Financial Management: Department of Homeland Security Faces	 
Significant Financial Management Challenges (19-JUL-04, 	 
GAO-04-774).							 
                                                                 
When the Department of Homeland Security (DHS) began operations  
in March 2003, it faced the daunting task of bringing together 22
diverse agencies. This transformation poses significant 	 
management and leadership challenges, including integrating a	 
myriad of redundant financial management systems and addressing  
the existing weaknesses in the inherited components, as well as  
newly identified weaknesses. This review was performed to (1)	 
identify the financial management systems' weaknesses DHS	 
inherited from the 22 component agencies, (2) assess DHS's	 
progress in addressing those weaknesses, (3) identify plans DHS  
has to integrate its financial management systems, and (4) review
whether the planned systems DHS is developing will meet the	 
requirements of relevant financial management improvement laws.  
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-04-774 					        
    ACCNO:   A10979						        
  TITLE:     Financial Management: Department of Homeland Security    
Faces Significant Financial Management Challenges		 
     DATE:   07/19/2004 
  SUBJECT:   Accounting procedures				 
	     Auditing procedures				 
	     Auditing standards 				 
	     Computer security					 
	     Federal agency accounting systems			 
	     Federal agency reorganization			 
	     Financial management				 
	     Financial management systems			 
	     Financial records					 
	     Financial statement audits 			 
	     Internal controls					 
	     Reporting requirements				 
	     Strategic information systems planning		 
	     Systems compatibility				 
	     Policies and procedures				 
	     Systems integration				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-04-774

United States Government Accountability Office

 GAO	Report to the Ranking Minority Member, Committee on Governmental Affairs,
                                  U.S. Senate

July 2004

FINANCIAL MANAGEMENT

     Department of Homeland Security Faces Significant Financial Management
                                   Challenges

                                       a

GAO-04-774

Highlights of GAO-04-774, a report to The Honorable Joseph I. Lieberman,
Ranking Minority Member, Committee on Governmental Affairs, U.S. Senate

When the Department of Homeland Security (DHS) began operations in March
2003, it faced the daunting task of bringing together 22 diverse agencies.
This transformation poses significant management and leadership
challenges, including integrating a myriad of redundant financial
management systems and addressing the existing weaknesses in the inherited
components, as well as newly identified weaknesses.

This review was performed to (1) identify the financial management
systems' weaknesses DHS inherited from the 22 component agencies, (2)
assess DHS's progress in addressing those weaknesses, (3) identify plans
DHS has to integrate its financial management systems, and (4) review
whether the planned systems DHS is developing will meet the requirements
of relevant financial management improvement laws.

July 2004

FINANCIAL MANAGEMENT

Department of Homeland Security Faces Significant Financial Management
Challenges

DHS inherited 30 reportable internal control weaknesses identified in
prior component financial audits with 18 so severe they were considered
material weaknesses. These weaknesses include insufficient internal
controls, system security deficiencies, and incomplete policies and
procedures necessary to complete basic financial information. Of the four
inherited component agencies that had previously been subject to
stand-alone audits, all four agencies' systems were found not to be in
substantial compliance with the requirements of the Federal Financial
Management Improvement Act (FFMIA), an indicator of whether a federal
entity can produce reliable data for management and reporting purposes.

Component agencies took varied actions to resolve 9 of the 30 inherited
internal control weaknesses. The remaining 21 weaknesses were combined and
reported as material weaknesses or reportable conditions in DHS's first
Performance and Accountability Report, or were reclassified by independent
auditors as lower-level observations and recommendations. Combining or
reclassifying weaknesses does not resolve the underlying internal control
weakness, or mean that challenges to address them are less than they would
have been prior to the establishment of DHS. The following table
summarizes the current status of the weaknesses DHS inherited from
component agencies.

Status of 30 Inherited Weaknesses in 2003 Audit

Closed 9

Classified as material weaknesses for 2003 9

Classified as reportable conditions for 2003

Classified as observation and recommendation for 2003

GAO is making eight recommendations to improve financial management at
DHS, including recommendations to give continued attention to resolving
all previously reported internal control weaknesses and adhere to FFMIA
requirements even though not statutorily required to do so. GAO also
believes Congress should enact legislation to designate DHS as a Chief
Financial Officers Act (CFO Act) agency. DHS generally agreed with the
overall findings and recommendations.

www.gao.gov/cgi-bin/getrpt?GAO-04-774.

To view the full product, including the scope and methodology, click on
the link above. For more information, contact McCoy Williams at (202)
512-6906 or [email protected].

Total

Source: GAO based on DHS's 2003 Performance and Accountability Report.

DHS is in the early stages of acquiring a financial enterprise solution to
consolidate and integrate its business functions. Initiated in August
2003, DHS expects the financial enterprise solution to be fully deployed
and operational in 2006 at an estimated cost of $146 million. Other
agencies have failed in attempts to develop financial management systems
with fewer diverse operations. Success will depend on a number of
variables, including having an effective strategic management framework,
sustained management oversight, and user acceptance of the efforts.

It is too early to tell whether DHS's planned financial enterprise
solution will be able to meet the requirements of relevant financial
management improvement laws. As of June 2004, DHS is not subject to the
CFO Act and thus FFMIA, which is applicable only to agencies subject to
the CFO Act. While DHS is currently not required to report on compliance
with FFMIA, its auditors disclosed systems deficiencies that would have
likely resulted in noncompliance issues.

Contents

  Letter

Results in Brief
Background
DHS Inherited Significant Weaknesses from Its Component

Agencies Some Progress Made in Addressing Inherited Weaknesses DHS Is in
the Early Stages of Integrating Its Financial Management

Systems

It Is Not Known Whether DHS's Planned Financial Management Systems Will Be
Able to Meet the Requirements of Relevant Financial Management Improvement
Laws

Conclusions Matter for Congressional Consideration Recommendations for
Executive Action Agency Comments and Our Evaluation

1 2 4

7 9

12

16 19 20 20 21

Appendixes                                                              
                Appendix I:             Scope and Methodology              23 
                            Material Weaknesses and Reportable Conditions  
               Appendix II:                   at DHS for                   
                                           Fiscal Year 2003                25 
                               Disposition of Reported Internal Control    
              Appendix III:                 Weaknesses by                  
                                              Component                    27 
                               Comments from the Department of Homeland    29 
              Appendix IV:                     Security                    

Tables     Table 1: Status of 30 Inherited Weaknesses in 2003 Audit     10 
            Table 2: Decreases in Service Providers from March 2003 to May 
                                        2004                               15 
                 Table 3: Key Financial Management Improvement Laws        17 
Figure                    Figure 1: Phase I Timeline                    13 

Contents

Abbreviations

CFO Chief Financial Officer
CFO Act The Chief Financial Officers Act of 1990
CIS Bureau of Citizenship and Immigration Services
Coast Guard U.S. Coast Guard
Customs U.S. Customs Service
D.C. Courts District of Columbia Courts
DHS Department of Homeland Security
DOORS Dynamic Object Oriented Requirements System
DOT Department of Transportation
eMerge2 electronically Managing enterprise resources for

government effectiveness and efficiency

FEMA Federal Emergency Management Agency
FFMIA Federal Financial Management Improvement Act of 1996
FISMA Federal Information Security Management Act of 2002
FLETC Federal Law Enforcement Training Center
FMFIA Federal Managers' Financial Integrity Act of 1982
INS Immigration and Naturalization Service
IT information technology
JFMIP Joint Financial Management Improvement Program
NASA National Aeronautics and Space Administration
OCFO Office of the Chief Financial Officer
OIG Office of Inspector General
RFP request for proposal
RFQ request for quotation
RMTO Resource Management Transformation Office
TSA Transportation Security Administration

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

A

United States Government Accountability Office Washington, D.C. 20548

July 19, 2004

The Honorable Joseph I. Lieberman Ranking Minority Member Committee on
Governmental Affairs United States Senate

Dear Senator Lieberman:

When the Department of Homeland Security (DHS) began operations in March
2003, it faced the daunting task of bringing together 22 diverse agencies.
Not since the creation of the Department of Defense had the federal
government undertaken a transformation of this magnitude. As we previously
reported,1 such a consolidation poses significant management and
leadership challenges, including integrating a myriad of redundant
financial management systems and addressing the existing and newly
identified weaknesses in the inherited components.

You asked us to review DHS's progress in addressing financial management
weaknesses and integrating its financial systems. This report (1)
identifies the financial management systems' weaknesses DHS inherited from
the 22 component agencies, (2) assesses DHS's progress in addressing those
weaknesses, (3) identifies plans DHS has to integrate its financial
management systems, and (4) reviews whether the planned systems DHS is
developing will meet the requirements of relevant financial management
improvement laws.2

Our work is based primarily on reviews of DHS's Performance and
Accountability Report for fiscal year 2003 and prior period component
agency annual financial reports, when available. We interviewed DHS
officials and obtained documents related to DHS's financial management
systems integration project. In addition, we reviewed our and Office of
Inspector General (OIG) previously issued reports and relevant laws and
regulations. A more detailed discussion of our scope and methodology can

1For example, see U.S. General Accounting Office, Major Management
Challenges and Program Risk: Department of Homeland Security, GAO-03-102
(Washington, D.C.: January 2003) and Department of Homeland Security:
Challenges and Steps in Establishing Sound Financial Management,
GAO-03-1134T (Washington, D.C.: Sept. 10, 2003).

2Relevant laws include those currently applicable to DHS as well as some
not currently applicable that are the subject of pending legislation.

be found in appendix I. We conducted our work from October 2003 through
June 2004 in accordance with U.S. generally accepted government auditing
standards.

Results in Brief	When DHS began operating in March 2003, it inherited 22
component agencies, approximately 180,000 employees, about 100 resource
management systems, and 30 reportable internal control conditions3
identified in prior component financial audits. Of the 30 reportable
conditions, 18 were so severe they were considered material weaknesses.4
Among these weaknesses were insufficient internal controls or processes to
reliably report financial information such as revenue, accounts
receivable, and accounts payable; significant system security
deficiencies; financial systems that required extensive manual processes
to prepare financial statements; and incomplete policies and procedures
necessary to complete basic financial management activities. Further, of
the four component agencies that had previously been subject to
stand-alone audits, all four agencies' systems were found not to be in
substantial compliance with the requirements of the Federal Financial
Management Improvement Act of 1996 (FFMIA),5 an indicator of whether a
federal entity can produce reliable data for management and reporting
purposes. Because most of the components that transferred to DHS were
comparatively small components of their former department, they had not
been subjected to significant financial statement audit scrutiny prior to

3Under standards issued by the American Institute of Certified Public
Accountants, "reportable conditions" are matters coming to the auditors'
attention relating to significant deficiencies in the design or operation
of internal controls that, in the auditors' judgment, could adversely
affect the department's ability to record, process, summarize, and report
financial data consistent with the assertions of management in the
financial statements.

4Material weaknesses are reportable conditions in which the design or
operation of one or more of the internal control components does not
reduce to a relatively low level the risk that misstatements in amounts
that would be material in relation to the financial statements being
audited may occur and not be detected within a timely period by employees
in the normal course of performing their assigned functions.

5Division A, Section 101(f), Title VIII of Public Law 104-208 is entitled
the Federal Financial Management Improvement Act of 1996. FFMIA requires
the major departments and agencies covered by the CFO Act to implement and
maintain financial management systems that comply substantially with (1)
federal financial management systems requirements, (2) applicable federal
accounting standards, and (3) the U.S. Government Standard General Ledger
at the transaction level.

transfer. Thus, it was unknown at the time of transfer whether additional
internal control weaknesses existed in those components.

Component agencies took action to resolve 9 of the 30 internal control
weaknesses DHS inherited from component agencies. These actions included
reinstating procedures to accurately estimate financial data, performing
risk assessments of major systems, and instituting processes to ensure
accounts receivable and fixed assets are properly recorded. Another 9 of
the inherited weaknesses were combined and reported as material weaknesses
in DHS's first Performance and Accountability Report, while 5 were
combined and reported as reportable conditions. Although combining or
reclassifying weaknesses reduces the overall number of weaknesses, it does
not resolve the underlying internal control weakness or reduce the level
of effort that will be needed to mitigate the weakness. The remaining 7
weaknesses were classified by the department's independent auditors as
observations and recommendations.6 Finally, auditors reported 6 additional
weaknesses as of September 30, 2003, bringing the total number of DHS
reportable conditions to 14 for fiscal year 2003, 7 of which were
considered to be material weaknesses. DHS has developed or begun to
develop corrective action plans to address 10 of the 14 internal control
weaknesses identified in the 2003 financial audit. Sustained attention
must be given to resolving all previously reported weaknesses, regardless
of their current designation at DHS.

DHS is in the early stages of acquiring a financial enterprise solution to
consolidate and integrate the department's financial accounting and
reporting systems, including budget, accounting and reporting, cost
management, asset management, and acquisition and grants functions.
According to DHS, the department initiated a financial management systems
integration project in August 2003. The completed project is expected to
be fully deployed and operational in 2006 at an estimated cost of
approximately $146 million. Other agencies have failed in attempts to
develop financial management systems with fewer diverse operations. An
effective strategic management framework, sustained management oversight,
and user acceptance of the efforts, among other things, will be keys to
DHS's success. As an interim effort, DHS is working to consolidate the
number of legacy financial systems, and reports that it has reduced the

6Observations and recommendations are weaknesses that do not meet the
criteria for reportable conditions and are typically communicated from the
auditor to the appropriate level of entity management in a management
letter.

overall number of financial service providers. We plan to monitor DHS's
efforts as part of our consolidated financial statement audit of the U.S.
government.

It is too early to tell whether DHS's planned financial enterprise
solution will be able to meet the requirements of relevant financial
management improvement laws it is currently subject to. As of June 2004,
DHS is not subject to the Chief Financial Officers Act of 19907 (CFO Act)
and thus is exempt from FFMIA, which is only applicable to CFO Act
agencies. The CFO Act requires major agencies to have a qualified,
presidentially appointed, Senate-confirmed Chief Financial Officer (CFO)
who reports to the head of the agency. Currently, the CFO at DHS reports
to the Under Secretary for Management while directorate CFOs report to the
head of their respective directorates, not to DHS's CFO. In addition,
while DHS is currently not required to report on its systems' compliance
with FFMIA, its auditors disclosed systems deficiencies that indicate that
DHS's systems would not have been in substantial compliance with the
requirements of FFMIA during its first 7 months of operation.

We obtained written comments on a draft of this report from DHS's Chief
Financial Officer. In commenting on a draft of this report, DHS generally
agreed with the overall findings and recommendations. The comments DHS
provided to us are reprinted in appendix IV.

Background	In the aftermath of the terrorist attacks of September 11,
2001, responding to potential and real threats to homeland security became
one of the federal government's most significant challenges. To address
this challenge, the Congress passed, and the President signed, the
Homeland Security Act of 2002,8 which merged 22 federal agencies and
organizations into DHS, making it the department with the third largest
budget in the federal government, about $40 billion for fiscal year 2005.9
In January 2003, we designated implementation and transformation of the
new Department of Homeland Security as high risk based on three factors:
(1) the implementation and transformation of DHS is an enormous
undertaking

7Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990). 8Pub. L. 107-296,
116 Stat. 2135 (Nov. 25, 2002). 9U.S. Department of Homeland Security,
Budget in Brief: Fiscal Year 2005.

that will take time to achieve in an effective and efficient manner, (2)
components to be merged into DHS already face a wide array of existing
challenges, and (3) failure to effectively carry out its mission would
potentially expose the nation to very serious consequences.10 As we
previously reported,11 one of the department's key challenges is
integrating the components' respective financial management systems, many
of which were outdated and had limited functionality, as well as
addressing weaknesses from the inherited components.

The Homeland Security Act of 2002 states that DHS's missions include,
among other things, preventing terrorist attacks within the United States,
reducing America's vulnerability to terrorism, minimizing subsequent
damage, and assisting in the recovery from attacks that do occur. To help
accomplish this integrated homeland security mission, the various mission
areas and associated programs of 22 federal agencies were merged, in whole
or in part, into DHS. The department's organizational structure consists
of eight major components-the U.S. Coast Guard (Coast Guard), the U.S.
Secret Service, the Bureau of Citizenship and Immigration Services (CIS),
and five directorates, each of which is headed by an Under Secretary:
Information Analysis and Infrastructure Protection, Science and
Technology, Border and Transportation Security, Emergency Preparedness and
Response, and Management. Within the Management Directorate is DHS's
Office of the Chief Financial Officer (OCFO), which is assigned primary
responsibility for functions, such as budget, finance and accounting,
strategic planning and evaluation, and financial systems for the
department. OCFO is also charged with ongoing integration of these
functions within the department.

The CFO Act requires the agency's CFO to develop and maintain an
integrated accounting and financial management system that provides for
complete, reliable, and timely financial information that facilitates the
systematic measurement of performance at the agency, the development and
reporting of cost information, and the integration of accounting and
budget information. The act also requires that the agency's CFO be
qualified, presidentially appointed, approved by the Senate, and report to
the head of the agency. FFMIA requires that CFO Act agencies implement and
maintain financial management systems that substantially comply with

10See GAO-03-102. 11See GAO-03-1134T.

federal financial management systems requirements, applicable accounting
standards, and the U.S. Government Standard General Ledger at the
transaction level. It also requires auditors to report whether the
agency's financial management systems substantially comply with the three
requirements of FFMIA. While not required to comply with provisions of the
CFO Act or FFMIA, the Accountability of Tax Dollars Act of 2002,12
requires DHS to prepare and have audited financial statements annually.13
The Accountability of Tax Dollars Act of 2002, however, does not require
compliance with the CFO Act or FFMIA.

In identifying improved financial performance as one of its five
governmentwide initiatives, the President's Management Agenda recognized
that an unqualified financial audit opinion14 is a basic prescription for
any well-managed organization and that without sound internal control and
accurate and timely financial information, it is not possible to
accomplish the agenda and secure the best performance and highest measure
of accountability for the American people. In addition, the Joint
Financial Management Improvement Program (JFMIP) Principals15 have defined
certain measures, in addition to receiving an unqualified financial
statement opinion, for achieving financial management success. These
additional measures include being able to routinely provide timely,
accurate, and useful financial and performance information, having neither
material internal control weaknesses nor material noncompliance with laws
and regulations, and meeting the requirements of FFMIA.

DHS obtained a consolidated financial audit for the 7-month period from
March 1, 2003, to September 30, 2003, and received a qualified opinion
from its independent auditors on its consolidated balance sheet as of
September 30, 2003, and the related statement of custodial activity for
the 7 months ending September 30, 2003. Auditors were unable to opine on
the

12Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002).

13An audit includes examining, on a test basis, evidence supporting the
amounts and disclosures in the financial statements, assessing the
accounting principles used and significant estimates made by management,
and evaluating the overall consolidated financial statement presentation.

14An unqualified audit opinion indicates that the balances in the
financial statements are free of significant errors known as material
misstatements.

15The JFMIP Principals are the Secretary of the Treasury, the Directors of
the Office of Management and Budget (OMB) and the Office of Personnel
Management (OPM), and the Comptroller General of the United States.

consolidated statements of net costs and changes in net position, combined
statement of budgetary resources, and consolidated statement of financing.
The auditors reported 14 reportable conditions on internal control, 7 of
which were considered to be material weaknesses.

  DHS Inherited Significant Weaknesses from Its Component Agencies

When DHS was created in March 2003 and merged with 22 diverse agencies,
there were many known financial management weaknesses and vulnerabilities
in the inherited agencies. For 5 of the agencies that transferred to
DHS-Customs Service (Customs), Transportation Security Administration
(TSA), Immigration and Naturalization Service (INS), Federal Emergency
Management Agency (FEMA), and Federal Law Enforcement Training Center
(FLETC)-auditors had reported 30 reportable conditions, 18 of which were
considered material internal control weaknesses. Further, of the four
component agencies-Customs, TSA, INS, and FEMA-that had previously been
subject to stand-alone audits, all four agencies' systems were found not
to be in substantial compliance with the requirements of FFMIA.

Most of the 22 components that transferred to DHS had not been subjected
to significant financial statement audit scrutiny prior to their transfer,
so the extent to which additional significant internal control
deficiencies existed was unknown. For example, conditions at the Coast
Guard have surfaced because of its greater relative size and increased
audit scrutiny at DHS as compared to its former legacy agency, the
Department of Transportation (DOT). As part of DOT's financial statement
audit, the Coast Guard had no specifically attributable reported
weaknesses identified. However, newly identified weaknesses related to the
Coast Guard were one of the main reasons that independent auditors issued
a qualified opinion on DHS's consolidated balance sheet and why they were
unable to provide an opinion on other financial statements for the 7
months ending September 30, 2003.

For fiscal year 2002 and prior to its transfer to DHS, Customs' auditors
reported16 nine internal control weaknesses, including weaknesses in its
ability to monitor the effectiveness of its internal controls over entry
duties

16Customs' auditors performed an internal control review, not a full scope
financial statement audit.

and taxes, controls over drawback claims,17 security issues in information
technology (IT) systems, and issues concerning the strength of its core
financial systems. These weaknesses can result in inaccurate reporting of
certain material elements of Customs' financial situation, system security
weaknesses that could leave Customs' information vulnerable to
unauthorized access, and the necessity of extensive manual procedures and
analyses to process routine transactions. Finally, these weaknesses
contributed to Customs' systems inability to substantially comply with the
requirements of FFMIA.

Although TSA is a relatively new agency formed after the September 11,
2001, terror attacks, its auditors reported six internal control
weaknesses, including weaknesses in the hiring of qualified personnel,
financial reporting and systems, property accounting and financial
reporting, financial management policies, administration of screener
contracts, and maintenance of adequate information in its personnel files.
These weaknesses can result in uncontrolled spending of taxpayer dollars,
misplaced or unaccounted for property, and challenges in producing
financial statements. In its first year audit ending September 30, 2002,
TSA obtained an unqualified audit opinion on its financial statements.
However, TSA's systems did not substantially comply with the requirements
of FFMIA.

INS's auditors reported four internal control weaknesses as of February
28, 2003,18 including weaknesses in the functionality of its financial
systems; recording accounts payable and related accruals; financial
reporting; and controls over its financial management system. Weaknesses
such as these have existed for several years and contribute to INS's
systems continuing inability to substantially comply with the requirements
of FFMIA. Although the weaknesses did not interfere with the agency's
ability to obtain an unqualified opinion on its financial statement audit,
they did result in the need for extensive manual effort to prepare
reliable financial information

17Drawback is a remittance, in whole or in part, of duties, taxes, or fees
previously paid by an importer. Drawback typically occurs when the
imported goods on which duties, taxes, or fees that have previously been
paid are subsequently exported from the United States or destroyed prior
to entering the commerce of the U.S. Depending on the type of claim, the
claimant has up to 8 years from the date of importation to file for
drawback.

18INS obtained an independent financial statement audit for the 5 month
period October 1, 2002, to February 28, 2003-prior to its transfer to DHS.

and record basic financial transactions to aid management in decision
making.

FEMA's auditors reported seven internal control weaknesses for fiscal year
2002, including weaknesses in information security controls over its
financial systems environment; financial system functionality; financial
reporting process; real and personal property system processes; account
reconciliation processes; accounts receivable processes; and the lack of a
process to evaluate the accuracy of a new claims estimation methodology.
These weaknesses resulted in the need for extensive manual effort to
compile financial information because FEMA's financial systems were unable
to perform certain basic accounting functions efficiently. Further, FEMA's
systems were unable to accurately track basic accounting information, such
as real and personal property and accounts receivable. Many of these
weaknesses specifically contributed to FEMA's systems' failure to
substantially comply with the requirements of FFMIA.

Finally, FLETC's auditors reported four internal control weaknesses for
fiscal year 2002. These weaknesses resulted from FLETC not having adequate
policies and procedures in place to ensure that funds obligated were
proper and that costs for construction in progress were recorded properly.
Further, auditors found that FLETC was not taking the steps necessary to
be in compliance with certain Office of Management and Budget
requirements. Many of these weaknesses lead to FLETC's systems' inability
to substantially comply with the requirements of FFMIA.

  Some Progress Made in Addressing Inherited Weaknesses

DHS has made some progress in addressing the internal control weaknesses
it inherited from component agencies. Nine of the 30 internal control
weaknesses identified in prior component financial statement audits have
been closed as of September 30, 2003. The remaining 21 issues represent
continuing weaknesses that have been reported in DHS's first Performance
and Accountability Report. Nine of these were combined and reported as 3
material weaknesses, while 5 were reported as reportable conditions. The
department's independent auditors classified the remaining 7 weaknesses as
lower level observations and recommendations. Table 1 summarizes the
status of the 30 weaknesses DHS inherited from component agencies as of
September 30, 2003.

Table 1: Status of 30 Inherited Weaknesses in 2003 Audit

Closed

Classified as material weaknesses for 2003

Classified as reportable conditions for 2003

Classified as observation and recommendation for 2003

Total

Source: GAO based on DHS's fiscal year 2003 Performance and Accountability
Report.

Auditors reported 6 additional weaknesses as of September 30, 2003,
bringing the total number of reportable conditions for DHS to 14 for
fiscal year 2003, 7 of which were considered to be material weaknesses. A
description of these weaknesses can be found in appendix II. As mentioned
previously, several of the departmentwide weaknesses resulted from
combining previously identified weaknesses or reclassifying them, rather
than from resolving the underlying internal control weaknesses. For
example, in fiscal year 2003, DHS's auditors reported a departmentwide
material weakness related to financial systems functionality and
technology. This weakness resulted from combining what accounted for 7 of
the inherited weaknesses-3 from Customs, 2 from FEMA, 1 from INS, and 1
from TSA. Appendix III provides detailed information on the status of each
of the 30 inherited weaknesses, including how they were reported in DHS's
Performance and Accountability Report.

Component agencies took various steps to resolve nine of the previously
identified weaknesses inherited from component agencies. For example,
Customs had a previously identified weakness related to the effectiveness
of its internal controls over accurate reporting of entry duties and
taxes. This weakness was resolved by reinstituting a program that Customs
had in place prior to the terrorist attacks of September 11, 2001, which
allows for more accurate reporting of these taxes and duties. Another
weakness DHS inherited relates to FEMA's inability to identify and record
certain accounts receivable in a timely manner. FEMA's accounts receivable
processes were strengthened to ensure that accounts receivable are
determined and recorded on a timely basis. In order to resolve several
weaknesses at FLETC and TSA, various policies and procedures were
implemented at these components to ensure that financial information was
recorded and properly approved. Further, TSA has hired additional staff,
thereby resolving its weaknesses of not having a sufficient number of
qualified accounting personnel.

In addition to the 7 material weaknesses and 7 reportable conditions
reported in DHS's 2003 financial statement audit, DHS reported 12
additional weaknesses that affect the department's full compliance with
certain objectives of 31 U.S.C. 3512(c), (d) (commonly known as the
Federal Managers' Financial Integrity Act of 1982 (FMFIA)). FMFIA requires
that management ensure that it has an organizational structure that
supports the planning, directing, and controlling of operations to meet
agency objectives; clearly defines key areas of authority and
responsibility; and provides for appropriate lines of reporting. The
standards also define internal control as a key component necessary to
ensure that financial reporting information is reliable. Examples of the
FMFIA weaknesses reported by DHS included deficient controls over laws and
regulations regarding the border entry process, nonconformance related to
system security, and lack of oversight and administration of major
contracts at TSA.

Of the seven departmentwide material weaknesses reported by DHS's auditors
for fiscal year 2003, four were newly identified and contributed to the
auditors' inability to render an opinion on all of DHS's financial
statements. Newly identified weaknesses included the lack of procedures at
DHS to verify the accuracy and completeness of balances transferred on
March 1, 2003, and significant weaknesses with the number of qualified
financial management personnel employed by the department. DHS's auditors
also found significant deficiencies at the Coast Guard and Secret Service,
preventing them from being able to express an opinion on certain financial
statements.

In addition to the internal control weaknesses cited in its 2003 financial
statement audit, there were other weaknesses that, while not material to
DHS on a departmentwide basis, are still important weaknesses that need to
be addressed. FEMA, Customs, and TSA each had weaknesses at the time of
their transfer to DHS. However, in the 2003 audit report, these weaknesses
were classified as observations and recommendations, a much less serious
classification. Lower classification within DHS does not mean that the
issues are now somehow less severe, it merely refers to the materiality of
a component within DHS. Considered against operations or assets of the
stand-alone entity, these issues by themselves were relatively more
significant than when considered in the context of the much larger
consolidated operations of DHS as a whole. Resolving all previously
reported internal control weaknesses, regardless of the current
designation at DHS, is key to DHS's ability to produce relevant and
reliable financial information.

DHS's CFO testified that the department is committed to resolving the
remaining weaknesses and has developed a plan to do so. According to the
CFO's plans, corrective actions will be developed by each applicable
bureau or directorate and submitted to the OCFO. Currently, DHS's OCFO has
compiled a summary document with the corrective action plans as submitted
by the applicable bureau or directorate. According to this document,
corrective action plans of varying levels of detail are in place to
address 12 of the 14 internal control weaknesses, some of which are
scheduled to be completed by the end of fiscal year 2004. However, 2
material internal control weaknesses-Financial Systems Functionality and
Technology and Transfer of Funds, Assets, and Liabilities to DHS-do not
currently have any planned corrective actions in place.

Along with developing corrective action plans, the CFO testified that DHS
plans to implement a departmentwide tracking system to monitor the status
of corrective actions. DHS has begun working with a contractor to design
and implement a tracking system for outstanding weaknesses identified
during the department's independent financial audits. While this system is
still being developed by the OCFO, with assistance from contractors, it is
not yet fully functional and does not include information on all reported
weaknesses. Until such time that it does, it will provide limited
oversight and information on the status of corrective actions to address
weaknesses at DHS. While progress has been made to address the known
material weaknesses, much work still remains. Follow-through with planned
corrective actions is paramount. The support of top officials at the
department will be key in ensuring that the necessary resources are
available to address the weaknesses and to ensure that they are resolved
in a timely manner.

  DHS Is in the Early Stages of Integrating Its Financial Management Systems

DHS intends to acquire and deploy an integrated financial enterprise
solution and reports that it has reduced the number of its legacy
financial systems. DHS has established the Resource Management
Transformation Office (RMTO) within the Management Directorate to manage
its financial enterprise solution project. However, the acquisition is in
the early stages, and continued focus and follow through, among other
things, will be necessary for it to be successful.

RMTO has termed its financial enterprise solution project "electronically
Managing enterprise resources for government effectiveness and efficiency"
(eMerge2 ), which according to the RMTO's Strategic Framework,
"establishes the strategic direction for migration,

modernization, and integration of DHS financial, accounting, procurement,
personnel, asset management and travel systems, processes, and policies."
DHS expects the acquisition and implementation of the financial enterprise
solution to take place over a 3-year time period and cost approximately
$146 million.

According to the strategic framework DHS provided to us, the development
of an integrated financial enterprise solution will be accomplished in
three phases. Phase I includes defining, acquiring, and testing the
planned solution. Phase II involves implementing the solution throughout
DHS, and Phase III is ongoing maintenance of the solution. According to
DHS, the eMerge2 initiative is currently in Phase I, which is to be
executed in three stages and is expected to be completed in late 2004.
Figure 1 represents the three stages of Phase I and the timelines as of
August 2003 and May 2004, according to the DHS RMTO Strategic Frameworks
provided to us.

Figure 1: Phase I Timeline

According to plans DHS's RMTO developed early in Phase I, completion of
core requirements development was to have been completed between September
2003 and mid-February 2004. However, in updated plans dated May 2004, the
core requirements development actually began in January 2004 and was to be
completed in May 2004. The earlier plans' timeline also called for
requesting vendor solution proposals in October 2003, with final

vendor selection to occur in April or May of 2004. However, vendor
proposal requests were issued in June 2004 and selection is to be
completed in July 2004.

Concurrent with eMerge2, DHS has issued a request for quotation (RFQ) for
an interim project-the Business Automation Initiative-to be developed by
contractors during 2004. The RFQ requested system proposals to automate
purchase requests for the department and to streamline the employee
entry/exit process. Another interim initiative was considered by the
department to integrate data mining and warehousing, improve grants
visibility (beginning with first responder grants), and streamline
financial statement consolidation. However, instead of pursuing this
interim solution, DHS plans to include it in the requirements of the
eMerge2 initiative. Of key importance in the development of any DHS system
solution acquisition, interim or not, is how the acquisition fits within
the future overall plans of DHS as outlined in its enterprise
architecture, which is still being developed. It would be duplicative and
wasteful to implement a short-term solution that is not part of the
long-term integration plans at DHS.

According to DHS officials, the RMTO recently completed the requirements
definition phase for the eMerge2 initiative and obtained approval of the
requirements from various high-level DHS officials. Additionally, a
request for proposal (RFP) was issued by DHS for the eMerge2 initiative in
June 2004. The RFP is scheduled to be open for approximately 1 month and
then a vendor will be chosen. DHS has developed various planning documents
for the eMerge2 initiative. However, these documents were not provided to
us until after we completed our fieldwork. Thus, we are not providing
description, analysis, or evaluation of such information in this report,
and we are unable to determine if DHS, through the RMTO, is developing a
financial enterprise solution that will be in alignment with
departmentwide information technology plans, many of which are still under
development.

Nevertheless, we have found that similar projects have proven challenging
and costly for other federal agencies. For example, we have reported on
the efforts of National Aeronautics and Space Administration19 (NASA), and

19U.S. General Accounting Office, Information Technology: Architecture
Needed to Guide NASA's Financial Management Modernization, GAO-04-43
(Washington, D.C.: Nov. 21, 2003) and National Aeronautics and Space
Administration: Significant Actions Needed to Address Long-standing
Financial Management Problems, GAO-04-754T (Washington, D.C.: May 19,
2004).

the District of Columbia Courts20 (DC Courts) to acquire new information
systems. NASA is on its third attempt in 12 years to modernize its
financial management process and systems, and has spent about $180 million
on its two prior failed efforts. DC Courts began its system acquisition in
1998 and has struggled in its implementation. One of the key impediments
to the success of integration efforts at NASA was the failure to involve
key stakeholders in the implementation or evaluation of system
improvements. As a result, new systems failed to meet the needs of key
stakeholders. DC Courts struggled in developing requirements that
contained the necessary specificity to ensure the system developed would
meet its users' needs. To avoid similar problems, it is important, among
other things, that DHS ensure commitment and extensive involvement from
top management and users in eMerge2 .

Over the past year, DHS has reported that it has reduced the number of
financial management service providers for the department from the 19
providers at the time DHS was formed to the 10 it currently uses. DHS has
plans to further consolidate to 7 providers. A DHS official estimated
approximately $5 million in savings through the reduction of the number of
financial management service centers. Table 2 shows the decreases that
have occurred in service providers from March 2003 to May 2004.

Table 2: Decreases in Service Providers from March 2003 to May 2004

                        Service provider type  March 2003 May 2004   Decrease 
         Financial management service centers          19        10 
                          Contracting offices          13         8 
                       Human resource offices          22         7 
                              Payroll offices           7         3 
                  Property management offices          22         3 
                                        Total          83        31 

Source: GAO based on DHS-provided information.

This continued focus on consolidation and integration of services and
service providers, if implemented properly, could aid the department in
realizing further savings and efficiencies in support of its overall
mission.

20U.S. General Accounting Office, DC Courts: Disciplined Processes
Critical to Successful System Acquisition, GAO-02-316 (Washington, D.C.:
Feb. 28, 2002).

Although we did not perform audit procedures to determine the impact of
these reductions, reduction of service providers prematurely, without
considering the provider's reliability, or without an overall
consolidation plan, could be negative if it interferes with the enterprise
approach or causes significant short-term inefficiencies for agencies that
must quickly adapt to other systems.

  It Is Not Known Whether DHS's Planned Financial Management Systems Will Be
  Able to Meet the Requirements of Relevant Financial Management Improvement
  Laws

It is too early to tell whether DHS's planned financial enterprise
solution will be able to meet the requirements of relevant financial
management improvement laws--those currently applicable to DHS (such as
FMFIA), as well as some not applicable that are subject to pending
legislation. DHS is currently subject to most financial management
improvement laws except for the CFO Act and FFMIA. The goals of the CFO
Act and FFMIA are to provide the Congress and agency management with
reliable financial information for managing and making day-to-day
decisions and to improve financial management systems and controls to
properly safeguard the government's assets. Further, the CFO Act requires
certain agencies to have a qualified, presidentially appointed,
Senate-confirmed CFO who reports to the head of the agency.21

FFMIA requires major departments and agencies covered by the CFO Act to
implement and maintain financial management systems that comply
substantially with (1) federal financial management systems requirements,
(2) applicable federal accounting standards, and (3) the U.S. Government
Standard General Ledger at the transaction level. Although DHS is not
currently subject to FFMIA, its auditors disclosed systems deficiencies in
its financial management information systems, the application of
accounting standards, and recording of financial transactions, all of
which relate to the requirements of FFMIA. Based on these weaknesses it is
likely that DHS's systems would not have been in substantial compliance
with the requirements of FFMIA. Table 3 lists relevant financial
management laws and describes their relationship to DHS.

21Currently, the CFO at DHS reports to the Under Secretary for Management
while directorate CFO's report to the head of the respective directorates,
not to DHS's CFO.

Table 3: Key Financial Management Improvement Laws

DHS Law covered? Requirement Impact of legislation on DHS

Chief Financial Officers Act of 1990

No	Requires agencies to develop and maintain an integrated accounting and
financial management system that provides for (1) complete, reliable,
consistent, and timely information that is responsive to the financial
information of the agency and facilitates the systematic measurement of
performance; (2) the development and reporting of cost management
information; (3) the integration of accounting and budget information; and
(4) requires that the agency's CFO be qualified, presidentially appointed,
approved by the Senate, and report to the head of the agency.

H.R. 4259 and S. 1567, which are now under consideration before the
Congress, would make DHS a CFO Act agency.

The current CFO of DHS reports to the Under Secretary for Management. Each
directorate has separate CFOs who report to their respective directorate
head.

Federal Financial Management Improvement Act of

No	Requires the major departments and agencies covered by the CFO Act to
implement and maintain financial management systems that comply
substantially with (1) federal financial management systems requirements,
(2) applicable federal accounting standards, and (3) the U.S. Government
Standard General Ledger at the transaction level. Requires auditors to
include in their CFO Act audit reports whether the agency's financial
management systems comply with FFMIA's requirements.

DHS is not currently required to comply with FFMIA standards. Auditors did
disclose systems deficiencies in its financial management information
systems, the application of accounting standards, and recording of
financial transactions, all of which relate to the requirements of FFMIA.

Accountability of Tax Yes Requires non-CFO Act           DHS obtained an   
                             agencies to obtain annual      audit for the 7   
    Dollars Act of 2002      financial statement audits,        months ending 
                             unless specifically exempted September 30, 2003. 
                                        by OMB or already 
                                  statutorily required to 
                                         obtain an annual 
                                        audit.            

31 U.S.C. 3512(c), (d) Yes Requires agency management to ensure that they
have In its 2003 financial statement audit,
(commonly known as effective control over, and accountability for, its
assets. To auditors reported 12 weaknesses that
the Federal Managers' ensure compliance, it requires the agency head to
would affect DHS's full compliance
Financial Integrity Act establish internal accounting and administrative
controls with FMFIA.
of 1982 (FMFIA)) and report whether the agency's systems comply.

                                Requires each agency to    DHS has prepared a 
       Government      Yes      develop strategic plans           performance 
                                               covering 
                                 a period of at least 5 budget to comply with 
     Performance and       years. It also requires each       this act.       
                                                 agency 
                                   to prepare an annual 
Results Act of 1993            performance plan that 
                                           includes the 
                            performance indicators that 
                           will be used to measure "the 
                           relevant outputs, service    
                           levels, and outcomes of each 
                             program activity" in an    
                                 agency's budget.       

(Continued From Previous Page)

DHS Law covered? Requirement Impact of legislation on DHS

Clinger-Cohen Act of

Yes	Requires agencies to establish goals for improving efficiency and
effectiveness of their operations through the effective use of IT.
Performance measurements must be established that assess how well IT
supports agency programs. Where comparable processes and organizations
exist, agency heads must benchmark agency process performance against
comparable processes in terms of cost, speed, productivity, and quality of
outputs and outcomes. Agency heads must clearly define agency missions and
consider appropriate process changes before making significant investments
in IT. Agencies must also report annually on operational improvements
achieved through the effective use of IT.

DHS is in the process of drafting an IT strategic plan, which will be the
driving force in establishing DHS's strategic IT management framework. It
will discuss how the department plans to manage and use IT to achieve
strategic mission goals. According to the CIO, the department is still in
the process of completing the IT strategic plan and expects to make it
final in mid-2004.

Federal Information Yes FISMA requires the designation and establishment
of Security Management specific responsibilities for an agency senior
information Act (FISMA) of 2002 officer, implementation of minimum
information security

requirements for agency information systems, and

required agency reporting to the Congress.

DHS has created the office of the Chief Information Officer and the Chief
Information Security Officer. The September 2003 FISMA Report issued by
DHS OIG indicates that DHS has performed reviews of FISMA IT security and
has created positions for component information security officers to
ensure that information security is coordinated at all levels of the
agency.

Source: GAO.

DHS is currently required to have annual audits under the Accountability
of Tax Dollars Act and to report on its internal controls under FMFIA.
Although DHS's CFO has testified that DHS complies with the audit
provisions of the CFO Act and will continue to do so, we believe DHS
should be a CFO Act agency and be subject to the requirements of FFMIA.
DHS should not be the only cabinet-level department not covered by what is
the cornerstone for pursuing and achieving the requisite financial
management systems and capabilities in the federal government.22

Given its early implementation, it is too early to tell whether DHS's
planned financial enterprise solution will meet the requirements of
financial management laws it is currently not subject to. While DHS
systems must meet the requirements of laws they are currently subject to,
it is also important that DHS be proactive and incorporate the
requirements of the

22See GAO-03-1134T.

CFO Act and FFMIA. It would certainly make good business sense to do so
given DHS's size and mission.

DHS has implemented a commercial-off-the-shelf tool called Dynamic Object
Oriented Requirements System (DOORS) to track the requirements of various
laws, regulations, and circulars place on the development of an integrated
financial system. DOORS is intended to be DHS's repository of all
applicable system, process, technological, data, or other requirements.
DHS estimated that several thousand compliance requirements will be
tracked using DOORS once analysis is completed. After the repository is
complete, requirements reports are to be printed directly from DOORS and
attached to future RFPs to ensure that contractors are aware of the
legislative requirements of the systems to be developed. A system to
record, track, and link all legislative requirements as a financial
management system is being developed is important. Also important is that
DHS be statutorily required to comply with the CFO Act and FFMIA and that
the systems DHS acquires are capable of meeting the requirements of those
laws, as well as ones currently applicable. Meeting these financial
management improvement requirements will help produce timely and useful
financial and business information.

Conclusions	Since its inception in March 2003, DHS has been faced with
many challenges, including how to integrate its financial management
processes and systems. Steps have been taken to address the 30 internal
control weaknesses it inherited from its component agencies. However, to
ensure financial accountability and establish an effective financial
environment, DHS must address all outstanding inherited weaknesses, as
well as address the newly identified department-level weaknesses. Through
the eMerge2 initiative, DHS has plans to integrate and consolidate its
financial and business systems. But without such things as continued
active oversight from top-level management and systematic approaches to
this integration, DHS could find itself in the same position as other
federal departments- producing an ineffective and costly financial
management system that does not provide the information needed by
management or meet the requirements of financial management laws. Finally,
we believe that it is of critical importance that DHS be statutorily
required to comply with the important financial management reforms
legislated in the CFO Act and FFMIA. The financial management improvements
of FFMIA build on the CFO Act by emphasizing the need for agencies to have
systems that can generate reliable, useful, and timely information with
which to make fully informed decisions and to ensure accountability on an
ongoing basis. This

issue is still of foremost importance, especially as DHS continues its
financial management system integration and development.

Matter for In view of the size of DHS and the importance of the CFO Act
and FFMIA in

improving financial management and its applicability to all other
cabinetCongressional departments, the Congress may wish to consider the
following action: Consideration

o  Enact legislation to designate DHS as a CFO Act agency.

  Recommendations for Executive Action

We are making eight recommendations for executive action at DHS that will
improve financial management at the department. Specifically, we recommend
that the Secretary of Homeland Security direct the Under Secretary for
Management to do the following:

o 	Continue to maintain strong involvement of key stakeholders and top
management throughout the acquisition and implementation of the eMerge2
initiative.

o 	Assess the impact of further reduction in financial service providers
on DHS staff and their ability to produce timely financial information.

o 	Adhere to FFMIA requirements, including JFMIP requirements, even though
the department is not statutorily required to do so.

o  Have independent auditors report annually on compliance with FFMIA.

o 	Continue to give sustained attention to addressing previously reported
material weaknesses, reportable conditions, and observations and
recommendations.

o 	Complete development of corrective action plans for all material
weaknesses, reportable conditions, and observations and recommendations.

o 	Ensure that internal control weaknesses are addressed at the component
level if they were combined or reclassified at the departmentwide level.

o 	Maintain a tracking system of all auditor-identified and
managementidentified control weaknesses.

  Agency Comments and Our Evaluation

We obtained written comments on a draft of this report from DHS's Chief
Financial Officer. The comments DHS provided to us are reprinted in
appendix IV.

In commenting on a draft of this report, DHS generally agreed with the
overall findings and recommendations. However, in response to our
recommendation to incorporate all internal control weaknesses in the
tracking system DHS is currently developing, DHS felt the recommendation
was too broad and suggested that we change the language to reflect
tracking of all auditor-identified and management-identified internal
control weaknesses. The original intent of our recommendation was to
encourage DHS to track and resolve all auditor reported material
weaknesses, reportable conditions, and observations and recommendations,
similar to those discussed throughout this report. We fully support DHS
including all management-identified control weaknesses as well, and have
updated our recommendation accordingly. Additionally, DHS commented on its
commitment to full adherence to the CFO Act and FFMIA. We applaud the
current leadership at DHS for voluntarily complying with some audit
provisions of the CFO Act, however, we continue to strongly support
passage of legislation that would statutorily make DHS a CFO Act agency,
and thus guarantee future requirements to adhere to important financial
management legislation.

As arranged with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after the date of this letter. At that time, we will send copies of this
report to interested congressional committees and subcommittees. We will
also make copies available to others on request. In addition, the report
will be available at no charge on GAO's Web site at http://www.gao.gov.

If you or your staff have any questions about this report or wish to
discuss it further, please contact me at (202) 512-6906 or Casey
Keplinger, Assistant Director, at (202) 512-9323. In addition, Heather
Dunahoo and Scott Wrightson made key contributions to this report.

Sincerely yours,

McCoy Williams Director, Financial Management and Assurance

Appendix I

Scope and Methodology

To identify what were the existing weaknesses in the Department of
Homeland Security's (DHS) component agencies' financial management
systems, we reviewed relevant DHS Office of Inspector General (OIG)
reports and our January 2003 report on major management challenges at DHS
and looked at how such challenges are being addressed. We also reviewed
DHS's Performance and Accountability Report for the 7 months ending
September 30, 2003. We reviewed prior-period component agency annual
financial statement audit reports when available; Immigration and
Naturalization Service's (INS) financial statement audit report for the 5
months ending February 28, 2003; and Performance and Accountability
Reports for the Federal Emergency Management Agency (FEMA) and the
Departments of Transportation, Justice, and Treasury. We reviewed
testimony of DHS's current and former Chief Financial Officer (CFO) and
DHS's OIG reports related to financial management at the department.
Finally, we interviewed officials from the OIG and the Office of the Chief
Financial Officer (OCFO).

To determine whether DHS was addressing the problems that existed in the
financial management systems DHS acquired from its component agencies, we
met with officials from the OCFO's Office of Financial Management and OIG
staff. In addition to items already mentioned, we reviewed planned
corrective actions developed by the department to address its fiscal years
2002 and 2003 material weaknesses and reportable conditions. We also
reviewed testimony of DHS's CFO related to this issue. Further, we
conducted a walk-through to review the system DHS is developing to track
planned corrective actions.

To determine what plans DHS has to integrate its financial management
systems, we met with the Director of the Resource Management
Transformation Office (RMTO) and other staff in this office. We also
reviewed testimony of DHS's current and former CFO and DHS's OIG related
to financial management at the department. We reviewed documentation
detailing the reduction of financial service providers, but we did not
complete audit procedures to determine if these reductions were positive
or negative for the department. Finally, we reviewed the RMTO's strategic
framework. However, substantial documentation related to the eMerge2
initiative was not provided to us until after we completed our fieldwork.
Thus, we did not include analysis or evaluation of such information in
this report.

To determine whether the planned systems that DHS is developing will be
able to meet the requirements of relevant financial management

Appendix I Scope and Methodology

improvement laws, we reviewed relevant laws and regulations, and relevant
guidance related to financial management, financial reporting, systems
implementation, and requirements. We also interviewed the Director of the
RMTO and other officials. Further, we reviewed testimony relevant to this
issue by DHS's current and former CFO and DHS's OIG. We have not reviewed
system requirements or other recently developed plans because these were
completed and obtained after our fieldwork was completed.

We requested comments on this report from the Secretary of Homeland
Security or his designee. Written comments were received from the
department's Chief Financial Officer and are reprinted in appendix IV.

We performed our review from October 2003 through June 2004 in Washington,
D.C., in accordance with U.S. generally accepted government auditing
standards.

Appendix II

Material Weaknesses and Reportable Conditions at DHS for Fiscal Year 2003

Number Material weakness

1	Financial management and personnel: DHS's OCFO needs to establish
financial reporting roles and responsibilities, assess critical needs, and
establish standard operating procedures (SOP) for the department. These
conditions were not unexpected for a newly created organization,
especially one as large and complex as DHS. The Coast Guard and the
Strategic National Stockpile had weaknesses in financial oversight that
have led to reporting problems.

2	Financial reporting: Key controls to ensure reporting integrity were not
in place, and inefficiencies made the process more error prone. At the
Coast Guard, the financial reporting process was complex and
labor-intensive. Several DHS bureaus lacked clearly documented procedures,
making them vulnerable if key people leave the organization.

3	Financial systems functionality and technology: The auditors found
weaknesses across DHS in its entitywide security program management and in
controls over system access, application software development, system
software, segregation of duties, and service continuity. Many bureau
systems lacked certain functionality to support the financial reporting
requirements.

4	Property, plant, and equipment (PP&E): The Coast Guard was unable to
support the recorded value of $2.9 billion in PP&E due to insufficient
documentation provided prior to the completion of audit procedures,
including documentation to support its estimation methodology. The
Transportation Security Administration (TSA) lacked a comprehensive
property management system and adequate policies and procedures to ensure
the accuracy of its PP&E records.

5	Operating materials and supplies (OM&S): Internal controls over physical
counts of OM&S were not effective at the Coast Guard. As a result, the
auditors were unable to verify the recorded value of $497 million in OM&S.
The Coast Guard also had not recently reviewed its OM&S capitalization
policy, leading to a material adjustment to its records when an analysis
was performed.

6	Actuarial liabilities: The Secret Service did not record the pension
liability for certain of its employees and retirees, and when corrected,
the auditors had insufficient time to audit the amount recorded. The Coast
Guard also was unable to provide, prior to the completion of audit
procedures, sufficient documentation to support the recorded value of $201
million in post-service benefit liabilities.

7	Transfers of funds, assets, and liabilities to DHS: DHS lacked controls
to verify that monthly financial reports and transferred balances from
legacy agencies were accurate and complete.

Source: GAO based on DHS Performance and Accountability Report and
congressional testimony.

Appendix II
Material Weaknesses and Reportable
Conditions at DHS for Fiscal Year 2003

Number Reportable condition

Drawback claims on duties, taxes, and fees: The Bureau of Customs and
Border Protection's (CBP) accounting system lacked automated controls to
detect and prevent excessive drawback claims and payments.

Import entry in-bond: CBP did not have a reliable process of monitoring
the movement of "in-bond" shipments-i.e., merchandise traveling through
the U.S. that is not subject to duties, taxes, and fees until it reaches a
port of destination. CBP lacked an effective compliance measurement
program to compute an estimate of underpayment of related duties, taxes,
and fees.

Acceptance and adjudication of immigration and naturalization
applications: The Bureau of Citizenship and Immigration Services' (CIS)
process for tracking and reporting the status of applications and related
information was inconsistent and inefficient. Also, CIS did not perform
cycle counts of its work in process that would facilitate the accurate
calculation of deferred revenue and reporting of related operational
information.

Fund balance with Treasury (FBWT): The Coast Guard did not perform
required reconciliations for FBWT accounts and lacked written standard
operating procedures (SOP) to guide the process, primarily as the result
of a new financial system that substantially increased the number of
reconciling differences.

Intragovernmental balances: Several large DHS bureaus had not developed
and adopted effective SOPs or established systems to track, confirm, and
reconcile intragovernmental balances and transactions with their trading
partners.

Strategic National Stockpile (SNS): The SNS accounting process was
fragmented and disconnected, largely due to operational challenges caused
by the laws governing SNS. A $485 million upwards adjustment had to be
made to value SNS in DHS's records properly.

Accounts payable and undelivered orders: CIS and the Bureau of Immigration
and Customs Enforcement (ICE), TSA, and the Coast Guard had weaknesses in
their processes for accruing accounts payable or reporting accurate
balances for undelivered orders.

Source: GAO based on DHS Performance and Accountability Report and
congressional testimony.

Appendix III

Disposition of Reported Internal Control Weaknesses by Component

Agency and Condition Reported in 2002 2003 Status and Disposition

U.S. Customs Service

Material Weaknesses

1. Entry Duties and Taxes Closed

2. Drawback Claims on Duties and Taxes Reportable Condition (Drawback
Claims on Duties, Taxes, and Fees)

3. Financial Systems Security Material Weakness (Financial Systems
Functionality and Technology)

4. Financial Systems Integration Material Weakness (Financial Systems
Functionality and Technology)

                             Reportable Conditions

5. Bonded Warehouse and Foreign Trade Zones Observation & Recommendations
to Management

6. In-bond Movements Reportable Condition (In-bond Movement of Imported
Goods)

7. Drawback in New York and Newark Observation & Recommendations to
Management

8. Financial Systems Entity-wide Security Material Weakness (Financial
Systems Functionality and Technology)

9. Internal Control over Laws and Regulations Closed

Immigration and Naturalization Service (as of February 28, 2003)

Material Weaknesses

10. Financial Systems Functionality Reportable Condition (Acceptance and
Adjudication of Immigration and
Naturalization Applications)

11. Accounts Payable Reportable Condition (Accounts Payable and
Undelivered Orders)

12. Financial Reporting Observation & Recommendations to Management
Reportable Conditions

13. Information Systems Material Weakness (Financial Systems Functionality
and Technology)

Federal Emergency Management Agency Material Weaknesses

14. Information Security Material Weakness (Financial Systems
Functionality and Technology)

15. Financial Systems Functionality Material Weakness (Financial Systems
Functionality and Technology)

16. Financial Reporting Material Weakness (Financial Reporting)

17. Real and Personal Property Observation & Recommendations to Management

18. Account Reconciliation Reportable Condition (Intragovernmental
Balances)

19. Accounts Receivable Closed
Reportable Conditions

20. Cerro Grande Closed

Appendix III
Disposition of Reported Internal Control
Weaknesses by Component

                         (Continued From Previous Page)

 Agency and Condition Reported in 2002 2003 Status and Disposition Federal Law
                          Enforcement Training Center

Reportable Conditions

21. Policies and Procedures Closed

22. Laws and Regulations (OMB Circular A-127) Closed

23. Real Property Accounting Closed

24. Laws and Regulations (OMB Circular A-11) Observation & Recommendations
to Management

                     Transportation Security Administration

Material Weaknesses

25. Human Resources Closed

26. Financial Reporting and Systems Material Weaknesses (Financial
Reporting; Financial Systems Functionality and Technology)

27. Property, Plant, and Equipment Material Weakness (Property, Plant, and
Equipment)

28. Financial Management Policies Observation & Recommendations to
Management

29. Administration of Screener Contracts Closed

                             Reportable Conditions

30. Personnel Files Observation & Recommendations to Management

Source: GAO based on DHS Performance and Accountability Report.

Appendix IV

Comments from the Department of Homeland Security

Appendix IV Comments from the Department of Homeland Security

GAO's Mission	The Government Accountability Office, the audit, evaluation
and investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents at no cost

is through GAO's Web site (www.gao.gov). Each weekday, GAO postsGAO
Reports and newly released reports, testimony, and correspondence on its
Web site. To Testimony have GAO e-mail you a list of newly posted products
every afternoon, go to

www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone	The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone:	Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

  To Report Fraud, Contact:
  Waste, and Abuse in Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: [email protected] Federal Programs Automated answering system:
(800) 424-5454 or (202) 512-7470

Congressional	Gloria Jarmon, Managing Director, [email protected] (202)
512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125

Relations Washington, D.C. 20548

Public Affairs	Jeff Nelligan, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

                               Presorted Standard
                              Postage & Fees Paid
                                      GAO
                                Permit No. GI00

United States Government Accountability Office Washington, D.C. 20548-0001

Official Business Penalty for Private Use $300

Address Service Requested
*** End of document. ***