Department of Homeland Security: Financial Management Challenges
(08-JUL-04, GAO-04-945T).
The Homeland Security Act of 2002 brought together 22 agencies to
create a new cabinet-level department focusing on reducing U.S.
vulnerability to terrorist attacks, and minimizing damages and
assisting in recovery from attacks that do occur. GAO has
previously reported on the Department of Homeland Security's
(DHS) financial management challenges and key elements necessary
for reform. DHS continues to be faced with significant financial
management challenges, including addressing existing internal
control weaknesses and integrating redundant inherited financial
management systems. Additionally, DHS is the largest entity in
the federal government that is not subject to the Chief Financial
Officers (CFO) Act of 1990 or the Federal Financial Management
Improvement Act (FFMIA) of 1996. In light of these conditions,
the Subcommittee asked GAO to testify on the financial management
challenges facing DHS.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-04-945T
ACCNO: A10877
TITLE: Department of Homeland Security: Financial Management
Challenges
DATE: 07/08/2004
SUBJECT: Accountability
Accounting procedures
Financial management
Financial management systems
Financial statement audits
Internal controls
Strategic planning
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-04-945T
United States General Accounting Office
GAO Testimony
Before the Subcommittee on Financial Management, the Budget, and
International Security, Committee on Governmental Affairs, U.S. Senate
For Release on Delivery Expected at 10:30 a.m. EST Thursday, July 8, 2004
DEPARTMENT OF HOMELAND SECURITY
Financial Management Challenges
Statement of McCoy Williams, Director Financial Management and Assurance
GAO-04-945T
Highlights of GAO-04-945T, a testimony before the Subcommittee on
Financial Management, the Budget, and International Security, Committee on
Governmental Affairs, U.S. Senate
The Homeland Security Act of 2002 brought together 22 agencies to create a
new cabinet-level department focusing on reducing U.S. vulnerability to
terrorist attacks, and minimizing damages and assisting in recovery from
attacks that do occur. GAO has previously reported on the Department of
Homeland Security's (DHS) financial management challenges and key elements
necessary for reform.
DHS continues to be faced with significant financial management
challenges, including addressing existing internal control weaknesses and
integrating redundant inherited financial management systems.
Additionally, DHS is the largest entity in the federal government that is
not subject to the Chief Financial Officers (CFO) Act of 1990 or the
Federal Financial Management Improvement Act (FFMIA) of 1996.
In light of these conditions, the Subcommittee asked GAO to testify on the
financial management challenges facing DHS.
July 8, 2004
DEPARTMENT OF HOMELAND SECURITY
Financial Management Challenges
One of the challenges DHS faces is obtaining an unqualified financial
statement audit opinion and fixing the previously identified internal
control weaknesses that the department inherited from component agencies,
as well as newly identified weaknesses. Component agencies took action to
resolve 9 of the 30 internal control weaknesses DHS inherited, while 9 of
the inherited weaknesses were combined and reported as material weaknesses
in DHS's first Performance and Accountability Report and 5 were reported
as reportable conditions. The remaining 7 inherited weaknesses were
classified as observations and recommendations to management. In addition,
improper payments, a significant and widespread challenge facing the
federal government, can typically be traced to a lack of or breakdown in
internal control. DHS would be remiss to not pay adequate attention to
developing a strong internal control environment at the department.
According to DHS officials, the department is in the early stages of
acquiring a financial enterprise solution to consolidate and integrate its
financial accounting and reporting systems. Similar projects have proven
challenging and costly for other federal agencies. For example, efforts at
the National Aeronautics and Space Administration failed to meet the needs
of users and key stakeholders. To avoid similar problems, DHS must ensure
commitment and extensive involvement from top management and users in the
financial system development and integration.
Currently, DHS is the only cabinet-level department in the federal
government that is not subject to the CFO Act. As such, this department,
with a fiscal year 2004 budget of nearly $40 billion and more than 180,000
employees, does not have a presidentially appointed CFO subject to Senate
confirmation and is not required to comply with the requirements of FFMIA.
DHS should not be the only cabinet-level department not covered by what is
the cornerstone for pursuing and achieving the requisite financial
management systems and capabilities in the federal government. S. 1567
would, among other things, amend the CFO Act to (1) add DHS as a CFO Act
agency, and (2) require DHS to obtain an audit opinion on its internal
controls. Enactment of this legislation will increase the likelihood that
the financial management challenges at DHS will be overcome.
www.gao.gov/cgi-bin/getrpt?GAO-04-945T.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact McCoy Williams at (202)
512-6906 or [email protected].
Mr. Chairman and Members of the Subcommittee:
I am pleased to be here today to discuss financial management challenges
facing the Department of Homeland Security (DHS). When DHS began
operations in March 2003, it faced the daunting task of bringing together
22 diverse agencies. Not since the creation of the Department of Defense
in the 1940s had the federal government undertaken a transformation of
this magnitude. Because of the challenges and risks associated with the
transformation and implementation of DHS, the sheer size of the
undertaking, and the prospect of serious consequences for the nation
should DHS fail to adequately address its management challenges and risks,
GAO designated the transformation and implementation of DHS high-risk in
January 2003.1 Our high-risk program, established in 1990, has helped the
executive branch and the Congress to galvanize efforts to seek lasting
solutions to high-risk problems and challenges.
As we previously reported,2 DHS faces significant financial management
challenges, including (1) addressing the existing and newly identified
internal control weaknesses in the inherited components, and (2)
integrating a myriad of redundant financial management systems. Enactment
of the Department of Homeland Security Financial Accountability Act (S.
1567) will enhance DHS's chances for overcoming these challenges.
DHS, like other federal agencies, has a stewardship obligation to prevent
fraud, waste, and abuse; to use tax dollars appropriately; and to ensure
financial accountability to the President, the Congress, and the American
people. Management must establish effective internal controls to safeguard
assets, protect revenue, and make authorized payments. Unfortunately,
improper payments are a widespread and significant problem receiving
increased attention in the federal government. Improper payments occur for
many reasons including insufficient oversight or monitoring, inadequate
benefits eligibility controls, and automated system deficiencies. However,
based on our previous work, one point is clear, the basic or root causes
of improper payments can typically be traced to a lack of or breakdown in
internal control. While DHS was not required to report improper payments
for fiscal year 2003, several of its inherited weaknesses clearly suggest
risk for improper payments and loss of revenue. DHS, as it addresses
inherited material weaknesses and integrates its business functions,
should pay close attention to implementing strong internal controls.
For the most part, DHS's component entities are using legacy financial
management systems that have a myriad of problems, such as disparate,
nonintegrated, outdated, and inefficient systems and processes. DHS will
need to focus on building future systems as
1U.S. General Accounting Office, High-Risk Series: AnUpdate, GAO-03-119
(Washington, D.C.: January 2003).
2For example, see U.S. General Accounting Office, Major
ManagementChallengesand ProgramRisk:
DepartmentofHomelandSecurity,GAO-03-102 (Washington, D.C.: January 2003)
and Departmentof HomelandSecurity:ChallengesandSteps inEstablishing Sound
FinancialManagement,GAO-03-1134T (Washington, D.C.: Sept. 10, 2003).
part of its enterprise architecture approach to ensure an overarching
framework for the agency's integrated financial management processes.
Plans and standard accounting policies and procedures must be developed
and implemented to integrate the various financial management environments
under which inherited agencies operate so that DHS can produce useful and
timely financial information.
Currently, DHS is the only cabinet-level department in the federal
government that is not subject to the Chief Financial Officers (CFO) Act
of 1990.3 As such, this department, with a fiscal year 2004 budget of
nearly $40 billion and more than 180,000 employees, does not have a
presidentially appointed CFO subject to Senate confirmation and is not
required to comply with the requirements of the Federal Financial
Management Improvement Act of 1996 (FFMIA).4 The goals of the CFO Act and
related financial reform legislation, such as FFMIA, are to provide the
Congress and agency management with reliable financial information for
managing and making day-to-day decisions and to improve financial
management systems and controls to properly safeguard the government's
assets.
S. 1567, as passed by the Senate on November 21, 2003, would, among other
things, amend the CFO Act to (1) add DHS as a CFO Act agency, and (2)
require DHS to obtain an audit opinion on its internal controls. While
DHS's CFO has testified that the department complies with the audit
provisions of the CFO Act and will continue to do so, we believe DHS
should not be the only cabinet-level department not covered by what is the
cornerstone for pursuing and achieving the requisite financial management
systems and capabilities in the federal government. While this
administration has voluntarily complied with some provisions of the CFO
Act, making DHS subject to the CFO Act through enactment of S. 1567 would
assist the department in facing and overcoming the financial management
challenges it faces and legislate future compliance with the important
provisions of the CFO Act and related legislation.
The perspectives we offer in this testimony are derived from work
completed by us, inspectors general, independent auditors, as well as from
executive guidance and testimony related to financial management and DHS.
Addressing Internal Control Weaknesses
DHS faces the challenge of correcting the previously identified material
weaknesses that the agencies brought with them to DHS, as well as
addressing newly identified weaknesses from DHS's first financial
statement audit and obtaining an unqualified or "clean" audit opinion. I
will first highlight the results of DHS's first financial statement
3Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990).
4FFMIA, Pub. L. No. 104-208, div. A, S:101(f), title VIII, 110 stat. 3009,
3009-389 (Sept. 30, 1996). FFMIA requires the major departments and
agencies covered by the CFO Act to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards, and (3) the federal government's standard general ledger at the
transaction level.
audit and then I will discuss some of DHS's internal control weaknesses.
Finally, as you requested, I will include in my statement today a brief
discussion of the growing governmentwide problem of improper payments.
On its first financial statement audit, for the 7-month period from March
1, 2003, to September 30, 2003, DHS received a qualified opinion from its
independent auditors on its consolidated balance sheet as of September 30,
2003, due in part to the auditors' inability to determine if certain asset
balances reported by the U.S. Coast Guard were fairly presented. In
addition, auditors were unable to opine on the consolidated statements of
net costs and changes in net position, combined statement of budgetary
resources, and consolidated statement of financing. The disclaimer on
these statements was due to the auditor's inability to observe certain
inventory counts at Coast Guard, among other things. In addition, the
auditors reported numerous internal control weaknesses, which I would now
like to discuss.
Collectively, internal controls are an integral component of an
organization's management that provides reasonable assurance that the
organization achieves its objectives of (1) effective and efficient
operations, (2) reliable financial reporting, and (3) compliance with laws
and regulations. Internal controls are not one event, but a series of
actions and activities that occur throughout an entity's operations and on
an ongoing basis. When DHS was formed from 22 component agencies, there
were 30 identified internal control weaknesses that DHS inherited.
Component agencies took action to resolve 9 of these 30 weaknesses. These
actions included reinstating procedures to accurately estimate financial
data, performing risk assessments of major systems, and instituting
processes to ensure accounts receivable and fixed assets are properly
recorded. Of the remaining 21 weaknesses,
o 9 were combined and reported as material weaknesses,5
o 5 were combined and reported as reportable conditions,6 and
o 7 weaknesses were classified by the department's independent auditors
as observations and recommendations.7
DHS's independent auditors reported 6 new internal control weaknesses as
of September 30, 2003, bringing the total number of DHS reportable
conditions to 14-7 of which are considered to be material weaknesses.
These weaknesses included the lack of procedures at DHS to verify the
accuracy and completeness of balances transferred on
5A material weakness is a condition that precludes the entity's internal
control from providing reasonable assurance that misstatements, losses, or
noncompliance material in relation to the financial statements or to the
stewardship information would be prevented or detected on a timely basis.
6Reportable conditions are matters coming to auditor's attention that, in
their judgment, should be communicated because these represent significant
deficiencies in the design or operation of internal control that could
adversely affect the federal government's ability to meet the internal
control objectives.
7Observations and recommendations are weaknesses that do not meet the
criteria for reportable conditions that are typically communicated from
the auditor to the appropriate level of entity management in a management
letter.
March 1, 2003, and significant weaknesses with the number of qualified
financial management personnel employed by the department.
While DHS has taken steps to resolve some of the internal control
weaknesses it inherited from component agencies, continued focus on
resolving weaknesses and developing strong internal controls cannot be
understated. For example, increased attention has recently been paid to
the prevalence of improper payments in the federal government. Improper
payments occur for many reasons including insufficient oversight or
monitoring, inadequate eligibility controls, and automated system
deficiencies. However, based on our previous work, the basic or root
causes of improper payments can typically be traced to a lack of or
breakdown in internal control.
Improper payments include inadvertent errors, such as duplicate payments
and miscalculations; payments for unsupported or inadequately supported
claims; payments for services not rendered; payments to ineligible
beneficiaries; and payments resulting from outright fraud and abuse by
program participants and/or federal employees. In 2003, the first year
certain agencies were required by the Office of Management and Budget to
publicly report their improper payments, 15 agencies reported estimates of
improper payments exceeding $35 billion. We have included in appendix I, a
summary of improper payment estimates agencies reported in fiscal year
2003.
Additionally, I would like to highlight a few specific examples of
financial management challenges DHS faces.
Federal Emergency Management Agency (FEMA)
We recently performed a review of FEMA's property management. One of our
objectives was to determine whether controls were in place to ensure that
property acquired during the 5 months prior to FEMA transferring its
functions to DHS was properly accounted for in the property management
system.8 We found that FEMA continued to lack the controls and key
information necessary to ensure that personal property is properly
accounted for. For example, its property management systems do not share
common data identifiers such as serial numbers or purchase order numbers.
Without these data, we were unable to perform certain tests to conclude
whether or not FEMA properly accounted for property it acquired prior to
transferring to DHS. Considering that FEMA reported approximately $355
million in property, of which approximately 67 percent is considered
sensitive and thus more susceptible to theft or pilferage, strong internal
controls over its property systems are needed. Absent integrated or
adequately interfaced financial management systems with the key
information necessary to track and account for property, FEMA's property
is vulnerable to loss or misappropriation and there is an increased risk
that property could have been purchased and not recorded in FEMA's
personal property systems.
8Prior to its transfer to DHS, FEMA was 1 of the 24 CFO Act agencies.
Customs
Despite the former U.S. Customs Service's progress in implementing
recommendations we have made regarding the development of Customs' planned
import system, the Automated Commercial Environment (ACE),9 numerous
weaknesses remain. ACE is intended to replace the current system used for
collecting import-related data and ensuring, among other things, that
trade-related revenue is properly collected and allocated. To ensure
proper implementation of these initiatives, DHS's management must continue
to provide a sustained level of commitment to its successful
implementation. Until this system is fully implemented, billions of
dollars annually in trade-related revenue will continue to be tracked by
systems with inadequate controls, leaving it increasingly susceptible to
inaccurate reporting.
Coast Guard
Concerns have been reported regarding the Coast Guard's Deepwater
Procurement Project (Deepwater), which began in 2002 and currently has an
estimated cost of $17 billion over 20 years-the largest in Coast Guard's
history.10 It is intended to replace or modernize by 2022 all assets used
in missions that generally occur offshore. However, it is already
difficult to determine the degree to which the Deepwater project is on
track with regard to its original acquisition schedule because the Coast
Guard has not maintained and updated its acquisition schedule. The absence
of an up-to-date acquisition schedule is a concern because it raises some
question as to whether the acquisition is being adequately managed and
whether the government's interests are being properly safeguarded.
Further, a recent disclosure that, just a few years into the acquisition,
costs have risen by $2.2 billion indicates the need for a clear
understanding of what assets are being acquired, when they are being
acquired, and at what cost. The high cost and long-term needs of the Coast
Guard coupled with the absence of an up-toEURdate acquisition schedule
early in the project should make financial management of the Deepwater
project a key priority of DHS in order to prevent the project from greatly
exceeding cost estimates and ensure program goals are met.
Integrating Financial Systems
Another significant challenge for DHS is developing a financial management
architecture with integrated systems and business processes. According to
DHS officials, the department is in the early stages of acquiring a
financial enterprise solution to consolidate and integrate the
department's financial accounting and reporting systems, including budget,
accounting and reporting, cost management, asset management, and
9U.S. General Accounting Office, Customs
ServiceModernization:AutomatedCommercialEnvironment Progressing,but
Further AcquisitionManagement Improvements Needed, GAO-03-406 (Washington
D.C.: Feb. 28, 2003).
10U.S. General Accounting Office, Coast Guard: DeepwaterProgram
AcquisitionSchedule UpdateNeeded, GAO-04-695 (Washington D.C. June 14,
2004).
acquisition and grants functions. The project, which DHS has termed
"electronically Managing enterprise resources forgovernment effectiveness
and efficiency" (eMerge2) was initiated in August 2003, and DHS expects it
to be completed in 2006 at a cost of approximately $146 million.
While DHS is early in the process of acquiring an integrated financial
enterprise solution, similar projects have proven challenging and costly
for other federal agencies, such as the testimony on the Department of
Defense provided today by my colleague.11 Additionally, we have reported
on the efforts of National Aeronautics and Space Administration12 (NASA)
to acquire new information systems. NASA is on its third attempt in 12
years to modernize its financial management process and systems, and has
spent about $180 million on its two prior failed efforts. One of the key
impediments to the success of integration efforts at NASA was the failure
to involve key stakeholders in the implementation or evaluation of system
improvements. As a result, new systems failed to meet the needs of key
stakeholders. To avoid similar problems, DHS must ensure commitment and
extensive involvement from top management and users in the financial
system development and integration.
Additionally, over the past year, DHS has reported that it has reduced the
number of its financial management service providers from the 19 at the
time DHS was formed to the 10 it currently uses. DHS has plans to further
consolidate to 7 providers. A DHS official estimated approximately $5
million in savings through the reduction of the number of financial
management service centers.
Homeland Security Financial Accountability Act-S. 1567
I would now like to talk about why we support the Homeland Security
Financial Accountability Act (S. 1567).13 S. 1567 as introduced by you on
August 1, 2003 and passed by the Senate on November 21, 2003, would, among
other things, amend the CFO Act to (1) add DHS as a CFO Act agency and (2)
require DHS to obtain an audit opinion on its internal controls. Enactment
of this legislation will increase the likelihood that the challenges
discussed earlier in my testimony will be overcome.
11U.S. General Accounting Office, DepartmentofDefense:Financial
andBusiness Management Transformation Hindered byLong-standingProblems,
GAO-04-941T (Washington, D.C.: July 8, 2004).
12U.S. General Accounting Office, Information Technology:
ArchitectureNeededto Guide NASA'sFinancial Management Modernization,
GAO-04-43 (Washington, D.C.: Nov. 21, 2003) and U.S. General Accounting
Office,National Aeronautics andSpaceAdministration: Significant
ActionsNeededtoAddressLongEURstandingFinancialManagementProblems,GAO-04-754T
(Washington, D.C.: May 19, 2004).
13The U.S. House of Representatives is considering a related bill with
similar provisions, the Department of Homeland Security Financial
Accountability Act, H.R. 4259.
Inclusion of DHS as a CFO Act Agency
We strongly supported passage of the CFO Act in 1990 and continue to
strongly support its objectives of (1) giving the Congress and agency
decision makers reliable financial, cost, and performance information both
annually and, most important, as needed throughout the year to assist in
managing programs and making difficult spending decisions; (2)
dramatically improving financial management systems, controls, and
operations to eliminate fraud, waste, abuse, and mismanagement and
properly safeguard and manage the government's assets; and (3)
establishing effective financial organizational structures to provide
strong leadership. Achieving these goals is critical for establishing
effective management of any enterprise. We have seen unprecedented
progress in improving federal financial management that has resulted since
passage of the CFO Act and we strongly support amending the CFO Act to
include DHS.
The CFO Act requires the agency's CFO to develop and maintain an
integrated accounting and financial management system that provides for
complete, reliable, and timely financial information that facilitates the
systematic measurement of performance at the agency, the development and
reporting of cost information, and the integration of accounting and
budget information. The CFO is also responsible for all financial
management personnel and all financial management systems and operations,
which in the case of DHS would include the component CFOs and their staff.
The CFO is responsible for asset management as well. The act also requires
that the agency's CFO be qualified, appointed by the President, approved
by the Senate, and report to the head of the agency. With the size and
complexity of DHS and the many significant financial management challenges
it faces, it is important that DHS's CFO is qualified for the position,
displays leadership characteristics, and is regarded as top management.
Appointment of the CFO by the President, subject to Senate confirmation,
is one way to ensure that the intent of the law is met. Currently, the CFO
at DHS reports to the Under Secretary for Management while directorate
CFOs report to the head of their respective directorates, not to DHS's
CFO. Making DHS subject to the CFO Act would assist the department in
facing and overcoming the financial management challenges inherent in its
formation and others that have come to light since its formation.
Under the Accountability of Tax Dollars Act of 2002,14 DHS, as an
executive branch agency with budget authority greater than $25 million, is
required to obtain annual financial statement audits; however, its
auditors are not required to report on compliance with FFMIA. FFMIA
requires that CFO Act agencies implement and maintain financial management
systems that substantially comply with (1) federal financial management
systems requirements, (2) applicable federal accounting standards, and (3)
the U.S. Government Standard General Ledger at the transaction level. The
ability to produce the data needed to efficiently and effectively manage
the day-to-day operations of the federal government and provide
accountability to taxpayers has been a longEURstanding challenge at most
federal agencies.
14Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002).
Opinion on Internal Controls
31 U.S.C. 3512(c), (d) (commonly known as the Federal Managers' Financial
Integrity Act of 1982 (FMFIA)) requires agencies to establish internal
controls that provide reasonable assurances that:
o obligations and costs are in compliance with applicable law,
o funds, property, and other assets are safeguarded against waste, loss,
unauthorized use, or misappropriation, and
o revenues and expenditures applicable to agency operations are properly
recorded and accounted for to permit the preparation of accounts and
reliable financial and statistical reports and to maintain accountability
over the assets.
FMFIA requires the head of each agency to sign a statement as to whether
the agency's internal controls fully comply with the above requirements or
that they do not fully comply and the reasons why they do not. In effect,
this reporting is management assertion as to whether the agency's internal
controls are effective.
Current OMB guidance for audits of government agencies and programs15
requires auditor reporting on internal control, but not at the level of
providing an opinion on internal control effectiveness. We have long
believed and the Comptroller General has gone on record in congressional
testimony16 that auditors have an important role in providing an opinion
on the effectiveness of internal control over financial reporting and
compliance with laws and regulations in connection with major federal
departments and agencies. For a number of years, we have provided opinions
on internal control effectiveness for the federal entities that we audit
because of the importance of internal control in protecting the public's
interest. Specifically, we provide opinions on internal controls and
compliance with laws and regulations for our audits of the U.S.
government's consolidated financial statements, the financial statements
of the Internal Revenue Service and Federal Deposit Insurance Corporation,
the Schedules of Federal Debt managed by the Bureau of the Public Debt,
and numerous small entities' operations and funds. Our reports and related
efforts have engendered major improvements in internal control.
As part of the annual audit of GAO's own financial statements, we practice
what we recommend to others and contract with an independent public
accounting firm for both an opinion on our financial statements and an
opinion on the effectiveness of our internal control over financial
reporting and on compliance with laws and regulations. Our goal is to lead
the way in establishing the appropriate level of auditor reporting on
15Office of Management and Budget,
AuditRequirementsforFederalFinancialStatements, Bulletin 01-02
(Washington, D.C.: Oct. 16, 2000).
16U.S. General Accounting Office,
FiscalYear2002U.S.GovernmentFinancialStatements:Sustained Leadership and
OversightNeededfor EffectiveImplementationofFinancial Management
Reform,GAO-03EUR572T (Washington, D.C.: Apr. 8, 2003).
internal control for federal agencies, programs, and entities receiving
significant amounts of federal funding. Additionally, three other
agencies, the Social Security Administration (SSA), General Services
Administration (GSA), and the Nuclear Regulatory Commission (NRC)
voluntarily obtain separate opinions on internal control effectiveness
from their auditors, which is commendable.
Also, publicly traded corporations recently were subjected to a
requirement to disclose management attestations on corporations' internal
controls and to obtain an audit opinion on those attestations. A final
rule issued by the Securities and Exchange Commission that took effect in
August 2003 and provides guidance for implementation of Sections 302, 404,
and 906 of the Sarbanes-Oxley Act of 2002,17 which requires publicly
traded companies to establish and maintain an adequate internal control
structure and procedures for financial reporting and include in the annual
report a statement of management's responsibility for and assessment of
the effectiveness of those controls and procedures in accordance with
standards adopted by the Securities and Exchange Commission.18 The final
rule defines this requirement and requires applicable companies to obtain
a report in which a registered public accounting firm issues an
attestation on management's assessment of the effectiveness of internal
controls over financial reporting.
Auditor reporting on internal control is a critical component of
monitoring the effectiveness of an organization's accountability. GAO
strongly believes that this is especially important for large, complex, or
challenged entities that use taxpayer dollars. By giving assurance about
internal control, auditors can better serve their clients and other
financial statement users and better protect the public interest by having
a greater role in providing assurances of the effectiveness of internal
control in deterring fraudulent financial reporting, protecting assets,
and providing an early warning of internal control weaknesses. We believe
auditor reporting on internal control is appropriate and necessary for
publicly traded companies and major public entities alike. We also believe
that such reporting is appropriate in other cases where management
assessment and auditor examination and reporting on the effectiveness of
internal control add value and mitigate risk in a cost-beneficial manner.
We fully support having DHS, as well as all CFO Act agencies, obtain an
opinion on its internal control. If DHS is truly committed to becoming a
model federal agency, it should begin obtaining opinions on internal
control as soon as practical and set an example for other agencies to
follow and in keeping with the actions already taken by SSA, GSA, NRC, and
GAO.
17Pub. L. No. 107-204, S:S:302, 404, 906 116 Stat. 745, 777, 789, 806
(July 30, 2002).
18The Securities and Exchange Commission approved the Public Company
Accounting Oversight Board's Auditing Standard Number 2, AnAuditof
Internal Control OverFinancial ReportingPerformedin ConjunctionWith
anAudit of Financial Statements, on June 17, 2004. This guidance provides
standards and related performance guidance for independent audits as they
attest to, and report on, management's assessment of the effectiveness of
internal control over financial reporting under Section 404 of the
Sarbanes-Oxley Act of 2002.
In closing, the American people have increasingly demanded accountability
from government and the private sector. The Congress has recognized,
through legislation such as the CFO Act, that the federal government must
be held to the highest standards. We already know that many of the larger
agencies transferred to DHS have a history of poor financial management
systems and significant internal control weaknesses. These known
weaknesses provide further evidence that DHS's systems and financial
controls should be subject to the CFO Act and thus FFMIA. We also strongly
encourage DHS to become a model agency and, as soon as practical, obtain
an opinion on its internal controls and report performance information in
its accountability reports.
Mr. Chairman, this concludes my statement. I would be happy to answer any
questions you or other Members of the Subcommittee may have at this time.
Contacts and Acknowledgments
For information about this statement, please contact McCoy Williams,
Director, Financial Management and Assurance, at (202) 512-6906, or Casey
Keplinger, Assistant Director, at (202) 512-9323. You may also reach them
by e-mail at [email protected] or [email protected]. Individuals who
made key contributions to this testimony include Cary Chappell, Heather
Dunahoo, Saurav Prasad, and Scott Wrightson.
Appendix I
Table 1: Improper Payment Estimates Reported in Agency Fiscal Year 2003
Performance and Accountability Reports.
Source: Agency fiscal year 2003 Performance and Accountability Reports
(data); GAO (analysis). Note: An "0" indicates that the agency did not
report amounts for the program.
a SBA reported improper payment rates and amounts for certain disaster
loans; it did not provide a programwide estimate of improper
payments. b
SBA reported potential improper payment rates and amounts for certain
small business investment company transactions; it did not provide a
programwide estimate of improper payments.
Selected GAO Products Related DHS's Financial Management Challenges
U.S. General Accounting Office, Department of Homeland Security:
Challenges and Steps in Establishing Sound Financial
Management,GAO-03-1134T (Washington, D.C.: Sept. 10, 2003).
U.S. General Accounting Office, Fiscal Year 2002 U.S. Government Financial
Statements: Sustained Leadership and Oversight Neededfor Effective
Implementation of Financial Management Reform,GAO-03-572T (Washington,
D.C.: Apr. 8, 2003).
U.S. General Accounting Office, Customs Service Modernization: Automated
Commercial Environment Progressing, but Further Acquisition Management
Improvements Needed, GAO-03-406 (Washington, D.C.: Feb. 28, 2003).
U.S. General Accounting Office, Transportation Security Administration:
Actions and Plans to Build a Results-Oriented Culture,GAO-03-190
(Washington, D.C.: Jan. 17, 2003).
U.S. General Accounting Office, High-Risk Series: An Update,GAO-03-119
(Washington, D.C.: January 2003).
U.S. General Accounting Office, Major Management Challenges and Program
Risks: Federal Emergency Management Agency, GAO-03-113 (Washington, D.C.:
January 2003).
U.S. General Accounting Office, Major Management Challenges and Program
Risks: Department of the Treasury, GAO-03-109 (Washington, D.C.: January
2003).
U.S. General Accounting Office, Major Management Challenges and Program
Risks: Department of Justice,GAO-03-105 (Washington, D.C.: January 2003).
U.S. General Accounting Office, Major Management Challenges and Program
Risks: Department of Homeland Security, GAO-03-102 (Washington, D.C.:
January 2003).
U.S. General Accounting Office, Financial Management: FFMIA Implementation
Necessary to Achieve Accountability, GAO-03-31 (Washington, D.C.: Oct. 1,
2002).
U.S. General Accounting Office, Homeland Security: CriticalDesign and
Implementation Issues, GAO-02-957T (Washington, D.C.: July 17, 2002).
U.S. General Accounting Office, A Model of Strategic Human Capital
Management, GAOEUR02-373SP (Washington, D.C.: March 2002).
U.S. General Accounting Office, Executive Guide: Creating Value Through
World-class Financial Management, GAO/AMID-00-134 (Washington, D.C.: April
2000).
(195046)
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
*** End of document. ***