Financial Management: Improved Financial Systems Are Key to FFMIA
Compliance (01-OCT-04, GAO-05-20).
The ability to produce the data needed to efficiently and
effectively manage the day-to-day operations of the federal
government and provide accountability to taxpayers has been a
long-standing challenge to most federal agencies. To help address
this challenge, the Federal Financial Management Improvement Act
of 1996 (FFMIA) requires the 23 Chief Financial Officers Act
agencies to implement and maintain financial management systems
that comply substantially with (1) federal financial management
systems requirements, (2) applicable federal accounting
standards, and (3) the U.S. Government Standard General Ledger
(SGL) at the transaction level. FFMIA also requires GAO to report
annually on the implementation of the act.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-05-20
ACCNO: A12875
TITLE: Financial Management: Improved Financial Systems Are Key
to FFMIA Compliance
DATE: 10/01/2004
SUBJECT: Accountability
Accounting standards
Financial management systems
Financial statements
Information resources management
Information technology
Noncompliance
Procurement practices
Reporting requirements
Strategic information systems planning
U.S. Government Standard General Ledger
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-05-20
United States Government Accountability Office
GAO Report to Congressional Requesters
October 2004
FINANCIAL MANAGEMENT
Improved Financial
Systems Are Key to
FFMIA Compliance
a
GAO-05-20
Highlights of GAO-05-20, a report to Senate Committee on Governmental
Affairs and the House Committee on Government Reform.
The ability to produce the data needed to efficiently and effectively
manage the day-to-day operations of the federal government and provide
accountability to taxpayers has been a long-standing challenge to most
federal agencies. To help address this challenge, the Federal Financial
Management Improvement Act of 1996 (FFMIA) requires the 23 Chief Financial
Officers Act agencies to implement and maintain financial management
systems that comply substantially with (1) federal financial management
systems requirements, (2) applicable federal accounting standards, and (3)
the U.S. Government Standard General Ledger (SGL) at the transaction
level. FFMIA also requires GAO to report annually on the implementation of
the act.
GAO reaffirms its prior recommendations that OMB revise its FFMIA audit
guidance to:
(1) include a statement of
positive assurance when
reporting an agency's
systems to be in substantial
compliance with FFMIA, and
(2) clarify the definition of
"substantial compliance" to
promote consistent reporting
of FFMIA compliance. As in the past, OMB did not agree with our view on
the need for auditors to provide positive assurance on FFMIA, but agreed
to consider clarifying the definition of "substantial compliance" in
future policy and guidance updates.
www.gao.gov/cgi-bin/getrpt?GAO-05-20.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Sally Thompson at (202)
512-2600 or [email protected].
October 2004
FINANCIAL MANAGEMENT
Improved Financial Systems Are Key to FFMIA Compliance
Federal agencies continue to make progress in addressing their financial
management weaknesses; however, for fiscal year 2003, auditors for 17 of
the 23 CFO Act agencies still reported that agencies' financial management
systems failed to comply with FFMIA. The nature and severity of the
reported problems indicate that generally agency management lacked the
full range of reliable, useful, and timely information needed for
accountability, performance reporting, and decision making. As shown in
the figure below, six main types of problems related to agencies' systems
were consistently identified.
Problems Reported by Auditors for Fiscal Years 2000 through 2003
Note: Based on independent auditors' reports for fiscal years 2000 - 2003,
prepared by agency inspectors general and contract auditors.
As prescribed in OMB's reporting guidance, auditors for six agencies
provided negative assurance on agency systems' FFMIA compliance for fiscal
year 2003. This means that nothing came to their attention to indicate
that financial management systems did not meet FFMIA requirements. GAO
continues to believe that this type of reporting is not sufficient under
the act and that report users may have the false impression that auditors
have reported agency systems to be compliant.
To address problems such as nonintegrated systems, inadequate
reconciliations, and lack of SGL compliance, agencies are implementing or
upgrading financial management systems. Agencies anticipate the new
systems will provide reliable, useful, and timely data to support
managerial decision making. However, our work at DOD, HHS, and NASA has
shown significant problems exist in implementing financial management
systems and that agencies are not following the necessary disciplined
processes for efficient and effective implementation of these systems.
Disciplined processes have been shown to reduce the risks associated with
software development and acquisition efforts to acceptable levels and are
fundamental to successful system acquisition and implementation. Moreover,
governmentwide initiatives to improve financial management systems can
help enhance the government's performance and services for citizens.
Contents
Letter
Results in Brief
Background
Scope and Methodology
Continued Systems Weaknesses Impede Financial Management
Accountability Agencies Struggle to Implement New Financial Systems
Conclusions Agency Comments and Our Evaluation
1 2 8 13
14 28 42 44
Appendixes
Appendix I: Appendix II: Appendix III:
Appendix IV: Appendix V:
Appendix VI: Appendix VII:
Requirements and Standards Supporting Federal Financial Management
Publications in the Federal Financial Management Systems Requirements
Series
Statements of Federal Financial Accounting Concepts, Statements of Federal
Financial Accounting Standards, and Interpretations
AAPC Technical Releases
Checklists for Reviewing Systems under the Federal Financial Management
Improvement Act
Comments from the Office of Management and Budget
GAO Contacts and Staff Acknowledgments
GAO Contacts Acknowledgments
46
51
52 54
55
56
58 58 58
Table Table 1: PMO-Certified Core Financial Systems
Figures Figure 1: Problems Reported by Auditors for Fiscal Years 2000
through 2003 4
Figure 2: Pyramid to Accountability and Useful Management
Information 9
Figure 3: Auditors' FFMIA Assessments for Fiscal Years 2000
through 2003 15
Figure 4: Problems Reported by Auditors for Fiscal Years 2000
through 2003 21
Contents
Figure 5: Agency Systems Architecture 47
Abbreviations
AAPC Accounting and Auditing Policy Committee
AID Agency for International Development
ARS Accrual Reporting System
BSM Business Systems Modernization
CDC Centers for Disease Control and Prevention
CFO chief financial officer
CMS Centers for Medicare and Medicaid Services
CoreFLS Core Financial and Logistics System
COTS commercial off-the-shelf
DHS Department of Homeland Security
DLA Defense Logistics Agency
DOD Department of Defense
EPA Environmental Protection Agency
FAM GAO/PCIE Financial Audit Manual
FASAB Federal Accounting Standards Advisory Board
FFMIA Federal Financial Management Improvement Act
FFMSR Federal Financial Management System Requirements
FIA Federal Managers' Financial Integrity Act
FISMA Federal Information Security Management Act
GSA General Services Administration
HHS Department of Health and Human Services
IEEE Institute of Electrical and Electronic Engineers
IFMP Integrated Financial Management Program
IRS Internal Revenue Service
JFMIP Joint Financial Management Improvement Program
LOB Line of Business
LMP Logistics Modernization Program
NASA National Aeronautics and Space Administration
NBRSS NIH Business and Research Support System
NIH National Institutes of Health
NRC Nuclear Regulatory Commission
NSF National Science Foundation
OIG Office of Inspector General
OMB Office of Management and Budget
Contents
OPM Office of Personnel Management
PART Performance and Assessment Rating Tool
PCIE President's Council on Integrity and Efficiency
PMA President's Management Agenda
PMO Program Management Office
SEI Software Engineering Institute
SFFAC Statements of Federal Financial Accounting Concepts
SFFAS Statement of Federal Financial Accounting Standards
SGL U.S. Government Standard General Ledger
SSA Social Security Administration
UFMS Unified Financial Management System
VA Department of Veterans Affairs
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
Comptroller General of the United States
United States Government Accountability Office Washington, D.C. 20548
October 1, 2004
The Honorable Susan M. Collins Chairman The Honorable Joseph I. Lieberman
Ranking Minority Member Committee on Governmental Affairs United States
Senate
The Honorable Tom Davis Chairman The Honorable Henry A. Waxman Ranking
Minority Member Committee on Government Reform House of Representatives
Many federal agencies still lack the ability to produce the data needed to
efficiently and effectively manage day-to-day operations and provide an
acceptable level of accountability to taxpayers. To address this
longstanding weakness of the federal government, the Chief Financial
Officers (CFO) Act of 19901 designates executive branch officials with
responsibility for the modernization of financial management systems, so
that the systematic measurement of performance; the development of cost
information; and the integration of program, budget, and financial
information for management reporting can be achieved.
The Federal Financial Management Improvement Act of 19962 (FFMIA) builds
on the foundation laid by the CFO Act by reflecting the need for agencies
to have systems that can generate reliable, useful, and timely information
with which to make fully informed decisions and to ensure
1Pub. L. No. 101-576, 104 Stat. 2838 (1990).
2Federal Financial Management Improvement Act of 1996, Pub. L. No.
104-208, div. A., S: 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept.
30, 1996).
accountability on an ongoing basis. FFMIA requires the CFO Act agencies3
to implement and maintain financial management systems that comply
substantially with (1) federal financial management systems requirements,
(2) applicable federal accounting standards, and (3) the U.S. Government
Standard General Ledger (SGL) at the transaction level. The act also
requires auditors to state in their audit reports whether the agencies'
financial management systems substantially comply with the act's
requirements. Furthermore, we are required to report annually on the
implementation of the act. This report, our eighth, discusses (1) the
auditors' assessments of agency systems' compliance with FFMIA for fiscal
year 2003 and the financial management systems problems that continue to
affect systems' FFMIA compliance and (2) the challenges agencies have
faced when implementing financial systems to help move toward FFMIA
compliance.
We conducted our work from April through August 2004 in the Washington,
D.C., area in accordance with U.S. generally accepted government auditing
standards.
Results in Brief Although agencies continue to make some progress in
addressing their financial management systems weaknesses, the fiscal year
2003 audit reports disclose that agencies' financial management systems
continue to have serious deficiencies. As a result of these deficiencies,
most agencies' financial management systems are still unable to routinely
produce reliable, useful, and timely financial information. This weakness
manifests itself by limiting the federal government's capacity to manage
with timely and objective data, and thereby hampers its ability to
effectively manage and oversee its major programs.
Auditors for 17 of the 23 CFO Act agencies reported that their agencies'
financial management systems did not comply substantially with one or
3There were initially 24 CFO Act agencies. (See Pub. L. No. 101-576,
S:205, 104 Stat. 2838, 2842-43 (1990)). The Federal Emergency Management
Agency, one of the 24 CFO Act agencies, was subsequently transferred to
the new Department of Homeland Security (DHS) created effective March 1,
2003. DHS must prepare audited financial statements under the
Accountability of Tax Dollars Act of 2002 (Pub. L. No. 107-289, 116 Stat.
2049 (Nov. 7, 2002)). However, DHS was not established as a CFO Act agency
and therefore is not subject to FFMIA. Consideration is now being given by
each house of Congress to adding DHS to the list of CFO Act agencies in
the Department of Homeland Security Financial Accountability Act, H.R.
4259 and S. 1567, 108th Congress.
more of the three FFMIA requirements. Auditors' assessments for three
agencies changed from fiscal year 2002 to 2003. For fiscal year 2003,
auditors for the Department of Commerce were able to provide negative
assurance due to the implementation of a new integrated financial
management system and improvements in general information technology
controls. Auditors at the Nuclear Regulatory Commission (NRC) were also
able to provide negative assurance due to a redesign of the agency's cost
accounting system and enhancement of the internal controls and operating
procedures documentation. Systems of both agencies had been reported as
lacking substantial compliance with FFMIA for fiscal year 2002.
Conversely, auditors for the General Services Administration (GSA), which
implemented a new financial management system in fiscal year 2002,
reported that GSA's systems lacked substantial compliance for fiscal year
2003 because they did not substantially comply with federal financial
management systems requirements. Specifically, the auditors found that GSA
lacked adequate policies and procedures for reconciliations and that the
reconciliations performed were not completed in a timely manner, a
downgrade from the fiscal year 2002 assessment.
The Department of Homeland Security (DHS) is currently not subject to the
CFO Act and, consequently, is not required to comply with FFMIA.
Accordingly, DHS' auditors did not report on the department's compliance
with FFMIA. However, the auditors did identify and report certain
deficiencies that relate to the three FFMIA requirements. Based on its
budget, DHS is the largest entity in the federal government that is
neither subject to the CFO Act nor required to comply with FFMIA system
requirements. Given the need for strong financial management,
consideration is now being given by each house of Congress to adding DHS
to the list of CFO Act agencies.
Auditors for six agencies4 reported that the results of their tests
disclosed no instances in which the agencies' systems did not
substantially comply with FFMIA. The auditors did not provide positive
assurance by definitively stating whether the agencies' financial
management systems substantially complied with FFMIA. Instead, the
auditors provided negative assurance of FFMIA compliance as permitted by
the Office of Management and Budget's (OMB) audit guidance. To provide
positive
4The Department of Commerce (Commerce), the Department of Energy (Energy),
the Environmental Protection Agency (EPA), the National Science Foundation
(NSF), the Nuclear Regulatory Commission (NRC), and the Social Security
Administration (SSA).
assurance as required by the act, more testing is necessary than that
performed for the purposes of rendering an opinion on the financial
statements.
Based on our review of the fiscal year 2003 audit reports for the 17
agencies reported to have noncompliant systems, we identified six
continuing, primary problems that affect FFMIA compliance. (See fig. 1.)
While more severe at some agencies than others, the nature and seriousness
of the reported problems indicate that generally most agencies' financial
management systems are not yet able to routinely produce reliable, useful,
and timely financial information.
Figure 1: Problems Reported by Auditors for Fiscal Years 2000 through 2003
Agencies 24
20 20
16
12
8
4
0
Nonintegrated Inadequate financial reconciliation management procedures
systems
Lack of accurate Noncompliance Lack of adherence Weak security and timely
with the SGL to federal accounting over information recording standards
systems
Fiscal year 2000 Fiscal year 2001 Fiscal year 2002 Fiscal year 2003
Source: GAO analysis.
Note: Based on independent auditors' reports for fiscal years 2000-2003,
prepared by agency inspectors general and contract auditors.
Many agencies are in the process of updating or replacing their core
financial systems as part of their financial management system
improvement efforts. However, our work at the Department of Defense (DOD),
the Department of Health and Human Services (HHS), and the National
Aeronautics and Space Administration (NASA) and the work of the Department
of Veterans Affairs (VA) Office of Inspector General (OIG) have shown that
agencies face significant risk in implementing financial management
systems and have not always followed accepted best practices for systems
development and implementation, commonly referred to as disciplined
processes, for efficient and effective system development and
implementation of financial management systems.
Disciplined processes have been shown to reduce the risks associated with
software development and acquisition efforts to acceptable levels and are
fundamental to successful system acquisition and implementation. A
disciplined software development and acquisition process can maximize the
likelihood of achieving the intended results within established costs and
on schedule. The key to having a disciplined system acquisition and
implementation effort is to have disciplined processes in multiple areas,
including requirements management, testing, project planning and
oversight, risk management, and quality assurance.
We found in our review of agencies' implementation of new financial
management systems and a review by the VA OIG5 also reported that
disciplined processes are not being followed. For example:
o In May 2004, we reported6 that for two major DOD financial management
systems, the initial deployments did not operate as intended and,
therefore, did not meet component-level needs. In large part, these
operational problems were due to DOD not effectively implementing the
disciplined processes that are necessary to manage the development and
implementation of the systems in the areas of requirements management and
testing. DOD program officials have acknowledged that the initial
deployments of these systems experienced problems that could be attributed
to requirements and testing.
5U.S. Department of Veterans Affairs, Office of Inspector General, Issues
at VA Medical Center Bay Pines, Florida and Procurement and Deployment of
the Core Financial and Logistics System (CoreFLS), 04-01371-177
(Washington, D.C.: August 2004).
6GAO, DOD Business Systems Modernization: Billions Continue to Be Invested
with Inadequate Management Oversight and Accountability, GAO-04-615
(Washington, D.C.: May 27, 2004).
o In September 2004, we reported7 that the lack of disciplined processes
puts implementation of HHS' financial system at risk. HHS had not
developed sufficient quantitative measures for determining the impact of
process weaknesses, cannot be assured that the system will provide all of
the functionality needed, and had not developed the necessary framework
for testing requirements. Further, its schedule left little time for
correcting process weaknesses and identified defects. As a result, HHS has
decided to delay the implementation of a significant amount of
functionality associated with the initial full deployment from October
2004 until April 2005 in order to address the issues that had been
identified with the project.
o As we have reported8 numerous times in 2003 and 2004, NASA faces
considerable challenges in implementing a financial management system-the
Integrated Financial Management Program (IFMP). NASA is on its third
attempt in 12 years to modernize its financial management process and
systems, and has spent about $180 million on its two prior failed efforts.
NASA was not following key best practices for acquiring and implementing
the system. For example, NASA lacked disciplined requirements management
and testing processes. As a result, NASA increased its risk that IFMP
would cost more and do less than planned. The core financial module, which
was fully deployed in June 2003 as called for in the project schedule,
still did not address many of the agency's most challenging external
reporting issues, such as external reporting problems related to property
accounting and budgetary accounting. Additionally, NASA deferred the
configuration and testing
7GAO, Financial Management Systems: Lack of Disciplined Processes Puts
Implementation of HHS' Financial System at Risk, GAO-04-1008 (Washington,
D.C.: Sept. 23, 2004).
8GAO, Business Modernization: Improvements Needed in Management of NASA's
Integrated Financial Management Program, GAO-03-507 (Washington, D.C.:
Apr. 30, 2003); Information Technology: Architecture Needed to Guide
NASA's Financial Management Modernization, GAO-04-43 (Washington, D.C.:
Nov. 21, 2003); Business Modernization: Disciplined Processes Needed to
Better Manage NASA's Integrated Financial Management Program, GAO-04-118
(Washington, D.C.: Nov. 21, 2003); Business Modernization: NASA's
Integrated Financial Management Program Does Not Fully Address Agency's
External Report Issues, GAO-04-151 (Washington, D.C.: Nov. 21, 2003);
Business Modernization: NASA's Challenges in Managing Its Integrated
Financial Management Program, GAO-04255 (Washington, D.C.: Nov. 21, 2003);
and National Aeronautics and Space Administration: Significant Actions
Needed to Address Long-standing Financial Management Problems, GAO-04-754T
(Washington, D.C.: May 19, 2004).
of several essential capabilities of the financial module and is not FFMIA
compliant.
o VA recently halted implementation of its new core financial system in
July 2004 that had cost about $249 million. The VA OIG reported that
contracting and monitoring of the VA project were not adequate and the
pilot deployment of the system encountered multiple problems.
As the federal government moves forward on new initiatives to enhance
financial management and provide results-oriented information, it is
crucial that disciplined processes are effectively used to reduce risks
related to implementing governmentwide solutions. Moreover, ensuring that
staff with the requisite skills are in place to implement and operate new
financial management systems is critical to success.
While we are not making any new recommendations in this report, we
reaffirm our prior recommendations9 aimed at enhancing OMB's audit
guidance related to FFMIA assessments. Specifically, we recommended that
OMB (1) require agency auditors to provide a statement of positive
assurance when reporting an agency's systems to be in substantial
compliance with FFMIA and (2) further clarify the definition of
"substantial compliance" to encourage consistent reporting.
In commenting on a draft of this report, OMB agreed with our assessment
that agencies have a long way to go before federal managers receive the
data needed to efficiently and effectively manage the day-to-day
operations of the federal government. Moreover, OMB agreed with us that
financial management success encompasses more than agencies receiving
unqualified opinions on their financial statements. As in previous years,
we and OMB have differing views on the level of audit assurance necessary
for assessing substantial compliance with FFMIA. We will continue to work
with OMB on this issue. Our detailed evaluation of OMB's comments can be
found at the end of this letter.
9GAO, Financial Management: FFMIA Implementation Critical for Federal
Accountability, GAO-02-29 (Washington, D.C.: Oct. 1, 2001); Financial
Management: FFMIA Implementation Necessary to Achieve Accountability,
GAO-03-31 (Washington, D.C.: Oct. 1, 2002); and Financial Management:
Sustained Efforts Needed to Achieve FFMIA Accountability, GAO-03-1062
(Washington, D.C.: Sept. 30, 2003).
Background FFMIA and other financial management reform legislation have
emphasized the importance of improving financial management across the
federal government. Beginning in 1990, the Congress has passed a series of
management reform legislation to improve the general and financial
management of the federal government. As shown in figure 2, the
combination of reforms ushered in by the (1) CFO Act of 1990, (2)
Government Performance and Results Act of 1993,10 (3) Government
Management Reform Act of 1994,11 (4) FFMIA, (5) Clinger-Cohen Act of
1996,12 and (6) Accountability of Tax Dollars Act of 2002,13 if
successfully implemented, provides a solid basis for improving
accountability of government programs and operations as well as routinely
producing valuable cost and operating performance information.
Figure 2 shows the three levels of the pyramid that result in the end
goal, accountability and useful management information. The bottom level
of the pyramid is the legislative framework that underpins the improvement
of the general and financial management of the federal government. The
second level shows the drivers that build on the legislative requirements
and influence agency actions to meet these requirements. The three drivers
are the (1) President's Management Agenda (PMA), (2) congressional and
other oversight, and (3) the Joint Financial Management Improvement
Program (JFMIP). The third level of the pyramid represents the key success
factors for accountability and meaningful management
information-integrating core and feeder financial systems, producing
reliable financial and performance data for reporting, and ensuring
effective internal control. The result of these three levels, as shown at
the top of the pyramid, is accountability and meaningful management
information needed to assess and improve the government's effectiveness,
financial condition, and operating performance.
10Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993).
11Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994).
12Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996).
13The Accountability of Tax Dollars Act of 2002 extends the requirement to
prepare and submit audited financial statements to most executive agencies
not subject to the CFO Act unless they are exempted by OMB. However, these
agencies are not required to have systems that are compliant with FFMIA.
Figure 2: Pyramid to Accountability and Useful Management Information
Source: GAO.
Building on the foundation laid by the CFO Act, FFMIA reflects the need
for agencies to have systems that can generate reliable, useful, and
timely information with which to make fully informed decisions and to
ensure accountability on an ongoing basis. FFMIA requires the departments
and agencies covered by the CFO Act to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards,14 and (3) the SGL15 at the transaction level. FFMIA also
requires auditors to state in their CFO Act financial statement audit
reports whether the agencies' financial management systems substantially
comply with FFMIA's systems requirements.
14The American Institute of Certified Public Accountants recognizes the
federal accounting standards promulgated by the Federal Accounting
Standards Advisory Board as generally accepted accounting principles. For
a further description of federal accounting standards, see app. I.
15The SGL provides a standard chart of accounts and standardized
transactions that agencies are to use in all their financial systems.
President's Management Agenda Supported by FFMIA Initiatives
The PMA, announced in the summer of 2001, is a plan for improving the
management and performance of the federal government. It targets the most
apparent deficiencies, where the opportunity to improve performance is the
greatest. The modernization of agency financial management systems, as
reflected in FFMIA, is critical to the success of all five PMA
initiatives.16 Although FFMIA implementation relates directly to the
improved financial performance initiative, development and maintenance of
FFMIA-compliant systems will also affect the implementation of the other
initiatives.
A key element of PMA's performance budgeting initiative is the Performance
and Assessment Rating Tool (PART). The development of PART represents a
step toward a more structured involvement of program and performance
analysis in the budget. It is a systematic method of assessing the
performance of program activities across the federal government,
consisting of a set of general questions on (1) program purpose and
design, (2) strategic planning, (3) program management, and (4) program
results. It also includes a set of more specific questions, which vary
according to the type of delivery mechanism or approach an individual
program uses, and calls for timely, reliable data to perform those
assessments.
Congressional Oversight Helps Provide Accountability
The leadership demonstrated by the Congress has been an important catalyst
to reforming financial management in the federal government. As previously
discussed, the legislative framework provided by the CFO Act and FFMIA,
among others, produces a solid foundation to stimulate change needed to
achieve sound financial systems management. For example, in November 2002,
the Congress enacted the Accountability of Tax Dollars Act to extend the
financial statements audit requirements of the CFO Act to additional
federal agencies. Further, the Congress is currently contemplating adding
DHS to the list of CFO Act agencies and requiring DHS to obtain an audit
opinion on its internal controls. There is value in sustained
congressional interest in these issues, as demonstrated by hearings on
federal financial management and reform held over the past several years.
It will be key that the appropriations, budget, authorizing,
16These five crosscutting initiatives are (1) improved financial
performance, (2) strategic human capital management, (3) competitive
sourcing, (4) expanded electronic government, and (5) budget and
performance integration.
and oversight committees hold agency top management accountable for
resolving these problems and that they support improvement efforts. The
continued attention by the Congress to these issues will be critical to
sustaining momentum for financial management reform.
JFMIP Works to Improve Federal Financial Management
JFMIP is a joint and cooperative undertaking of the U.S. Department of the
Treasury, GAO, OMB, and the Office of Personnel Management (OPM), working
in cooperation to improve financial management practices in the federal
government.17 Leadership is provided by the four principals of JFMIP-the
Comptroller General of the United States, the Secretary of the Treasury,
and the Directors of OMB and OPM. Since August 2001, the JFMIP principals
have met regularly to discuss financial management issues, such as the
acceleration of financial statement reporting. The Program Management
Office (PMO), managed by the Executive Director of the JFMIP using funds
provided by the CFO Council agencies, is responsible for the testing and
certification of commercial off-the-shelf (COTS) core financial systems
for use by federal agencies and coordinating the development and
publication of functional requirements for financial management systems.18
OMB Circular No. A-127, Financial Management Systems requires agencies to
purchase only COTS packages sold by vendors whose core financial systems
software has been certified by PMO. As shown in table 1, in 2003 and 2004,
PMO certified that six core financial software packages met the core
financial systems requirements.
Table 1: PMO-Certified Core Financial Systems
Vendor name Product Version Effective Date
SAP Public mySAP ERP with Enterprise Add-on v4.7 6/10/2003 Services, Inc.
(SAP) for Public Sector and Extension Set
17The authority for the creation of JFMIP is statutorily based. See the
Budget and Accounting Procedures Act of 1950, now codified at 31 U.S.C.
3511(d).
18See app. III for the systems requirements documents issued to date.
(Continued From Previous Page)
Vendor name Product Version Effective Date
American Momentum Financials v5.0 6/12/2003
Management
Systems, Inc. (AMS)
Integrated Financial v6.0
Digital Systems Management 6/25/2003
Group, Inc. Information Systems
(IFMIS)
Oracle Corporation Oracle E-Business Suite v11i.9 9/10/2003
11i
PeopleSoft Financial v8.8
PeopleSoft, Inc. Management 2/10/2004
Solutions (FMS)
Savantage Altimate v3.0 3/16/2004
Solutions, Inc.
Source: PMO.
PMO assesses COTS packages for conformity with the minimum level or
"floor" of system requirements. Therefore agencies should be aware that
simply implementing a core financial system that has been certified by PMO
does not ensure that these agencies will have financial systems that are
compliant with FFMIA or provide reliable, useful, and timely data for
day-to-day management. Factors that affect the FFMIA compliance and the
effectiveness of an implemented COTS core financial system include how the
software package has been configured to work in the agency's environment,
whether any customization is made to the software, the success of
converting data from legacy systems to new systems, and the quality of
transaction data in the feeder systems.
Guidance for FFMIA Issued by OMB
OMB sets governmentwide financial management policies and requirements and
has issued two sources of guidance related to FFMIA. First, OMB Bulletin
No. 01-02, Audit Requirements for Federal Financial Statements, dated
October 16, 2000, prescribes specific language auditors should use when
reporting on an agency system's substantial compliance with FFMIA.
Specifically, this guidance calls for auditors to provide negative
assurance when reporting on an agency system's FFMIA compliance. Second,
in OMB Memorandum, Revised Implementation Guidance for the Federal
Financial Management Improvement Act (Jan. 4, 2001), OMB provides guidance
for agencies and auditors to use in assessing substantial compliance. The
guidance describes the factors that should be considered in determining
whether an agency's systems substantially comply with FFMIA's
requirements. Further, the guidance provides examples of the types of
indicators that should be used as a basis in assessing whether an agency's
systems are in substantial compliance with each of the three FFMIA
requirements. Finally, the guidance
discusses the corrective action plans, to be developed by agency heads,
for bringing their systems into compliance with FFMIA.
Financial Audit Manual
Section on FFMIA Developed by PCIE and GAO
We worked with representatives from the President's Council on Integrity
and Efficiency (PCIE) to revise the joint GAO/PCIE Financial Audit
Manual19 (FAM) to include sections20 that provide specific procedures
auditors should perform when assessing FFMIA compliance. These sections
include detailed audit steps for testing agency systems' substantial
compliance with FFMIA. The FAM guidance on FFMIA assessments recognizes
that while financial statement audits offer some assurance regarding FFMIA
compliance, auditors should design and implement additional testing to
satisfy FFMIA criteria. For example, in performing financial statement
audits, auditors generally focus on the ability of the financial
management systems to process and summarize financial information that
flows into annual agency financial statements. In contrast, FFMIA requires
auditors to assess whether an agency's financial management systems comply
with system requirements. To do this, auditors need to consider whether
agency systems provide reliable, useful, and timely information for
managing day-to-day operations so that agency managers would have the
necessary information to measure performance on an ongoing basis rather
than just at year-end.
Scope and Methodology
We reviewed the fiscal year 2003 financial statement audit reports for the
23 CFO Act agencies to identify the auditors' assessments of agency
financial systems' compliance and the problems that affect FFMIA
compliance. We also reviewed the fiscal year 2003 financial statement
audit report for DHS to identify any FFMIA-related issues. Our prior
experience with these auditors and our review of their reports provided
the basis to determine the sufficiency and relevancy of evidence provided
in these documents. Based on the audit reports, we identified problems
reported by the auditors that affect agency systems' compliance with
FFMIA. The problems identified in these reports are consistent with
longstanding financial management weaknesses that we have reported based
on our work at the Department of Agriculture, NASA, Treasury, and other
19GAO/PCIE, Financial Audit Manual, GAO-01-765G (Washington, D.C.: July
2004). 20GAO-01-765G, sections 701, 701A, 701B, and 260.58-.60.
agencies. However, we caution that the occurrence of problems in a
particular category may be even greater than auditors' reports of FFMIA
noncompliance would suggest because auditors may not have included all
problems in their reports.
We also reviewed our previously issued reports and those by the inspectors
general to identify the challenges federal agencies face when implementing
new systems. Finally, we held discussions with OMB officials to obtain
information about its current efforts to help agencies develop systems
that will comply with FFMIA.
We conducted our work from April through August 2004 in the Washington,
D.C., area in accordance with U.S. generally accepted government auditing
standards. We requested comments on a draft of this report from the
Director of OMB or his designee. Comments from OMB are discussed in the
"Agency Comments and Our Evaluation" section and reprinted in appendix VI.
Continued Systems Weaknesses Impede Financial Management Accountability
While agencies are making some progress in producing auditable financial
statements and addressing their financial management systems weaknesses,
the vast majority of agency systems are still not substantially compliant
with FFMIA's requirements. Figure 3 summarizes auditors' assessments of
FFMIA compliance for fiscal years 2000 through 2003 and suggests that the
instances of noncompliance with FFMIA's three requirements have remained
fairly constant. For fiscal year 2003, OIGs and their contract auditors
reported that the systems of 17 of the 23 CFO Act agencies did not
substantially comply with at least one of FFMIA's three
requirements-federal financial management systems requirements, applicable
federal accounting standards, or the SGL at the transaction level.21
In fiscal year 2002, auditors for five agencies (SSA, Energy, NSF, EPA,
and GSA) provided negative assurance that the agencies' financial systems
were in compliance with FFMIA. In fiscal year 2003, the auditors at two
additional agencies, Commerce and NRC, provided negative assurance that
the systems at those agencies were in compliance with FFMIA, while
auditors reported GSA's systems to be noncompliant.
21Of these 17 agencies, systems for 8 agencies were reported not to be in
substantial compliance with all three FFMIA requirements.
At Commerce, the auditors were able to provide negative assurance due to
the implementation of a new integrated financial management system,
combined with improvements in general information technology controls.
Auditors at NRC provided negative assurance due to a redesign of the
agency's cost accounting system and enhancement of the internal controls
and operating procedures documentation. In contrast, for fiscal year 2003,
GSA's systems were found to be noncompliant by its auditors due to
reconciliation issues related to a newly implemented system. Specifically,
the auditors concluded that the systems GSA relied on during fiscal year
2003 failed to perform timely reconciliations of accounts payable and
undelivered orders, Fund Balance with Treasury, and accounts receivable,
which represented a lack of substantial compliance with FFMIA. In total,
for 6 of the 23 CFO Act agencies, the auditors provided negative assurance
by stating that nothing came to their attention that would indicate the
systems did not comply with FFMIA for fiscal year 2003.
Figure 3: Auditors' FFMIA Assessments for Fiscal Years 2000 through 2003
Agencies not in compliance
20 19
16
12
8
4
0 2000 2001 2002 2003
System requirements Accounting standards SGL Source: GAO analysis.
Note: Based on independent auditors' reports for fiscal years 2000-2003,
prepared by agency inspectors general and contract auditors.
While more CFO Act agencies have obtained clean or unqualified audit
opinions on their financial statements, there is little evidence of marked
improvements in agencies' capacities to create the full range of
information needed to manage day-to-day operations. The number of
unqualified opinions has been increasing over the past 7 years, from 11 in
fiscal year 1997 to 20 for fiscal year 2003; but the number of agencies
reported to have substantially noncompliant systems has remained
relatively steady. While the increase in unqualified opinions is
noteworthy, a more important measure of financial systems' capability and
reliability is that the number of agencies for which auditors provided
negative assurance of FFMIA compliance has remained relatively constant
throughout this same period. In our view, this has led to an expectation
gap since, as more agencies receive clean opinions, expectations are
raised that the government has sound financial management and can produce
reliable, useful, and timely information on demand throughout the year,
whereas FFMIA assessments offer a different perspective.
All CFO Act agencies issued their audited financial statements by the
accelerated reporting deadline of February 1, 2004, for agency fiscal year
2003 financial statements. However, the deadline for issuance of fiscal
year 2004 audited financial statements is November 15, 2004, just 45 days
after the close of the fiscal year. Auditors at several of the CFO Act
agencies reported that the agencies may not be able to produce auditable
financial statements within the accelerated time frame for fiscal year
2004 without making fundamental changes to improve a number of their
financial management practices.
DHS Is Not Required To Comply with FFMIA
DHS is not subject to the CFO Act and, consequently, is not required to
comply with FFMIA. Accordingly, DHS' auditors did not report on the
department's compliance with FFMIA in fiscal year 2003. However, the
auditors identified and reported deficiencies that relate to the three
FFMIA requirements.
Based on its budget, DHS is the largest entity in the federal government
that is not subject to the CFO Act nor required to comply with FFMIA
system requirements. Creating strong financial management at DHS is
particularly challenging because most of the 22 entities brought together
to form the department have their own financial management systems;
processes; and in some cases, deficiencies. For example, five of the seven
major agencies that transferred to DHS had 30 reportable conditions, 18 of
which were considered material internal control weaknesses for fiscal year
2002 and four of the major agencies-that had previously been subject to
stand-alone audits-had financial management systems that were not in
substantial compliance with FFMIA. Some progress has been made in
addressing the internal control weaknesses it inherited from component
agencies. Nine of the 30 inherited internal control weaknesses have been
closed as of September 30, 2003. For DHS to develop a strong financial
management infrastructure, it will need to address these and many other
financial management issues.
We fully support the objectives of the CFO Act to provide reliable
financial information and improve financial management systems and
controls and, as recently reported,22 we believe that it is critical that
DHS be statutorily required to comply with important financial management
reforms legislated in the CFO Act and FFMIA. Consideration is now being
given by each house of Congress to adding DHS to the list of CFO Act
agencies in the Department of Homeland Security Financial Accountability
Act, H.R. 4259 and S. 1567, 108th Congress.
FFMIA Compliance Findings Auditors for six agencies (Commerce, Energy,
EPA, NRC, NSF, and SSA)
Based on Negative Assurance provided negative assurance that the agencies'
systems were in compliance with FFMIA in fiscal year 2003, and five
agencies did so in fiscal year 2002. Auditors provide negative assurance
when they include language stating that nothing came to their attention
during the course of their planned procedures to indicate that these
agencies' financial management systems did not meet FFMIA requirements. If
readers are not familiar with the concept of negative assurance, they may
incorrectly assume that these systems have been fully tested by the
auditors and that the agencies have achieved compliance.
OMB's current audit guidance23 calls for auditors to provide negative
assurance when reporting whether an agency's systems are in substantial
compliance with FFMIA. To provide positive assurance of FFMIA compliance,
auditors would need to perform more comprehensive audit procedures than
those necessary to render an opinion for a financial statement audit. In
performing financial statement audits, auditors
22GAO, Financial Management: Department of Homeland Security Faces
Significant Financial Management Challenges, GAO-04-774 (Washington, D.C.:
July 19, 2004).
23OMB Bulletin No. 01-02, Audit Requirements for Federal Financial
Statements (Oct. 16, 2000).
generally focus on the capability of the financial management systems to
process and summarize financial information that flows into financial
statements. In contrast, FFMIA is much broader and requires auditors to
assess whether an agency's financial management systems substantially
comply with systems requirements. To do this, auditors need to consider
whether agency systems provide complete, accurate, and timely information
for managing day-to-day operations. We believe that providing positive
assurance of an agency's financial management system would identify
weaknesses and lead to systems improvements that result in enhancing the
performance, productivity, and efficiency of federal financial management,
which is a goal of the PMA. Therefore, as we discussed in prior reports,24
we reaffirm our prior recommendation that OMB require agency auditors to
provide a statement of positive assurance when reporting an agency's
systems to be in substantial compliance with FFMIA.
OMB continues to support the requirement for negative assurance of FFMIA
compliance due to cost-benefit concerns. While OMB agrees that testing
should occur, and its guidance on FFMIA calls for it, OMB officials are
concerned that the level of testing needed for positive assurance may be
too time-consuming and costly. OMB officials stated that different, more
coordinated approaches toward assessing an agency's internal controls and
FFMIA compliance might provide sufficient assurance on an agency's
systems. For example, in preparing the PMA scorecard assessments, OMB
officials meet with agencies to discuss a number of financial management
issues and have systems demonstrations. Agencies are asked to identify key
business questions and related cost drivers. Then, the agencies must
develop systems that can produce the information needed on those cost
drivers to help management at all levels focus on results. OMB officials
stated they believed the PMA scorecard framework offers an alternative
route toward substantial compliance that is similar to that offered by
positive assurance. In its written comments on a draft of this report (see
app. VI) OMB stated that the processes used in evaluating agencies against
the PMA standards can provide a corroborative mechanism in evaluating
compliance with FFMIA. Our concern is that the information provided by
this approach does not come under audit scrutiny and may not be reliable.
For example, the PMA scorecard does not examine the nature and extent of
adjustments that agencies make to their year-end financial statements. As
long as extensive year-end adjustments are needed, there is no assurance
that the financial information being
24GAO-02-29, GAO-03-31, and GAO-03-1062.
provided by the systems is complete and accurate for day-to-day
operations.
A joint CFO Council/PCIE group is also currently investigating how
internal control reporting similar to that required by the Sarbanes-Oxley
Act of 200225 might be useful in the federal government. OMB officials
told us that the results of this CFO Council/PCIE study might provide
another method of assessing and reporting on internal control and FFMIA
compliance. Auditor reporting on internal control is a critical component
of monitoring the effectiveness of an organization's accountability,
especially for large, complex, or challenged entities that use taxpayers'
dollars. Auditors can better serve their clients and other financial
statement users and better protect the public interest by having a greater
role in providing assurances of the effectiveness of internal control in
deterring fraudulent financial reporting and protecting assets. Financial
systems are an important element of an entity's internal control over
financial reporting. Although enhanced internal control reporting would
not necessarily address the full capability of the financial management
systems in place, such reporting would include reportable internal control
weaknesses caused by financial systems problems. However, the full value
of independent auditors' assessments of FFMIA compliance will not be fully
realized until auditors perform a sufficient level of audit work to be
able to provide positive assurance that agencies are in compliance with
FFMIA. When reporting an agency's financial management systems to be in
substantial compliance, positive assurance will provide users with
confidence that the agency systems provide the reliable, useful, and
timely information envisioned by the act.
In addition, we also previously recommended26 that OMB explore clarifying
the definition of "substantial compliance" to help ensure consistent
application of the term. As we noted27 in our prior reports, auditors we
interviewed had concerns about providing positive assurance in reporting
25A final rule issued by the Securities and Exchange Commission that took
effect in August 2003 provides guidance for implementations of Sections
302, 404, and 906 of the Sarbanes-Oxley Act of 2002 (Pub. L. No. 107-204,
S:S:302, 404, 906 116 Stat. 745, 777, 789, 806 (July 30, 2002)), which
requires publicly traded companies to establish and maintain an adequate
internal control structure and procedures for financial reporting and
include in the annual report a statement of management's responsibility
for and assessment of the effectiveness of those controls and procedures
in accordance with standards adopted by the Securities and Exchange
Commission.
26GAO-02-29.
on agency systems' FFMIA compliance because of a need for clarification
regarding the meaning of substantial compliance. Therefore, we also
reaffirm this recommendation. In its comments, OMB stated that its growing
experience assisting agencies in implementing the PMA performance
standards will enable it to refine the existing FFMIA indicators
associated with substantial compliance. Accordingly, OMB officials stated
that they will consider our recommendation in any future policy and
guidance updates.
Reasons for Noncompliance Based on our review of the fiscal year 2003
audit reports for the 17 agencies reported to have systems not in
substantial compliance with one or more of FFMIA's three requirements, we
identified six primary reasons cited by the auditors for agency systems
not being compliant. The weaknesses reported by the auditors ranged from
serious, pervasive systems problems to less serious problems that may
affect one aspect of an agency's accounting operation:
o nonintegrated financial management systems,
o inadequate reconciliation procedures,
o lack of accurate and timely recording of financial information,
o noncompliance with the SGL,
o lack of adherence to federal accounting standards, and
o weak security controls over information systems.
Figure 4 shows the relative frequency of these problems at the 17 agencies
reported to have noncompliant systems and the problems relevant to FFMIA
that were reported by their auditors. The same six types of problems were
cited by auditors in their fiscal years 2000, 2001, and 2002 audit
reports, although the auditors may not have reported these problems as
specific reasons for their systems' lack of substantial compliance with
FFMIA. In addition, we caution that the occurrence of problems in a
particular category may be even greater than auditors' reports of FFMIA
27GAO-02-29 and GAO-03-31.
noncompliance would suggest because auditors may not have identified all
problems in their reviews.
Figure 4: Problems Reported by Auditors for Fiscal Years 2000 through 2003
Agencies
20 Nonintegrated financial management systems Inadequate reconciliation
procedures Lack of accurate and timely recording
Noncompliance with the SGL
Lack of adherence to federal accounting standards Weak security over information
systems
Fiscal year 2000 Fiscal year 2001 Fiscal year 2002 Fiscal year 2003
Source: GAO analysis.
Note: Based on independent auditors' reports for fiscal years 2000-2003,
prepared by agency inspectors general and contract auditors.
Nonintegrated Financial Management Systems
The CFO Act calls for agencies to develop and maintain an integrated
accounting and financial management system28 that complies with federal
28Federal financial system requirements define an integrated financial
system as one that coordinates a number of previously unconnected
functions to improve overall efficiency and control. Characteristics of
such a system include (1) standard data classifications for recording
financial events, (2) common processes for processing similar
transactions, (3) consistent control over data entry, transaction
processing, and reporting, and (4) a system design that eliminates
unnecessary duplication of transaction entry.
systems requirements and provides for (1) complete, reliable, consistent,
and timely information that is responsive to the financial information
needs of the agency and facilitates the systematic measurement of
performance; (2) the development and reporting of cost management
information; and (3) the integration of accounting, budgeting, and program
information. OMB Circular No. A-127, Financial Management Systems requires
each agency to establish and maintain a single integrated financial
management system that conforms to functional requirements published by
PMO.
Agencies that do not have integrated financial management systems
typically must expend major effort and resources, including in some cases
hiring external consultants, to develop information that their systems
should be able to provide on a daily or recurring basis. Agencies with
nonintegrated financial systems are also more likely to be required to
devote more resources to collecting information than those with integrated
systems. In addition, opportunities for errors are increased when
agencies' systems are not integrated.
Auditors frequently mentioned the lack of modern, integrated financial
management systems in their fiscal year 2003 audit reports. As shown in
figure 4, auditors for 11 of the 17 agencies with noncompliant systems
reported this to be a problem, compared with 13 of the 19 agencies
reported with noncompliant systems in fiscal year 2002.29 For example,
auditors determined that the Department of State's financial and
accounting system, as of September 30, 2003, was inadequate, preventing
the department from routinely issuing timely financial statements and
increasing the risk of materially misstating financial information. The
principal areas of weakness included (1) certain elements, including, but
not limited to, personal property, capital leases, and certain accounts
payable, were developed from sources outside the general ledger and (2)
several different systems were used for the management of grants and other
types of federal awards. These systems for grants management and other
federal awards lacked standard data classifications and were not
integrated with the department's centralized financial management system.
29In our October 2003 FFMIA report, we stated that auditors had discussed
problems relating to nonintegrated financial management systems at 12
agencies. As part of our analysis of the most recent reports, it became
apparent that the auditors for 1 additional agency concluded that
nonintegrated systems were a factor contributing to its financial
reporting difficulties for fiscal year 2002. Therefore, the revised number
of agencies with nonintegrated systems for fiscal year 2002 is 13.
In another case, as auditor for Treasury's Internal Revenue Service
(IRS),30 we reported that IRS' general ledger system consists of two
independent general ledgers that are not integrated with each other or
with their supporting records for material balances. Further, the
information contained in the general ledgers was not supported by adequate
audit trails for federal tax revenue, federal tax refunds, taxes
receivable, or property and equipment. IRS' use of two separate general
ledgers to account for its tax collection activities and the costs of
conducting those activities, respectively, greatly complicates efforts to
measure the cost of IRS' tax collection efforts. The use of multiple
ledgers also causes difficulties in the production of the reliable,
useful, and timely financial and performance information that IRS needs
for decision making on an ongoing basis.
Inadequate Reconciliation Procedures
A reconciliation process, whether manual or automated, is a necessary and
valuable part of a sound financial management system. The less integrated
the financial management system, the greater the need for adequate
reconciliations because data may be accumulated from a number of different
sources. Reconciliations are needed to ensure that data have been recorded
properly between the various systems and manual records. The Comptroller
General's Standards for Internal Control in the Federal Government31
highlights reconciliation as a key control activity.
As shown in figure 4, auditors for 11 of the 17 agencies with noncompliant
systems in fiscal year 2003 reported that the agencies had reconciliation
problems, compared with 11 of the 19 agencies reported with noncompliant
systems in fiscal year 2002. These reconciliation problems included
difficulty in reconciling their fund balance with Treasury accounts32 with
Treasury's records. Treasury policy requires agencies to reconcile their
accounting records with Treasury records on a monthly basis (comparable to
individuals reconciling their personal checkbooks to their monthly bank
statements).
30GAO, Financial Audit: IRS's Fiscal Years 2003 and 2002 Financial
Statements, GAO-04126 (Washington, D.C.: Nov. 13, 2003).
31GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999).
32Agencies record their budget spending authorizations in their fund
balance with Treasury accounts. Agencies increase or decrease these
accounts as they collect or disburse funds.
For fiscal year 2003, NASA's auditors reported a lack of effective
internal controls surrounding its fund balance with Treasury
reconciliations. Based on a review of NASA headquarters' fund balance with
Treasury reconciliations as of September 30, 2003, auditors reported an
agencywide difference of approximately $43 million, net, between NASA's
general ledger and Treasury's reported balance. NASA did not provide
sufficient documentary evidence to explain these differences. Further,
NASA made approximately 20 additional adjustments outside of its financial
management system, which indicated the difference between its fund balance
with Treasury balance and Treasury's reported balance was significantly
greater than disclosed in its year-end reconciliations. In total, NASA
recorded adjustments of approximately $2 billion, net, to decrease its
fund balance with Treasury balance in order to agree to Treasury's
reported balance as of September 30, 2003. NASA was unable to provide the
auditor documentation to explain the reasons for such a large dollar
amount of reconciliations.
Lack of Accurate and Timely Recording of Financial Information
As shown in figure 4, auditors for 15 of the 17 agencies with noncompliant
systems reported the lack of accurate and timely recording of financial
information as a problem for fiscal year 2003, compared with 17 of the 19
agencies reported with noncompliant systems in fiscal year 2002. Accurate
and timely recording of financial information is essential for successful
financial management. Timely recording of transactions facilitates
accurate reporting in agencies' financial reports and other management
reports used to guide managerial decision making. In addition, having
systems that record information in a timely and accurate manner is
critical for key governmentwide initiatives, such as integrating budget
and performance information.
In contrast, untimely recording of transactions during the fiscal year can
result in agencies making substantial efforts at fiscal year-end to
perform extensive manual financial statement preparation efforts that are
susceptible to error and increase the risk of misstatements. For example,
auditors at the Department of the Interior reported in fiscal year 2003
that the department (1) needed to improve controls over property, plant,
and equipment in order to prepare financial reports in a timely and
reliable manner; (2) capitalized assets that were transferred from other
agencies at incorrect amounts and also capitalized assets in the current
year that had been accidentally expensed in prior years; and (3) did not
ensure that journal vouchers were properly recorded by failing to include
proper general ledger accounts. As a result, the department recorded over
180
adjustments after issuing the final year-end trial balance, requiring that
significant time and resources be dedicated to making manual adjustments.
Noncompliance with the SGL
As shown in figure 4, auditors for 10 of the 17 agencies reported to have
noncompliant systems for fiscal year 2003 stated that the agencies'
systems did not comply with SGL requirements for fiscal year 2003, as
compared with 9 of the 19 agencies reported with noncompliant systems in
fiscal year 2002. Implementing the SGL at the transaction level is one of
the specific requirements of FFMIA. Using the SGL promotes consistency in
financial transaction processing and reporting by providing a uniform
chart of accounts and pro forma transactions. The SGL also provides a
basis for comparison at the agency and governmentwide levels. The defined
accounts and pro forma transactions standardize the accumulation of agency
financial information as well as enhance financial control and support
financial statement preparation and other external reporting. By not
implementing the SGL, agencies may experience difficulties in providing
consistent financial information across their components and functions.
Auditors for HHS reported that some of its systems were not designed to
apply the SGL at the transaction level. For example, the auditors stated
that the National Institutes of Health (NIH) recorded 1,900 nonstandard
accounting entries totaling $14.2 billion during the year. According to
the auditors, these nonstandard entries were needed to properly adjust
account balances, including inventory, accrued leave, personal property,
receipt of donations, and other revenues. Moreover, NIH developed a
process to record at year-end the effect of current-year, day-to-day
entries in its budgetary and expended appropriations accounts. In their
report, the auditors stated that the use of nonstandard accounting entries
increased the risks of (1) bypassing accounting controls and (2) errors.
To address these issues, during fiscal year 2003, NIH reconfigured its
transaction codes to be SGL compliant and on October 1, 2003, implemented
a new general ledger system as part of the NIH Business and Research
Support System (NBRSS) initiative. NBRSS is expected to be fully
implemented in 2006.
Furthermore, approximately 2,300 nonstandard accounting entries with an
absolute value of about $41 billion were recorded in HHS' Program Support
Center's (PSC)33 CORE Accounting system34 to compensate for noncompliance
with the SGL. These nonstandard accounting entries were recorded to
correct for misstatements and recorded balances, and to record
reclassifications.
Lack of Adherence to Federal Accounting Standards
One of FFMIA's requirements is that agencies' financial management systems
account for transactions in accordance with federal accounting standards.
Agencies face significant challenges implementing these standards. As
shown in figure 4, auditors for 11 of the 17 agencies with noncompliant
systems for fiscal year 2003 reported that these agencies had problems
complying with one or more federal accounting standards, compared with 13
of the 19 agencies with noncompliant systems in fiscal year 2002.
Auditors reported that agencies are having problems implementing standards
that have been in effect for some time-such as Statement of Federal
Financial Accounting Standards (SFFAS) No. 1, Accounting for Selected
Assets and Liabilities-as well as standards that have been promulgated in
the last few years-such as SFFAS No. 21, Reporting Corrections of Errors
and Changes in Accounting Principles. For example, in fiscal year 2003,
auditors for the U.S. Agency for International Development (USAID) found
that the agency's Accrual Reporting System (ARS)35 was not in compliance
with SFFAS No. 1, paragraph 77. That standard requires that when an entity
accepts goods (or services), it should recognize a liability for the
unpaid amount of these goods or services. If related invoices are not
available when the financial statements are prepared, amounts owed should
be estimated. USAID uses ARS to develop quarterly estimates of accrued
expenses recorded against individual contract and grant awards. However,
auditors discovered that ARS' financial information was not reliable and,
since the system-generated estimates were based on the financial
information contained in the system,
33PSC is an administrative office that provides program support services
to HHS components and other federal agencies through fee-for-service.
PSC's major business lines include financial management and administrative
operations.
34The PSC CORE Accounting system is the nucleus of PSC's accounting
operations and accepts and processes data supplied by 8 of the 12 HHS
agencies as well as from Payroll, Travel, and Payment Management Systems.
35USAID's ARS obtains obligation and contract data and uses this
information to calculate estimated quarterly expenses against individual
contracts, grants, or obligation line items.
USAID had no assurance that the resulting estimates were reliable or
supported by adequate accrual methodology. Further, simply eliminating the
system-generated estimates might cause the agency to materially understate
its accounts payable. Consequently, as a result of revised ARS estimates
proposed by the OIG, USAID reduced its year-end accrued expenses and
accounts payable by $244 million to more accurately reflect the activity
in accounts affected by accruals.
Weak Security Controls over Information Systems
Information security weaknesses are a major concern for federal agencies
and the general public and are one of the frequently cited reasons for
noncompliance with FFMIA. These control weaknesses place vast amounts of
government assets at risk of inadvertent or deliberate misuse, financial
information at risk of unauthorized modification or destruction, sensitive
information at risk of inappropriate disclosure, and critical operations
at risk of disruption. Accordingly, we have considered information
security to be a governmentwide high-risk area since 1997.36
The Congress and the executive branch have taken action to address the
risks associated with persistent information security weaknesses. The
Federal Information Security Management Act of 2002 (FISMA)37 provides the
overall framework for ensuring the effectiveness of information security
controls that support federal operations and assets and requires agencies
and OMB to report annually to the Congress on their information security
programs. As we testified in March 2004,38 fiscal year 2003 agency
reporting required by FISMA showed apparent progress in implementing
FISMA's information security requirements, but most agencies still had not
reached the level of performance that demonstrates they have implemented
the agencywide information security program mandated by the act. Only 6
agencies reported that they had authorized 90 to 100 percent of their
systems, and 11 agencies reported that they had authorized less than half
of their systems. While OMB monitors agency performance by requiring
agencies to provide quarterly updates on this and other key performance
measures, the fiscal year 2004 annual reports that agencies must submit to
the Congress are due to OMB by October 6, 2004, and
36GAO, High-Risk Series: An Update, GAO-03-119 (Washington, D.C.: January
2003).
37Pub. L. 107-347, title III, S:301, 116 Stat. 2899, 2946-2961 (December
17, 2002).
38GAO, Information Security: Continued Efforts Needed to Sustain Progress
in Implementing Statutory Requirements, GAO-04-483T (Washington, D.C.:
Mar. 16, 2004).
should provide updated information on agency progress in implementing
FISMA's information security requirements.
As shown in figure 4, auditors for all 17 of the 17 agencies with
noncompliant systems reported security weaknesses in information systems
to be a problem, compared with 19 of the 19 agencies reported with
noncompliant systems in fiscal year 2002. Unresolved information security
weaknesses could adversely affect the ability of agencies to produce
accurate data for decision making and financial reporting because such
weaknesses could compromise the reliability and availability of data that
are recorded in or transmitted by an agency's financial management system.
As a case in point, in fiscal year 2003, the auditors for the Department
of Education noted that the department needs improvement in seven key
security control areas. These seven areas are (1) consistently updating
application versions, virus/data protection packages, and security
packages; (2) testing mission-critical systems for platform and database
level vulnerabilities; (3) enforcing the rule requiring complex passwords
across the enterprise; (4) deploying network and host based intrusion
detection systems to provide alerts of intrusions and malicious internal
activity; (5) implementing firewall rules to logically segregate database
servers containing sensitive data from servers within the Web-hosting
environment; (6) implementing access controls to protect mission-critical
systems from certain internal networks; and (7) correcting security
weaknesses previously identified at contractor facilities.
Agencies Struggle to Implement New Financial Systems
In an effort to address problems such as nonintegrated systems, inadequate
reconciliations, and lack of compliance with the SGL, a number of agencies
have efforts under way to implement new financial management systems or to
upgrade existing systems. Agencies anticipate that the new systems will
provide reliable, useful, and timely data to support managerial decision
making and assist taxpayer and congressional oversight. However,
implementing and upgrading systems bring new risks. Organizations that
follow and effectively implement accepted best practices in systems
development and implementation (commonly referred to as disciplined
processes) can reduce these risks to acceptable levels. However, our work
at DOD, HHS, and NASA has shown that agencies face significant problems in
implementing financial management systems and are not following the
necessary disciplined processes for efficient and effective implementation
of such systems. Further, VA recently halted its pilot implementation of
its
new core financial system for which $249 million had been invested. The VA
OIG reported that the contracting and monitoring of the VA project was not
adequate, and the pilot deployment of the system encountered multiple
problems. The problems the VA OIG cited were similar to those we noted at
DOD, HHS, and NASA. As the federal government moves forward with ambitious
modernization efforts to identify opportunities to eliminate redundant
systems and enhance information accuracy and availability, adherence to
these disciplined processes will be a crucial element to reduce risks to
acceptable levels.
Most Agencies Are Implementing Throughout the government, agencies have
worked diligently to minimize
New Financial Systems financial management weaknesses by implementing or
upgrading current financial systems. As we previously reported,39 17 CFO
Act agencies advised us that as of September 2002 they were planning to or
were in the process of implementing new core financial systems. Eleven of
these 17 CFO Act agencies had chosen software packages certified by PMO,
40 while the remaining 6 agencies had at that time yet to arrive at the
software selection phase of their acquisition processes. Target
implementation dates ranged from fiscal years 2003 to 2008 for 16 of the
17 agencies. DOD had not yet determined its implementation date. Moreover,
JFMIP recently surveyed federal agencies about their plans to purchase
core financial system and feeder system software between fiscal years 2005
and 2009. Survey responses indicated that 7 of the 23 CFO Act agencies and
DHS plan to purchase core financial software. Additionally, 13 agencies
and DHS have plans to purchase feeder system software between fiscal years
2005 and 2009. Thus, the majority of the CFO Act agencies and DHS were
either implementing or planning to purchase core financial or feeder
system software.
An agency's implementation of a certified core financial system does not
guarantee that the financial system is FFMIA compliant. Two major factors
affecting FFMIA compliance that agencies must consider are (1) the
integration of the core financial system with the agency's administrative
and programmatic systems, especially with regard to the completeness and
39GAO-03-1062.
40The PMO, which is managed by JFMIP's Executive Director, with funds
provided by the CFO Council agencies, tests vendor COTS packages and
certifies that they meet certain financial management system requirements
for core financial systems.
validity of system data, and (2) the existence of modifications or
customizations to the certified core financial system software.
As indicated in our prior report,41 some agencies stated in their
performance and accountability assessments that complete implementation of
new core financial systems will also address their systems' substantial
noncompliance with FFMIA. However, as we previously discussed,
implementing a new core financial system may not eliminate all of an
agency's financial management weaknesses. Agencies must consider various
problems that extend beyond their core financial systems. Despite this
realization, the implementation of agencywide core financial systems is a
solid step toward successful systems performance.
Agencies Are Not Following Disciplined Processes
Implementing new financial management systems provides the groundwork for
improved financial management, including providing financial managers with
more timely information for better informed financial management
decisions, and will help meet OMB's accelerated financial reporting
deadline. However, with implementation comes risk. Organizations that
follow and effectively implement accepted best practices in systems
development and implementation (commonly referred to as disciplined
processes) can reduce these risks to acceptable levels. Our work at DOD,
HHS, and NASA has shown that agencies face significant problems in
implementing financial management systems and are not following the
necessary disciplined processes for efficient and effective implementation
of financial management systems. VA recently halted implementation of its
new core financial system, due in part to reported concerns about the
inadequate contracting and monitoring of the project and multiple problems
with the pilot deployment of the system.
Disciplined processes have been shown to mitigate some of the risks
associated with software development and acquisition efforts to acceptable
levels. The term "acceptable levels" acknowledges that any systems
acquisition effort has risks and will suffer the risk of not achieving the
intended results (performance) within the established resources (costs) on
schedule. However, effective implementation of the disciplined processes
reduces these risks and helps prevent any actual problems from having any
41GAO-03-1062.
significant adverse impact on achieving the performance, cost, and
schedule of the project.
Although a standard set of practices that will guarantee success does not
exist, several organizations, such as the Software Engineering Institute
(SEI)42 and the Institute of Electrical and Electronic Engineers (IEEE),43
as well as individual experts have identified and developed the types of
policies, procedures, and practices that have been demonstrated to reduce
development time and enhance effectiveness. The key to having a
disciplined system development effort is to have disciplined processes in
several areas, including the following:
o Requirements management. Requirements are the specifications that
system developers and program managers use to design, develop, and acquire
a system.
o Testing. Testing is the process of executing a program with the intent
of finding errors. Testing is a critical process that improves an entity's
confidence that the system will satisfy the requirements of the end user
and operate as intended.
o Project planning and oversight. Project planning is the process used to
establish reasonable plans for carrying out and managing the software
project. It includes estimating resources needed for the work to be
performed, establishing commitments, and defining the work plan.
o Risk management. Risk management is a set of activities for
identifying, analyzing, planning, tracking, and controlling risks. Risk
management starts with identifying the risks before they can become
problems.
Organizations that do not effectively implement the disciplined processes
lose the productive benefits of these processes as a project moves through
its development and implementation and are forced to implement them later
when it takes more time and they are less effective. A major
42SEI is a federally funded research and development center operated by
Carnegie Mellon University and sponsored by DOD. The SEI objective is to
provide leadership in software engineering and in the transition of new
software engineering technology into practice.
43IEEE develops standards for a broad range of global industries,
including the information technology and information assurance industries.
consumer of project resources in undisciplined efforts is rework. Rework
occurs when the original work has defects or is no longer needed because
of changes in project direction. Disciplined organizations focus their
efforts on reducing the amount of rework because it is expensive. Studies
have shown that correcting a defect during the testing phase costs
anywhere from 10 to 100 times the cost of correcting it during the design
or requirements phase.44 Projects that are unable to adopt disciplined
processes successfully will eventually only be spending their efforts on
rework and the associated processes that are needed rather than productive
work. In other words, the project may find itself continually reworking
items.
We found in our review of three agencies' implementation of new financial
management systems that these agencies are not following the disciplined
processes that are necessary to reduce the risks to acceptable levels. In
our May 2004 report,45 we reported that long-standing problems continue at
DOD despite the significant investments made in DOD business systems46
each year. GAO's two case study examples of logistics systems
modernization efforts, Business Systems Modernization (BSM) at the Defense
Logistics Agency (DLA) and the Army's Logistics Modernization Program
(LMP), found that disciplined processes were not implemented. We also
reported in September 200447 that HHS had not followed key disciplined
processes and is at risk of implementing a new financial management system
that will not fully meet the needs of its users. Further, in 2003 and 2004
we issued five reports and testified48 about the considerable challenges
facing NASA's implementation of a new financial management program. NASA
is on its third attempt in 12 years to modernize its financial management
process and systems and has spent about $180 million on its two prior
failed efforts.
44Steve McConnell, Rapid Development: Taming Wild Software Schedules
(Redmond, Wash.: Microsoft Press, 1996).
45GAO-04-615.
46Business systems include those that are used to support civilian and
military personnel, finance, logistics, procurement, and transportation.
47GAO-04-1008.
48GAO-03-507, GAO-04-43, GAO-04-118, GAO-04-151, GAO-04-255, and
GAO-04-754T.
Department of Defense DOD reported in April 2003 that its business systems
environment consisted of 2,274 systems. DOD requested approximately $19
billion for fiscal year 2004 to operate, maintain, and modernize its
reported 2,274 business systems. More recently, DOD stated that its
inventory of business systems was over 4,000 and more systems are expected
to be identified. Despite its substantial investment over many years,
DOD's business systems remain fundamentally flawed; unable to provide
timely, reliable information; and leave DOD vulnerable to fraud, waste,
and abuse. The duplication and stovepiped nature of DOD's systems
environment is illustrated by the numerous systems it has in the same
functional areas, such as over 450 personnel systems and 200 inventory
systems. These systems are not integrated and thus have multiple points of
data entry, which can result in data integrity problems.
Two of the business system modernization efforts DOD has undertaken to
address some of its inventory problems are DLA's BSM and the Army's LMP.
BSM and LMP incorporate part of the inventory management portion of the
COTS software package used by both DLA and the Army. In November 1999, DLA
initiated an effort to replace two of its materiel management systems with
BSM. BSM is intended to transform how DLA conducts its operations in five
core business processes: order fulfillment, demand and supply planning,
procurement, technical/quality assurance, and financial management. In
February 1998, the Army began its effort to replace its two material
management systems with LMP. LMP is intended to transform the U.S. Army
Materiel Command's logistic operations in six core processes: order
fulfillment, demand and supply planning, procurement, asset management,
materiel maintenance, and financial management.
Our May 2004 report49 of DOD's business system modernization found
numerous problems with both projects, BSM and LMP, including such issues
as failure to follow necessary disciplined processes, lack of financial
system integration, and system deployment schedule slippage. We found that
DLA's and Army's program officials did not effectively implement the
disciplined processes associated with requirements management and testing
in developing and implementing their systems. For almost all of the
requirements we analyzed, we found that the forward and backward
traceability was not maintained. Traceability allows the user to follow
the life of the requirement both forward and backward through the DLA and
49 GAO-04-615.
Army approaches and management plans and is critical to understanding the
parentage, interconnections, and dependencies among the individual
requirements. Testing, the process of executing the program with the
intent of finding errors, was not effectively implemented for BSM or LMP.
DLA and the Army, therefore, did not achieve the important goal of
reducing the risk that BSM and LMP would not operate as intended. Although
DLA and the Army have asserted that BSM and LMP, respectively, are
compliant with the requirements of FFMIA, we have concerns.
In the case of LMP, we found that the Army relied upon PMO testing for 147
requirements because PMO had validated these requirements when it tested
the vendor's commercial software used for LMP during fiscal year 1999. PMO
testing should not be considered a substitute for individual system
testing of the actual data that will be used by the entity. Further, PMO's
tests of software do not address entity-specific integrated tests of
end-to-end transactions or systems interfaces. Because the Army had to
make modifications to the basic commercial software package to accommodate
some of its business operations, the Army cannot be assured, without
retesting, that these 147 requirements will produce the intended results.
In the case of BSM, for one requirement the contractor stated that "a
sample of transactions were reviewed, [and] it appears that BSM properly
records transactions consistent with the SGL posting rules." However, we
found no indication that this requirement was tested, and therefore, we
cannot conclude whether BSM has the capability to meet this requirement.
Without adequate documentation to support testing of the FFMIA
requirements, it is questionable whether either system is substantially
compliant with FFMIA.
Additionally, we found that the system interfaces were not fully tested
for BSM and LMP and when they became operational, it became clear that the
system interfaces were not working as intended. Costly manual reentry of
inventory transactions was necessary. Further, both BSM and LMP have
experienced cost increase and schedule slippage. BSM was originally
scheduled to be fully operational in September of 2005. However, the date
has shifted to midyear 2006 and the cost has increased from $764 million
to $850 million. LMP has a current estimated cost of over $1 billion. As
of March 2004, the Army had not determined when LMP would be fully
operational at all locations. In 1999, we reported that the Army's
estimated cost was $421 million over a 10-year period. DOD cannot be
assured that the two systems in our case study will provide the
functionality needed and fully meet DLA and Army objectives.
Successful reform of DOD's fundamentally flawed financial and business
management operations must simultaneously focus on its systems, processes,
and people. While DOD has made some encouraging progress in addressing
specific challenges, it is still in the very early stages of a
departmentwide reform that will take many years to accomplish. Secretary
Rumsfeld has made business transformation a priority. For example, through
its Business Management Modernization Program, DOD is continuing its
efforts to develop and implement a business enterprise architecture and
establish effective management oversight and control over its business
systems modernization investments. However, after about 3 years of effort
and over $203 million in reported obligations, we have not seen
significant change in the content of DOD's architecture or in its approach
to investing billions of dollars annually in existing and new systems. We
have made numerous recommendations aimed at improving DOD's plans for
developing the next version of the architecture and implementing controls
for selecting and managing business systems investments. To date, DOD has
not addressed 22 of our 24 recommendations.50
Department of Health and Human Services
HHS is currently implementing a new financial management system, the
Unified Financial Management System (UFMS), to replace five outdated
accounting systems. This project is expected to be phased in at the
component agencies and fully implemented in fiscal year 2007. Our 2004
analysis and evaluation focused on the system implementation efforts
associated with all the HHS entities except for the Centers for Medicare
and Medicaid Services (CMS) and NIH.51 We found that the lack of
disciplined processes puts the implementation of HHS' new financial
management system at risk.
We reported52 that HHS had not followed key disciplined processes and was
at risk of implementing a new financial management system that would not
fully meet the needs of its users. While HHS had executive
50See GAO, Department of Defense: Long-standing Problems Continue to
Impede Financial and Business Management Transformation, GAO-04-907T
(Washington, D.C.: July 7, 2004).
51NIH and CMS have efforts under way to replace their financial systems
that are expected to be fully implemented in 2006 and 2007, respectively.
52GAO-04-1008.
sponsorship for the development of UFMS, it had focused on meeting its
implementation schedule to deploy the system at its component agency, the
Centers for Disease Control and Prevention (CDC) in October 2004 to the
detriment of disciplined processes. HHS had not implemented effective
disciplined processes in such areas as requirements management, testing,
project management and oversight, and risk management.
We found significant problems with HHS' requirements management and
testing process. Problems with requirements management practices include
the lack of (1) a concept of operations to guide the development of
requirements, (2) traceability of a requirement from the concept of
operations through testing to ensure requirements were adequately
addressed in the system, and (3) specificity in the requirements to
minimize confusion in the implementation. These problems with requirements
have resulted in a questionable foundation for the system testing process.
Additionally, testing activities were scheduled too late in the
implementation cycle, leaving little time to ensure that the defects found
were addressed before the system was implemented at CDC. While adherence
to schedule goals is generally desirable, it is key that project decisions
are based on objective data and demonstrated project accomplishments, and
are not schedule-driven. Otherwise, the risk of costly rework or failure
appreciably increases.
We further found that HHS had not developed the quantitative data
necessary to assess whether UFMS will provide the needed functionality.
HHS did not have a metrics measurement process to understand its
capability to help manage the entire UFMS effort; or how its process will
affect the UFMS cost, schedule, and performance objectives; or what
corrective action is needed to reduce the risks associated with the
problems identified. We also reported problems with HHS' initial data
conversion and system interfaces.
In addition to the disciplined processes weaknesses, we noted that HHS had
weaknesses in its information technology investment management, enterprise
architecture, and information security. Serious understaffing and
incomplete workforce planning have also plagued the UFMS project. The
cumulative effects of these weaknesses increase the risk that UFMS will
not fully serve the needs of its users nor achieve its budget and schedule
goals.
In September 2004, HHS decided to delay the implementation of a
significant amount of functionality associated with the CDC deployment
from October 2004 until April 2005 in order to address the issues that had
been identified with the project.
National Aeronautics and Space Administration
In April 2000, NASA began its third attempt to modernize its financial
management system. This effort, IFMP, is expected to produce an
integrated, NASA-wide financial management system through the acquisition
and incremental implementation of COTS and related hardware and software
components. As of June 30, 2003, NASA reported that it had fully
implemented the core financial module, which NASA considers the backbone
of IFMP, at all of its 10 operating locations.
As we have reported numerous times,53 NASA faces considerable challenges
in meeting its IFMP commitments and providing the necessary tools to
oversee its contracts and manage its programs. In April 2003, we reported
that the core financial module does not provide agency managers or the
Congress with useful cost and related information with which to make
informed decisions, manage daily operations, and ensure accountability on
an ongoing basis, and NASA was not following key best practices for
acquiring and implementing the system. As we reported, key users, such as
program managers, cost estimators, and congressional staffs, were not
included in defining the system requirements. According to IFMP officials,
NASA chose to forgo certain system capabilities to expedite implementation
of the core financial model. As a result, managers and cost estimators
continued to rely on means outside IFMP to capture data needed to manage
programs.
We have also reported that NASA's approach to implementing its new system
did not optimize the system's performance and would likely cost more and
take longer to implement than necessary. Specifically, NASA was not
following key best practices for acquiring and implementing the system,
which may affect the agency's ability to fully benefit from the new
system's capabilities. First, NASA did not analyze the relationships among
selected and proposed IFMP components to understand the logical and
physical relationships among the components it acquired. By acquiring
these IFMP components without first understanding system component
53GAO-03-507, GAO-04-43, GAO-04-118, GAO-04-151, GAO-04-255, and
GAO-04-754T.
relationships, NASA increased its risks of implementing a system that will
not optimize mission performance and will cost more and take longer to
implement than necessary. Second, although industry best practices and
NASA's own system planning documents indicate that detailed requirements
are needed as the basis for effective system testing, NASA did not require
documentation of detailed system requirements prior to system
implementation and testing. NASA's approach instead relied on certain
subject matter experts' knowledge of the detailed requirements necessary
to evaluate the functionality actually provided. As a result, NASA
increased its risk that IFMP would cost more and do less than planned.
Further, we reported that NASA's new financial management system did not
provide key external reporting capabilities, such as the generation of
complete and accurate information necessary for external reporting of NASA
property and budgetary data, and the new system did not comply
substantially with the requirements of FFMIA.
Department of Veterans Affairs
VA recently halted implementation of its new core financial system, Core
Financial and Logistics System (CoreFLS), at a potential loss of almost
$250 million. VA provides federal benefits, including disability
compensation, pensions, education, life insurance, home loan assistance,
and medical care, to the 26 million living veterans and veterans'
survivors and dependents. VA began the detailed planning and acquisition
of CoreFLS in June 1999 and was planning to have it fully implemented
throughout VA by March 2006. The VA OIG reported that the contracting and
monitoring of the CoreFLS project was not adequate and the pilot
deployment of CoreFLS at a VA medical center encountered multiple
problems. These problems are similar to the concerns we noted at DOD, HHS,
and NASA.
The VA OIG noted that the success of CoreFLS greatly depends on the
ability of the software to integrate with existing legacy systems, which
in turn requires that existing legacy systems are properly implemented and
maintained. The VA OIG found that most of the VA legacy systems at the
pilot location contained inaccurate data because they had not been used
properly and that this may be a systemic problem throughout VA. The effect
of transferring inaccurate data to CoreFLS at this pilot location
interrupted patient care and medical center operations. This was
compounded by VA inadequately training employees on how to use the system,
unreliable test procedures and results, and unsubstantiated performance
results. Problems were also identified with reconciling
accounts payable, accounts receivable, undelivered orders, and real
property.
When CoreFLS was deployed at the pilot location in October 2003, it did
not function as project managers expected because of inaccurate or
incomplete vendor and inventory system data. Because of these problems
with vendor and inventory systems, the VA pilot location made excessive
purchases of medical supplies. For example, on February 23, 2004, the
pilot location purchased 100 cup biopsy forceps with a total value of
$30,700, which were shipped overnight to the medical center, but returned
to the vendor less than a month later. In addition, late payment penalties
by the medical center for the first two quarters of fiscal year 2004
totaled $10,800, compared to $600 for the entire fiscal year 2003. The VA
OIG's review also found that the inventory was overstated by approximately
$2.3 million out of $3.6 million recorded, because an item valued at $23
showed a quantity on-hand of 100,000 when, in fact, the on-hand quantity
was only one.
As a result of these problems, patient care was interrupted by supply
outages and other problems. The inability to provide sterile equipment and
needed supplies to the operating room resulted in the cancellation of 81
elective surgeries for a week in both November 2003 and February 2004. In
addition, the operating room was forced to operate at two-thirds of its
prior capacity. Because of the serious nature of the problems raised with
CoreFLS, VA management decided to focus on transitioning back to the
previous financial management software and pull together a senior
leadership team to examine the results of the pilot and make
recommendations to the VA Secretary regarding the future of CoreFLS.
Governmentwide Initiatives to Improve Financial Management Systems Spur
Needed Change
As agencies move forward with initiatives to address FFMIA-related
problems, it is important that consideration be given to the numerous
governmentwide initiatives under way to address long-standing financial
management weaknesses. As stated in the PMA, there are few items more
urgent than ensuring that the federal government operates efficiently and
is results-oriented. While FFMIA implementation relates directly to the
improved financial performance initiative, development and maintenance of
FFMIA-compliant systems will also affect the implementation of the other
four PMA initiatives. Notably, OMB is developing a federal enterprise
architecture that is intended to facilitate the government's ability to
make significant progress across the PMA. For example, as part of the
e-gov PMA initiative, the number of federal payroll providers is being
consolidated. Numerous agencies had targeted their payroll operations for
costly modernization, and according to OMB, millions of dollars will be
saved through shared resources and processes and by modernizing on a
cross-agency, governmentwide basis.
The Clinger-Cohen Act sets forth a variety of initiatives to support
better decision making for capital investments in information technology,
which has led to the development of the Federal Enterprise Architecture
and better-informed capital investment and control processes within
agencies and across government. This has produced another broad shift in
the financial systems environment-one that acknowledges that financial
systems planning can no longer take place within an isolated environment
or "stovepipe," but must now be integrated with enterprise goals. Managed
properly, an enterprise architecture can clarify and help optimize the
interdependencies and relationships among an organization's business
operations and the underlying information technology infrastructure and
applications that support those operations.
Moreover, developing such an architecture will help address the
government's inability to properly reconcile and report on
intragovernmental transactions. We have reported54 for years that the
heart of the intragovernmental transactions issue was that the federal
government lacked clearly articulated business rules for these
transactions so that they would be handled consistently by agencies. This
is compounded by limitations and incompatibility of agency and trading
partner systems, among other issues. OMB and Treasury have taken steps to
help transform and standardize intragovernmental transactions, including
instituting an e-gov project55 to define a governmentwide data
architecture and provide a single source of detailed trading partner data.
The Intragovernmental Transaction Exchange was piloted from October 2003
to April 2004, and provided information about the business processes and
technologies used to interact with it. After evaluating the results of the
pilot, OMB expects to phase it into use at all agencies.
54GAO, Fiscal Year 2003 U.S. Government Financial Statements: Sustained
Improvement in Federal Financial Management Is Crucial to Addressing Our
Nation's Future Fiscal Challenges, GAO-04-477T (Washington, D.C.: Mar. 3,
2004).
55E-gov is a PMA initiative. OMB has selected 25 presidential e-gov
efforts that focus on a wide variety of services, aiming to simplify and
unify agency work processes and information flows, provide one-stop
services to citizens, and enable information to be collected online once
and reused rather than being collected many times.
Building upon the efforts of the Federal Enterprise Architecture program
to support the PMA for e-gov, OMB and designated agency task forces have
launched the line of business (LOB) initiative. This initiative seeks to
develop business-driven, common solutions for five lines of business that
span across the federal government. The five initiatives are financial
management, human resources management, grants management, federal health
architecture, and case management. Each of the lines of business shares
similar business requirements and business processes. OMB and the LOB task
forces plan to use either enterprise architecture-based principles and
best practices to identify common solutions for business processes,
technology-based shared services to be made available to government
agencies, or both. Driven from a business perspective rather than a
technology focus, the solutions are expected to address distinct business
improvements to enhance government's performance and services for
citizens. The results of LOB efforts are expected to save taxpayer
dollars, reduce administrative burden, and significantly improve service
delivery.
The financial management LOB goals are to (1) achieve or enhance process
improvements and cost savings in the acquisition, development,
implementation, and operation of financial management systems through
shared services, joint procurements, consolidation, and other means; (2)
promote seamless data exchange between and among federal agencies; (3)
provide for the standardization of business processes and data elements;
and (4) strengthen internal controls through real-time integration of core
financial and subsidiary systems. OMB has an ambitious time frame,
September 2004, for identifying a common solution and developing a target
architecture and a joint business case. At the time of our review, OMB had
not completed this effort. Agency business cases submitted as part of the
budget cycle are expected to reflect the proposed common solutions. GAO
has long supported and called for such initiatives to standardize and
streamline common systems, which cannot only reduce costs but, if done
correctly, can improve accountability.
The problems we have seen related to requirements, testing, interfaces,
and data conversion at the agency level indicate that attention to these
disciplined processes will continue to be important as OMB and the LOB
task forces move forward. These initiatives and the intragovernmental
transaction exchange will be required to address broader sets of
requirements, interfaces, and data conversion issues than those at an
individual agency level, thus amplifying the complexity of the task.
Disciplined process can play an important role in helping governmentwide
systems initiatives reduce the risk of these projects to acceptable
levels.
In addition, with many new financial management systems being implemented
in the federal government, it is crucial that the federal government have
a qualified workforce with the right mix of skills to implement financial
systems successfully. Our report56 on effective strategic workforce
planning highlighted five principles that such a process should address
irrespective of the context in which planning is done. Among the
principles are determining the critical skills and competencies that will
be needed to achieve current and future results, and developing strategies
tailored to address gaps in the number, deployment, and alignment of human
capital approaches. At a JFMIP-sponsored forum on successful integration
and interoperability of business management systems held in May 2004, the
participants noted that agencies are losing experienced people for a
variety of reasons and relying excessively on outside contractors because
they have no other choice. Participants expressed concern thatinternally,
staff lack the technical expertise needed. Agency officials overseeing
implementations have expertise on the functional requirements, such as
government accounting standards, but vendors and integrators have little
expertise in these areas. This is extremely high risk and costly, and
greater oversight and close monitoring of contractors is needed. Further,
our executive guide57 emphasizes the need for developing a financial
management team with the right mix of skills and competencies. A changing
financial management business vision requires shifting workforce
capacities and providing a financial management workforce that is more
analytic and capable of providing decision support.
Conclusions Long-standing problems with agencies' financial systems
continue to make it difficult for agencies to routinely produce reliable,
useful, and timely financial information. While a number of agencies are
receiving unqualified ("clean") opinions on their financial statements,
the continued widespread noncompliance with FFMIA shows that agencies
still have a
56GAO, Human Capital: Key Principles for Effective Strategic Workforce
Planning, GAO04-39 (Washington, D.C.: Dec. 11, 2003).
57GAO, Executive Guide: Creating Value Through World-class Financial
Management, GAO/AIMD-00-134 (Washington, D.C.: April 2000).
long way to go to having systems, processes, and controls that routinely
generate reliable, useful, and timely information.
The FFMIA-related problems reported in agency audit reports indicate that
federal financial management systems are not currently providing federal
managers the financial data needed for day-to-day management of their
programs or for external reporting in an efficient or timely manner. Yet
we remain concerned that the full nature and scope of the problems have
not been identified because auditors have only provided negative assurance
in their FFMIA reports. We believe the law requires auditors to provide
positive assurance on FFMIA compliance. Therefore, we reaffirm our
recommendation made in prior reports that OMB revise its current FFMIA
guidance to require agency auditors to provide a statement of positive
assurance when reporting an agency's systems to be in substantial
compliance, which entails a more thorough examination of the agency's
systems. We also reaffirm our other prior recommendation for OMB to
explore further clarification of the definition of "substantial
compliance" in its FFMIA guidance to encourage consistent reporting among
agency auditors. As we stated58 in our prior reports, auditors we
interviewed had concerns about providing positive assurance in reporting
on agency systems' FFMIA compliance because of a need for clarification
regarding the meaning of substantial compliance.
Implementing new COTS core financial systems is a formidable challenge
since financial management systems are not only needed for external
reporting but, most importantly, are needed to provide the financial
information program managers need to manage operations on a day-to-day
basis. Reliable, useful, and timely financial management information is
key to achieving the goals of the PMA and its related initiatives, such as
PART. As the federal government moves forward with agency implementations
of new financial management systems and for systems implemented to satisfy
governmentwide initiatives, adherence to proven disciplined processes to
minimize risks and improve management of these implementations is
critical. Moreover, people with the right skill sets in the right places
at the right times are critical to efficiently and effectively
implementing a financial management system and operating it once it is in
place. Improvements in federal financial management systems are in some
cases a long-term goal, but with sustained attention from important
decision
58GAO-02-29 and GAO-03-31.
makers, including the Congress and OMB, the goals of the CFO Act and FFMIA
can be achieved.
Agency Comments and Our Evaluation
In written comments (reprinted in app. VI) on a draft of this report, OMB
agreed with our assessment that while federal agencies continue to make
progress in addressing financial management systems weaknesses, many
agencies still lack the ability to produce the data needed to efficiently
and effectively manage day-to-day operations. As in previous years, OMB
disagreed with our recommendation that agency auditors be required to
provide a statement of positive assurance when reporting agency systems to
be in substantial compliance with FFMIA. OMB said that the PMA and FFMIA
should be viewed as complementary methods for achieving improvements in
financial management systems. OMB stated that the framework of performance
standards established under the PMA provides a corroborative mechanism for
evaluating FFMIA compliance, which together with existing audit processes
can provide an accurate assessment of substantial compliance. Therefore,
OMB does not believe that the addition of a statement of positive
assurance on FFMIA compliance would be beneficial. While we agree that the
initiatives of the PMA are stimulating improvements, auditors need to
consider other aspects of financial management systems when assessing
FFMIA compliance that are not fully addressed through the current
reporting structure. Our concern is that some of the information provided
by this approach, such as monthly financial performance metrics for
managing activities, does not come under audit scrutiny and may not be
reliable. In contrast, an opinion by an independent auditor of FFMIA
compliance would confirm that an agency's systems substantially met the
requirements of FFMIA and provide additional confidence in the information
provided by the PMA. Finally, as we have stated in previous reports, a
statement of positive assurance is a statutory requirement under the act.
With regard to our prior recommendation, which we reaffirmed in this
report, for revised guidance that clarifies the definition of substantial
compliance, OMB said that the performance results obtained from the PMA
initiatives will allow a further refinement of the existing substantial
compliance indicators. OMB agreed to consider clarifying the definition of
"substantial compliance" in future policy and guidance updates. As we
noted in our prior reports,59 auditors we interviewed expressed a need for
clarification regarding the meaning of substantial compliance.
OMB also provided additional oral comments, which we incorporated as
appropriate.
We are sending copies of this report to the Chairman and Ranking Minority
Member, Subcommittee on Financial Management, the Budget, and
International Security, Senate Committee on Governmental Affairs, and to
the Chairman and Ranking Minority Member, Subcommittee on Government
Efficiency and Financial Management, House Committee on Government Reform.
We are also sending copies to the Director of the Office of Management and
Budget, the Secretary of Homeland Security, the heads of the 23 CFO Act
agencies, and agency CFOs and IGs. Copies will be made available to others
upon request. In addition, this report will be available at no charge on
the GAO Web site at http://www.gao.gov.
This report was prepared under the direction of Sally E. Thompson,
Director, Financial Management and Assurance, who may be reached at (202)
512-2600 or by e-mail at [email protected] if you have any questions.
Staff contacts and other key contributors to this report are listed in
appendix VII.
David M. Walker Comptroller General of the United States
59GAO-02-29 and GAO-03-31.
Appendix I
Requirements and Standards Supporting Federal Financial Management
Financial Management Systems Requirements
The policies and standards prescribed for executive agencies to follow in
developing, operating, evaluating, and reporting on financial management
systems are defined in Office of Management and Budget (OMB) Circular No.
A-127, Financial Management Systems. The components of an integrated
financial management system include the core financial system,1 managerial
cost accounting system, and administrative and programmatic systems.
Administrative systems are those that are common to all federal agency
operations,2 and programmatic systems are those needed to fulfill an
agency's mission. The Program Management Office (PMO), managed by the
Executive Director of the Joint Financial Management Improvement Program
(JFMIP) and funded by the Chief Financial Officers (CFO) Council, has
issued federal financial management systems requirements (FFMSR)3 for the
core financial system and managerial cost accounting system, and is in the
process of issuing these requirements for the administrative and
programmatic systems. Appendix II lists the federal financial management
systems requirements published to date. Figure 5 is the PMO model that
illustrates how these systems interrelate in an agency's overall systems
architecture.
1Core financial systems, as defined by the Program Management Office,
include those systems for managing general ledger, funding, payments,
receivables, and certain basic cost functions.
2Examples of administrative systems include budget, acquisition, travel,
property, and human resources and payroll.
3OMB Circular No. A-127 references the series of publications called
FFMSRs, issued by PMO, as the primary source of governmentwide
requirements for financial management systems.
Appendix I Requirements and Standards Supporting Federal Financial Management
Figure 5: Agency Systems Architecture
Source: PMO.
OMB Circular No. A-127 requires agencies to purchase commercial
off-theshelf (COTS) software that has been tested and certified through
the PMO software certification process when acquiring core financial
systems. PMO's certification process, however, does not eliminate or
significantly reduce the need for agencies to develop and conduct
comprehensive testing efforts to ensure that the COTS software meets their
requirements. Moreover, according to PMO, core financial systems
certification does not mean that agencies that install these packages will
have financial management systems that are compliant with the Federal
Financial Management Improvement Act (FFMIA) of 1996. Many other factors
can affect the capability of the systems to comply with FFMIA, including
modifications made to the PMO-certified core financial management systems
software and the validity and completeness of data from feeder systems.
Appendix I Requirements and Standards Supporting Federal Financial Management
Federal Accounting Standards
The Federal Accounting Standards Advisory Board (FASAB)4 promulgates
federal accounting standards that agency CFOs use in developing financial
management systems and preparing financial statements. FASAB develops the
appropriate accounting standards after considering the financial and
budgetary information needs of the Congress, executive agencies, and other
users of federal financial information and comments from the public. FASAB
forwards the standards to the three Sponsors-the Comptroller General, the
Secretary of the Treasury, and the Director of OMB-for a 90day review. If
there are no objections during the review period, the standards are
considered final and FASAB publishes them on its Web site and in print.
The American Institute of Certified Public Accountants has recognized the
federal accounting standards promulgated by FASAB as generally accepted
accounting principles for the federal government. This recognition
enhances the acceptability of the standards, which form the foundation for
preparing consistent and meaningful financial statements both for
individual agencies and the government as a whole. Currently, there are 25
Statements of Federal Financial Accounting Standards (SFFAS) and 4
Statements of Federal Financial Accounting Concepts (SFFAC).5 The concepts
and standards are the basis for OMB's guidance to agencies on the form and
content of their financial statements and for the government's
consolidated financial statements. Appendix III lists the concepts,
standards, and interpretations6 along with their respective effective
dates.
4In October 1990, the Secretary of the Treasury, the Director of OMB, and
the Comptroller General established FASAB to develop a set of generally
accepted accounting standards for the federal government. Effective
October 1, 2003, FASAB consists of six nonfederal or public members, one
member from the Congressional Budget Office, and the three Sponsors.
5Accounting standards are authoritative statements of how particular types
of transactions and other events should be reflected in financial
statements. SFFACs explain the objectives and ideas upon which FASAB
develops the standards.
6An interpretation is a document of narrow scope that provides
clarifications of original meaning, additional definitions, or other
guidance pertaining to an existing federal accounting standard.
Appendix I Requirements and Standards Supporting Federal Financial Management
FASAB's Accounting and Auditing Policy Committee (AAPC)7 assists in
resolving issues related to the implementation of accounting standards.
AAPC's efforts result in guidance for preparers and auditors of federal
financial statements in connection with implementation of accounting
standards and the reporting and auditing requirements contained in OMB's
Form and Content of Agency's Financial Statements Bulletin and Audit
Requirements for Federal Financial Statements Bulletin. To date, AAPC has
issued six technical releases, which are listed in appendix IV along with
their release dates.
U.S. Government Standard General Ledger
The U.S. Government Standard General Ledger (SGL) was established by an
interagency task force under the direction of OMB and mandated for use by
agencies in OMB and Department of the Treasury regulations in 1986. The
SGL promotes consistency in financial transaction processing and reporting
by providing a uniform chart of accounts and pro forma transactions used
to standardize federal agencies' financial information accumulation and
processing throughout the year; enhance financial control; and support
budget and external reporting, including financial statement preparation.
For example, agency use of the SGL accounts and OMB's new
intergovernmental business rules for standardizing intragovernmental
activity and balances are key to removing one of the material weaknesses
that GAO has reported on the governmentwide consolidated statements since
fiscal year 1997. The SGL is intended to improve data stewardship
throughout the federal government, enabling consistent reporting at all
levels within the agencies and providing comparable data and financial
analysis governmentwide.8
Internal Control Standards The Congress enacted legislation, 31 U.S.C.
3512(c),(d) (commonly referred to as the Federal Managers' Financial
Integrity Act of 1982 (FIA)), to strengthen internal controls and
accounting systems throughout the federal government, among other
purposes. Issued pursuant to FIA, the Comptroller General's Standards for
Internal Control in the Federal
7In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the CFO Council,
and the President's Council on Integrity and Efficiency, established AAPC
to assist the federal government in improving financial reporting.
8SGL guidance is published in the Treasury Financial Manual. Treasury's
Financial Management Service is responsible for maintaining the SGL and
answering agency inquiries.
Appendix I Requirements and Standards Supporting Federal Financial
Management
Government9 provides standards directed at helping agency managers
implement effective internal control, an integral part of improving
financial management systems. Internal control is a major part of managing
an organization and comprises the plans, methods, and procedures used to
meet missions, goals, and objectives. In summary, internal control, which
under OMB's guidance for FIA is synonymous with management control, helps
government program managers achieve desired results through effective
stewardship of public resources.
Effective internal control also helps in managing change to cope with
shifting environments and evolving demands and priorities. As programs
change and agencies strive to improve operational processes and implement
new technological developments, management must continually assess and
evaluate its internal control to ensure that the control objectives are
being achieved.
9GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3 (Washington, D.C.: November 1999).
Appendix II
Publications in the Federal Financial Management Systems Requirements
Series
FFMSR document Issue date
FFMSR-8 Systems Requirements for Managerial Cost Accounting February 1998
JFMIP-SR-99-5 Human Resources & Payroll Systems Requirements April 1999
JFMIP-SR-99-8 Direct Loan System Requirements June 1999
JFMIP-SR-99-9 Travel System Requirements July 1999
JFMIP-SR-99-14 Seized Property and Forfeited Asset Systems December 1999
Requirements
JFMIP-SR-00-01 Guaranteed Loan System Requirements March 2000
JFMIP-SR-00-3 Grant Financial System Requirements June 2000
JFMIP-SR-00-4 Property Management Systems Requirements October 2000
JFMIP-SR-01-01 Benefit System Requirements September 2001
JFMIP-SR-02-01 Core Financial System Requirements November 2001
JFMIP-SR-02-02 Acquisition/Financial Systems Interface June 2002
Requirements
JFMIP-SR-03-01 Revenue System Requirements January 2003
JFMIP-SR-03-02 Inventory, Supplies and Materials System August 2003
Requirements
JFMIP-SR-02-01 Addendum to Core Financial System March 2004 Requirements
JFMIP-SR-01-04 Framework for Federal Financial Management April 2004
Systems
Source: JFMIP.
Appendix III
Statements of Federal Financial Accounting Concepts, Statements of Federal
Financial Accounting Standards, and Interpretations
Effective for fiscal yeara
Concepts
SFFAC No. 1 Objectives of Federal Financial Reporting SFFAC No. 2 Entity and
Display
SFFAC No. 3 Management's Discussion and Analysis
SFFAC No. 4 Intended Audience and Qualitative Characteristics for the
Consolidated Financial Report of the United States Government
Standards
SFFAS No. 1 Accounting for Selected Assets and Liabilities 1994
SFFAS No. 2 Accounting for Direct Loans and Loan Guarantees 1994
SFFAS No. 3 Accounting for Inventory and Related Property 1994
SFFAS No. 4 Managerial Cost Accounting Concepts and Standards 1998
SFFAS No. 5 Accounting for Liabilities of the Federal Government 1997
SFFAS No. 6 Accounting for Property, Plant, and Equipment 1998
SFFAS No. 7 Accounting for Revenue and Other Financing Sources 1998
SFFAS No. 8 Supplementary Stewardship Reporting 1998
SFFAS No. 9 Deferral of the Effective Date of Managerial Cost 1998
Accounting Standards for the Federal Government in SFFAS No. 4
SFFAS No. 10 Accounting for Internal Use Software 2001
SFFAS No. 11 Amendments to Accounting for Property, Plant, and
1999�Equipment-Definitional Changes
SFFAS No. 12 Recognition of Contingent Liabilities Arising from
1998�Litigation: An Amendment of SFFAS No. 5, Accounting for
Liabilities of
the Federal Government
SFFAS No. 13 Deferral of Paragraph 65-2-Material Revenue-Related
1999�Transactions Disclosures
SFFAS No. 14 Amendments to Deferred Maintenance Reporting 1999�
SFFAS No. 15 Management's Discussion and Analysis 2000�
SFFAS No. 16 Amendments to Accounting for Property, Plant, and
2000�Equipment
SFFAS No. 17 Accounting for Social Insurance 2000�
SFFAS No. 18 Amendments to Accounting Standards for Direct Loans
2001�and Loan Guarantees in SFFAS No. 2
SFFAS No. 19 Technical Amendments to Accounting Standards for Direct
2003�Loans and Loan Guarantees in SFFAS No. 2
SFFAS No. 20 Elimination of Certain Disclosures Related to Tax
2001�Revenue Transactions by the Internal Revenue Service, Customs,
and
Others
Appendix III Statements of Federal Financial Accounting Concepts,
Statements of Federal Financial Accounting Standards, and Interpretations
(Continued From Previous Page)
Effective for fiscal yeara
SFFAS No. 21 Reporting Corrections of Errors and Changes in 2002
Accounting Principles
SFFAS No. 22 Change in Certain Requirements for Reconciling 2001
Obligations and Net Cost of Operations
SFFAS No. 23 Eliminating the Category National Defense Property, 2003
Plant, and Equipment
SFFAS No. 24 Selected Standards for the Consolidated Financial Report 2002
of the United States Government
SFFAS No. 25 Reclassification of Stewardship Responsibilities and 2005
Eliminating the Current Services Assessment
Interpretations
No. 1 Reporting on Indian Trust Funds
No. 2 Accounting for Treasury Judgment Fund Transactions
No. 3 Measurement Date for Pension and Retirement Health Care Liabilities
No. 4 Accounting for Pension Payments in Excess of Pension Expense
No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue
No. 6 Accounting for Imputed Intra-departmental Costs
Source: FASAB.
aEffective dates do not apply to Statements of Federal Financial
Accounting Concepts and Interpretations.
Appendix IV
AAPC Technical Releases
AAPC release Technical release date
TR-1 Audit Legal Letter Guidance March 1, 1998
TR-2 Environmental Liabilities Guidance March 15, 1998
TR-3 Preparing and Auditing Direct Loan and Loan Guarantee July 31, 1999
Subsidies Under the Federal Credit Reform Act
TR-4 Reporting on Non-Valued Seized and Forfeited Property July 31, 1999
TR-5 Implementation Guidance on SFFAS No. 10: Accounting for May 14, 2001
Internal Use Software
TR-6 Preparing Estimates for Direct Loan and Loan Guarantee January 2004
Subsidies Under the Federal Credit Reform Act (Amendments to TR-3)
Source: FASAB.
Appendix V
Checklists for Reviewing Systems under the Federal Financial Management
Improvement Act
Checklist Issue date
GAO/AIMD-00-21.2.3 Human Resources and Payroll Systems March 2000
Requirements
GAO-01-99G Seized Property and Forfeited Assets Systems October 2000
Requirements
GAO/AIMD-21.2.6 Direct Loan System Requirements April 2000
GAO/AIMD-21.2.8 Travel System Requirements May 2000
GAO/AIMD-99-21.2.9 System Requirements for Managerial Cost January 1999
Accounting
GAO-01-371G Guaranteed Loan System Requirements March 2001
GAO-01-911G Grant Financial System Requirements September 2001
GAO-02-171G Property Management Systems Requirements December 2001
GAO-04-22G Benefit System Requirements October 2003
GAO-04-650G Acquisition/Financial Systems Interface June 2004 Requirements
GAO-04-763G Core Financial System Requirements (Exposure July 2004 Draft)
Source: GAO.
Appendix VI
Comments from the Office of Management and Budget
Appendix VI
Comments from the Office of Management
and Budget
Appendix VII
GAO Contacts and Staff Acknowledgments
GAO Contacts Sally E. Thompson, (202) 512-2600 Kay L. Daly, (202) 512-9312
Acknowledgments In addition to those named above, Alberto Garza, Lisa M.
Knight, Michael S. LaForge, W. Stephen Lowrey, Gina K. Ross, Sandra S.
Silzer, and Bryan D. Weisbard made key contributions to this report.
GAO's Mission The Government Accountability Office, the audit, evaluation
and investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents at no cost
is through GAO's Web site (www.gao.gov). Each weekday, GAO postsGAO
Reports and newly released reports, testimony, and correspondence on its
Web site. To Testimony have GAO e-mail you a list of newly posted products
every afternoon, go to
www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061
To Report Fraud, Contact:
Waste, and Abuse in Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: [email protected] Programs Automated answering system: (800)
424-5454 or (202) 512-7470
Congressional Gloria Jarmon, Managing Director, [email protected] (202)
512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125
Relations Washington, D.C. 20548
Public Affairs Jeff Nelligan, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
Presorted Standard
Postage & Fees Paid
GAO
Permit No. GI00
United States
Government Accountability Office
Washington, D.C. 20548-0001
Official Business
Penalty for Private Use $300
Address Service Requested
*** End of document. ***