treasury, the Director of OMB, and
the Comptroller General established FASAB to develop a set of generally
accepted accounting standards for the federal government. Effective July
1, 2002, FASAB is comprised of six nonfederal or public members and the
three Sponsors. Moreover, effective October 1, 2003, FASAB will also
include one member from the Congressional Budget Office.

5Accounting standards are authoritative statements of how particular types
of transactions and other events should be reflected in financial
statements. SFFACs explain the objectives and ideas upon which FASAB
develops the standards.

6An interpretation is a document of narrow scope that provides
clarifications of original meaning, additional definitions, or other
guidance pertaining to an existing federal accounting standard.

 Appendix I Requirements and Standards Supporting Federal Financial Management

FASAB's Accounting and Auditing Policy Committee (AAPC)7 assists in
resolving issues related to the implementation of accounting standards.
AAPC's efforts result in guidance for preparers and auditors of federal
financial statements in connection with implementation of accounting
standards and the reporting and auditing requirements contained in OMB's
Form and Content of Agency's Financial Statements Bulletin and Audit
Requirements for Federal Financial Statements Bulletin. To date, AAPC has
issued five technical releases, which are listed in appendix IV along with
their release dates.

Standard General Ledger	The SGL was established by an interagency task
force under the direction of OMB and mandated for use by agencies in OMB
and Treasury regulations in 1986. The SGL promotes consistency in
financial transaction processing and reporting by providing a uniform
chart of accounts and pro forma transactions used to standardize federal
agencies' financial information accumulation and processing throughout the
year, enhance financial control, and support budget and external
reporting, including financial statement preparation. For example, agency
use of the SGL accounts and OMB's new intragovernmental business rules for
standardizing intragovernmental activity and balances are key to removing
one of the material weaknesses that GAO has reported on the governmentwide
consolidated statements since fiscal year 1997. The SGL is intended to
improve data stewardship throughout the federal government, enabling
consistent reporting at all levels within the agencies and providing
comparable data and financial analysis at the governmentwide level.8

Internal Control Standards	The Congress enacted legislation, 31 U.S.C.
3512(c),(d) (commonly referred to as the Federal Managers' Financial
Integrity Act of 1982 (FIA)), to strengthen internal controls and
accounting systems throughout the federal government, among other
purposes. Issued pursuant to FIA, the Comptroller General's Standards for
Internal Control in the Federal

7In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the CFO Council,
and the President's Council on Integrity and Efficiency, established AAPC
to assist the federal government in improving financial reporting.

8SGL guidance is published in the Treasury Financial Manual. Treasury's
Financial Management Service is responsible for maintaining the SGL and
answering agency inquiries.

Appendix I Requirements and Standards Supporting Federal Financial
Management

Government9 provides the standards that are directed at helping agency
managers implement effective internal control, an integral part of
improving financial management systems. Internal control is a major part
of managing an organization and comprises the plans, methods, and
procedures used to meet missions, goals, and objectives. In summary,
internal control, which under OMB's guidance for FIA is synonymous with
management control, helps government program managers achieve desired
results through effective stewardship of public resources.

Effective internal control also helps in managing change to cope with
shifting environments and evolving demands and priorities. As programs
change and agencies strive to improve operational processes and implement
new technological developments, management must continually assess and
evaluate its internal control to ensure that the control activities being
used are effective and updated when necessary.

9U.S. General Accounting Office, Standards for Internal Control in the
Federal Government, GAO/AIMD-00-21.3 (Washington, D.C.: November 1999).

Appendix II

Publications in the Federal Financial Management Systems Requirements
Series

FFMSR document Issue date

FFMSR-0 Framework for Federal Financial Management Systems January 1995

FFMSR-7 Inventory System Requirements June 1995

FFMSR-8 Managerial Cost Accounting System Requirements February 1998

JFMIP-SR-01-02 Core Financial System Requirements November 2001

JFMIP-SR-99-5 Human Resources & Payroll Systems April 1999 Requirements

JFMIP-SR-99-8 Direct Loan System Requirements June 1999

JFMIP-SR-99-9 Travel System Requirements July 1999

JFMIP-SR-99-14 Seized Property and Forfeited Asset Systems December 1999
Requirements

JFMIP-SR-00-01Guaranteed Loan System Requirements March 2000

JFMIP-SR-00-3 Grant Financial System Requirements June 2000

JFMIP-SR-00-4 Property Management Systems Requirements October 2000

JFMIP-SR-01-01 Benefit System Requirements September 2001

JFMIP-SR-02-02 Acquisition/Financial Systems Interface June 2002
Requirements

JFMIP-SR-03-01 Revenue System Requirements January 2003

JFMIP-SR-03-02 Inventory, Supplies and Materials System August 2003
Requirements

Appendix III

Statements of Federal Financial Accounting Concepts, Statements of Federal
Financial Accounting Standards, and Interpretations

                                    Concepts

  SFFAC No. 1 Objectives of Federal Financial Reporting SFFAC No. 2 Entity and
            Display SFFAC No. 3 Management's Discussion and Analysis

SFFAC No. 4 Intended Audience and Qualitative Characteristics for the
Consolidated Financial Report of the United States Government

Effective for fiscal

Standards yeara

SFFAS No. 1 Accounting for Selected Assets and Liabilities 1994

SFFAS No. 2 Accounting for Direct Loans and Loan Guarantees 1994

SFFAS No. 3 Accounting for Inventory and Related Property 1994

SFFAS No. 4 Managerial Cost Accounting Concepts and Standards 1998

SFFAS No. 5 Accounting for Liabilities of the Federal Government 1997

SFFAS No. 6 Accounting for Property, Plant, and Equipment 1998

SFFAS No. 7 Accounting for Revenue and Other Financing Sources 1998

SFFAS No. 8 Supplementary Stewardship Reporting 1998

SFFAS No. 9 Deferral of the Effective Date of Managerial Cost Accounting
1998 Standards for the Federal Government in SFFAS No. 4

SFFAS No. 10 Accounting for Internal Use Software 2001

SFFAS No. 11 Amendments to Accounting for Property, Plant, and 1999
Equipment-Definitional Changes

SFFAS No. 12 Recognition of Contingent Liabilities Arising from
Litigation: 1998 An Amendment of SFFAS No. 5, Accounting for Liabilities
of the Federal Government

SFFAS No. 13 Deferral of Paragraph 65-2-Material Revenue-Related 1999
Transactions Disclosures

SFFAS No. 14 Amendments to Deferred Maintenance Reporting 1999

SFFAS No. 15 Management's Discussion and Analysis 2000

SFFAS No. 16 Amendments to Accounting for Property, Plant, and 2000
Equipment

SFFAS No. 17 Accounting for Social Insurance 2000

SFFAS No. 18 Amendments to Accounting Standards for Direct Loans and 2001

                         Loan Guarantees in SFFAS No. 2

Appendix III Statements of Federal Financial Accounting Concepts,
Statements of Federal Financial Accounting Standards, and Interpretations

(Continued From Previous Page)

Effective for fiscal

Standards yeara

SFFAS No. 19 Technical Amendments to Accounting Standards for Direct 2003
Loans and Loan Guarantees in SFFAS No. 2

SFFAS No. 20 Elimination of Certain Disclosures Related to Tax Revenue
2001 Transactions by the Internal Revenue Service, Customs, and Others

SFFAS No. 21 Reporting Corrections of Errors and Changes in Accounting
2002 Principles

SFFAS No. 22 Change in Certain Requirements for Reconciling Obligations
2001 and Net Cost of Operations

SFFAS No. 23 Eliminating the Category National Defense Property, Plant,
2003 and Equipment

SFFAS No. 24 Selected Standards for the Consolidated Financial Report of
2002 the United States Government

SFFAS No. 25 Reclassification of Stewardship Responsibilities and 2005
Eliminating the Current Services Assessment

aEffective dates do not apply to Statements of Federal Financial
Accounting Concepts and Interpretations.

Interpretations

                     No. 1 Reporting on Indian Trust Funds

No. 2 Accounting for Treasury Judgment Fund Transactions

No. 3 Measurement Date for Pension and Retirement Health Care Liabilities

No. 4 Accounting for Pension Payments in Excess of Pension Expense

No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue

No. 6 Accounting for Imputed Intra-departmental Costs

Appendix IV

AAPC Technical Releases

AAPC release Technical release date

TR-1 Audit Legal Letter Guidance March 1, 1998

TR-2 Environmental Liabilities Guidance March 15, 1998

TR-3 Preparing and Auditing Direct Loan and Loan Guarantee July 31, 1999
Subsidies Under the Federal Credit Reform Act

TR-4 Reporting on Non-Valued Seized and Forfeited Property July 31, 1999

TR-5 Implementation Guidance on SFFAS No. 10: Accounting for May 14, 2001
Internal Use Software

Appendix V

Checklists for Reviewing Systems under the Federal Financial Management
Improvement Act

Checklist Issue date

GAO/AIMD-98-21.2.1 Framework for Federal Financial Management May 1998
System Checklist

GAO/AIMD-00-21.2.2 Core Financial System Requirements Checklist February
2000

GAO/AIMD-00-21.2.3 Human Resources and Payroll Systems March 2000
Requirements Checklist

GAO/AIMD-98-21.2.4 Inventory System Checklist May 1998

GAO-01-99G Seized Property and Forfeited Assets Systems October 2000
Requirements Checklist

GAO/AIMD-21.2.6 Direct Loan System Requirements Checklist April 2000

GAO/AIMD-21.2.8 Travel System Requirements Checklist May 2000

GAO/AIMD-99-21.2.9 System Requirements for Managerial Cost January 1999
Accounting Checklist

GAO-01-371G Guaranteed Loan System Requirements Checklist March 2001

GAO-01-911G Grant Financial System Requirements Checklist September 2001

GAO-02-171G Property Management Systems Requirements December 2001
Checklist

GAO-02-762G Benefit System Requirements (Exposure Draft) September 2002

Appendix VI

Comments from the Office of Management and Budget

Appendix VI
Comments from the Office of Management
and Budget

Appendix VII

                     GAO Contacts and Staff Acknowledgments

GAO ContactsSally E. Thompson, (202) 512-9450 Kay L. Daly, (202) 512-9312

AcknowledgmentsIn addition to those named above, Debra S. David, Rosa R.
Harris, Kristen A. Kociolek, Kelly A. Lehr, William S. Lowrey, Sandra S.
Silzer, and Bridget A. Skjoldal made key contributions to this report.

GAO's MissionThe General Accounting Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through the Internet. GAO's Web site (www.gao.gov) contains abstracts
and full	text files of current reports and testimony and an expanding
archive of older products. The Web site features a search engine to help
you locate documents using key words and phrases. You can print these
documents in their entirety, including charts and other graphics.

Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document files.
To have GAO e-mail this list to you every afternoon, go to www.gao.gov and
select "Subscribe to e-mail alerts" under the "Order GAO Products"
heading.

Order by Mail or PhoneThe first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C.
20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm

Waste, and Abuse in E-mail: [email protected]

Federal Programs Automated answering system: (800) 424-5454 or (202)
512-7470

Public AffairsJeff Nelligan, Managing Director, [email protected] (202)
512-4800 U.S. General Accounting Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

                               Presorted Standard
                              Postage & Fees Paid
                                      GAO
                                Permit No. GI00

United States
General Accounting Office
Washington, D.C. 20548-0001

Official Business
Penalty for Private Use $300

Address Service Requested
*** End of document. ***