Financial Management: Achieving FFMIA Compliance Continues to
Challenge Agencies (20-SEP-05, GAO-05-881).
The ability to produce the data needed to efficiently and
effectively manage the day-to-day operations of the federal
government and provide accountability to taxpayers continues to
be a challenge for most federal agencies. To help address this
challenge, the Federal Financial Management Improvement Act of
1996 (FFMIA) requires the Chief Financial Officers (CFO) Act
agencies to implement and maintain financial management systems
that comply substantially with (1) federal financial management
systems requirements, (2) federal accounting standards, and (3)
the U.S. Government Standard General Ledger (SGL). FFMIA also
requires GAO to report annually on the implementation of the act.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-05-881
ACCNO: A37457
TITLE: Financial Management: Achieving FFMIA Compliance
Continues to Challenge Agencies
DATE: 09/20/2005
SUBJECT: Accountability
Accounting procedures
Accounting standards
Financial management
Financial management systems
Internal controls
Noncompliance
Performance measures
Reporting requirements
Systems evaluation
U.S. Government Standard General Ledger
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-05-881
United States Government Accountability Office
GAO
Report to Congressional Committees
September 2005
FINANCIAL MANAGEMENT
Achieving FFMIA Compliance Continues to Challenge Agencies
a
GAO-05-881
Highlights of GAO-05-881, a report to the Committee on Homeland Security
and Governmental Affairs, U.S. Senate, and the Committee on Government
Reform, House of Representatives
The ability to produce the data needed to efficiently and effectively
manage the day-to-day operations of the federal government and provide
accountability to taxpayers continues to be a challenge for most federal
agencies. To help address this challenge, the Federal Financial Management
Improvement Act of 1996 (FFMIA) requires the Chief Financial Officers
(CFO) Act agencies to implement and maintain financial management systems
that comply substantially with (1) federal financial management systems
requirements, (2) federal accounting standards, and (3) the
U.S. Government Standard General Ledger (SGL). FFMIA also requires GAO to
report annually on the implementation of the act.
GAO reaffirms its prior recommendations that OMB revise its guidance to
require positive assurance regarding substantial compliance with the
requirements of FFMIA, and clarify "substantial compliance" to promote
consistent reporting. As in the past, OMB did not agree with GAO's view on
the need for auditors to provide positive assurance on FFMIA, but agreed
to consider clarifying the definition of "substantial compliance" in
future policy and guidance updates. We believe that positive assurance is
a statutory requirement and will continue to work with OMB on this issue.
www.gao.gov/cgi-bin/getrpt?GAO-05-881.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Sally Thompson at (202)
512-2600 or [email protected].
September 2005
FINANCIAL MANAGEMENT
Achieving FFMIA Compliance Continues to Challenge Agencies
While most CFO Act agencies have obtained clean or unqualified audit
opinions on their financial statements, the underlying financial systems
remain a serious problem. Agencies still lack the capacity to create the
full range of information needed for effective day-to-day management. In
fiscal year 2004, auditors for 16 of the 23 CFO Act agencies reported that
agencies' financial management systems failed to comply with FFMIA. As
shown in the figure below, primarily six types of problems related to
agencies systems were identified in the audit reports. These same types of
problems have been consistently reported for agencies with noncompliant
systems for a number of years. GAO views these problems with agency
financial systems to be a significant challenge to improving the
management of the federal government.
Auditors for six agencies provided negative assurance on systems' FFMIA
compliance for fiscal year 2004. This means that nothing came to their
attention to indicate that financial management systems did not meet FFMIA
requirements. OMB's current reporting guidance calls for negative
assurance; however, GAO continues to believe that this type of reporting
is not sufficient for reporting under the act. In addition, negative
assurance may provide the false impression that the auditors are reporting
that the agencies' systems are compliant. In contrast, auditors for the
Department of Labor (DOL) provided positive assurance by reporting that
DOL's financial management systems substantially complied with FFMIA
requirements. In fiscal year 2005, DOL auditors plan to enhance their
audit procedures to focus on the reliability and use of managerial cost
information. GAO looks forward to other auditors adopting a similar
reporting practice that adds more value. In addition, auditors have
expressed concern about providing positive assurance because of the need
to clarify the meaning of substantial compliance.
OMB continues to move ahead on other initiatives to enhance financial
management in the federal government. Moreover, the continuing leadership
and support of Congress will be crucial in reforming financial management
in the federal government.
Contents
Letter
Results in Brief
Background
Guidance for FFMIA Issued by OMB
Financial Audit Manual Section on FFMIA Developed by GAO and
PCIE Scope and Methodology Systems Weaknesses Continue to Impede Financial
Management
Accountability FFMIA Compliance Findings Mostly Based on Negative
Assurance Reasons for Noncompliance Key Initiatives That Impact Federal
Financial Management
Systems DOD Continues to Struggle to Enhance Financial Management
Continuing Congressional Interest Helps Provide Accountability Conclusions
Agency Comments and Our Evaluation
1 2 6 8
8 9
10
14 18
27 30 32 33 34
Appendixes
Appendix I:
Appendix II:
Appendix III:
Appendix IV: Appendix V:
Appendix VI: Appendix VII: Appendix VIII:
Requirements and Standards Supporting Federal Financial Management
Publications in the Federal Financial Management Systems Requirements
Series
Statements of Federal Financial Accounting Concepts, Standards,
Interpretations, and Technical Bulletins
AAPC Technical Releases
Checklists for Reviewing Systems under the Federal Financial Management
Improvement Act
Comments from the Office of Management and Budget
Auditors' FFMIA Determinations for Fiscal Year 2004
GAO Contact and Staff Acknowledgments
37
42
43 45
46 47 49 50
Figures Figure 1: Problems Reported by Auditors for Fiscal Years 2000
through 2004 4 Figure 2: Auditors' FFMIA Assessments for Fiscal Years 2000
through 2004 11
Contents
Figure 3: Problems Reported by Auditors for Fiscal Years 2000
through 2004 19 Figure 4: Agency Systems Architecture 38
Abbreviations
AAPC Accounting and Auditing Policy Committee
AICPA American Institute of Certified Public Accountants
AID Agency for International Development
BPD Bureau of the Public Debt
CFO chief financial officer
COE centers of excellence
COTS commercial off-the-shelf
DFAS Defense Finance and Accounting Service
DHS Department of Homeland Security
DOD Department of Defense
DOJ Department of Justice
DOL Department of Labor
DOT Department of Transportation
EPA Environmental Protection Agency
FAM GAO/PCIE Financial Audit Manual
FASAB Federal Accounting Standards Advisory Board
FBWT Fund Balance with Treasury
FEA Federal Enterprise Architecture
FEMA Federal Emergency Management Agency
FFMIA Federal Financial Management Improvement Act
FFMSR Federal Financial Management System Requirements
FISMA Federal Information Security Management Act
FMFIA Federal Managers' Financial Integrity Act
FSIC Financial Systems Integration Committee
GSA General Services Administration
HHS Department of Health and Human Services
IRS Internal Revenue Service
JFMIP Joint Financial Management Improvement Program
LOB line of business
MACS Mission Accounting and Control System
NASA National Aeronautics and Space Administration
NBC National Business Center
NRC Nuclear Regulatory Commission
NSF National Science Foundation
OFFM Office of Federal Financial Management
Contents
OIG office of inspector general
OMB Office of Management and Budget
OPM Office of Personnel Management
PCIE President's Council on Integrity and Efficiency
PMO Program Management Office
SFFAC Statement of Federal Financial Accounting Concepts
SFFAS Statement of Federal Financial Accounting Standards
SGL U.S. Government Standard General Ledger
SSA Social Security Administration
USDA U.S. Department of Agriculture
VA Department of Veterans Affairs
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
Comptroller General of the United States
United States Government Accountability Office Washington, D.C. 20548
September 20, 2005
The Honorable Susan M. Collins
Chairman
The Honorable Joseph I. Lieberman
Ranking Minority Member
Committee on Homeland Security and Governmental Affairs
United States Senate
The Honorable Tom Davis
Chairman
The Honorable Henry A. Waxman
Ranking Minority Member
Committee on Government Reform
House of Representatives
Most federal agencies continue to lack the financial data needed to
efficiently and effectively manage day-to-day operations and to provide an
acceptable level of accountability to taxpayers. In 1990, to address this
long-standing weakness, Congress mandated financial management reform
within the federal government by enacting the Chief Financial Officers
(CFO) Act,1 which requires the modernization of financial management
systems by agencies in order to attain the systematic measurement of
performance; the development of cost information; and the integration of
program, budget, and financial information for management reporting. The
goal of the CFO Act is to improve accounting and financial management
practices by providing management with the full range of information
needed for day-to-day management.
The Federal Financial Management Improvement Act of 19962 (FFMIA)
builds on the foundation laid by the CFO Act by emphasizing the need for
agencies to have financial management systems that can generate reliable,
useful, and timely information with which to make fully informed decisions
and to ensure accountability on an ongoing basis. FFMIA requires the
1Pub. L. No. 101-576, 104 Stat. 2838 (1990).
2Federal Financial Management Improvement Act of 1996, Pub. L. No.
104-208, div. A., S: 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept.
30, 1996).
major departments and agencies covered by the CFO Act3 to implement and
maintain financial management systems that comply substantially with (1)
federal financial management systems requirements, (2) applicable federal
accounting standards, and (3) the U.S. Government Standard General Ledger
(SGL) at the transaction level. The act also requires auditors to state in
their audit reports whether the agencies' financial management systems
substantially comply with the act's requirements. In addition, we are
required to report annually on the implementation status of the act. This
report, our ninth, discusses (1) the auditors' assessments of agency
systems' compliance with FFMIA for fiscal year 2004 and the financial
management systems problems that continue to affect systems' FFMIA
compliance and (2) the initiatives underway to help move federal financial
management toward FFMIA compliance.
We conducted our work in the Washington, D.C. area from February 2005
through May 2005, in accordance with U.S. generally accepted government
auditing standards.
Results in Brief While more CFO Act agencies have obtained clean or
unqualified audit opinions on their financial statements, the underlying
agency financial systems remain a serious problem. Agencies still
generally lack the capacity to create the full range of information needed
to effectively manage day-to-day operations. For fiscal year 2004,
auditors for 16 of the 23 CFO Act agencies reported that their agencies'
financial management systems did not comply substantially with one or more
of the three FFMIA requirements. As a result of these deficiencies, the
financial management systems of most agencies are still unable to
routinely produce reliable, useful, and timely financial information. This
weakness limits the federal government's capacity to manage with timely
and objective data, and
3There were initially 24 CFO Act agencies. See Pub. L. No. 101-576, S:205,
104 Stat. 2838, 2842-2843 (1990). The Federal Emergency Management Agency
(FEMA), one of the 24 CFO Act agencies, was subsequently transferred to
the Department of Homeland Security (DHS) effective March 1, 2003. With
this transfer, FEMA is no longer required to prepare and have audited
financial statements under the CFO Act, leaving 23 CFO Act agencies for
fiscal year 2004. For fiscal years 2003 and 2004, DHS was required to
prepare audited financial statements under the Accountability of Tax
Dollars Act of 2002 (Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002)).
Because DHS was not a CFO Act agency, it was not subject to FFMIA for
fiscal year 2004. The DHS Financial Accountability Act, Pub. L. No.
108-330, 118 Stat. 1275 (Oct. 16, 2004), added DHS to the list of CFO Act
agencies and deleted FEMA, increasing the number of CFO Act agencies again
to 24 for fiscal year 2005.
thereby hampers its ability to effectively manage and oversee its major
programs.
Auditors for the other seven CFO Act agencies did not report such problems
but for the most part did not offer assurances that this was in fact the
case. Auditors for six4 of the seven agencies reported that the results of
their tests disclosed no instances in which the agencies' systems did not
substantially comply with FFMIA. These auditors provided what is termed
negative assurance of FFMIA compliance when they reported that nothing
came to their attention during the course of their planned procedures to
indicate that these agencies' financial management systems did not meet
FFMIA requirements. While negative assurance is the level of assurance
allowed by the Office of Management and Budget's (OMB) audit guidance, the
auditors for one agency, the Department of Labor (DOL), instead provided
positive assurance when they reported that in their opinion, DOL's
financial management systems substantially complied with the requirements
of FFMIA. Providing positive assurance, as required by the act, involves
more testing than that performed by auditors to render an opinion on the
financial statements. DOL's auditors told us that the extent of their
audit procedures enabled them to conclude that DOL's systems were
substantially compliant with the provisions of FFMIA. For fiscal year
2005, the DOL auditors plan to enhance their procedures to increase their
focus on the reliability and use of managerial cost information, among
other things. This is a very positive action by the DOL auditors, and we
look forward to other agencies adopting a similar reporting practice.
The Department of Homeland Security Financial Accountability Act5 added
the Department of Homeland Security (DHS) to the list of CFO Act agencies
effective for fiscal year 2005. With that designation, DHS will be subject
to FFMIA for fiscal year 2005. Because DHS was not subject to FFMIA in
fiscal year 2004, we have not included DHS in our summaries of compliance
with FFMIA and problems reported by the auditors for fiscal year 2004.
However, we have noted that the DHS auditors identified and reported
deficiencies that relate to all three FFMIA requirements. We plan to
include DHS in our analysis of the fiscal year 2005 FFMIA results.
4The Department of Commerce, the Department of Energy, the Environmental
Protection Agency, the General Services Administration, the National
Science Foundation, and the Social Security Administration.
5Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004).
As shown in figure 1, agencies have not yet achieved the goals of FFMIA-
as well as the CFO Act-to establish financial management systems that
support controlling the cost of the federal government and improving the
performance, productivity, and efficiency of federal financial management.
Based on our review of the fiscal year 2004 audit reports for the 16
agencies reported to have noncompliant systems, the same six primary
problems continue to affect FFMIA compliance. While more severe at some
agencies than others, the nature and seriousness of the problems reported
indicate that generally most agencies' financial management systems are
not yet able to routinely produce reliable, useful, and timely financial
information. We view the problems with agencies' financial management
systems to be a significant challenge to improving the management of
government.
Figure 1: Problems Reported by Auditors for Fiscal Years 2000 through 2004
Agencies 24
20 20
16
12
8
4
0
Nonintegrated Inadequate Lack of Noncompliance Lack of Weak
accurate adherence security
financial reconciliation and with the SGL to federal over
timely accounting information
management procedures recording standards systems
systems
Fiscal year 2000
Fiscal year 2001
Fiscal year 2002
Fiscal year 2003
Fiscal year 2004
Source: GAO analysis, based on independent auditors' reports prepared by
agency inspectors general and contract auditors for fiscal years
2000-2004.
OMB continues to move forward on new initiatives to enhance financial
management and provide results-oriented information in the federal
government. Two notable developments in this area in fiscal year 2004 were
the realignment of responsibilities formerly performed by the Joint
Financial Management Improvement Program (JFMIP) and the development of
financial management lines of business.
While we are not making any new recommendations in this report, we
reaffirm our prior recommendations6 aimed at enhancing OMB's audit
guidance related to FFMIA assessments. Specifically, we recommended that
OMB (1) require agency auditors to provide a statement of positive
assurance when reporting an agency's systems to be in substantial
compliance with the requirements of FFMIA and (2) further clarify the
definition of "substantial compliance" to encourage consistent reporting.
As we noted in our prior reports, auditors we interviewed had concerns
about providing positive assurance in reporting on agency systems' FFMIA
compliance because of a need for clarification regarding the meaning of
substantial compliance.
In commenting on a draft of this report, OMB agreed with our assessment
that many federal agencies still need to make improvements to generate
more accurate and timely financial information to optimize day-to-day
operations. Moreover, OMB agreed with us that financial management success
encompasses more than agencies receiving unqualified opinions on their
financial statements. As in previous years, we and OMB have differing
views on the level of audit assurance necessary for assessing compliance
with FFMIA. While OMB commended DOL's auditors for performing the
additional level of audit work needed to provide positive assurance of
compliance with FFMIA and encouraged similar efforts at other agencies, it
stated that requiring a statement of positive assurance for all agencies
was not necessary. We continue to believe that a statement of positive
assurance is a statutory requirement under the act and will continue to
work with OMB on this issue. OMB did agree to consider clarifying the
definition of "substantial compliance" in its future policy and
6GAO, Financial Management: FFMIA Implementation Critical for Federal
Accountability, GAO-02-29 (Washington, D.C.: Oct. 1, 2001); Financial
Management: FFMIA Implementation Necessary to Achieve Accountability,
GAO-03-31 (Washington, D.C.: Oct. 1, 2002); Financial Management:
Sustained Efforts Needed to Achieve FFMIA Accountability, GAO-03-1062
(Washington, D.C.: Sept. 30, 2003); and Financial Management: Improved
Financial Systems Are Key to FFMIA Compliance, GAO-05-20 (Washington,
D.C.: Oct. 1, 2004).
guidance updates. Our detailed evaluation of OMB's comments can be found
at the end of this letter.
Background FFMIA is part of a series of management reform legislation
passed by Congress over the past two decades. This series of legislation
started with the Federal Managers' Financial Integrity Act of 1982
(FMFIA),7 which Congress passed to strengthen internal controls and
accounting systems throughout the federal government, among other
purposes. Issued pursuant to FMFIA, the Comptroller General's Standards
for Internal Control in the Federal Government8 provides the standards
that are directed at helping agency managers implement effective internal
control, an integral part of improving financial management systems.
Internal control is a major part of managing an organization and comprises
the plans, methods, and procedures used to meet missions, goals, and
objectives. In summary, internal control, which under OMB's guidance for
FMFIA is synonymous with management control, helps government program
managers achieve desired results through effective stewardship of public
resources.
Effective internal control also helps in managing change to cope with
shifting environments and evolving demands and priorities. As programs
change and agencies strive to improve operational processes and implement
new technological developments, management must continually assess and
evaluate its internal control to ensure that the control activities being
used are effective and updated when necessary. While agencies had achieved
some success in identifying and correcting material internal control and
accounting system weaknesses, their efforts to implement FMFIA had not
produced the results intended by Congress.
Therefore, in the 1990s, Congress passed additional management reform
legislation to improve the general and financial management of the federal
government. The combination of reforms ushered in by the (1) CFO Act of
1990, (2) Government Performance and Results Act of 1993,9
7Pub. L. No. 97-255, 96 Stat. 814 (Sept. 8, 1982), now codified at 31
U.S.C. 3512 (c),(d).
8GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999).
9Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993).
(3) Government Management Reform Act of 1994,10 (4) FFMIA, (5)
Clinger-Cohen Act of 1996,11 (6) Accountability of Tax Dollars Act of
2002,12 and (7) Department of Homeland Security Financial Accountability
Act of 2004,13 if successfully implemented, provides a solid foundation
for improving the accountability of government programs and operations as
well as for routinely producing valuable cost and operating performance
information. These financial management reform acts emphasize the
importance of improving financial management across the federal
government.
In particular, building on the foundation laid by the CFO Act, FFMIA
emphasizes the need for agencies to have systems that are able to generate
reliable, useful, and timely information for decision-making purposes and
to ensure accountability on an ongoing basis. FFMIA requires the
departments and agencies covered by the CFO Act to implement and maintain
financial management systems that comply substantially with (1) federal
financial management systems requirements, (2) applicable federal
accounting standards,14 and (3) the SGL15 at the transaction level. FFMIA
also requires auditors to state in their CFO Act financial statement audit
reports whether the agencies' financial management systems substantially
comply with FFMIA's systems requirements. Appendixes I through IV include
details on the various requirements and standards that support federal
financial management.
10Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994).
11Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996).
12The Accountability of Tax Dollars Act of 2002 extends the requirement to
prepare and submit audited financial statements to most executive agencies
not subject to the CFO Act unless they are exempted by OMB. However, these
agencies are not required to have systems that are compliant with FFMIA.
13Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004).
14The American Institute of Certified Public Accountants recognizes the
federal accounting standards promulgated by the Federal Accounting
Standards Advisory Board as generally accepted accounting principles. For
a further description of federal accounting standards, see app. I.
15The SGL provides a standard chart of accounts and standardized
transactions that agencies are to use in all their financial systems.
Guidance for FFMIA Issued by OMB
OMB establishes governmentwide financial management policies and
requirements and has issued two sources of guidance related to FFMIA
reporting. First, OMB Bulletin No. 01-02, Audit Requirements for Federal
Financial Statements, dated October 16, 2000, prescribes specific language
auditors should use when reporting on an agency system's substantial
compliance with FFMIA. Specifically, this guidance calls for auditors to
provide negative assurance when reporting on an agency system's FFMIA
compliance. Second, in OMB Memorandum, Revised Implementation Guidance for
the Federal Financial Management Improvement Act (Jan. 4, 2001), OMB
provides guidance for agencies and auditors to use in assessing
substantial compliance. The guidance describes the factors that should be
considered in determining whether an agency's systems substantially comply
with FFMIA's requirements. Further, the guidance provides examples of the
types of indicators that should be used as a basis for assessing whether
an agency's systems are in substantial compliance with each of the three
FFMIA requirements. Finally, the guidance discusses the corrective action
plans, to be developed by agency heads, for bringing their systems into
compliance with FFMIA.
Financial Audit Manual Section on FFMIA Developed by GAO and PCIE
We have worked in partnership with representatives from the President's
Council on Integrity and Efficiency (PCIE) to develop and maintain the
joint GAO/PCIE Financial Audit Manual (FAM). The FAM provides specific
procedures auditors should perform when assessing FFMIA compliance.16 As
detailed in appendix V, we have also issued a series of checklists to help
assess whether agencies systems meet systems requirements. The FAM
guidance on FFMIA assessments recognizes that while financial statement
audits offer some assurance regarding FFMIA compliance, auditors should
design and implement additional testing to satisfy FFMIA criteria. For
example, in performing financial statement audits, auditors generally
focus on the ability of the financial management systems to process and
summarize financial information that flows into annual agency financial
statements. In contrast, FFMIA requires auditors to assess whether an
agency's financial management systems comply with system requirements,
accounting standards, and the SGL. To do this, auditors need to consider
whether agency systems provide reliable, useful, and timely information
for managing day-to-day operations so that agency managers would have the
necessary information to measure performance
16GAO-01-765G, sections 701, 701A, 701B, and 260.58-.60.
on an ongoing basis rather than just at year-end. Further, OMB's current
audit guidance17 calls for financial statement auditors to review
performance information for consistency with the financial statements, but
does not require auditors to determine whether such information is
available to managers for day-to-day decision making as called for by the
FAM guidance for testing compliance with FFMIA.
Scope and Methodology
We reviewed the fiscal year 2004 financial statement audit reports for the
23 CFO Act agencies to identify the auditors' assessments of agency
financial systems' compliance and the problems that affect FFMIA
compliance. We also reviewed the fiscal year 2004 financial statement
audit report for DHS to identify any FFMIA-related issues. Prior
experience with the auditors and our review of their reports provided the
basis for determining the sufficiency and relevancy of evidence provided
in these documents. Based on the audit reports, we identified problems
reported by the auditors that affect agency systems' compliance with
FFMIA. The problems identified in these reports are consistent with
long-standing financial management weaknesses we have reported based on
our work at a number of agencies. However, we caution that the occurrence
of problems in a particular category may be even greater than auditors'
reports of FFMIA noncompliance would suggest, because auditors may not
have included all problems in their reports. Finally, we held discussions
with OMB officials to obtain information about their current efforts to
improve federal financial management and address our prior recommendations
related to FFMIA.
We conducted our work in the Washington, D.C. area from February 2005
through May 2005 in accordance with U.S. generally accepted government
auditing standards. We requested comments on a draft of this report from
the Director of OMB or his designee. We received written comments from the
OMB Controller. OMB's comments are discussed in the Agency Comments and
Our Evaluation section and reprinted in appendix VI.
17OMB Bulletin No. 01-02, Audit Requirements for Federal Financial
Statements (Oct. 16, 2000).
Systems Weaknesses Continue to Impede Financial Management Accountability
While agencies have made demonstrable progress in producing auditable
financial statements and some progress in addressing their financial
management systems weaknesses, the majority of agencies' systems are still
not substantially compliant with FFMIA's requirements. Figure 2 summarizes
auditors' assessments of FFMIA compliance for fiscal years 2000 through
2004 and suggests that the instances of noncompliance with FFMIA's three
requirements have remained fairly constant. For fiscal year 2004, offices
of inspectors general (OIG) and their contract auditors reported that the
systems of 16 of the 23 CFO Act agencies did not substantially comply with
at least one of FFMIA's three requirements- federal financial management
systems requirements, applicable federal accounting standards, or the SGL
at the transaction level.18
18Of these 16 agencies, auditors for 9 agencies reported that their
agencies' systems were not in substantial compliance with all three FFMIA
requirements.
Figure 2: Auditors' FFMIA Assessments for Fiscal Years 2000 through 2004
CFO Act agencies not in compliance 20
19
15
10
5
0 2000 2001 2002 2003 2004
System requirements
Accounting standards
SGL
Source: GAO analysis, based on independent auditors' reports prepared by
agency inspectors general and contract auditors for fiscal years
2000-2004.
Note: See appendix VII for details on agencies' compliance with FFMIA
requirements.
In fiscal year 2004, auditors for six agencies-the Department of Commerce
(Commerce), the Department of Energy (Energy), the Environmental
Protection Agency (EPA), the General Services Administration (GSA), the
National Science Foundation (NSF), and the Social Security Administration
(SSA)-provided negative assurance that the agencies' financial systems
were in compliance with FFMIA. In addition, for the first time, auditors
for one agency, DOL, provided positive assurance that its systems were in
compliance with FFMIA. In contrast, in fiscal year 2003, the auditors for
Commerce, Energy, EPA, the Nuclear Regulatory Commission (NRC), NSF, and
SSA reported that the results of their tests disclosed no instance in
which their financial management systems did not meet FFMIA requirements.
At the NRC, the auditors determined that the financial management systems
did not comply with the requirements of FFMIA in fiscal year 2004,
although they had previously determined that the systems were in
compliance in fiscal year 2003. The change was due to audit tests
performed on NRC's fee billing system in fiscal year 2004. As a result of
their tests, the auditors concluded that the billing system lacked sound
internal controls and does not comply with existing requirements for
revenue systems. At GSA, the auditors provided negative assurance that the
financial management systems were FFMIA-compliant in fiscal year 2004,
although they had previously determined that the systems were not in
compliance for fiscal year 2003 due to significant reconciliation
problems. For fiscal year 2004, the GSA auditors closed the material
weakness regarding the significant reconciliation problems that had
affected GSA the prior year.
DHS will be subject to FFMIA for the first time in fiscal year 2005. The
Department of Homeland Security Financial Accountability Act19 added DHS
to the list of CFO Act agencies effective for fiscal year 2005. Because
DHS was not subject to FFMIA in fiscal year 2004, we have not included DHS
in our summaries of compliance with FFMIA and problems reported by the
auditors for fiscal year 2004. However, we have noted that the DHS
auditors identified and reported deficiencies that relate to all three
FFMIA requirements. We plan to include DHS in our analysis of the fiscal
year 2005 FFMIA results.
While substantially more CFO Act agencies have obtained clean or
unqualified audit opinions on their financial statements, as shown in
figure 2, the underlying agency financial systems remain a serious
problem. The number of unqualified opinions has increased over the past 8
years (from 11 in fiscal year 1997 to 18 for fiscal year 2004), and most
agencies were able to issue their audited financial statements within the
accelerated reporting time frame-22 of the 23 CFO Act agencies20 issued
their audited financial statements by the November 15, 2004, deadline set
by OMB, just 46 days after the close of the fiscal year. While the
increase in unqualified and timely opinions is noteworthy, we are
concerned over the growing number of CFO Act agencies that have restated
certain of their financial statements for fiscal year 2003 to correct
errors and have included a matter of emphasis paragraph in our report on
the audit of the fiscal year 2004 consolidated financial statements given
the seriousness of this problem. As
19Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004).
20The Department of Health and Human Services' Fiscal Year 2004
Performance and Accountability Report was issued in December 2004.
we have previously testified,21 at least 1122 of the 23 CFO Act agencies
restated their fiscal year 2003 financial statements, whereas 523 CFO Act
agencies restated their fiscal year 2002 financial statements. The
restatements to CFO Act agencies' fiscal year 2003 financial statements
ranged from correcting two line items on one agency's balance sheet to
numerous line items on several of another agency's financial statements.
The amounts of the agencies' restatements ranged from several million
dollars to over $91 billion. Nine24 of those 11 agencies received
unqualified opinions on their financial statements originally issued in
fiscal year 2003. Seven of the 9 auditors issued unqualified opinions on
the restated financial statements, which in substance replace the
auditors' opinions on their respective agencies' original fiscal year 2003
financial statements. For 225 of these 9 agencies, the auditors not only
withdrew their unqualified opinions on the fiscal year 2003 financial
statements but also issued other than unqualified opinions on their
respective agencies' restated fiscal year 2003 financial statements
because they could not determine whether there were any additional
misstatements and the effect that these could have on the restated fiscal
year 2003 financial statements.
For two of the agencies with restated financial statements, auditors
provided negative assurance that the agencies' systems were in compliance
with FFMIA for fiscal year 2003. The restatements at these agencies
reflected inaccurate recording of transactions, and in one case, the cause
for the restatement could be traced back to the implementation of new
software, among other factors. The necessity for these agencies to restate
certain financial accounts in the subsequent fiscal year raises questions
about whether the agencies systems substantially met FFMIA requirements
and whether financial managers had access to reliable, useful, and timely
21GAO, Fiscal Year 2004 U.S. Government Financial Statements: Sustained
Improvement in Federal Financial Management Is Crucial to Addressing Our
Nation's Future Fiscal Challenges, GAO-05-284T (Washington, D.C.: Feb. 9,
2005).
22Departments of Agriculture, Defense, Health and Human Services, Justice,
State, and Transportation and GSA, NSF, NRC, the Office of Personnel
Management, and the Small Business Administration.
23Departments of Agriculture, Health and Human Services, the Interior,
Transportation, and the Treasury.
24GSA, NSF, NRC, Office of Personnel Management (OPM), and the Departments
of Agriculture, Health and Human Services, Justice, State, and
Transportation.
25NRC and the Department of Justice.
information with which to make fully informed operational decisions in
fiscal year 2003.
The need for restatements and end-of-the-year adjustments to correct for
errors undermines public trust and confidence in both the entity and all
responsible parties and indicates a continuing lack of improvement in the
underlying agency financial systems. Undue emphasis on receiving
unqualified or clean audit opinions has led to an expectation gap since,
as more agencies receive clean opinions, public expectations are raised
that the government has sound financial management and can produce
reliable, useful, and timely information on demand throughout the year,
whereas the annual FFMIA assessments offer a different perspective.
FFMIA Compliance Findings Mostly Based on Negative Assurance
In fiscal year 2004 auditors for seven agencies reported their systems to
be in substantial compliance with the requirements of FFMIA. Auditors for
six of these agencies (Commerce, Energy, EPA, NRC, NSF, and SSA) provided
negative assurance that the agencies' systems were in compliance with
FFMIA. Auditors provide negative assurance when they state that nothing
came to their attention during the course of their planned procedures to
indicate that these agencies' financial management systems did not meet
FFMIA requirements. If readers are not familiar with the concept of
negative assurance, which we believe is generally the case, they may
incorrectly assume that these systems have been fully tested by the
auditors and that the agencies have achieved compliance. OMB's current
audit guidance26 only calls for auditors to provide negative assurance
when reporting whether an agency's systems are in substantial compliance
with FFMIA.
To provide positive assurance of FFMIA compliance, auditors need to
perform more comprehensive audit procedures than those necessary to render
an opinion for a financial statement audit. In performing financial
statement audits, auditors generally focus on the capability of the
financial management systems to process and summarize financial
information that flows into financial statements. In contrast, FFMIA is
much broader and requires auditors to assess whether an agency's financial
management systems substantially comply with systems requirements. To do
this, auditors need to consider whether agency systems provide complete,
26OMB Bulletin No. 01-02, Audit Requirements for Federal Financial
Statements (Oct. 16, 2000).
accurate, and timely information for day-to-day decision making and
management.
In fiscal year 2004, auditors for DOL provided an opinion, or positive
assurance, of DOL's financial management systems' compliance with FFMIA.
At DOL, the Inspector General (IG) contracted with an independent public
accounting firm to perform the FFMIA examination in accordance with
American Institute of Certified Public Accountants attestation standards,
which by reference are incorporated in Government Auditing Standards. To
do so, the auditors used a combination of financial statement and
FFMIA-specific audit procedures. Specifically, they performed extensive
transaction testing and reconciliations combined with FFMIA-related audit
procedures based on the GAO/PCIE FAM requirements. For example, they
developed a good understanding of the financial systems capabilities,
documented their assessments of DOL's financial systems' compliance with
systems requirements, and considered the nature and extent of managerial
cost information available for effective day-to-day management.
According to the auditors, two developments at DOL in fiscal year 2004
were key to the ability of the auditors to conclude that DOL systems
substantially complied with the three requirements of FFMIA for fiscal
year 2004. First, during fiscal year 2004, DOL management assigned staff
the responsibility of reconciling the Fund Balance with Treasury (FBWT)27
accounts on a daily basis. Due to this increased focus on FBWT, at the end
of fiscal year 2004, the auditors found no material differences between
DOL and Treasury's records. Second, DOL implemented a cost management
system during fiscal year 2004 in order to provide current year cost data
to managers that has not been available in prior years. The auditors also
determined that none of the internal control deficiencies reported as part
of the financial statement audit indicated substantial noncompliance with
FFMIA requirements. For the fiscal year 2005 financial statement audit,
the auditors plan to increase their focus on the types of reports being
produced currently by the cost system and how managers are using that
information for day-to-day operations. In addition, the fiscal year 2005
DOL audit plan requires the auditors to perform the FFMIA-related FAM
audit procedures and complete the associated checklists.
27Agencies record their budget spending authorizations in their FBWT
accounts. Agencies increase or decrease these accounts as they collect or
disburse funds.
The efforts by the DOL auditors to perform the level of review necessary
to provide positive assurance of FFMIA compliance in fiscal year 2004 is
most noteworthy. We have discussed the importance of providing positive
assurance on FFMIA as required by the act for a number of years. We look
forward to other agencies adopting similar auditing and reporting
practice.
Providing positive assurance of an agency's financial management system
can identify weaknesses and lead to improvements that enhance the
performance, productivity, and efficiency of federal financial management
systems. It also provides a clear "bottom line," whereas negative
assurance does not do so. Therefore, as we have discussed in prior
reports,28 we reaffirm our prior recommendation that OMB require agency
auditors to provide a statement of positive assurance when reporting an
agency's systems to be in substantial compliance with FFMIA. OMB continues
to support the requirement for negative assurance of FFMIA compliance.
While OMB agrees that testing should occur, and its guidance on FFMIA
calls for it, OMB officials stated that different, more coordinated
approaches toward assessing an agency's internal controls and FFMIA
compliance might provide sufficient assurance on an agency's systems. For
example, in preparing the President's Management Agenda (PMA) scorecard
assessments, OMB officials meet with agencies to discuss a number of
financial management issues and have systems demonstrations. Agencies are
asked to identify key business questions and related cost drivers. Then,
the agencies must develop systems that can produce the information needed
on those cost drivers to help management at all levels focus on results.
OMB officials stated that they believed the PMA scorecard framework offers
an alternate route toward substantial compliance that is similar to that
offered by positive assurance. In its written comments on a draft of this
report (see app. VI), OMB stated that the processes used in evaluating
agencies against the PMA standards can provide a corroborative mechanism
in evaluating compliance with FFMIA. Our concern is that the information
provided by this approach does not come under audit scrutiny, which is
what the law requires, and may not be reliable.
In December 2004, OMB revised Circular No. A-123, Management's
Responsibility for Internal Control, to strengthen the requirements for
conducting management's assessment of internal control over financial
reporting. The revision incorporates the internal control requirements for
publicly traded companies that are contained in the Sarbanes-Oxley Act of
28GAO-02-29, GAO-03-31, GAO-03-1062, and GAO-05-20.
2002.29 The circular emphasized management's responsibility for
establishing, maintaining, and reporting on internal control to achieve
the objectives of effective and efficient operations, reliable financial
reporting, and compliance with laws and regulations. In commenting on a
draft of this report, OMB emphasized that through its revision to Circular
No. A-123, agencies are required to implement more rigorous processes for
conducting management's assessment of the effectiveness of internal
controls over financial reporting. Given that PMA and Circular No. A-123
reviews help to ensure agencies' access to and use of timely and accurate
financial data, OMB believes that requiring a statement of positive
assurance would prove only marginally useful.
From our perspective, auditor reporting on internal control is a critical
component of monitoring the effectiveness of an organization's
accountability, especially for large, complex, or challenged entities.
Auditors can better serve their clients and other financial statement
users and better protect the public interest by having a greater role in
providing assurances of the effectiveness of internal control in deterring
fraudulent financial reporting and protecting assets. Financial management
systems are a critical element of an entity's internal control over
financial reporting. Although enhanced internal control reporting would
not necessarily address the full capability of the financial management
systems in place, such reporting would include reportable internal control
weaknesses caused by financial systems problems. However, the full value
of independent auditors' assessments of FFMIA compliance will not be fully
realized until auditors perform a sufficient level of audit work to be
able to provide positive assurance that agencies are in compliance with
FFMIA as called for in the act. When reporting an agency's financial
management systems to be in substantial compliance, positive assurance
from independent auditors will provide users with confidence that the
agency systems provide the reliable, useful, and timely information
envisioned by the act.
29A final rule issued by the Securities and Exchange Commission that took
effect in August 2003 provides guidance for implementations of Sections
302, 404, and 906 of the Sarbanes-Oxley Act of 2002 (Pub. L. No. 107-204,
S:S:302, 404, 906 116 Stat. 745, 777, 789, 806 (July 30, 2002)), which
requires publicly traded companies to establish and maintain an adequate
internal control structure and procedures for financial reporting and
include in the annual report a statement of management's responsibility
for and assessment of the effectiveness of those controls and procedures
in accordance with standards adopted by the Securities and Exchange
Commission.
In addition, we also reaffirm our previous recommendation that OMB explore
clarifying the definition of "substantial compliance" to help ensure
consistent application of the term. As we noted in our prior reports,
auditors we interviewed had concerns about providing positive assurance in
reporting on agency systems' FFMIA compliance because of a need for
clarification regarding the meaning of substantial compliance. In its
comments, OMB stated that its growing experience helping agencies
implement the PMA enables it to refine the existing FFMIA indicators
associated with substantial compliance. Accordingly, OMB said it would
consider our recommendation in any future policy and guidance updates.
Reasons for Noncompliance
Based on our review of the fiscal year 2004 audit reports for the 16
agencies reported to have systems not in substantial compliance with one
or more of FFMIA's three requirements, we identified six primary reasons
cited by the auditors for agency systems not being compliant. The
weaknesses reported by the auditors ranged from serious, pervasive systems
problems to less serious problems that may affect only one aspect of an
agency's accounting operation:
o nonintegrated financial management systems,
o inadequate reconciliation procedures,
o lack of accurate and timely recording of financial information,
o noncompliance with the SGL,
o lack of adherence to federal accounting standards, and
o weak security controls over information systems.
Figure 3 shows the relative frequency of these problems at the 16 agencies
reported to have noncompliant systems. The same six types of problems have
been cited by auditors in their fiscal years 2000 through 2003 audit
reports, although the auditors may not have reported these problems as
specific reasons for their systems' lack of substantial compliance with
FFMIA. In addition, we caution that the occurrence of problems in any
particular category may be even greater than auditors' reports of FFMIA
noncompliance would suggest because auditors may not have identified all
problems in their reviews.
Figure 3: Problems Reported by Auditors for Fiscal Years 2000 through 2004
Agencies 24
20 20
16
12
8
4
0
Nonintegrated Inadequate financial reconciliation management procedures
systems
Lack of accurate Noncompliance Lack of adherence Weak security and timely
with the SGL to federal accounting over information recording standards
systems
Fiscal year 2000
Fiscal year 2001
Fiscal year 2002
Fiscal year 2003
Fiscal year 2004
Source: GAO analysis, based on independent auditors' reports prepared by
agency inspectors general and contract auditors for fiscal years
2000-2004.
Nonintegrated Financial Management Systems
The CFO Act calls for agencies to develop and maintain integrated
accounting and financial management systems30 that comply with federal
systems requirements and provide for (1) complete, reliable, consistent,
and timely information that is responsive to the financial information
needs of the agency and facilitates the systematic measurement of
performance; (2) the development and reporting of cost management
information; and
30Federal financial system requirements define an integrated financial
system as one that coordinates a number of previously unconnected
functions to improve overall efficiency and control. Characteristics of
such a system include (1) standard data classifications for recording
financial events; (2) common processes for processing similar
transactions; (3) consistent control over data entry, transaction
processing, and reporting; and (4) a system design that eliminates
unnecessary duplication of transaction entry.
(3) the integration of accounting, budgeting, and program information. OMB
Circular No. A-127, Financial Management Systems, requires agencies to
establish and maintain a single integrated financial management system
that conforms to functional requirements published by JFMIP's Program
Management Office (PMO). More details on the financial management systems
requirements can be found in appendixes I and II.
The lack of integrated financial management systems typically results in
agencies expending major effort and resources, including in some cases
hiring external consultants, to develop information that their systems
should be able to provide on a daily or recurring basis. Agencies with
nonintegrated financial systems are also more likely to devote more time
and resources to collecting information than those with integrated
systems. In addition, opportunities for errors are increased when
agencies' systems are not integrated.
Auditors frequently mentioned the lack of integrated financial management
systems in their fiscal year 2004 audit reports. As shown in figure 3,
auditors for 12 of the 16 agencies with noncompliant systems reported this
to be a problem, compared with 11 of the 17 agencies reported with
noncompliant systems in fiscal year 2003. For example, auditors for the
Department of Justice reported that the financial management systems of
the department's component agencies are not integrated or configured to
support financial management and reporting. For instance, the U.S.
Marshals Service's core financial system lacks integrated subsidiary
ledgers for certain key account balances. Consequently, staff at this
organization must perform time-consuming manual procedures to document
adjustments and crosswalks between the general ledger and the financial
statements. However, the limited amount of time available at the end of
each financial reporting period increases the risk that errors existing in
the financial statements were not detected and corrected prior to final
issuance. The auditors also noted that the nonintegrated systems do not
support management's need for timely and accurate information for
day-today decision making.
At the National Aeronautics and Space Administration (NASA), auditors
reported numerous weaknesses in the core financial system, the integrated
financial management system first implemented by NASA in fiscal year 2003.
We have previously reported on problems NASA faced when
implementing this system.31 Specifically, the auditors found that the core
financial system lacked integration with certain key subsidiary systems,
such as the property system, and does not facilitate the preparation of
financial statements. Although the auditors recognized that management
identified and resolved significant system problems in fiscal year 2004,
the auditors identified serious continuing weaknesses in their review of
property, plant, and equipment (PP&E)-specifically contractor-held PP&E.
For example, due to a lack of integration with the property system,
entries for contractor-held property, totaling $8.5 billion, had to be
manually entered into the core financial system. The auditors concluded
that the problems will not be fully addressed until NASA implements a
single integrated system for reporting property and develops a methodology
to identify costs that should be capitalized at the time that transactions
are processed. The auditors further noted that certain transactions
continue to be posted incorrectly due to improper configurations within
the system. Consequently, they concluded that NASA lacks an integrated
financial management system that provides effective and efficient
interrelationships between software, hardware, personnel, procedures,
controls, and data.
Inadequate Reconciliation Procedures
A reconciliation process, whether manual or automated, is a necessary and
valuable part of a sound financial management system. The less integrated
the financial management system, the greater the need for adequate
reconciliations because data are being accumulated from a number of
different sources. Reconciliations are needed to ensure that data have
been recorded properly between the various systems and manual records. The
Comptroller General's Standards for Internal Control in the Federal
Government highlights reconciliation as a key control activity.
31GAO, Business Modernization: Improvements Needed in Management of NASA's
Integrated Financial Management Program, GAO-03-507 (Washington, D.C.:
Apr. 30, 2003); Information Technology: Architecture Needed to Guide
NASA's Financial Management Modernization, GAO-04-43 (Washington, D.C.:
Nov. 21, 2003); Business Modernization: Disciplined Processes Needed to
Better Manage NASA's Integrated Financial Management Program, GAO-04-118
(Washington, D.C.: Nov. 21, 2003); Business Modernization: NASA's
Integrated Financial Management Program Does Not Fully Address Agency's
External Reporting Issues, GAO-04-151 (Washington, D.C.: Nov. 21, 2003);
Business Modernization: NASA's Challenges in Managing Its Integrated
Financial Management Program, GAO-04255 (Washington, D.C.: Nov. 21, 2003);
and National Aeronautics and Space Administration: Significant Actions
Needed to Address Long-standing Financial Management Problems, GAO-04-754T
(Washington, D.C.: May 19, 2004).
As shown in figure 3, auditors for 11 of the 16 agencies with noncompliant
systems reported that the agencies had reconciliation problems, including
difficulty in reconciling their FBWT accounts with Treasury's records,
compared with 11 of the 17 agencies reported with noncompliant systems in
fiscal year 2003. Treasury policy requires agencies to reconcile their
accounting records with Treasury records on a monthly basis (comparable to
individuals reconciling their personal checkbooks to their monthly bank
statements).
For example, in fiscal year 2003, auditors for the Department of
Transportation (DOT) reported that the department had not implemented
effective processes to reconcile transactions with other federal agencies.
During fiscal year 2004, DOT did improve its reconciliation procedures
using a new reporting tool within its financial management system.
However, on September 30, 2004, DOT still had not identified agencies
associated with $27 billion, or about half, of the $55 billion of
transactions with other federal agencies that were processed and reported
to Treasury in fiscal year 2004. The large amount associated with unknown
trading partners demonstrates that DOT still lacks an effective process
for reconciling transactions. Furthermore, DOT lacked an effective process
for reconciling transactions among its own subsidiary agencies. In fiscal
year 2004, DOT's subsidiary agencies reported a total of $17 million in
accounts receivable, or amounts due from other departmental agencies.
These same organizations, however, reported $582 million in accounts
payable, or amounts owed to other departmental agencies. Because these
amounts should reflect only transactions within DOT, at the consolidated
agency level the amount due should match the amount owed. Due to this
discrepancy, DOT management had to perform extensive research and make
numerous manual adjustments to balance its records and prepare reliable
financial statements.
Until DOT is able to automatically track transactions with other federal
agencies and between its own subsidiary agencies, it will not be able to
make significant progress in reconciling its transaction balances
internally and with those of other agencies. As a result of these problems
at DOT and other federal agencies, the federal government's ability to
determine the impact of these differences on the amounts reported in the
consolidated financial statements is impaired, which we cite in our audit
report on the U.S. government's consolidated financial statements as one
of three major impediments to providing an opinion on those financial
statements. Resolving the intragovernmental transactions problem remains a
difficult
challenge and will require a commitment by federal agencies and strong
leadership and oversight by OMB.
Lack of Accurate and Timely Recording of Financial Information
As shown in figure 3, auditors for all 16 of the agencies with
noncompliant systems reported the lack of accurate and timely recording of
financial information as a problem for fiscal year 2004, compared with 15
of the 17 agencies reported with noncompliant systems in fiscal year 2003.
Accurate and timely recording of financial information is essential for
successful financial management. Timely recording of transactions
facilitates accurate reporting in agencies' financial reports and other
management reports used to guide managerial decision making. In addition,
having systems that record information in an accurate and timely manner is
critical for key governmentwide initiatives, such as integrating budget
and performance information.
In contrast, untimely recording of transactions during the fiscal year can
result in agencies making substantial efforts at fiscal year-end to
perform extensive manual financial statement preparation efforts that are
susceptible to error and increase the risk of misstatements. For example,
auditors for the U.S. Department of Agriculture (USDA) reported that the
department had to make about 1,800 closing adjustments, totaling billions
of dollars, to the financial statements at year-end. The auditors noted
that most of the adjustments they reviewed were necessary; however, having
to make numerous adjustments at year-end diminished the utility of the
financial data in assisting managers in administering USDA programs and
operations throughout the year.
In another case, the Department of Defense's (DOD) auditors reported that
the Defense Finance and Accounting Service in Indianapolis made $204.8
billion (excluding adjustments for intragovernmental transactions) in
unsupported accounting entries to prepare the fiscal year 2004 Army
General Fund financial statements. Since these adjustments were
unsupported, it was difficult for auditors to assess the accuracy of the
transactions and account balances, and was one of a number of financial
statement material weaknesses that led DOD auditors to disclaim an opinion
on DOD's fiscal year 2004 financial statements.
Noncompliance with the As shown in figure 3, auditors for 11 of the 16
agencies with noncompliant systems reported that the agencies' systems did
not comply with SGL requirements for fiscal year 2004, compared with 10 of
the 17 agencies
SGL
reported with noncompliant systems in fiscal year 2003. FFMIA specifically
requires federal agencies to implement the SGL at the transaction level.
Using the SGL promotes consistency in financial transaction processing and
reporting by providing a uniform chart of accounts and pro forma
transactions and provides a basis for comparison at the agency and
governmentwide levels. The defined accounts and pro forma transactions
standardize the accumulation of agency financial information as well as
enhance financial control and support financial statement preparation and
other external reporting.
By not implementing the SGL, agencies may experience difficulties in
providing consistent financial information across their components and
functions. For example, auditors for the Department of Health and Human
Services (HHS) found that approximately 1,550 nonstandard accounting
entries with an absolute value of almost $30 billion were recorded in HHS'
Program Support Center's32 CORE accounting system to compensate for
noncompliance with the SGL. These nonstandard accounting entries were
recorded to correct for misstatements, to record reclassifications, and to
correct reported balances. The auditors noted that these amounts were
significantly less than those in fiscal year 2003, when approximately
2,300 nonstandard accounting entries were recorded with an absolute value
of about $41 billion.
In another instance, auditors for the U.S. Agency for International
Development (USAID) found that the agency's overseas missions continue to
use the Mission Accounting and Control System (MACS) as their primary
financial system. MACS is a computer-based system that does not
substantially comply with FFMIA's SGL requirement since it lacks the SGL
chart of accounts. Instead, the system uses transaction codes to record
entries; therefore, USAID cannot ensure that transactions are posted
properly and consistently from mission to mission.
Lack of Adherence to Federal Accounting Standards
One of FFMIA's requirements is that agencies' financial management systems
account for transactions in accordance with federal accounting standards;
however, agencies continue to face significant challenges in implementing
these standards. As shown in figure 3, auditors for 11 of the
32The Program Support Center (PSC) is an administrative office, which
provides program support services to 8 of HHS' 12 operating divisions. The
CORE accounting system has been described as the "nucleus" of PSC's
accounting operations.
16 agencies with noncompliant systems reported that these agencies had
problems complying with one or more federal accounting standards for
fiscal year 2004, compared with 11 of the 17 agencies reported with
noncompliant systems in fiscal year 2003. Appendixes III and IV list the
federal financial accounting standards and other guidance issued by the
Federal Accounting Standards Advisory Board and its Accounting and
Auditing Policy Committee, respectively.
Auditors expressly reported compliance problems with 11 specific
accounting standards in fiscal year 2004. Of those standards, the 4 that
were most troublesome for agencies are Statement of Federal Financial
Accounting Standards (SFFAS) No. 1, Accounting for Selected Assets and
Liabilities; SFFAS No. 4, Managerial Cost Accounting Concepts and
Standards; SFFAS No. 6, Accounting for Property, Plant, and Equipment; and
SFFAS No. 7, Accounting for Revenue and Other Financing Sources. In
particular, SFFAS No. 4, which became effective in 1998, continues to be
difficult for federal managers to fully implement. For example, as auditor
for the Department of the Treasury's Internal Revenue Service (IRS),33 we
reported that during fiscal year 2004 IRS continued to lack a cost
accounting system capable of accurately and timely tracking and reporting
the costs of its programs and projects. This condition also renders IRS
unable to produce reliable cost-based performance information. IRS
officials stated that they have the information necessary to determine the
cost of various activities, such as conducting investigations; however,
this information is widely distributed among a variety of information
systems that are not integrated and therefore cannot share data. This
makes the accumulation of cost information time consuming and labor
intensive, and thus such information is not readily available for
decision-making purposes. Accurate and timely cost management information
is critical for federal managers to transform how government agencies
manage the business of government and vital in developing meaningful links
between budget, accounting, and performance. The requirement for
managerial cost information has been in place since 1990 under the CFO Act
and since October 1997 as a federal accounting standard.
Similar system and process deficiencies also impede agency efforts to
accurately and timely track and report the cost of their PP&E in
accordance with SFFAS No. 6. For example, in its annual report on
33GAO, Financial Audit: IRS's Fiscal Years 2004 and 2003 Financial
Statements, GAO-05103 (Washington, D.C.: Nov. 10, 2004).
reliability, as required by section 1008 of the National Defense
Authorization Act for Fiscal Year 2002,34 DOD acknowledged material
deficiencies that impede its ability to reliably report the cost and
depreciation of its general PP&E. Specifically, DOD disclosed a lack of
(1) supporting documentation for general PP&E purchased many years ago,
(2) integrated acquisition and financial systems, and (3) systems designed
to capture the acquisition and modification costs and calculate
depreciation. The consequences of not complying with this accounting
standard are also similar: management lacks accurate and timely
information to adequately safeguard, account for, and control these
assets.
Weak Security Controls over Information Systems
Information security weaknesses are a major concern for federal agencies
and the general public and one of the frequently cited reasons for
noncompliance with FFMIA. These control weaknesses place vast amounts of
government assets at risk of inadvertent or deliberate misuse, financial
information at risk of unauthorized modification or destruction, sensitive
information at risk of inappropriate disclosure, and critical operations
at risk of disruption. Accordingly, we have considered information
security to be a governmentwide high-risk area since 1997.35 As shown in
figure 3, auditors for 15 of the 16 agencies with noncompliant systems
reported security weaknesses in information systems to be a problem,
compared with all 17 of the agencies reported with noncompliant systems in
fiscal year 2003. Consistent with section 1008 of the National Defense
Authorization Act for Fiscal Year 2002, which requires DOD to minimize the
use of resources to develop, compile, report, and audit unreliable
financial statements, DOD auditors relied upon management's assertion
regarding DOD's lack of compliance with federal financial management
systems requirements. Accordingly, the DOD auditors limited their audit
work and did not report information security weaknesses in their
disclaimer report on DOD's fiscal year 2004 financial statements. However,
DOD management reported that in addition to being unable to provide
information that is reliable, timely, and accurate, the department's
information systems are potentially vulnerable to an information warfare
attack and reported this issue as a "significant deficiency" under the
reporting requirements of the Federal Information Security Management
34Pub. L. No. 107-107, 115 Stat. 1012, 1204 (Dec. 28, 2001).
35GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January
2005).
Act of 2002.36 The DOD auditors advised us that they agree with DOD
management's acknowledgement of information security weaknesses.
Therefore, we have included DOD in the summary of agencies with
information security weaknesses. In addition, most of the agencies whose
auditors provided negative assurance of substantial compliance with FFMIA
still have computer security issues that need to be addressed by agency
management.
Unresolved information security weaknesses could adversely affect the
ability of agencies to produce accurate data for decision making and
financial reporting because such weaknesses could compromise the
reliability and availability of data that are recorded in or transmitted
by an agency's financial management system. As a case in point, in fiscal
year 2004, auditors for the Department of Veterans Affairs reported that
program and financial data continue to be at risk due to (1) the
implementation and enforcement of controls and oversight over access to
information systems, (2) the segregation of key duties and
responsibilities of employees, and (3) contingency planning. They
concluded that these weaknesses placed sensitive information, including
financial data and sensitive veteran medical and benefit information, at
risk of inadvertent or deliberate misuse, fraudulent use, improper
disclosure, or destruction, possibly without detection.
Key Initiatives That Impact Federal Financial Management Systems
As agencies move forward with initiatives to address FFMIA-related
problems, it is important that consideration be given to the numerous
governmentwide initiatives under way to address long-standing financial
management weaknesses. OMB continues to move forward on new initiatives to
enhance financial management and provide results-oriented information in
the federal government. Two notable developments in this area in fiscal
year 2004 were the realignment of responsibilities formerly performed by
JFMIP and its PMO and the development of financial management lines of
business. Furthermore, the continuing leadership and support of Congress
will be crucial to sustaining momentum in the reformation of financial
management in the federal government.
36Pub. L. No. 107-347, title III, 116 Stat. 2899, 2946 (Dec. 17, 2002).
Changes to Federal Financial Management due to JFMIP Realignment
In a December 2004 memorandum, OMB announced a realignment of JFMIP's
responsibilities for financial management policy and oversight in the
federal government. JFMIP was originally formed under the authority of the
Budget and Accounting Procedures Act of 1950 and was a joint and
cooperative undertaking of the General Accounting Office,37 the Department
of the Treasury, OMB, and the Office of Personnel Management (OPM),
working in cooperation with each other to improve financial management
practices in the federal government. Leadership and program guidance was
provided by the four principals of JFMIP-the Comptroller General of the
United States, the Secretary of the Treasury, and the Directors of OMB and
OPM. The PMO, managed by the Executive Director of JFMIP using funds
provided by the CFO Council (CFOC), was established in 1999. The PMO was
responsible for the testing and certification of commercial off-the-shelf
(COTS) core financial systems for use by federal agencies and coordinating
the development and publication of functional requirements for financial
management systems.38
On December 1, 2004, in an effort to eliminate duplicative roles and
streamline financial management improvement efforts, the four principals
agreed to realign JFMIP's responsibilities for financial management policy
and oversight. Specifically, under the announced realignment, the PMO will
now report to the chair of a new CFOC committee-the Financial Systems
Integration Committee (FSIC). Other JFMIP functions, such as issuing
systems requirements, were assumed by OMB's Office of Federal Financial
Management (OFFM) and the CFOC. While JFMIP ceased to exist as a separate
organization, the Principals will continue to meet at their discretion
consistent with the 1950 act.
The newly established FSIC will be responsible for advising OFFM on
systems requirements and overseeing the PMO, which will continue
certifying core financial systems. The realignment recognizes that OMB and
the agencies have responsibility for all facets of financial management
systems and the work of the FSIC will be critical to the success of the
realignment.
37Effective July 7, 2004, the General Accounting Office's legal name
became the Government Accountability Office to better reflect its role as
a modern professional services organization.
38See app. II for the systems requirements documents issued to date.
Federal Financial Management Line of Business Initiative Continues to
Evolve
In spring 2004, OMB launched task forces to conduct a governmentwide
analysis of five lines of business supporting the President's Management
Agenda (PMA) goal to expand electronic government. The goal of the Line of
Business (LOB) initiative is to develop business-driven, common solutions
for five specific lines of business that extend across the entire federal
government. The five lines of business are financial management, human
resources management, grants, federal health architecture, and case
management.39 These lines of business share similar business requirements
and processes. In the spring of 2005, OMB added the Information Technology
Security LOB task force. OMB and designated agency LOB task forces plan to
use enterprise architecture-based principles and best practices to
identify common solutions for business processes, technology-based shared
services, or both to be made available to government agencies. Driven from
a business perspective rather than a technology focus, the solutions are
expected to address distinct business improvements to enhance government's
performance and services for citizens.
The financial management LOB goals are to achieve or enhance process
improvements and cost savings in the acquisition, development,
implementation, and operation of financial management systems through
shared services, joint procurements, consolidation, and other means;
promote seamless data exchange between and among federal agencies; provide
for the standardization of business processes and data elements; and
strengthen internal controls through real-time integration of core
financial and subsidiary systems. To achieve these goals, OMB and the
associated agency task forces have focused on developing Centers of
Excellence (COE).
OMB officials stated that the purpose of developing COEs is to reduce the
number of systems that each individual agency must support, promote
standardization, and reduce the duplication of efforts. COEs can also
create economies of scale by consolidating selected financial functions
into a single agency or center. The economies of scale come from being
able to use fewer staff to achieve the same results. For example, major
software vendors often issue a software patch daily that must be tested
and installed. A single COE would be able to test and update multiple
agencies'
39Case management involves managing claims or investigations including
creating, routing, tracing, assignment and closing of a case, as well as
collaboration among case handlers.
systems rather than having multiple agencies each performing the same
update.
Officials at OMB stated that the financial management LOB continues to
evolve with four agencies40 being selected to become COEs through the
fiscal year 2006 budgetary process. In addition, OMB led the development
of a due diligence checklist to assess an agency's capacity to be a COE.
This checklist documents whether an agency can perform specific functions,
has proper certification and accreditation, and uses a PMO-certified
system. OMB has plans to develop additional tools and guidance to
facilitate the COE concept. For example, OMB is considering a service
level agreement template to provide agencies with standard contract
clauses and will require agencies to document and justify the competition
and selection process.
OMB officials stated that the policies and procedures established through
the financial management LOB will help keep federal financial management
systems current; improve business processes; and with fewer systems in
operation, facilitate vendor contracts. We have long supported and called
for initiatives to standardize and streamline common financial systems,
which may not only reduce costs but, if done correctly, can dramatically
improve accountability. We have ongoing work to analyze the financial
management LOB.
As we have stated in our prior reports,41 DOD's financial management and
related business operations continue to cause substantial waste and
inefficiency, have an adverse impact on mission performance, and result in
the lack of adequate transparency and appropriate accountability across
all major business areas. Of the 25 areas on GAO's governmentwide
high-risk list, 8 are DOD-specific program areas related to key business
functions,
40GSA, the Department of the Interior's National Business Center, the
Department of the Treasury's Bureau of the Public Debt, and DOT.
41GAO, DOD Business Transformation: Sustained Leadership Needed to Address
Longstanding Financial and Business Management Problems, GAO-05-723T
(Washington, D.C.: Jun. 8, 2005); GAO, DOD Business Systems Modernization:
Billions Being Invested without Adequate Oversight, GAO-05-381
(Washington, D.C.: Apr. 29, 2005); and Department of Defense: Further
Actions Are Needed to Effectively Address Business Management Problems and
Overcome Key Business Transformation Challenges, GAO-05140T (Washington,
D.C.: Nov. 17, 2004).
DOD Continues to Struggle to Enhance Financial Management
and the department shares responsibility for 6 other high-risk areas that
are governmentwide in scope.42 These problems preclude the department from
producing reliable and timely data on its results of operations and
accurately reporting on its trillions of dollars of assets and
liabilities. Additionally, DOD's stovepiped, duplicative, and
nonintegrated systems environment contributes to these operational
problems and costs the American taxpayers billions of dollars each year.
For fiscal year 2005, the department requested approximately $13 billion
to operate, maintain, and modernize its reported 4,150 business systems.43
Overhauling the financial management and business operations of one of the
largest and most complex organizations in the world represents a daunting
challenge. In an effort to better manage DOD's resources, the Secretary of
Defense has appropriately placed a high priority on transforming key
business processes to improve their efficiency and effectiveness in
supporting the department's military mission. The Business Management
Modernization Program is the department's business transformation
initiative; it encompasses defense policies, processes, people, and
systems that guide, perform, or support all aspects of business
management-including development and implementation of the business
enterprise architecture or modernization blueprint. The Secretary of
Defense has estimated that improving business operations of the department
could save 5 percent of DOD's annual budget, which equates to a savings of
over $20 billion a year.
Transformation of DOD's business systems and operations is critical to the
department having the ability to provide Congress and DOD management with
accurate and timely information for use in the decision-making process.
Although the Secretary of Defense and several key agency officials have
shown commitment to transformation, little tangible evidence of
42See GAO-05-207. The eight specific DOD high-risk areas are (1) approach
to business transformation, (2) business systems modernization, (3)
contract management, (4) financial management, (5) personnel security
clearance program, (6) supply chain management, (7) support infrastructure
management, and (8) weapon systems acquisition. The six governmentwide
high-risk areas that include DOD are (1) disability programs, (2)
interagency contracting, (3) information systems and critical
infrastructure, (4) information sharing for homeland security, (5) human
capital, and (6) real property.
43Business systems include financial and nonfinancial systems such as
civilian personnel, finance, health, logistics, military personnel,
procurement, and transportation, with the common element being the
generation or use of financial data to support DOD's business operations.
significant broad-based and sustainable improvements has been seen in
DOD's business operations. For DOD to successfully transform its business
operations, it will need a comprehensive and integrated business
transformation plan; people with the skills, responsibility, and authority
to implement the plan; an effective process and related tools, such as a
business enterprise architecture;44 and results-oriented performance
measures that link institutional, unit, and individual personnel goals and
expectations to promote accountability for results.
Continuing Congressional Interest Helps Provide Accountability
The leadership and support demonstrated by Congress has been essential in
the reformation of financial management in the federal government. As
previously discussed, the legislative framework provided by the CFO Act
and FFMIA, among others, established a solid foundation for stimulating
change needed to achieve sound financial systems management. For example,
in November 2002, Congress enacted the Accountability of Tax Dollars Act
to extend the financial statements audit requirements of the CFO Act to
additional federal agencies. Then, in October 2004, Congress added DHS to
the list of CFO Act agencies and required DHS to obtain an audit opinion
on its internal controls. In addition, DHS will be subject to FFMIA for
fiscal year 2005 and its auditors will be required to report any
FFMIA-related systems deficiencies or weaknesses identified. Sustained
congressional interest in these issues has been demonstrated by the number
of hearings on federal financial management and reform held over the past
several years. It is critical that the various appropriations, budget,
authorizing, and oversight committees hold agency top management
accountable for resolving these problems and that the committees continue
to support improvement efforts.
The continued attention by Congress to these issues is crucial in
sustaining momentum for financial management reform in the federal
government. Toward this end, the Subcommittee on Government Management,
Finance and Accountability, House Committee on Government Reform is
currently examining the consolidation of existing federal financial
management laws into legislation that would simplify, streamline, and
enhance the laws governing agency financial management. These laws were
primarily designed to increase financial accountability, enhance agency
strategic focus, promote sound management through effective internal
control,
44A business enterprise architecture is a well-defined blueprint for
operational and technological change.
provide for effective information technology deployment, facilitate debt
collection activities, and encourage better asset management. These are
all interrelated management concepts, which the subcommittee intends to
bring together under a single unified statute so that rules and
regulations are clearly delineated for federal managers, which will
enhance accountability for the federal government.
Conclusions Continuing problems with agencies' financial systems make it
difficult for agencies to produce reliable, useful, and timely financial
information on an ongoing basis for day-to-day management. While the
number of agencies receiving unqualified or "clean" opinions on their
financial statements has increased since fiscal year 1997, the continued
widespread noncompliance with FFMIA shows that agencies have a long way to
go before having systems, processes, and controls able to routinely
generate reliable, useful, and timely information.
As shown by the FFMIA-related problems reported in agency audit reports,
federal financial management systems are not currently able to provide
federal managers with the financial data needed for effective day-to-day
management of their programs or for efficient external reporting. We
continue to be concerned that the full nature and scope of the problems
have not yet been identified because most auditors have only provided
negative assurance in their FFMIA reports. We believe the law requires
auditors to provide positive assurance on FFMIA compliance. Therefore, we
reaffirm our recommendation made in prior reports that OMB revise its
current FFMIA guidance to require agency auditors to provide a statement
of positive assurance when reporting an agency's systems to be in
substantial compliance. Such a determination will require auditors to
perform a more thorough examination of their agencies' systems. We also
reaffirm our other prior recommendation for OMB to explore further
clarification of the definition of "substantial compliance" in its FFMIA
guidance to encourage consistent reporting among agency auditors. As we
have stated in prior reports,45 the auditors we have interviewed expressed
concerns about providing positive assurance when reporting on agency
systems' FFMIA compliance because of their belief that the meaning of
substantial compliance needs to be clarified.
45GAO-02-29, GAO-03-31, and GAO-05-20.
The size and complexity of the federal government presents a formidable
management challenge to modernize and improve its financial management
systems that will require continued attention from the highest levels of
government. We recognize that it will take time, investment, and sustained
emphasis on correcting deficiencies to improve federal financial
management systems to the level required by FFMIA. However, with concerted
and coordinated effort, including attention from top agency management and
the Congress, the federal government can make progress toward improving
its financial management systems and thus achieve the goals of the CFO Act
and provide accountability to the nation's taxpayers.
Agency Comments and Our Evaluation
In written comments (reprinted in app. VI) on a draft of this report, OMB
generally agreed with our assessment that while federal agencies continue
to make progress in addressing financial management systems weaknesses,
many agencies still need to make improvements to produce the information
needed to efficiently and effectively manage day-to-day operations. As in
previous years, OMB did not see the necessity of our recommendation for
agency auditors to provide a statement of positive assurance when
reporting agency systems to be in substantial compliance with the
requirements of FFMIA. While OMB commends DOL's auditors for performing
the additional level of audit work needed to provide positive assurance of
compliance with FFMIA and encourages similar efforts at other agencies,
OMB stated that requiring a statement of positive assurance for all
agencies would prove only marginally useful. OMB stated that the framework
of performance standards established under the PMA, as well as the ongoing
efforts to update policy guidance, such as the internal control
requirements in OMB Circular No. A-123, provide alternative mechanisms for
evaluating FFMIA compliance. The PMA and Circular No. A-123 initiatives
are two examples of current OMB efforts intended to complement FFMIA's
goal of creating the full range of information needed for day-to-day
management. From OMB's perspective, these efforts together with existing
audit processes can provide an accurate assessment of substantial
compliance, identify deficiencies, and suggest corrective actions.
While we agree that the PMA and OMB Circular No. A-123 initiatives are
helping to drive improvements, auditors need to consider other aspects of
financial management systems when assessing FFMIA compliance that are not
fully addressed through the current reporting structure. For example, in
preparing the PMA scorecard assessments, OMB officials meet with agencies
to discuss a number of financial management issues and have
systems demonstrations. Our concern is that some of the information
provided by this approach does not come under audit scrutiny and may not
be reliable. Similarly, internal control assessments performed under
Circular No. A-123 are based on management's judgment and are subject to
review by independent auditors only in limited circumstances. From our
perspective, an opinion by an independent auditor on FFMIA compliance
would confirm that an agency's systems substantially met the requirements
of FFMIA and provide additional confidence in the information provided as
a result of the PMA and Circular No. A-123 initiatives. Finally, we
continue to believe that a statement of positive assurance is a statutory
requirement under the act.
With regard to our prior recommendation, which we reaffirmed in this
report, for revised guidance that clarifies the definition of substantial
compliance, OMB said that the experience obtained from helping agencies
implement the standards incorporated in the PMA will allow a further
refinement of the FFMIA indicators associated with substantial compliance.
Therefore, OMB agreed to consider clarifying the definition of
"substantial compliance" in future policy and guidance updates. As we
noted in our prior reports,46 auditors we interviewed expressed a need for
clarification regarding the meaning of substantial compliance.
OMB also provided additional oral comments, which we incorporated as
appropriate.
We are sending copies of this report to the Chairman and Ranking Minority
Member, Subcommittee on Federal Financial Management, Government
Information, and International Security, Senate Committee on Homeland
Security and Governmental Affairs, and to the Chairman and Ranking
Minority Member, Subcommittee on Government Management, Finance, and
Accountability, House Committee on Government Reform. We are also sending
copies to the Director of the Office of Management and Budget, the
Secretary of Homeland Security, the heads of the 23 CFO Act agencies in
our review, and agency CFOs and IGs. Copies will be made available to
others upon request. In addition, this report will be available at no
charge on the GAO Web site at http://www.gao.gov.
46GAO-02-29, GAO-03-31, and GAO-05-20.
This report was prepared under the direction of Sally E. Thompson,
Director, Financial Management and Assurance, who may be reached at (202)
512-2600 or by e-mail at [email protected] if you have any questions.
Contact points for our Offices of Congressional Relations and Public
Affairs may be found on the last page of this report. Key contributors to
this report are listed in appendix VIII.
David M. Walker Comptroller General of the United States
Appendix I
Requirements and Standards Supporting Federal Financial Management
Financial Management
Systems Requirements
The policies and standards prescribed for executive agencies to follow in
developing, operating, evaluating, and reporting on financial management
systems are defined in Office of Management and Budget (OMB) Circular No.
A-127, Financial Management Systems. The components of an integrated
financial management system include the core financial system,1 managerial
cost accounting system, administrative systems, and certain programmatic
systems. Administrative systems are those that are common to all federal
agency operations2 and programmatic systems are those needed to fulfill an
agency's mission.
Circular No. A-127 refers to the series of publications entitled Federal
Financial Management Systems Requirements, initially issued by the Joint
Financial Management Improvement Program's (JFMIP) Program Management
Office (PMO)3 as the primary source of governmentwide requirements for
financial management systems. Appendix II lists the federal financial
management systems requirements published to date. Figure 4 is the current
model that illustrates how these systems interrelate in an agency's
overall systems architecture.
1Core financial systems, as defined by the JFMIP PMO, include managing
general ledger, funding, payments, receivables, and certain basic cost
functions.
2Examples of administrative systems include budget, acquisition, travel,
property, and human resources and payroll.
3In December 2004, OMB announced a realignment of JFMIP's
responsibilities. Specifically, under the announced realignment, the PMO
will continue its software certification process, but now report to the
chair of a new Chief Financial Officers Council (CFOC) committee- the
Financial Systems Integration Committee (FSIC). Also, systems requirements
will be issued by OFFM. Therefore, JFMIP has ceased to exist as a separate
organization, although the Principals will continue to meet at their
discretion.
Appendix I Requirements and Standards Supporting Federal Financial Management
Figure 4: Agency Systems Architecture
Source: OMB's Office of Federal Financial Management (OFFM). Effective
December 1, 2004, all financial management system requirements documents
and other guidance initially issued by the JFMIP were transferred to OFFM
and remain in effect until modified.
OMB Circular No. A-127 also requires agencies to purchase commercial
offthe-shelf (COTS) software that has been tested and certified through
the PMO software certification process when acquiring core financial
systems. The PMO's certification process, however, does not eliminate or
significantly reduce the need for agencies to develop and conduct
comprehensive testing efforts to ensure that the COTS software meets their
requirements. Moreover, according to the PMO, core financial systems
certification does not mean that agencies that install these packages will
have financial management systems that are compliant with FFMIA. Many
other factors can affect the capability of the systems to comply with
FFMIA, including modifications made to the PMO-certified core financial
Appendix I Requirements and Standards Supporting Federal Financial Management
management systems software and the validity and completeness of data from
feeder systems.
Federal Accounting The Federal Accounting Standards Advisory Board
(FASAB)4 promulgates federal accounting standards that agency Chief
Financial Officers use in
Standards developing financial management systems and preparing financial
statements. FASAB develops the appropriate accounting standards after
considering the financial and budgetary information needs of Congress,
executive agencies, and other users of federal financial information and
comments from the public. FASAB forwards the standards to the three
sponsors-the Comptroller General, the Secretary of the Treasury, and the
Director of OMB-for a 90-day review. If there are no objections during the
review period, the standards are considered final, and FASAB publishes
them on its Web site and in print.
The American Institute of Certified Public Accountants has recognized the
federal accounting standards promulgated by FASAB as being generally
accepted accounting principles for the federal government. This
recognition enhances the acceptability of the standards, which form the
foundation for preparing consistent and meaningful financial statements
both for individual agencies and the government as a whole. Currently,
there are 29 Statements of Federal Financial Accounting Standards (SFFAS)
and 4 Statements of Federal Financial Accounting Concepts (SFFAC).5 The
concepts and standards are the basis for OMB's guidance to agencies on the
form and content of their financial statements and for the government's
consolidated financial statements. Appendix III lists the concepts,
standards, interpretations,6 and technical bulletins, along with their
respective effective dates.
4In October 1990, the Secretary of the Treasury, the Director of OMB, and
the Comptroller General established FASAB to develop a set of generally
accepted accounting standards for the federal government. Effective
October 1, 2003, FASAB is comprised of six nonfederal or public members,
one member from the Congressional Budget Office, and the three sponsors.
5Accounting standards are authoritative statements of how particular types
of transactions and other events should be reflected in financial
statements. SFFACs explain the objectives and ideas upon which FASAB
develops the standards.
6An interpretation is a document of narrow scope that provides
clarifications of original meaning, additional definitions, or other
guidance pertaining to an existing federal accounting standard.
Appendix I Requirements and Standards Supporting Federal Financial Management
FASAB's Accounting and Auditing Policy Committee (AAPC)7 assists in
resolving issues related to the implementation of accounting standards.
AAPC's efforts result in guidance for preparers and auditors of federal
financial statements in connection with implementation of accounting
standards and the reporting and auditing requirements contained in OMB's
Bulletin No. 01-09, Form and Content of Agency's Financial Statements
(Sept. 25, 2001), and Bulletin No. 01-02, Audit Requirements for Federal
Financial Statements (Oct. 16, 2000). To date, AAPC has issued six
technical releases, which are listed in appendix IV along with their
release dates.
U.S. Government Standard General Ledger
The SGL was established by an interagency task force under the direction
of OMB and mandated for use by agencies in OMB and Treasury regulations in
1986. The SGL promotes consistency in financial transaction processing and
reporting by providing a uniform chart of accounts and pro forma
transactions used to standardize federal agencies' financial information
accumulation and processing throughout the year; enhance financial
control; and support budget and external reporting, including financial
statement preparation. The SGL is intended to improve data stewardship
throughout the federal government, enabling consistent reporting at all
levels within the agencies and providing comparable data and financial
analysis governmentwide.8
Internal Control Standards
Congress enacted legislation, 31 U.S.C. 3512(c),(d) (commonly referred to
as the Federal Managers' Financial Integrity Act of 1982 (FIA)), to
strengthen internal controls and accounting systems throughout the federal
government, among other purposes. Issued pursuant to FIA, the Comptroller
General's Standards for Internal Control in the Federal Government9
provides standards that are directed at helping agency managers implement
effective internal control, an integral part of
7In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the CFOC, and the
President's Council on Integrity and Efficiency, established AAPC to
assist the federal government in improving financial reporting.
8SGL guidance is published in the Treasury Financial Manual. Treasury's
Financial Management Service is responsible for maintaining the SGL and
answering agency inquiries.
9GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3 (Washington, D.C.: November 1999).
Appendix I Requirements and Standards Supporting Federal Financial
Management
improving financial management systems. Internal control is a major part
of managing an organization and comprises the plans, methods, and
procedures used to meet missions, goals, and objectives. In summary,
internal control, which under OMB's guidance for FIA is synonymous with
management control, helps government program managers achieve desired
results through effective stewardship of public resources.
In December 2004, OMB revised Circular No. A-123, Management's
Responsibility for Internal Control, to strengthen the requirements for
conducting management's assessment of internal control over financial
reporting. The circular emphasized management's responsibility for
establishing and maintaining internal control to achieve the objectives of
effective and efficient operations, reliable financial reporting, and
compliance with laws and regulations.
Effective internal control also assists in managing the changes due to
shifting environments and evolving demands and priorities. As programs
change and agencies strive to improve operational processes and implement
new technological developments, management must continually assess and
evaluate its internal control to ensure that the control objectives are
being achieved.
Appendix II
Publications in the Federal Financial Management Systems Requirements
Series
FFMSR document Issue date
FFMSR-8 System Requirements for Managerial Cost Accounting February 1998
JFMIP-SR-99-5 Human Resources & Payroll Systems Requirements April 1999
JFMIP-SR-99-8 Direct Loan System Requirements June 1999
JFMIP-SR-99-9 Travel System Requirements July 1999
JFMIP-SR-99-14Seized Property and Forfeited Assets Systems Requirements
December 1999
JFMIP-SR-00-01Guaranteed Loan System Requirements March 2000
JFMIP-SR-00-3 Grant Financial System Requirements June 2000
JFMIP-SR-00-4 Property Management Systems Requirements October 2000
JFMIP-SR-01-01 Benefit System Requirements September 2001
JFMIP-SR-02-01 Core Financial System Requirements November 2001
JFMIP-SR-02-02 Acquisition/Financial Systems Interface Requirements June
2002
JFMIP-SR-03-01 Revenue System Requirements January 2003
JFMIP-SR-03-02 Inventory, Supplies and Materials System Requirements
August 2003
JFMIP-SR-02-01 Addendum to Core Financial System Requirements March 2004
JFMIP-SR-01-04 Framework for Federal Financial Management Systems April
2004
OFFM-NO-0105 Core Financial System Requirements (Exposure Draft) February
2005
OFFM-NO-0206 Insurance System Requirements (Exposure Draft) May 2005
Source: OMB's OFFM.
Note: Effective December 1, 2004, all financial management system
requirements documents and other guidance initially issued by JFMIP were
transferred to OFFM and remain in effect until modified.
Appendix III
Statements of Federal Financial Accounting Concepts, Standards,
Interpretations, and Technical Bulletins
Concepts
SFFAC No. 1Objectives of Federal Financial Reporting SFFAC No. 2 Entity and
Display SFFAC No. 3 Management's Discussion and Analysis
SFFAC No. 4 Intended Audience and Qualitative Characteristics for the
Consolidated Financial Report of the United States Government
Standards Effective for fiscal yeara
SFFAS No. 1 Accounting for Selected Assets and Liabilities 1994
SFFAS No. 2 Accounting for Direct Loans and Loan Guarantees 1994
SFFAS No. 3 Accounting for Inventory and Related Property 1994
SFFAS No. 4 Managerial Cost Accounting Concepts and Standards 1998
SFFAS No. 5 Accounting for Liabilities of the Federal Government 1997
SFFAS No. 6 Accounting for Property, Plant, and Equipment 1998
SFFAS No. 7 Accounting for Revenue and Other Financing Sources 1998
SFFAS No. 8 Supplementary Stewardship Reporting 1998
SFFAS No. 9 Deferral of the Effective Date of Managerial Cost Accounting
Standards for the Federal Government in 1998 SFFAS No. 4
SFFAS No. 10 Accounting for Internal Use Software 2001
SFFAS No. 11 Amendments to Accounting for Property, Plant, and
Equipment-Definitional Changes 1999
SFFAS No. 12 Recognition of Contingent Liabilities Arising from
Litigation: An Amendment of SFFAS No. 5, Accounting 1998 for Liabilities
of the Federal Government
SFFAS No. 13 Deferral of Paragraph 65-2-Material Revenue-Related
Transactions Disclosures 1999
SFFAS No. 14 Amendments to Deferred Maintenance Reporting 1999
SFFAS No. 15 Management's Discussion and Analysis 2000
SFFAS No. 16 Amendments to Accounting for Property, Plant, and Equipment
2000
SFFAS No. 17 Accounting for Social Insurance 2000
SFFAS No. 18 Amendments to Accounting Standards for Direct Loans and Loan
Guarantees in SFFAS No. 2 2001
SFFAS No. 19 Technical Amendments to Accounting Standards for Direct Loans
and Loan Guarantees in SFFAS No. 2 2003
SFFAS No. 20 Elimination of Certain Disclosures Related to Tax Revenue
Transactions by the Internal Revenue 2001 Service, Customs, and Others
SFFAS No. 21 Reporting Corrections of Errors and Changes in Accounting
Principles 2002
SFFAS No. 22 Change in Certain Requirements for Reconciling Obligations
and Net Cost of Operations 2001
SFFAS No. 23 Eliminating the Category National Defense Property, Plant,
and Equipment 2003
SFFAS No. 24 Selected Standards for the Consolidated Financial Report of
the United States Government 2002
SFFAS No. 25 Reclassification of Stewardship Responsibilities and
Eliminating the Current Services Assessment 2006 (amended)
SFFAS No. 26 Presentation of Significant Assumptions for the Statement of
Social Insurance: Amending SFFAS 25 2006 (amended)
Appendix III Statements of Federal Financial Accounting Concepts, Standards,
Interpretations, and Technical Bulletins
(Continued From Previous Page)
Standards Effective for fiscal yeara
SFFAS No. 27 Identifying and Reporting Earmarked Funds 2006
SFFAS No. 28 Deferral of the Effective Date of Reclassification of the
Statement of Social Insurance: Amending SFFAS 2006 25 and 26
SFFAS No. 29 Heritage Assets and Stewardship Land 2006
Interpretations
No. 1 Reporting on Indian Trust Funds
No. 2 Accounting for Treasury Judgment Fund Transactions
No. 3 Measurement Date for Pension and Retirement Health Care Liabilities
No. 4 Accounting for Pension Payments in Excess of Pension Expense
No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue
No. 6 Accounting for Imputed Intra-departmental Costs
Technical Bulletins
TB 2000-1 Purpose and Scope of FASAB Technical Bulletins and Procedures
for Issuance
TB 2002-1 Assigning to Component Entities Costs and Liabilities That Result From
Legal Claims Against the Federal Government
TB 2002-2 Disclosures Required by Paragraph 79(g) of SFFAS 7
TB 2003-1 Certain Questions and Answers Related to the Homeland Security Act of
2002
Source: FASAB.
aEffective dates do not apply to Statements of Federal Financial
Accounting Concepts, Interpretations, and Technical Bulletins.
Appendix IV
AAPC Technical Releases
Technical release AAPC release date
TR-1 Audit Legal Representation Letter Guidance March 1, 1998
TR-2 Determining Probable and Reasonably Estimable for Environmental
Liabilities in the Federal Government March 15, 1998
TR-3 Preparing and Auditing Direct Loan and Loan Guarantee Subsidies Under
the Federal Credit Reform Act July 31, 1999
TR-4 Reporting on Non-Valued Seized and Forfeited Property July 31, 1999
TR-5 Implementation Guidance on SFFAS No. 10: Accounting for Internal Use
Software May 14, 2001
TR-6 Preparing Estimates for Direct Loan and Loan Guarantee Subsidies
Under the Federal Credit Reform Act January 2004 (Amendments to TR-3)
Source: FASAB.
Appendix V
Checklists for Reviewing Systems under the Federal Financial Management
Improvement Act
Checklist Issue date
GAO/AIMD-00-21.2.3 Human Resources and Payroll Systems Requirements March
2000
GAO-01-99G Seized Property and Forfeited Assets Systems Requirements
October 2000
GAO/AIMD-21-2.6 Direct Loan System Requirements April 2000
GAO/AIMD-21.2.8 Travel System Requirements May 2000
GAO/AIMD-99-21.2.9 System Requirements for Managerial Cost Accounting
January 1999
GAO-01-371G Guaranteed Loan System Requirements March 2001
GAO-01-911G Grant Financial System Requirements September 2001
GAO-02-171G Property Management Systems Requirements December 2001
GAO-04-22G Benefit System Requirements October 2003
GAO-04-650G Acquisition/Financial Systems Interface Requirements June 2004
GAO-05-225G Core Financial System Requirements February 2005
Source: GAO.
Appendix VI
Comments from the Office of Management and Budget
Appendix VI
Comments from the Office of Management
and Budget
Appendix VII
Auditors' FFMIA Determinations for Fiscal
Year 2004
Auditor's assessment of Areas of reported systems lack of compliance
substantial compliance
Systems Accounting Agency Yes No requirements standards SGL
Department of Agriculture x x x x
Department of Commerce x
Department of Defense x x x x
Department of Education x x
Department of Energy x
Department of Health and Human Services x x x
Department of Housing and Urban Development x x x
Department of the Interior x x x x
Department of Justice x x x x
Department of Labor x
Department of State x x x
Department of Transportation x x x x
Department of the Treasury x x x x
Department of Veterans Affairs x x
Agency for International Development x x x
Environmental Protection Agency x
General Services Administration x
National Aeronautics and Space Administration x x x x
National Science Foundation x
Nuclear Regulatory Commission x x
Office of Personnel Management x x x x
Small Business Administration x x x x
Social Security Administration x
Total 7 1616 11 11
Source: GAO prepared from analysis of fiscal year 2004 audit reports.
Appendix VIII
GAO Contact and Staff Acknowledgments
GAO Contact Sally E. Thompson, (202) 512-2600
Acknowledgments In addition to the contact named above, Kay L. Daly,
Assistant Director; W. Stephen Lowrey; and Chanetta R. Reed made key
contributions to this report.
GAO's Mission The Government Accountability Office, the audit, evaluation
and investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents at no cost
is through GAO's Web site (www.gao.gov). Each weekday, GAO postsGAO
Reports and newly released reports, testimony, and correspondence on its
Web site. To Testimony have GAO e-mail you a list of newly posted products
every afternoon, go to
www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061
To Report Fraud, Contact:
Waste, and Abuse in Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: [email protected] Programs Automated answering system: (800)
424-5454 or (202) 512-7470
Congressional Gloria Jarmon, Managing Director, [email protected] (202)
512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125
Relations Washington, D.C. 20548
Public Affairs Paul Anderson, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
*** End of document. ***