Financial Management Systems: DHS Has an Opportunity to 	 
Incorporate Best Practices in Modernization Efforts (29-MAR-06,  
GAO-06-553T).							 
                                                                 
Over the years, GAO has reported on various agencies' financial  
management system implementation failures. GAO's recent report	 
(GAO-06-184) discusses some of the most significant problems	 
previously identified with agencies' financial management system 
modernization efforts. For today's hearing, GAO was asked to	 
provide its perspectives on the importance of the Department of  
Homeland Security (DHS) following best practices in developing	 
and implementing its new financial management systems and	 
avoiding the mistakes of the past. GAO's testimony (1) discusses 
the recurring problems identified in agencies' financial	 
management systems development and implementation efforts, (2)	 
points out key financial management system modernization	 
challenges at DHS, and (3) highlights the building blocks that	 
form the foundation for successful financial management system	 
implementation efforts. 					 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-06-553T					        
    ACCNO:   A50319						        
  TITLE:     Financial Management Systems: DHS Has an Opportunity to  
Incorporate Best Practices in Modernization Efforts		 
     DATE:   03/29/2006 
  SUBJECT:   Best practices					 
	     Financial management				 
	     Financial management systems			 
	     Internal controls					 
	     Program management 				 
	     Strategic planning 				 
	     Systems conversions				 
	     Systems evaluation 				 
	     Systems integration				 
	     Technology modernization programs			 
	     Best practices methodology 			 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-06-553T

Testimony

Before Congressional Subcommittees

United States Government Accountability Office

GAO

For Release on Delivery Expected at 3:00 p.m. EST

Wednesday, March 29, 2006

FINANCIAL MANAGEMENT SYSTEMS

DHS Has an Opportunity to Incorporate Best Practices in Modernization
Efforts

Statement of McCoy Williams

Director, Financial Management and Assurance

Keith A. Rhodes

Chief Technologist, Applied Research and Methods

Center for Technology and Engineering

GAO-06-553T

Mr. Chairmen and Members of the Subcommittees:

It is a pleasure to be here today to participate in this joint oversight
hearing1 on the Department of Homeland Security's (DHS) ongoing efforts to
effectively manage its information technology (IT) projects. Modern
financial management systems are a critical component to instituting
strong financial management as called for by the Chief Financial Officers
(CFO) Act of 1990, the Federal Financial Management Improvement Act of
1996 (FFMIA), and other legislation. As we testified2 in November 2005,
agencies continue to struggle with developing and implementing integrated
systems that achieve expected functionality within cost and timeliness
goals. While most CFO Act agencies have obtained clean (or unqualified)
audit opinions on their financial statements, the underlying financial
systems remain a serious problem. Hearings such as this one today foster
meaningful financial management reform.

Over the years, we have reported on various agencies' financial management
system implementation failures. Our recent report,3 which was prepared at
the request of the Subcommittee on Government Management, Finance, and
Accountability, House Committee on Government Reform, discusses some of
the most significant problems and observations we identified with
agencies' financial management system modernization efforts. Today, we
would like to provide our perspectives on the importance of DHS following
best practices in developing and implementing its new financial management
systems. Specifically, we would like to

           o  discuss the recurring problems we and others have identified in
           agencies' financial management systems development and
           implementation efforts,

           o  point out key financial management system modernization
           challenges at DHS, and
           o  highlight the building blocks that form the foundation for
           successful financial management system implementation efforts.

           Our statement is based upon our recently issued report,4 as well
           as our previous reports and testimonies, which were performed in
           accordance with U.S. generally accepted government auditing
           standards. We have not performed a detailed review of DHS's
           financial management transformation efforts.

           In our recent report,5 we summarize many of the agencies'
           financial management system implementation failures that have been
           previously reported by us and inspectors general (IG). Our work
           and that of the IGs over the years has shown that agencies have
           failed to employ accepted best practices in systems development
           and implementation (commonly referred to as disciplined processes)
           that can collectively reduce the risk associated with implementing
           financial management systems. In our report, we identified key
           causes of failures within several recurring themes, including
           disciplined processes and human capital management. DHS would be
           wise to study the lessons learned through other agencies' costly
           failures and consider building a strong foundation for successful
           financial management system implementation, as we will discuss
           later in our testimony.

           From our review of over 40 prior reports, we identified weaknesses
           in the following areas of disciplined processes.

           o  Requirements management. Ill-defined or incomplete requirements
           have been identified by many system developers and program
           managers as a root cause of system failure.6 It is critical that
           requirements-functions the system must be able to perform-be
           carefully defined and flow from the concept of operations (how the
           organization's day-to-day operations are or will be carried out to
           meet mission needs). In our previous work, we have found agencies
           with a lack of a concept of operations, vague and ambiguous
           requirements, and requirements that are not traceable or linked to
           business processes.

           o  Testing. Complete and thorough testing is essential to provide
           reasonable assurance that new or modified systems will provide the
           capabilities in the requirements. Testing is the process of
           executing a program with the intent of finding errors.7 Because
           requirements provide the foundation for system testing, they must
           be complete, clear, and well documented to design and implement an
           effective testing program. Absent this, an organization is taking
           a significant risk that substantial defects will not be detected
           until after the system is implemented. Industry best practices
           indicate that the sooner a defect is recognized and corrected, the
           cheaper it is to fix. In our work, we have found flawed test
           plans, inadequate timing of testing, and ineffective systems
           testing.

           o  Data conversion. In its white paper8 on financial system data
           conversion,9 the Joint Financial Management Improvement Program
           (JFMIP)10 identified data conversion as one of the critical tasks
           necessary to successfully implement a new financial system. JFMIP
           also noted that if data conversion is done right, the new system
           has a much greater opportunity for success. On the other hand,
           converting data incorrectly or entering unreliable data from a
           legacy system has lengthy and long-term repercussions. The adage
           "garbage in, garbage out" best describes the adverse impact.
           Examples of problems we have reported on include agencies that
           have not properly developed and implemented good data conversion
           plans, have planned the data conversion too late in the project,
           and have not reconciled account balances.

           o  Risk management. According to leading systems acquisition
           organizations, risk management is a process for identifying
           potential problems before they occur and adjusting the acquisition
           to decrease the chance of their occurrence. Risks should be
           identified as early as possible and a risk management process
           should be developed and put in place. Risks should be identified,
           analyzed, mitigated, and tracked to closure. Effectively managing
           risks is one way to minimize the chances of project cost,
           schedule, and performance problems from occurring. We have
           reported that agencies have not fully implemented effective risk
           management practices, including shortcomings in identifying and
           tracking risks.

           o  Project management. Effective project management is the process
           for planning and managing all project-related activities, such as
           defining how components are interrelated, defining tasks,
           estimating and obtaining resources, and scheduling activities.
           Project management allows the performance, cost, and schedule of
           the overall program to be continually measured, compared with
           planned objectives, and controlled. We have reported on a number
           of project management problems including inadequate project
           management structure, schedule-driven projects, and lack of
           performance metrics and oversight.

           o  Quality assurance. Quality assurance provides independent
           assessments of whether management process requirements are being
           followed and whether product standards and requirements are being
           satisfied. This process includes, among other things, the use of
           independent verification and validation (IV&V). We and others have
           reported on problems related to agencies' use of IV&V including
           specific functions not being performed by the IV&V, the IV&V
           contractor not being independent, and IV&V recommendations not
           being implemented.

           Inadequate implementation of disciplined processes can manifest
           itself in many ways when implementing a financial management
           system. While full deployment has been delayed at some agencies,
           specific functionality has been delayed or flawed at other
           agencies. The following examples illustrate some of the recurring
           problems related to the lack of disciplined processes in
           implementing financial management systems.

           o  In May 2004, we reported11 significant flaws in requirements
           management and testing that adversely affected the initial
           development and implementation of the Army's Logistics
           Modernization Program (LMP), in which the Army estimated that it
           would invest about $1 billion. These flaws also hampered efforts
           to correct the operational difficulties experienced at the
           Tobyhanna Army Depot. In June 2005, we reported12 that the Army
           had not effectively addressed its requirements management and
           testing problems, and data conversion weaknesses had hampered the
           Army's ability to address the problems that needed to be corrected
           before the system could be fielded to other locations. The Army
           lacked reasonable assurance that (1) system problems experienced
           during the initial deployment and causing the delay of future
           deployments had been corrected and (2) LMP was capable of
           providing the promised system functionality. Subsequent
           deployments of the system have been delayed.

           o  We reported13 in February 2005 that our experience with major
           systems acquisitions, such as the Office of Personnel Management's
           (OPM) Retirement Systems Modernization (RSM) program, has shown
           that having sound disciplined processes in place increases the
           likelihood of the acquisitions meeting cost and schedule estimates
           as well as performance requirements. However, we found that many
           of the processes in these areas for RSM were not sufficiently
           developed, were still under development, or were planned for
           future development. For example, OPM lacked needed processes for
           developing and managing requirements, planning and managing
           project activities, managing risks, and providing sound
           information to investment decision makers. Without these processes
           in place, RSM was at increased risk of not being developed and
           delivered on time and within budget and falling short of promised
           capabilities.

           o  In August 2004, the Department of Veterans Affairs (VA) IG
           reported14 that the effect of transferring inaccurate data to VA's
           new core financial system at a pilot location interrupted patient
           care and medical center operations. This raised concerns that
           similar conversion problems would occur at other VA facilities if
           the conditions identified were not addressed and resolved
           nationwide prior to roll out. Some of the specific conditions the
           IG noted were that contracting and monitoring of the project were
           not adequate, and the deployment of the new system encountered
           multiple problems, including those related to software testing,
           data conversion and system interfaces, and project management. As
           a result of these problems, patient care was interrupted by supply
           outages and other problems. The inability to provide sterile
           equipment and needed supplies to the operating room resulted in
           the cancelation of 81 elective surgeries for a week in both
           November 2003 and February 2004. In addition, the operating room
           was forced to operate at two-thirds of its prior capacity. Because
           of the serious nature of the problems raised with the new system,
           VA management decided to focus on transitioning back to the
           previous financial management software at the pilot location and
           assembled a senior leadership team to examine the results of the
           pilot and make recommendations to the VA Secretary regarding the
           future of the system.

           We are concerned that federal agencies' human capital problems are
           eroding the ability of many agencies-and threatening the ability
           of others-to perform their IT missions economically, efficiently,
           and effectively. For example, we found15 that in the 1990s, the
           initial rounds of downsizing were set in motion without
           considering the longer-term effects on agencies' IT performance
           capacity. Additionally, a number of individual agencies
           drastically reduced or froze their hiring efforts for extended
           periods. Consequently, following a decade of downsizing and
           curtailed investments in human capital, federal agencies currently
           face skills, knowledge, and experience imbalances, especially in
           their IT workforces. Without corrective action, these imbalances
           will worsen, especially in light of the numbers of federal
           civilian workers becoming eligible to retire in the coming years.
           In this regard, we are emphasizing the need for additional focus
           on the following three key elements of human capital management.

           o  Strategic workforce planning. Having staff with the appropriate
           skills is key to achieving financial management improvements, and
           managing an organization's employees is essential to achieving
           results. It is important that agencies incorporate strategic
           workforce planning by (1) aligning an organization's human capital
           program with its current and emerging mission and programmatic
           goals and (2) developing long-term strategies for acquiring,
           developing, and retaining an organization's total workforce to
           meet the needs of the future. This incorporates a range of
           activities from identifying and defining roles and
           responsibilities, to identifying team members, to developing
           individual competencies that enhance performance. We have reported
           on agencies without a sufficient human capital strategy or plan,
           skills gap analysis, or training plans.

           o  Human resources. Having sufficient numbers of people on board
           with the right mix of knowledge and skills can make the difference
           between success and failure. This is especially true in the IT
           area, where widespread shortfalls in human capital have
           contributed to demonstrable shortfalls in agency and program
           performance. We have found agency projects with significant human
           resource challenges, including addressing personnel shortages,
           filling key positions, and developing and retaining staff with the
           required competencies.

           o  Change management. According to leading IT organizations,
           organizational change management is the process of preparing users
           for the business process changes that will accompany
           implementation of a new system. An effective organizational change
           management process includes project plans and training that
           prepare users for impacts the new system might have on their roles
           and responsibilities and a process to manage those changes. We
           have reported on various problems with agencies' change
           management, including transition plans not being developed,
           business processes not being reengineered, and customization not
           being limited.

           The following examples illustrate some of the recurring problems
           related to human capital management in implementing financial
           management systems.

           o  We first reported in February 200216 that the Internal Revenue
           Service (IRS) had not defined or implemented an IT human capital
           strategy for its Business Systems Modernization (BSM) program and
           recommended that IRS address this weakness. In June 2003, we
           reported17 that IRS had made important progress in addressing our
           recommendation, but had yet to develop a comprehensive multiyear
           workforce plan. IRS also had not hired, developed, or retained
           sufficient human capital resources with the required competencies,
           including technical skills, in specific mission areas. In
           September 2003, the Treasury Inspector General for Tax
           Administration reported18 that IRS's Modernization and IT Services
           organization had made significant progress in developing its human
           capital strategy but had not yet (1) identified and incorporated
           human capital asset demands for the modernized organization, (2)
           developed detailed hiring and retention plans, or (3) established
           a process for reviewing the human capital strategy development and
           monitoring its implementation. We most recently reported in July
           200519 that IRS had taken some steps in the right direction.
           However, until IRS fully implements its strategy, it will not have
           all of the necessary IT knowledge and skills to effectively manage
           the BSM program or to operate modernized systems. Consequently,
           the risk of BSM program and project cost increases, schedule
           slippages, and performance problems is increased.

           o  We reported, in September 2004,20 that staff shortages and
           limited strategic workforce planning resulted in the Department of
           Health and Human Services (HHS) not having the resources needed to
           effectively design and operate its new financial management
           system. HHS had taken the first steps in strategic workforce
           planning. For example, the Centers for Disease Control and
           Prevention (CDC), where the first deployment was scheduled, was
           the only operating division that had prepared a competency report,
           but a skills gap analysis and training plan for CDC had not been
           completed. In addition, many government and contractor positions
           on the implementation project were not filled as planned. While
           HHS and the systems integrator had taken measures to acquire
           additional human resources for the implementation of the new
           financial management system, we concluded that scarce resources
           could significantly jeopardize the project's success and lead to
           several key deliverables being significantly behind schedule. In
           September 2004, HHS decided to delay its first scheduled
           deployment at CDC by 6 months in order to address these and other
           issues.

           DHS faces unique challenges in attempting to develop integrated
           financial management systems across the breadth of such a large
           and diverse department. DHS was established by the Homeland
           Security Act of 2002,21 as the 15th Cabinet Executive Branch
           Department of the United States government. DHS inherited a myriad
           of redundant financial management systems from 22 diverse agencies
           along with 180,000 employees, about 100 resource management
           systems, and 30 reportable conditions22 identified in prior
           component financial audits. Of the 30 reportable conditions, 18
           were so severe they were considered material weaknesses.23 Among
           these weaknesses were insufficient internal controls or processes
           to reliably report financial information such as revenue, accounts
           receivable, and accounts payable; significant system security
           deficiencies; financial systems that required extensive manual
           processes to prepare financial statements; and incomplete policies
           and procedures necessary to complete basic financial management
           activities.

           DHS received a disclaimer of opinion on its financial statements
           for fiscal year 2005,24 and the independent auditors also reported
           that DHS's financial management systems did not substantially
           comply with the requirements of FFMIA. The disclaimer was
           primarily due to financial reporting problems at five components.
           The five components include Immigration and Customs Enforcement
           (ICE), the United States Coast Guard (Coast Guard), State and
           Local Government Coordination and Preparedness (SLGCP),25 the
           Transportation Security Administration (TSA), and Emergency
           Preparedness and Response (EPR). Further, ICE is an accounting
           service provider for other DHS components, and it failed to
           adequately maintain both its own accounting records and those of
           other DHS components during fiscal year 2005.

           The auditors' fiscal year 2005 report discusses 10 material
           weaknesses, two other reportable conditions in internal control,
           and instances of noncompliance with seven laws and regulations.
           Among the 10 material weaknesses were inadequate financial
           management and oversight at DHS components, primarily ICE and
           Coast Guard; decentralized financial reporting at the component
           level; significant general IT and application control weaknesses
           over critical financial and operational data; and the lack of
           accurate and timely reconciliation of fund balance with treasury
           accounts. The results of the auditors' tests of fiscal year 2005
           compliance with certain provisions of laws, regulations,
           contracts, and grant agreements disclosed instances of
           noncompliance. The DHS auditors reported instances of
           noncompliance with

           o  31 U.S.C. S: 3512(c),(d), commonly known as the Federal
           Managers' Financial Integrity Act of 1982 (FMFIA);

           o  the Federal Financial Management Improvement Act of 1996
           (FFMIA), Pub. L. No. 104-208, div. A, S: 101(f), title VIII, 110
           Stat. 3009, 3009-389 (Sept. 30, 1996);

           o  the Federal Information Security Management Act of 2002
           (FISMA), Pub. L. No. 107-347, title III, 116 Stat. 2899, 2946
           (Dec. 17, 2002);

           o  the Single Audit Act, as amended (codified at 31 U.S.C. S:S:
           7501-7507), and other laws and regulations related to OMB Circular
           No. A-50, Audit Follow-up, as revised (Sept. 29, 1982);

           o  the Improper Payments Information Act of 2002, Pub. L. No.
           107-300, 116 Stat. 2350 (Nov. 26, 2002);

           o  the Department of Homeland Security Financial Accountability
           Act of 2004, Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004);
           and

           o  the Government Performance and Results Act of 1993 (GPRA), Pub.
           L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993).

           Although DHS inherited many of the reportable conditions and
           noncompliance issues discussed above, the department's top
           management, including the CFO, is ultimately responsible for
           ensuring that progress is made in the area of financial
           management.

           In August 2003, DHS began the "electronically Managing enterprise
           resources for government effectiveness and efficiency" (eMerge2)
           program at an estimated cost of $229 million. The eMerge2 program
           was supposed to provide DHS with the financial system
           functionality to consolidate and integrate the department's
           financial accounting and reporting systems, including budget,
           accounting and reporting, cost management, asset management, and
           acquisition and grants functions. According to DHS officials, a
           systems integrator was hired in December 2003, and the project was
           expected to be fully deployed and operational in 2006. In July
           2004, we reported26 that the acquisition of eMerge2 was in the
           early stages and continued focus and follow through, among other
           things, would be necessary for it to be successful.

           According to DHS officials, because the project was not meeting
           its performance goals and timeline, DHS officials began
           considering whether to continue the project and in Spring 2005
           started looking at another strategy. DHS officials told us they
           decided to change the strategy for its eMerge2 program in October
           2005, and focus on leveraging the systems already in place. The
           revised strategy will allow DHS components to choose from an array
           of existing financial service providers. DHS officials said that
           by January 2006, after spending a reported $15.2 million,
           acquisition and development activities on eMerge2 had stopped and
           the blanket purchase agreement with the systems integrator
           expired. DHS officials added that the eMerge2 project would not be
           renamed. However, DHS plans to continue eMerge2 using a shared
           services approach, which allows its components to choose among
           three DHS providers of financial management services27 and the
           Department of the Treasury's Bureau of the Public Debt, which was
           identified by OMB as a governmentwide financial management center
           of excellence. DHS officials told us that although a
           departmentwide concept of operations and migration plan were still
           under development, they expected progress to be made in the next 5
           years. As we will discuss later, a departmentwide concept of
           operations document would help DHS and others understand such
           items as how DHS will migrate the various entities to these shared
           service providers and how it will obtain the departmental
           information necessary to manage the agency from these disparate
           operations. DHS officials acknowledged that they needed to first
           address the material weaknesses at the proposed shared service
           providers before component agencies migrate to them.

           The key for federal agencies, including DHS, to avoid the
           long-standing problems that have plagued financial management
           system improvement efforts is to address the foremost causes of
           those problems and adopt solutions that reduce the risks
           associated with these efforts to acceptable levels. Although it
           appears that DHS will adopt a shared services approach to meet its
           needs for integrated financial management systems, implementing
           this approach will be complex and challenging, making the adoption
           of best practices even more important for this undertaking. Based
           on industry best practices, we identified four key concepts that
           will be critical to DHS's ability to successfully complete its
           planned migration to shared service providers. Careful
           consideration of these four concepts, each one building upon the
           next, will be integral to the success of DHS's strategy. The four
           concepts are (1) developing a concept of operations, (2) defining
           standard business processes, (3) developing a migration strategy
           for DHS components, and (4) defining and effectively implementing
           disciplined processes necessary to properly manage the specific
           projects. We will now highlight the key issues to be considered
           for each of the four areas.

           As we discussed previously, a concept of operations defines how an
           organization's day-to-day operations are (or will be) carried out
           to meet mission needs. The concept of operations includes
           high-level descriptions of information systems, their
           interrelationships, and information flows. It also describes the
           operations that must be performed, who must perform them, and
           where and how the operations will be carried out. Further, it
           provides the foundation on which requirements definitions and the
           rest of the systems planning process are built. Normally, a
           concept of operations document is one of the first documents to be
           produced during a disciplined development effort and flows from
           both the vision statement and the enterprise architecture.
           According to the Institute of Electrical and Electronic Engineers
           (IEEE) standards,28 a concept of operations is a user-oriented
           document that describes the characteristics of a proposed system
           from the users' viewpoint. The key elements that should be
           included in a concept of operations are major system components,
           interfaces to external systems, and performance characteristics
           such as speed and volume.

           Another key element of a concept of operations is a transition
           strategy that is useful for developing an understanding of how and
           when changes will occur. Not only is this needed from an
           investment management point of view, it is a key element in the
           human capital problems discussed previously that revolved around
           change management strategies. Describing how to implement DHS's
           approach for using shared service providers for its financial
           management systems, as well as the process that will be used to
           deactivate legacy systems that will be replaced or interfaced with
           a new financial management system, are key aspects that need to be
           addressed in a transition strategy.

           Business process models provide a way of expressing the
           procedures, activities, and behaviors needed to accomplish an
           organization's mission and are helpful tools to document and
           understand complex systems. Business processes are the various
           steps that must be followed to perform a certain activity. For
           example, the procurement process would start when the agency
           defines its needs, and issues a solicitation for goods or
           services, and would continue through contract award, receipt of
           goods and services, and would end when the vendor properly
           receives payment. The identification of preferred business
           processes would be critical for standardization of applications
           and training and portability of staff.

           To maximize the success of a new system acquisition, organizations
           need to consider the redesign of current business processes. As we
           noted in our Executive Guide: Creating Value Through World-class
           Financial Management,29 leading finance organizations have found
           that productivity gains typically result from more efficient
           processes, not from simply automating old processes. Moreover, the
           Clinger-Cohen Act of 1996 requires agencies to analyze the
           missions of the agency and, based on the analysis, revise
           mission-related and administrative processes, as appropriate,
           before making significant investments in IT used to support those
           missions.30 Another benefit of what is often called business
           process modeling is that it generates better system requirements,
           since the business process models drive the creation of
           information systems that fit in the organization and will be used
           by end users. Other benefits include providing a foundation for
           agency efforts to describe the business processes needed for
           unique missions, or developing subprocesses to support those at
           the departmentwide level.

           Although DHS has a goal of migrating agencies to a limited number
           of shared service providers, it has not yet articulated a clear
           and measurable strategy for achieving this goal. In the context of
           migrating to shared service providers, critical activities include
           (1) developing specific criteria for requiring component agencies
           to migrate to one of the providers rather than attempting to
           develop and implement their own stove-piped business systems; (2)
           providing the necessary information for a component agency to make
           a selection of a shared service provider for financial management;
           (3) defining and instilling new values, norms, and behaviors
           within component agencies that support new ways of doing work and
           overcoming resistance to change; (4) building consensus among
           customers and stakeholders on specific changes designed to better
           meet their needs; and (5) planning, testing, and implementing all
           aspects of the transition from one organizational structure and
           business process to another.

           Finally, sustained leadership will be key to a successful strategy
           for moving DHS components towards consolidated financial
           management systems. In our Executive Guide: Creating Value Through
           World-class Financial Management, we found that leading
           organizations made financial management improvement an entitywide
           priority by, among other things, providing clear, strong executive
           leadership. We also reported that making financial management a
           priority throughout the federal government involves changing the
           organizational culture of federal agencies. Although the views
           about how an organization can change its culture can vary
           considerably, leadership (executive support) is often viewed as
           the most important factor in successfully making cultural changes.
           Top management must be totally committed in both words and actions
           to changing the culture, and this commitment must be sustained and
           demonstrated to staff. As pressure mounts to do more with less, to
           increase accountability, and to reduce fraud, waste, abuse, and
           mismanagement, and efforts to reduce federal spending intensify,
           sustained and committed leadership will be a key factor in the
           successful implementation of DHS's financial management systems.

           Once the concept of operations and standard business processes
           have been defined and a migration strategy is in place, the use of
           disciplined processes, as discussed previously, will be a critical
           factor in helping to ensure that the implementation is successful.
           The key to avoiding long-standing implementation problems is to
           provide specific guidance to component agencies for financial
           management system implementations, incorporating the best
           practices identified by the Software Engineering Institute, the
           IEEE, the Project Management Institute, and other experts that
           have been proven to reduce risk in implementing systems. Such
           guidance should include the various disciplined processes such as
           requirements management, testing, data conversion and system
           interfaces, risk and project management, and related activities,
           which have been problematic in the financial systems
           implementation projects we and others have reviewed.

           Disciplined processes have been shown to reduce the risks
           associated with software development and acquisition efforts to
           acceptable levels and are fundamental to successful system
           implementations. The principles of disciplined IT systems
           development and acquisition apply to shared services
           implementation, such as that contemplated by DHS. A disciplined
           software implementation process can maximize the likelihood of
           achieving the intended results (performance) within established
           resources (costs) on schedule. For example, disciplined processes
           should be in place to address the areas of data conversion and
           interfaces, two of the many critical elements necessary to
           successfully implement a new system-the lack of which have
           contributed to the failure of previous agency efforts. Further
           details on disciplined processes can be found in appendix III of
           our recently issued report.31

           In closing, the best practices we identified are interrelated and
           interdependent, collectively providing an agency with a better
           outcome for its system deployment-including cost savings, improved
           service and product quality, and ultimately, a better return on
           investment. The predictable result of DHS and other agencies not
           effectively addressing these best practices is projects that do
           not meet cost, schedule, and performance objectives. There will
           never be a 100 percent guarantee that a new system will be fully
           successful from the outset. However, risk can be managed and
           reduced to acceptable levels through the use of disciplined
           processes, which in short represent best practices that have
           proven their value in the past. We view the application of
           disciplined processes to be essential for DHS's systems
           modernization efforts. Based on industry best practices, the
           following four concepts would help ensure a sound foundation for
           developing and implementing a DHS-wide solution for the complex
           financial management problems it currently faces: (1) developing a
           concept of operations that expresses DHS's view of financial
           management and how that vision will be realized, (2) defining
           standard business processes, (3) developing an implementation
           strategy, and (4) defining and effectively implementing applicable
           disciplined processes. If properly implemented, the best practices
           discussed here today and in our recently issued report32 will help
           reduce the risk associated with a project of this magnitude and
           importance to an acceptable level. With DHS at an important
           crossroads in the implementation of the eMerge2 program, it has
           the perfect opportunity to use these building blocks to form a
           solid foundation on which to base its efforts and avoid the
           problems that have plagued so many other federal agencies faced
           with the same challenge.

           Mr. Chairmen, this concludes our prepared statement. We would be
           happy to respond to any questions you or other Members of the
           Subcommittees may have at this time.

           For information about this testimony, please contact McCoy
           Williams, Director, Financial Management and Assurance, at (202)
           512-9095 or at [email protected] , or Keith A. Rhodes, Chief
           Technologist, Applied Research and Methods, who may be reached at
           (202) 512-6412 or at [email protected] . Contact points for our
           Offices of Congressional Relations and Public Affairs may be found
           on the last page of this testimony. Individuals who made key
           contributions to this testimony include Kay Daly, Assistant
           Director; Chris Martin, Senior-Level Technologist; Francine
           DelVecchio; Mike LaForge; and Chanetta Reed. Numerous other
           individuals made contributions to the GAO reports cited in this
           testimony.

           The Government Accountability Office, the audit, evaluation and
           investigative arm of Congress, exists to support Congress in
           meeting its constitutional responsibilities and to help improve
           the performance and accountability of the federal government for
           the American people. GAO examines the use of public funds;
           evaluates federal programs and policies; and provides analyses,
           recommendations, and other assistance to help Congress make
           informed oversight, policy, and funding decisions. GAO's
           commitment to good government is reflected in its core values of
           accountability, integrity, and reliability.

           The fastest and easiest way to obtain copies of GAO documents at
           no cost is through GAO's Web site ( www.gao.gov ). Each weekday,
           GAO posts newly released reports, testimony, and correspondence on
           its Web site. To have GAO e-mail you a list of newly posted
           products every afternoon, go to www.gao.gov and select "Subscribe
           to Updates."

           The first copy of each printed report is free. Additional copies
           are $2 each. A check or money order should be made out to the
           Superintendent of Documents. GAO also accepts VISA and Mastercard.
           Orders for 100 or more copies mailed to a single address are
           discounted 25 percent. Orders should be sent to:

           U.S. Government Accountability Office 441 G Street NW, Room LM
           Washington, D.C. 20548

           To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax:
           (202) 512-6061

           Contact:

           Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
           [email protected] Automated answering system: (800) 424-5454 or
           (202) 512-7470

           Gloria Jarmon, Managing Director, [email protected] (202) 512-4400
           U.S. Government Accountability Office, 441 G Street NW, Room 7125
           Washington, D.C. 20548

           Paul Anderson, Managing Director, [email protected] (202)
           512-4800 U.S. Government Accountability Office, 441 G Street NW,
           Room 7149 Washington, D.C. 20548

1Joint hearing held by the Subcommittee on Government Management, Finance,
and Accountability, House Committee on Government Reform and the
Subcommittee on Management, Integration, and Oversight, House Committee on
Homeland Security.

2GAO, CFO Act of 1990: Driving the Transformation of Federal Financial
Management, GAO-06-242T (Washington, D.C.: Nov. 17, 2005).

3GAO, Financial Management Systems: Additional Efforts Needed to Address
Key Causes of Modernization Failures, GAO-06-184 (Washington, D.C.: Mar.
15, 2006).

  Lessons Learned in Recurring Failures of Federal Agency Financial Management
                             System Implementations

Disciplined Processes Have Not Been Fully Employed

4 GAO-06-184 .

5 GAO-06-184 .

6Requirements are the blueprint that system developers and program
managers use to design and develop a system.

7Glenford J. Myers, The Art of Software Testing (John Wiley & Sons, Inc.,
1979).

8Joint Financial Management Improvement Program, White Paper: Financial
Systems Data Conversion-Considerations (Washington, D.C.: Dec. 20, 2002).

9Data conversion is defined as the modification of existing data to enable
it to operate with similar functional capability in a different
environment.

10JFMIP was originally formed under the authority of the Budget and
Accounting Procedures Act of 1950 and was a joint and cooperative
undertaking of GAO, the Department of the Treasury, the Office of
Management and Budget (OMB), and the Office of Personnel Management (OPM),
working in cooperation with each other to improve financial management
practices in the federal government. In a December 2004 memorandum, OMB
announced a realignment of JFMIP's responsibilities for financial
management policy and oversight in the federal government. JFMIP ceased to
exist as a separate organization, although the Principals will continue to
meet at their discretion.

11GAO, DOD Business Systems Modernization: Billions Continue to Be
Invested with Inadequate Management Oversight and Accountability,
GAO-04-615 (Washington, D.C.: May 27, 2004).

12GAO, Army Depot Maintenance: Ineffective Oversight of Depot Maintenance
Operations and System Implementation Efforts, GAO-05-441 (Washington,
D.C.: June 30, 2005).

13GAO, Office of Personnel Management: Retirement Systems Modernization
Program Faces Numerous Challenges, GAO-05-237 (Washington, D.C.: Feb. 28,
2005).

Human Capital Management Problems Impede Financial Systems Development and
Deployment

14Department of Veterans Affairs Office of Inspector General, Issues at VA
Medical Center Bay Pines, Florida and Procurement and Deployment of the
Core Financial and Logistics System, Report 04-01371-177 (Washington,
D.C.: Aug. 11, 2004).

15GAO, Human Capital: Building the Information Technology Workforce to
Achieve Results, GAO-01-1007T (Washington, D.C.: July 31, 2001).

16GAO, Business Systems Modernization: IRS Needs to Better Balance
Management Capacity with Systems Acquisition Workload, GAO-02-356
(Washington, D.C.: Feb. 28, 2002).

17GAO, Business Systems Modernization: IRS Has Made Significant Progress
in Improving Its Management Controls, but Risks Remain, GAO-03-768
(Washington, D.C.: June 27, 2003).

18Treasury Inspector General for Tax Administration, The Modernization,
Information Technology and Security Services Organization Needs to Take
Further Action to Complete Its Human Capital Strategy, Reference Number
2003-20-209 (Washington, D.C.: Sept. 22, 2003).

19GAO, Business Systems Modernization: Internal Revenue Service's Fiscal
Year 2005 Expenditure Plan, GAO-05-774 (Washington, D.C.: July 22, 2005).

20GAO, Financial Management Systems: Lack of Disciplined Processes Puts
Implementation of HHS's Financial System at Risk, GAO-04-1008 (Washington,
D.C.: Sept. 23, 2004).

               DHS Faces Serious Financial Management Challenges

21Pub. L. No. 107-296, S: 101(a), 116 Stat. 2135, 2142 (Nov. 25, 2002)
(codified at 6 U.S.C. S: 111(a)).

22Under standards issued by the American Institute of Certified Public
Accountants, "reportable conditions" are matters coming to the auditors'
attention relating to significant deficiencies in the design or operation
of internal control that, in the auditors' judgment, could adversely
affect the department's ability to record, process, summarize, and report
financial data consistent with the assertions of management in the
financial statements.

23Material weaknesses are reportable conditions in which the design or
operation of one or more of the internal control components does not
reduce to a relatively low level the risk that misstatements in amounts
that would be material in relation to the financial statements being
audited may occur and not be detected within a timely period by employees
in the normal course of performing their assigned functions.

24Office of Inspector General, Independent Auditors' Report on DHS' FY
2005 Financial Statements (Nov. 15, 2005).

25SLGCP has since been succeeded by the Office of Grants and Training
(G&T) within the DHS Preparedness Directorate.

26GAO, Financial Management: Department of Homeland Security Faces
Significant Financial Management Challenges, GAO-04-774 (Washington, D.C.:
July 19, 2004).

 The Building Blocks of Successful Financial Management System Implementations

27The three proposed DHS shared service providers are Customs and Border
Protection, Coast Guard, and Federal Law Enforcement Training Center.

Concept of Operations Provides Foundation

28IEEE Std. 1362-1998. The IEEE is a nonprofit, technical professional
association that develops standards for a broad range of global
industries, including the IT and information assurance industries and is a
leading source for defining best practices.

Key Issues for DHS to Consider                                             
                                                                              
      o  What is considered a financial management system? Are all the        
      components using a standard definition?                                 
      o  Who will be responsible for developing a DHS-wide concept of         
      operations, and what process will be used to ensure that the resulting  
      document reflects the departmentwide solution rather than individual    
      component agency stove-piped efforts?                                   
      o  How will DHS's concept of operations be linked to its enterprise     
      architecture?                                                           
      o  How can DHS obtain reliable information on the costs of its          
      financial management systems investments?                               

Standard Business Processes Promote Consistency

29GAO, Executive Guide: Creating Value Through World-class Financial
Management, GAO/AIMD-00-134 (Washington, D.C.: April 2000).

30See 40 U.S.C. S: 11303(b)(2)(C).

Key Issues for DHS to Consider                                             
                                                                              
      o  Who will be responsible for developing DHS-wide standard business    
      processes that meet the needs of its component agencies?                
      o  How will the component agencies be encouraged to adopt new           
      processes, rather than selecting other methods that result in simply    
      automating old ways of doing business?                                  
      o  How will the standard business processes be implemented by the       
      shared service providers to provide consistency across DHS?             
      o  What process will be used to determine and validate the processes    
      needed for DHS agencies that have unique needs?                         

Strategy for Implementing the Financial Management Shared Services Approach Will
Be Key

Key Issues for DHS to Consider                                             
                                                                              
      o  What guidance will be provided to assist DHS component agencies in   
      adopting a change management strategy that reduces the risks of moving  
      to a shared service provider?                                           
      o  What processes will be put in place to ensure that individual        
      component agency financial management system investment decisions focus 
      on the benefits of standard processes and shared service providers?     
      o  What process will be used to facilitate the decision-making process  
      used by component agencies to select a provider?                        
      o  How will component agencies incorporate strategic workforce planning 
      in the implementation of the shared service provider approach?          

Disciplined Processes Will Help Ensure Successful Implementation

Key Issues for DHS to Consider                                             
                                                                              
      o  How can existing industry standards and best practices be            
      incorporated into DHS-wide guidance related to financial management     
      system implementation efforts, including migrating to shared service    
      providers?                                                              
      o  What actions will be taken to reduce the risks and costs associated  
      with data conversion and interface efforts?                             
      o  What oversight process will be used to ensure that modernization     
      efforts effectively implement the prescribed policies and procedures?   

                            Concluding Observations

31 GAO-06-184 .

32 GAO-06-184 .

                          Contacts and Acknowledgments

(195080)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

Obtaining Copies of GAO Reports and Testimony

Order by Mail or Phone

To Report Fraud, Waste, and Abuse in Federal Programs

Congressional Relations

Public Affairs

www.gao.gov/cgi-bin/getrpt? GAO-06-553T .

To view the full product, including the scope

and methodology, click on the link above.

For more information, contact McCoy Williams at (202) 512-9095 or Keith
Rhodes at (202) 512-6412.

Highlights of GAO-06-553T , a testimony before congressional subcommittees

March 29, 2006

FINANCIAL MANAGEMENT SYSTEMS

DHS Has an Opportunity to Incorporate Best Practices in Modernization
Efforts

Over the years, GAO has reported on various agencies' financial management
system implementation failures. GAO's recent report ( GAO-06-184 )
discusses some of the most significant problems previously identified with
agencies' financial management system modernization efforts. For today's
hearing, GAO was asked to provide its perspectives on the importance of
the Department of Homeland Security (DHS) following best practices in
developing and implementing its new financial management systems and
avoiding the mistakes of the past. GAO's testimony (1) discusses the
recurring problems identified in agencies' financial management systems
development and implementation efforts, (2) points out key financial
management system modernization challenges at DHS, and (3) highlights the
building blocks that form the foundation for successful financial
management system implementation efforts.

GAO's work and that of agency inspectors general over the years has shown
that agencies have failed to employ accepted best practices in systems
development and implementation (commonly referred to as disciplined
processes) that can collectively reduce the risk associated with
implementing financial management systems. GAO's recent report identified
key causes of failures within several recurring themes including (1)
disciplined processes, such as requirements management, testing, and
project management; and (2) human capital management, such as workforce
planning, human resources, and change management. Prior reports have
identified costly systems implementation failures attributable to problems
in these areas at agencies across the federal government.

DHS faces unique challenges in attempting to develop integrated financial
management systems across the breadth of such a large and diverse
department. DHS inherited a myriad of redundant financial management
systems from 22 diverse agencies and about 100 resource management
systems. Among the weaknesses identified in prior component financial
audits were insufficient internal controls or processes to reliably report
financial information such as revenue, accounts receivable, and accounts
payable; significant system security deficiencies; financial systems that
required extensive manual processes to prepare financial statements; and
incomplete policies and procedures necessary for conducting basic
financial management activities. In August 2003, DHS began a program to
consolidate and integrate DHS financial accounting and reporting systems.
DHS officials said they recently decided to develop a new strategy for the
planned financial management systems integration program, referred to as
eMerge2, because the prior strategy was not meeting its performance goals
and timeline. DHS's revised strategy will allow DHS components to choose
from an array of existing financial management shared service providers.

Based on industry best practices, GAO identified four key concepts that
will be critical to DHS's ability to successfully complete its planned
migration to shared service providers. Careful consideration of these four
concepts, each one building upon the next, will be integral to the success
of DHS's strategy. The four concepts are

           o  developing a concept of operations,
           o  defining standard business processes,
           o  developing a strategy for implementing DHS's shared services
           approach across the department, and
           o  defining and effectively implementing disciplined processes
           necessary to properly manage the specific projects.

With DHS at an important crossroads in implementing financial management
systems, it has an excellent opportunity to use these building blocks to
form a solid foundation on which to base its efforts and avoid the
problems that have plagued so many other federal agencies.
*** End of document. ***