Financial Management: Improvements Under Way but Serious	 
Financial Systems Problems Persist (26-SEP-06, GAO-06-970).	 
                                                                 
The ability to produce the financial information needed to	 
efficiently and effectively manage the day-today operations of	 
the federal government and provide accountability to taxpayers	 
continues to be a challenge for most federal agencies. To help	 
address this challenge, the Federal Financial Management	 
Improvement Act of 1996 (FFMIA) requires the Chief Financial	 
Officers (CFO) Act agencies to implement and maintain financial  
management systems that comply substantially with (1) federal	 
financial management systems requirements, (2) federal accounting
standards, and (3) the U.S. Government Standard General Ledger at
the transaction level. FFMIA also requires GAO to report annually
on the implementation of the act.				 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-06-970 					        
    ACCNO:   A61429						        
  TITLE:     Financial Management: Improvements Under Way but Serious 
Financial Systems Problems Persist				 
     DATE:   09/26/2006 
  SUBJECT:   Accounting standards				 
	     Audit reports					 
	     Federal agency accounting systems			 
	     Financial management				 
	     Financial management systems			 
	     Financial statements				 
	     Information management				 
	     Internal controls					 
	     Noncompliance					 
	     Reporting requirements				 
	     JFMIP Joint Financial Management			 
	     Improvement Program				 
                                                                 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-06-970

                 United States Government Accountability Office

Report to Congressional Committees

GAO

September 2006

FINANCIAL MANAGEMENT

     Improvements Under Way but Serious Financial Systems Problems Persist

GAO-06-970

FINANCIAL MANAGEMENT

Improvements Under Way but Serious Financial Systems Problems Persist

  What GAO Found

While the number of CFO Act agencies receiving unqualified opinions on
their financial statements has increased significantly since 1997, the
number of CFO Act agencies that did not substantially comply with FFMIA
has remained fairly constant as shown below. Although agencies have made
improvements and have other enhancements under way, the systems
deficiencies that have prompted unfavorable FFMIA assessments indicate
that the financial management systems of many agencies are still not able
to routinely produce reliable, useful, and timely financial information.
GAO views the continuing lack of compliance with FFMIA and the associated
problems with agency financial systems to be significant challenges to
improving the management of the federal government.

    CFO Act agencies not in compliance

24

21 21

                  1997 1998 1999 2000 2001 2002 2003 2004 2005

    Year

Source: GAO analysis, based on independent auditors' financial statement
audit reports prepared by agency inspectors general and contract auditors
for fiscal years 1997 through 2005.

For fiscal year 2005, auditors for five agencies provided negative
assurance that agency systems substantially complied with FFMIA as allowed
by the Office of Management and Budget's (OMB) current audit guidance.
This means that nothing came to their attention to indicate that agency
financial management systems did not substantially comply with FFMIA
requirements. GAO continues to believe that this type of reporting is not
sufficient for reporting under the act. In addition, negative assurance
may provide the false impression that the auditors are reporting that the
agencies' systems are compliant. In contrast, auditors for the Department
of Labor (Labor) provided positive assurance, which is an opinion, by
reporting that Labor's financial management systems substantially complied
with FFMIA requirements-a reporting practice that adds more value.
Auditors have expressed concern about providing positive assurance because
of the need to clarify the meaning of substantial compliance. In addition,
some auditors stated that a change in OMB's guidance that permits negative
assurance would be necessary for them to provide an opinion on FFMIA
compliance.

To help address financial management systems deficiencies, OMB continues
to move ahead on initiatives to enhance financial management in the
federal government. Moreover, the continuing leadership and support of
Congress will be crucial in reforming financial management in the federal
government.

United States Government Accountability Office

Contents

Letter 1
Results In Brief 2
Background 8
Scope and Methodology 12
FFMIA Assessments Identify Continuing Systems Weaknesses 13
Federal Financial Management System Initiatives Continue to Evolve 31
Conclusions 51
Agency Comments and Our Evaluation 51
Appendix I Requirements and Standards Supporting Federal Financial
Management 55
Financial Management Systems Requirements 55
Federal Accounting Standards 58
Government Standard General Ledger 59
Internal Control Standards 59

Appendix II Publications in the Federal Financial Management Systems
Requirements Series

Appendix III Statements of Federal Financial Accounting Concepts,
Standards, Interpretations, and Technical Bulletins

Appendix IV AAPC Technical Releases

Appendix V Checklists for Reviewing Systems under the Federal Financial
Management Improvement Act

Appendix VI Comments from the Office of Management and Budget 66
Appendix VII Auditors' FFMIA Assessments for Fiscal Year 2005

Appendix VIII         GAO Contact and Staff Acknowledgments             69 
Table         Table 1: Key Causes of Systems Implementation Failure     37 
Figures            Figure 1: Auditors' FFMIA Assessments for Fiscal        
                   Years 1997 through 2005 Figure 2: Problems Reported        
                 by Auditors for Fiscal Years 2001 through 2005 Figure        
                  3: Auditors' FFMIA Assessments for Fiscal Years 1997        
                       through 2005 Figure 4: Auditors' Assessments of 
                             Substantial Compliance with FFMIA's Three 
                       Requirements for Fiscal Years 1997 through 2005 
                    Figure 5: Problems Reported by Auditors for Fiscal 
                   Years 2001 through 2005 Figure 6: Overall Vision of 4 6 14
                    the Financial Management Line of BusinessFigure 7:  16 22
                         Governance Structure Figure 8: Agency Systems  40 47
                                                          Architecture     56

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

United States Government Accountability Office Washington, DC 20548

September 26, 2006

The Honorable Susan M. Collins Chairman The Honorable Joseph I. Lieberman
Ranking Minority Member Committee on Homeland Security and Governmental
Affairs United States Senate

The Honorable Tom Davis Chairman The Honorable Henry A. Waxman Ranking
Minority Member Committee on Government Reform House of Representatives

The lack of reliable, useful, and timely financial data needed to
efficiently and effectively manage the day-to-day operations of the
federal government and provide accountability to taxpayers and the
Congress continues to be a weakness at many federal agencies. To address
this longstanding weakness, the Congress mandated financial management
reform within the federal government by enacting the Chief Financial
Officers (CFO) Act of 1990.1 The CFO Act laid the foundation for a
comprehensive reform of federal financial management by establishing a
leadership structure, requiring audited financial statements, and
strengthening accountability reporting. This act also requires agencies to
implement modern financial management systems in order to attain the
systematic measurement of performance; the development of cost
information; and the integration of program, budget, and financial
information for management reporting. The end goal of the CFO Act is to
greatly enhance the ability of managers to do their jobs by providing the
full range of financial information needed for day-to-day management.

The Federal Financial Management Improvement Act of 19962 (FFMIA) was
enacted on September 30, 1996, and builds on the foundation laid by

1

Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990).

2

Federal Financial Management Improvement Act of 1996, Pub. L. No. 104-208,
div. A., S: 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 30, 1996).

    Page 1 GAO-06-970 FFMIA Fiscal Year 2005 Results

the CFO Act by highlighting the need for agencies to have financial
management systems that are able to generate reliable, useful, and timely
information needed to make fully informed decisions and to ensure
accountability on an ongoing basis. FFMIA requires the major departments
and agencies covered by the CFO Act3 to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards, and (3) the U.S. Government Standard General Ledger (SGL) at
the transaction level. The act also requires auditors to state in their
audit reports whether the agencies' financial management systems comply
with the act's requirements. In addition, we are required to report
annually on the implementation status of the act. This report, our tenth,
discusses

(1) the auditors' assessments of agency systems' compliance with FFMIA
requirements for fiscal years 1997 through 2005 and the financial
management systems problems that continued to affect systems' FFMIA
compliance in fiscal year 2005 and (2) the initiatives under way to help
move federal financial management toward FFMIA compliance.

We conducted our work from January through July 2006 in Washington, D.C.,
Baltimore, Md., and Kansas City, Mo., in accordance with U.S. generally
accepted government auditing standards. We requested comments on a draft
of this report from the Director of OMB or his designee. We received
written comments from the OMB Controller. OMB's comments are discussed in
the Agency Comments and Our Evaluation section and reprinted in appendix
VI.

Results In Brief

Since the passage of FFMIA, there has been progress in achieving the
requirements of this landmark legislation. While improvements have been
made throughout government, much work remains to fulfill the underlying
goals of the CFO Act and FFMIA. Notably, the number of CFO Act agencies
receiving unqualified opinions on their financial statements has increased
significantly since FFMIA reporting began in 1997. In fiscal year 1997, 11
of the CFO Act agencies attained unqualified opinions on their

3

The Department of Homeland Security (DHS) Financial Accountability Act,
Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004), added DHS to the list
of CFO Act agencies, increasing the number of CFO Act agencies to 24 for
fiscal year 2005.

    Page 2 GAO-06-970 FFMIA Fiscal Year 2005 Results

financial statements, while 194 agencies received unqualified opinions for
fiscal year 2005. As shown in figure 1, the ability of federal financial
management systems to fully address FFMIA requirements has not advanced at
the same pace. In fiscal year 1997, 20 agencies were reported as having
systems that were not in substantial compliance with at least one of the
three FFMIA systems requirements, while in fiscal year 2005, auditors for
18 of the CFO Act agencies reported that the agencies' financial
management systems did not substantially comply with at least one of the
three FFMIA requirements. While progress has been made in addressing
financial management systems' weaknesses, the lack of substantial
compliance with the three requirements of FFMIA, and the associated
deficiencies, indicates that the financial management systems of many
agencies are still not able to routinely produce reliable, useful, and
timely financial information. Consequently, the federal government's
access to relevant, timely, and reliable data to effectively manage and
oversee its major programs, which is the ultimate objective, was and
continues to be restricted.

For fiscal year 2005, 18 of 24 CFO Act agencies were able to attain
unqualified opinions on their financial statements by the November 15,
2005, reporting deadline established by OMB. The independent auditor of
the Department of State subsequently withdrew its qualified opinion on the
department's fiscal year 2005 financial statements and reissued an
unqualified opinion on these financial statements dated December 14, 2005.
As a result, 19 CFO Act agencies received unqualified opinions on their
fiscal year 2005 financial statements.

    Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2005

In fiscal year 2005, auditors for five5 of the six other CFO Act agencies
provided what is termed negative assurance of FFMIA compliance. In
essence, they reported that nothing came to their attention during the
course of their planned audit procedures to indicate that these agencies'
financial management systems did not meet FFMIA requirements. Negative
assurance is the level of assurance specified by the Office of Management
and Budget's (OMB) audit guidance for reporting on FFMIA compliance. From
our perspective, FFMIA requires auditors to provide positive assurance,
which is an opinion, on FFMIA compliance. The auditors for one agency, the
Department of Labor (Labor), provided positive assurance, as required by
the act, when they reported that in their opinion, Labor's financial
management systems substantially complied with the requirements of FFMIA.
Providing positive assurance requires some additional testing beyond that
typically performed by auditors to render an opinion on financial
statements. For example, in performing financial statement audits,
auditors generally focus on the capability of the

The Department of Commerce (Commerce), the Environmental Protection Agency
(EPA), the National Science Foundation (NSF), the Office of Personnel
Management (OPM), and the Social Security Administration (SSA).

    Page 4 GAO-06-970 FFMIA Fiscal Year 2005 Results

financial management systems to process and summarize financial
information that flows into agency financial statements. In contrast,
FFMIA requires auditors to take a broader perspective and consider the
financial management systems capability to also reliably record and report
financial information for a variety of purposes beyond financial
statements. Thus FFMIA furthers the ultimate goal of improving financial
management systems in the federal government and assisting agency managers
in having timely access to reliable data for decision-making purposes.
This in turn, will allow them to do their jobs more efficiently and
effectively.

For this reason, this second year of Labor's auditors providing positive
assurance on FFMIA compliance continues to be a very noteworthy
achievement by Labor. We look forward to other agencies opting to upgrade
their level of assurance on this matter as required by the act. Auditors
for the majority of the agencies we visited stated that additional
guidance on the definition of substantial compliance would facilitate
their assessments of financial management systems for FFMIA reporting.
Some auditors also indicated that a change in OMB's guidance on FFMIA
reporting would be necessary for them to shift to providing opinions on
FFMIA compliance.

As shown in figure 2, based on our review of the fiscal year 2005
financial statement audit reports for the 18 agencies with systems
reported not to be in substantial compliance with one or more of the three
FFMIA requirements, the same six primary problems that we have previously
reported continue to exist. While more severe at some agencies than
others, the nature and seriousness of the problems reported indicate that
most agencies' financial management systems are frequently unable to
routinely produce reliable, useful, and timely financial information. We
view the problems with agencies' financial management systems to be a
significant challenge to improving the financial management of the federal
government, because the problems indicate that many agencies are still a
long way from accomplishing what was envisioned with the passage of the
CFO Act of 1990 and the more recent passage of FFMIA in 1996.

Figure 2: Problems Reported by Auditors for Fiscal Years 2001 through 2005

In an effort to comply with FFMIA and address problems such as
nonintegrated systems, inadequate reconciliations, and lack of compliance
with the SGL, a number of agencies have efforts under way to implement new
financial management systems, to upgrade existing systems, or to move to a
shared service provider. Agencies anticipate that the new systems will
provide reliable, useful, and timely data to support managerial decision
making. However, significant problems in the development and
implementation of new financial management systems were reported for
several agencies in fiscal year 2005, especially when agencies did not
follow appropriate best practices to ensure the efficient and effective
implementation of these systems.

OMB continues to move forward on initiatives that support the President's
Management Agenda (PMA) to enhance financial management and provide
results-oriented information in the federal government. A key initiative
has been the further development of the financial management line of
business to promote leveraging shared service solutions to enhance the
government's performance and services. However, challenges exist in
implementing the financial management line of business. For example, as we
reported in March 2006,6 the requirements for agencies and private sector
firms to become shared service providers and the services they must
provide have not been adequately documented or effectively communicated to
agencies and the private sector. OMB has not provided the current selected
shared service providers with standard document templates needed to
minimize risk, provide assurance, and develop understandings with
customers on topics such as service-level agreements7 and a concept of
operations. Further, processes have not been put in place to facilitate
agency decisions on selecting a provider or focusing investment decisions
on the benefits of standard processes and shared service providers. We
made a number of recommendations to address these issues and OMB has
projects under way to develop standard business processes, a common
accounting code, and specific measures to assess the performance of the
shared service providers to help address some shortcomings. Because the
federal government is one of the largest, most complex organizations in
the world, operating, maintaining, and modernizing its financial
management systems represents a monumental challenge-from both cost and
technical perspectives. As pressure mounts to increase accountability and
efforts to reduce federal spending intensify, sustained and committed
leadership will be a key factor in the successful implementation of
governmentwide initiatives.

While we are not making any new recommendations in this report, we
reaffirm our prior recommendations aimed at enhancing OMB's audit guidance
related to FFMIA assessments. Specifically, we recommended that OMB (1)
require agency auditors to provide a statement of positive

6

GAO, Financial Management Systems: Additional Efforts Needed to Address
Key Causes of Modernization Failures, GAO-06-184 ( Washington, D.C.: Mar.
15, 2006).

7

A service-level agreement is critical for both the shared service
providers and the agencies to be held accountable for their respective
parts of the agreement.

Page 7 GAO-06-970 FFMIA Fiscal Year 2005 Results

assurance when reporting an agency's systems to be in substantial
compliance with the requirements of FFMIA and (2) explore further
clarification of the definition of "substantial compliance" to encourage
consistent reporting.

In commenting on a draft of this report, OMB agreed with our assessment
that many federal agencies still need to make improvements to generate
more accurate and timely financial information to optimize day-to-day
operations. As in previous years, we and OMB have differing views on the
level of audit assurance necessary for assessing and reporting on
compliance with FFMIA. While OMB commended Labor's auditors for taking the
steps needed to provide positive assurance and encouraged similar efforts
at other agencies, it stated that requiring a statement of positive
assurance for all agencies was not necessary. We continue to believe that
a statement of positive assurance is a statutory requirement under the act
and will continue to work with OMB on this issue. OMB did agree to
consider clarifying the definition of "substantial compliance" in its
future policy and guidance updates. Our detailed evaluation of OMB's
comments can be found at the end of this letter.

Background

FFMIA is part of a series of management reform legislation passed by the
Congress over the past two decades. This series of legislation started
with the Federal Managers' Financial Integrity Act of 19828 (FMFIA), which
the Congress passed to strengthen internal controls and accounting systems
throughout the federal government, among other purposes. Issued pursuant
to 31 U.S.C. S: 3512 (c), (d), still commonly known as FMFIA, the
Comptroller General's Standards for Internal Control in the Federal
Government9 provides the standards that are directed at helping agency
managers implement effective internal control, an integral part of
improving financial management systems. Internal control is a major part
of managing an organization and comprises the plans, methods, and
procedures used to meet missions, goals, and objectives. In summary,
internal control, which under OMB's guidance for FMFIA is synonymous with
management control, helps government program managers achieve desired
results through effective stewardship of public resources.

8

Pub. L. No. 97-255, 96 Stat. 814 (Sept. 8, 1982) (codified at 31 U.S.C. S:
3512 (c), (d)).

9

GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3.1 (Washington, D.C.: Nov. 1999).

Page 8 GAO-06-970 FFMIA Fiscal Year 2005 Results

Effective internal control also helps in managing change to cope with
shifting environments and evolving demands and priorities. As programs
change and agencies strive to improve operational processes and implement
new technological developments, management must continually assess and
evaluate its internal control to ensure that the control activities being
used are effective and updated when necessary. While agencies had achieved
some early success in identifying and correcting material internal control
and accounting system weaknesses, their efforts to implement FMFIA had not
produced the results intended by the Congress.

Therefore, in the 1990s, the Congress passed additional management reform
legislation to improve the general and financial management of the federal
government. This legislation includes the (1) CFO Act of 1990,

(2) Government Performance and Results Act of 1993,10 (3) Government
Management Reform Act of 1994,11 (4) FFMIA, (5) Clinger-Cohen Act of
1996,12 (6) Accountability of Tax Dollars Act of 2002,13 (7) Improper
Payments Information Act of 2002,14 and (8) Department of Homeland
Security (DHS) Financial Accountability Act of 2004.15 The combination of
reforms ushered in by these laws, if successfully implemented, provides a
solid foundation to improve the accountability of government programs and
operations as well as to routinely produce valuable cost and operating
performance information. These financial management reform acts emphasize
the importance of improving financial management across the federal
government.

In particular, building on the foundation laid by the CFO Act, FFMIA
emphasizes the need for CFO Act agencies to have systems that are able to
generate reliable, useful, and timely information for decision-making

10

Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993).

11

Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994).

12

Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996).

13

Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002) (codified at 31 U.S.C.
S: 3515). The Accountability of Tax Dollars Act of 2002 extends the
requirement to prepare and submit audited financial statements to most
executive agencies not subject to the CFO Act unless they are exempted by
OMB. However, these agencies are not required to have systems that are
compliant with FFMIA requirements.

14

Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002).

15

Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004).


purposes and to ensure ongoing accountability. FFMIA requires the
departments and agencies covered by the CFO Act to implement and maintain
financial management systems that comply substantially with

(1) federal financial management systems requirements, (2) applicable
federal accounting standards,16 and (3) the SGL17 at the transaction
level. FFMIA also requires auditors to state in their CFO Act financial
statement audit reports whether the agencies' financial management systems
substantially comply with these three FFMIA systems requirements.
Appendixes I through IV include details on the various requirements and
standards that support federal financial management.

Guidance for FFMIA Issued by OMB

OMB establishes governmentwide financial management systems policies and
requirements and has issued two sources of guidance related to FFMIA
reporting. First, OMB Bulletin No. 01-02, Audit Requirements for Federal
Financial Statements, dated October 16, 2000, prescribed audit
requirements, including specific language auditors should use when
reporting on an agency system's substantial compliance with the three
FFMIA requirements. Specifically, this guidance called for auditors to
provide negative assurance when reporting on an agency system's FFMIA
compliance. On August 23, 2006, OMB issued Bulletin No. 06-03, Audit
Requirements for Federal Financial Statements, which superseded OMB
Bulletin No. 01-02. The new bulletin did not substantially revise OMB's
FFMIA audit guidance contained in Bulletin No. 01-02. Second, in OMB
Memorandum, Revised Implementation Guidance for the Federal Financial
Management Improvement Act (Jan. 4, 2001), OMB provides guidance for
agencies and auditors to use in assessing substantial compliance. The
guidance describes the factors that should be considered in determining
whether an agency's systems substantially comply with FFMIA's three
requirements. Further, the guidance provides examples of the types of
indicators that should be used as a basis for assessing whether an
agency's systems are in substantial compliance with each of the three
FFMIA requirements. Finally, the guidance discusses the corrective action

16

The American Institute of Certified Public Accountants recognizes the
federal accounting standards promulgated by the Federal Accounting
Standards Advisory Board as generally accepted accounting principles. For
a further description of federal accounting standards, see appendix I.

17

The SGL provides a standard chart of accounts and standardized
transactions that agencies are to use in all their financial systems.

Page 10 GAO-06-970 FFMIA Fiscal Year 2005 Results

plans, to be developed by agency officials, for bringing their systems
into compliance with FFMIA.

Financial Audit Manual Section on FFMIA Developed by GAO and the President's 
Council on Integrity and Efficiency

We have worked in partnership with representatives from the President's
Council on Integrity and Efficiency18 (PCIE) to develop and maintain the
joint GAO/PCIE Financial Audit Manual (FAM). The FAM provides specific
procedures auditors should perform when assessing FFMIA compliance.19 As
detailed in appendix V, we have also issued a series of checklists to help
assess whether agencies' systems meet systems requirements. The FAM
guidance on FFMIA assessments recognizes that while financial statement
audits offer some assurance on FFMIA compliance, auditors should design
and implement additional testing to satisfy FFMIA criteria. For example,
in performing financial statement audits, auditors generally focus on the
ability of the financial management systems to process and summarize
financial information that flows into annual agency financial statements.
In contrast, FFMIA requires auditors to assess whether an agency's
financial management systems comply with system requirements, accounting
standards, and the SGL. To do this, auditors need to consider whether
agency systems provide reliable, useful, and timely information for
managing day-to-day operations so that agency managers would have the
necessary information to measure performance on an ongoing basis rather
than just at year end. Further, OMB's current audit guidance20 calls for
financial statement auditors to review performance information for
consistency with the financial statements, but does not require auditors
to determine whether this information is available to managers for
day-to-day decision making as called for by the FAM guidance for testing
compliance with FFMIA.

18

The PCIE-which is governed by Executive Order No. 12805 of May 11,
1992-was established to (1) address integrity, economy, and effectiveness
issues that transcend individual government agencies and (2) increase the
professionalism and effectiveness of inspectors general personnel
throughout the government. The PCIE is composed primarily of the
presidentially appointed inspectors general. Officials from OMB, the
Federal Bureau of Investigation, Office of Government Ethics, Office of
Special Counsel, and Office of Personnel Management serve on the PCIE as
well.

19 GAO-01-765G, sections 701, 701A, 701B, and 260.58-.60.

20

OMB Bulletin No. 06-03, Audit Requirements for Federal Financial
Statements (Aug. 23, 2006).

  Scope and Methodology

We reviewed the fiscal year 2005 financial statement audit reports for the
24 CFO Act agencies to identify the auditors' assessments of agency
financial systems' compliance and the problems that affect FFMIA
compliance. Prior experience with the auditors and our review of their
reports provided the basis for determining the sufficiency and relevancy
of evidence provided in these documents. Based on their audit reports, we
identified reported problems that affect agency systems' compliance with
FFMIA. The problems identified in these reports are consistent with
longstanding financial management weaknesses we have reported based on our
work at a number of agencies. However, we caution that the occurrence of
problems in a particular category may be even greater than auditors'
reports of FFMIA noncompliance would suggest, because auditors may not
have identified all instances of noncompliance with systems requirements
and included all problems in their reports. We also met with OMB officials
to discuss their current efforts to improve federal financial management
and address our prior recommendations related to FFMIA.

In addition, we performed site visits to 12 agencies to assess the amount
and type of FFMIA-related work being performed by the independent public
auditors. The agencies selected for visits included the 5 agencies where
auditors provided negative assurance of FFMIA compliance in fiscal year
2005 (Commerce, Environmental Protection Agency (EPA), National Science
Foundation (NSF), Office of Personnel Management (OPM), and Social
Security Administration (SSA)); the agency where auditors provided an
opinion, or positive assurance, of FFMIA compliance in fiscal year 2005
(Labor); the 2 agencies where auditors provided negative assurance of
FFMIA compliance in fiscal year 2004 but reported those agencies as
noncompliant in fiscal year 2005 (the Department of Energy (Energy) and
the General Services Administration (GSA)); and 421 of the agencies with
the largest net costs as reported in the fiscal year 2005 Financial Report
of the United States Government.22 We also met with representatives for
the Inspector General of the Department of Defense (DOD), which has the
largest net costs of any federal agency in fiscal year 2005, to confirm
our understanding of its FFMIA-related audit procedures.

21

The Department of Agriculture, Department of Health and Human Services
(HHS), Department of the Treasury, and the Department of Veterans Affairs
(VA).

22

Department of the Treasury, 2005 Financial Report of the United States
Government (Washington, D.C.: Dec. 2005).

Page 12 GAO-06-970 FFMIA Fiscal Year 2005 Results

We conducted our work from January 2006 through July 2006 in Washington,
D.C., Baltimore, Md., and Kansas City, Mo., in accordance with U.S.
generally accepted government auditing standards. We requested written
comments on a draft of this report from the Director of OMB or his
designee. We received written comments from the OMB controller. OMB's
comments are discussed in the Agency Comments and Our Evaluation section
and reprinted in appendix VI. We also received technical comments from OMB
and the Departments of Health and Human Services and Transportation which
we incorporated as appropriate.

FFMIA Assessments Identify Continuing Systems Weaknesses

While the 24 CFO Act agencies have made demonstrable progress in producing
auditable financial statements and progress in addressing their financial
management systems weaknesses since the passage of FFMIA, about
three-fourths are still not substantially compliant with FFMIA's three
requirements. In contrast, the number of CFO Act agencies receiving
unqualified opinions on their financial statements has increased
significantly since 1997, when FFMIA reporting began. In fiscal year 1997,
11 of the CFO Act agencies attained unqualified opinions on their
financial statements, while 1923 agencies received unqualified opinions in
fiscal year 2005. As shown in figure 3, the ability of federal financial
management systems to address FFMIA requirements has not advanced at the
same pace. In fiscal year 1997, 20 agencies were reported as having
systems that were not in substantial compliance with at least one of the
three FFMIA systems requirements. In fiscal year 2005, auditors for 18 of
the CFO Act agencies reported that the agencies' financial management
systems do not substantially comply with at least one of the three FFMIA
requirements.

23

For fiscal year 2005, 18 of 24 CFO Act agencies were able to attain
unqualified opinions on their financial statements by the November 15,
2005, reporting deadline established by OMB. The independent auditor of
the Department of State subsequently withdrew its qualified opinion on the
department's fiscal year 2005 financial statements and reissued an
unqualified opinion on these financial statements dated December 14, 2005.
As a result, 19 CFO Act agencies received unqualified opinions on their
fiscal year 2005 financial statements.

    Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2005

Auditors' assessments for three agencies changed from fiscal year 2004 to
2005. For fiscal year 2005, auditors for OPM were able to provide negative
assurance that OPM's financial management systems, as a whole, were
substantially compliant with FFMIA's three requirements. Conversely,
auditors for Energy and GSA reported that those agencies' financial
management systems did not substantially comply with FFMIA requirements in
fiscal year 2005, but had not reported any FFMIA compliance issues at
those federal agencies in fiscal year 2004. At Energy, the auditors
indicated that Energy's systems problems stemmed from the implementation
of a new accounting system. At GSA, the auditors reported recently
identified internal control weaknesses over financial reporting. In
addition, consistent with the DHS Financial Accountability Act of 2004,24
which added DHS to the list of CFO Act agencies, DHS's auditors reported
that the department's financial management systems did not substantially
comply with any of the three FFMIA requirements for fiscal year 2005.

The DHS Financial Accountability Act, Pub. L. No. 108-330, 118 Stat. 1275 (Oct.
                                   16, 2004).

               Page 14 GAO-06-970 FFMIA Fiscal Year 2005 Results

Figure 4 summarizes auditors' assessments of agencies' compliance with the
three requirements of FFMIA for fiscal years 1997 through 2005 and
suggests that the instances of noncompliance with FFMIA's three
requirements have remained fairly constant. In particular, in fiscal year
2005, auditors for eight agencies25 reported that their agencies' systems
were not in substantial compliance with any of the three FFMIA
requirements-federal financial management systems requirements, applicable
federal accounting standards, or the SGL at the transaction level.

The Departments of Agriculture, Defense, Homeland Security, Justice,
Transportation, and Treasury, the National Aeronautics and Space
Administration, and the Small Business Administration.

Page 15 GAO-06-970 FFMIA Fiscal Year 2005 Results

  Figure 4: Auditors' Assessments of Substantial Compliance with FFMIA's Three
                   Requirements for Fiscal Years 1997 through

While substantially more CFO Act agencies have obtained clean or
unqualified audit opinions on their financial statements, we are concerned
over the number of CFO Act agencies that have restated certain of their
financial statements. As we have previously reported,26 a number of CFO
Act agencies have restated certain of their financial statements over the

26GAO, Financial Audit: Restatements to the Department of State's Fiscal
Year 2003 Financial Statements, GAO-05-814R (Washington, D.C.: Sept. 20,
2005); Financial Audit: Restatements to the Nuclear Regulatory
Commission's Fiscal Year 2003 Financial Statements, GAO-06-30R
(Washington, D.C.: Oct. 27, 2005) ; Financial Audit: Restatements to the
General Services Administration's Fiscal Year 2003 Financial Statements,
GAO-06-70R (Washington, D.C.: Dec. 6, 2005); Financial Audit: Restatements
to the National Science Foundation's Fiscal Year 2003 Financial
Statements, GAO-06-229R (Washington, D.C.: Dec. 22, 2005); and Financial
Audit: Restatements to the Department of Agriculture's Fiscal Year 2003
Financial Statements, GAO-06-254R (Washington, D.C.: Jan. 26, 2006).

past few years to correct for material errors. Errors in financial
statements result from mathematical mistakes, mistakes in the application
of accounting principles, or oversight or misuse of facts that existed at
the time the financial statements were prepared. Generally, these
restatements resulted from weaknesses in internal control over the
processing and reporting of certain transactions and inadequate audit
procedures to detect these errors. The auditors for the seven agencies
that restated their financial statements in fiscal year 2005 also reported
that the agencies' financial systems had not met FFMIA requirements.
Further, restatements raise questions about the reliability of other
information in previously issued financial statements and indicate a
continuing lack of improvement in the underlying agency financial systems.
Frequent restatements to correct errors can undermine public trust and
confidence in both the entity and all responsible parties.

    Auditors Mostly Provide Negative Assurance on FFMIA Compliance
	 
In fiscal year 2005, auditors for five agencies (Commerce, EPA, NSF, OPM,
and SSA) provided negative assurance that the agencies' systems were
compliant with FFMIA requirements. The auditor for one agency, Labor,
provided positive assurance on FFMIA compliance. From our perspective,
FFMIA requires auditors to provide positive assurance, which is an
opinion, because section 803 (b)(1) of FFMIA requires auditors to "report
whether the agency financial management systems comply with the
requirements of [the act]." Auditors provide negative assurance when they
state that nothing came to their attention during the course of their
planned procedures to indicate that the agency's financial management
systems did not meet FFMIA requirements. Under generally accepted
government auditing standards, there are no requirements to perform
additional testing beyond that needed for a financial statement audit for
an auditor to give negative assurance. However, if financial statement
users are not familiar with the concept of negative assurance, which we
believe is generally the case, they may incorrectly assume that these five
agencies' systems have been fully tested by the auditors and that the
agencies have achieved FFMIA compliance. In addition, testing that is not
sufficient to support an opinion also means that an area of noncompliance
may be missed; therefore, the number of problems in a particular category
may be even greater than auditors' reports of FFMIA noncompliance would
suggest, because not all problems are being included. Although OMB's
current audit guidance27 instructs auditors to test for compliance with

27OMB Bulletin No. 06-03, Audit Requirements for Federal Financial
Statements (Aug. 23, 2006).

Page 17 GAO-06-970 FFMIA Fiscal Year 2005 Results

FFMIA, it does not provide guidance on the nature and extent of tests to
be performed. It only calls for auditors to provide negative assurance
when reporting whether an agency's systems are in substantial compliance
with the three FFMIA requirements. We did note greater attention to
assessing FFMIA compliance at the agencies we visited. Auditors at 8 of
the 12 CFO Act agencies visited prepared and used a separate audit program
to assess FFMIA compliance. Auditors stated that separate FFMIA audit
programs were developed to ensure consistency and to share best practices
among their audit teams.

In fiscal years 2005 and 2004, auditors for Labor provided positive
assurance of Labor's financial management systems' compliance with FFMIA
requirements. For both years, Labor's Inspector General contracted with an
independent public accounting firm to conduct the financial statement
audit and included a provision to specifically perform an FFMIA
examination in accordance with American Institute of Certified Public
Accountants attestation standards.28 In general, providing positive
assurance of FFMIA compliance requires auditors to perform more audit
procedures than those needed to render an opinion on the financial
statements. While financial statement audits in general will offer some
assurance on FFMIA compliance, auditors should also design and implement
additional testing to satisfy the criteria in FFMIA. For example, in
performing financial statement audits, auditors generally focus on the
capability of the financial management systems to process and summarize
financial information that flows into agency financial statements. In
contrast, assessing FFMIA compliance involves determining whether an
agency's financial management systems comply with systems requirements. To
do this, auditors need to consider whether agency systems provide
complete, accurate, and timely information for managing day-to-day
operations. For fiscal year 2005, Labor's independent auditor performed
transaction testing, provided FAM Section 700 training to audit team
members, analyzed whether financial management systems provided reliable
and timely financial information for managing current operations to senior
management and program managers, and completed the audit procedures
provided in FAM 701A and associated Joint Financial Management Improvement
Program (JFMIP) checklists for each operating

Generally accepted government auditing standards incorporate the American
Institute of Certified Public Accountants (AICPA) general standard on
criteria, its field work standards, and its reporting standards for
attestation engagements, as well as the AICPA Statements on Standards for
Attestation Engagements, unless the Comptroller General of the United
States excludes them by formal announcement.

Page 18 GAO-06-970 FFMIA Fiscal Year 2005 Results

division. The auditor estimated that the cost of the additional procedures
needed to provide positive assurance was between $50,000 and $80,000. The
efforts of Labor to perform the level of review necessary to provide
positive assurance of FFMIA compliance in fiscal years 2005 and 2004 are
noteworthy, and we look forward to other agencies adopting similar
auditing and reporting practices.

Performing audit procedures designed to provide positive assurance of an
agency's financial management systems' compliance with FFMIA requirements
can identify weaknesses and lead to improvements that enhance the
performance, productivity, and efficiency of federal financial management
systems. It also provides a clear "bottom line," whereas negative
assurance does not. Therefore, as we have discussed in prior reports
covering fiscal years 2000 through 2004,29 we continue to believe that our
prior recommendation for OMB to require agency auditors to provide a
statement of positive assurance when reporting an agency's systems to be
in substantial compliance with the three FFMIA systems requirements is
still appropriate. Given OMB's explicit instruction to provide negative
assurance, some auditors also indicated that a change in OMB's guidance on
FFMIA reporting would be necessary in order for them to provide an opinion
on FFMIA compliance.

In a recent discussion with OMB officials, as well as OMB's comments on a
draft of this report and our prior FFMIA reports, OMB continues to support
the requirement for negative assurance of FFMIA compliance. While OMB
agrees that testing should occur, and its guidance on FFMIA calls for it,
it does not specify the nature and extent of audit procedures. OMB
officials continue to express the belief that the level of testing needed
for positive assurance may be too time-consuming and costly. OMB officials
said that different, more coordinated approaches toward assessing an
agency's internal controls and FFMIA compliance could provide sufficient
assurance on an agency's systems. We share concerns about the added cost,
but want to make our view quite clear that the focus needs to be on the
ultimate end goal of having financial management

GAO, Financial Management: FFMIA Implementation Critical for Federal
Accountability, GAO-02-29 (Washington, D.C.: Oct. 1, 2001); Financial
Management: FFMIA Implementation Necessary to Achieve Accountability,
GAO-03-31 (Washington, D.C.: Oct. 1, 2002); Financial Management:
Sustained Efforts Needed to Achieve FFMIA Accountability, GAO-03-1062
(Washington, D.C.: Sept. 30, 2003); Financial Management: Improved
Financial Systems Are Key to FFMIA Compliance, GAO-05-20 (Washington,
D.C.: Oct. 1, 2004); and Financial Management: Achieving FFMIA Compliance
Continues to Challenge Agencies, GAO-05-881 (Washington, D.C.: Sept. 20,
2005).

systems able to routinely produce reliable, useful, and timely financial
information. Until such systems exist, the ability of federal managers to
effectively manage and oversee their major programs was and continues to
be restricted.

In its comments, OMB emphasized that its PMA and financial management line
of business initiatives, along with the strengthened internal control
requirements incorporated into the revised OMB Circular No. A-123, are
helping agencies to identify and correct FFMIA deficiencies. We agree
these initiatives can drive systems improvements and support OMB's
leadership in this area. Our concern lies in the fact that the full value
of independent auditors' assessments of FFMIA compliance will not be fully
realized until auditors perform a sufficient level of audit work to be
able to provide positive assurance that agencies are in compliance with
FFMIA as called for in the act. When reporting an agency's financial
management systems to be in substantial compliance, positive assurance
from independent auditors will provide users with confidence that the
agency systems provide the reliable, useful, and timely information
envisioned by the act.

                        Additional FFMIA Guidance Needed

As we have previously reported, a number of auditors we interviewed
expressed a need for clarification on the definition of "substantial
compliance." In fiscal year 2005, auditors for 7 of the 12 agencies we
visited stated that additional guidance on the definition of substantial
compliance would be useful. As a result, we reiterate our previous
recommendation that OMB explore clarifying the definition of "substantial
compliance" to meet the needs of the auditing community and to allow for
consistent application of the doctrine.

In addition, 8 of the 12 independent auditors cited a need for additional
guidance to assist them in assessing whether agency systems substantially
comply with the three FFMIA requirements. For example, at SSA, the
auditors reported a need for clearer guidance from OMB on assessing FFMIA
compliance that is consistent with the GAO/PCIE FAM. Auditors for other
agencies we visited professed a need for (1) more clearly defined and
objective criteria to assist in their determination of FFMIA compliance,
(2) more specific guidance on testing and sampling methodologies, and (3)
additional guidance for assessing compliance with certain accounting
standards, such as the Statement of Federal Financial Accounting Standards
(SFFAS) No. 4, Managerial Cost Accounting Concepts and Standards for the
Federal Government. In its comments, OMB stated that its growing
experience helping agencies implement the PMA enables it to refine the
existing FFMIA indicators associated with substantial compliance.
Accordingly, OMB said it would consider our recommendation in any future
policy and guidance updates.

Reasons for Noncompliance

Audit reports for the 18 agencies reported to have systems not
in substantial compliance with one or more of FFMIA's three
requirements during fiscal year 2005, again identified the same six
primary reasons for noncompliant agency systems. They ranged from serious,
pervasive systems problems to less serious problems that may affect only
one aspect of an agency's accounting operation:

     o nonintegrated financial management systems,
     o inadequate reconciliation procedures,
     o lack of accurate and timely recording of financial information,
     o noncompliance with the SGL,
     o lack of adherence to federal accounting standards, and
     o weak security controls over information systems.

Figure 5 shows the relative frequency of these problems at the agencies
reported to have noncompliant systems. The same six types of problems have
been cited by auditors in the fiscal years 2001 through 2004 audit
reports, although the auditors may not have reported these problems as
specific reasons for their systems' lack of substantial compliance with
the three FFMIA requirements. In addition, we caution that the occurrence
of problems in any particular category may be even greater than auditors'
reports of FFMIA noncompliance would suggest because auditors may not have
identified all problems during the reviews.

Figure 5: Problems Reported by Auditors for Fiscal Years 2001 through 2005

Nonintegrated Financial Management Systems

The CFO Act calls for agencies to develop and maintain integrated
accounting and financial management systems30 that comply with federal
systems requirements and provide for (1) complete, reliable, consistent,
and timely information that is responsive to the financial information
needs of the agency and facilitates the systematic measurement of
performance; (2) the development and reporting of cost management
information; and (3) the integration of accounting, budgeting, and program
information. OMB Circular No. A-127, Financial Management Systems,
requires agencies to establish and maintain a single integrated financial
management system that conforms to functional requirements issued by the
Financial Systems Integration Office (FSIO),31 formerly the Joint
Financial Management Improvement Program (JFMIP). More details on the
financial management systems requirements can be found in appendixes I and
II.

The lack of integrated financial management systems typically results in
agencies expending major effort and resources, including in some cases
hiring external consultants, to develop information that their systems
should be able to provide on a daily or recurring basis. Agencies with
nonintegrated financial systems are also more likely to devote more time
and resources to collecting information than those with integrated
systems. In addition, opportunities for errors are increased when
agencies' systems are not integrated.

Auditors frequently mentioned the lack of integrated financial management
systems in their fiscal year 2005 audit reports. As shown in figure 5,
auditors for 13 of the 18 agencies with noncompliant systems reported this
to be a problem, compared with 12 of the 16 agencies reported with
noncompliant systems in fiscal year 2004. For example,

30

Federal financial system requirements define an integrated financial
system as one that coordinates a number of previously unconnected
functions to improve overall efficiency and control. Characteristics of
such a system include (1) standard data classifications for recording
financial events; (2) common processes for processing similar
transactions; (3) consistent control over data entry, transaction
processing, and reporting; and (4) a system design that eliminates
unnecessary duplication of transaction entry. OMB Circular No. A127,
Financial Management Systems, paragraph 7(b) (Revised Dec. 1, 2004).

31

The FSIO was formerly known as the Joint Financial Management Improvement
Program (JFMIP) staff office. In December 2004, the JFMIP Principals voted
to modify the roles and responsibilities of the JFMIP Program Office, now
FSIO. The FSIO Executive reports to OMB's Office of Federal Financial
Management Controller. See OMB, Update on the Financial Management Line of
Business and the Financial Systems Integration Office, Memorandum
(Washington, D.C.: Dec. 16, 2005).

auditors for the Department of Housing and Urban Development (HUD)
reported that HUD has not been in compliance with FFMIA, in part due to
the lack of an integrated financial management system, since fiscal year
1997, when reports under the act were first required. As a result, HUD has
had to rely on extensive ad hoc analyses and special projects to produce
account balances and disclosures. The auditors further reported that HUD's
most significant system challenges exist at the Federal Housing
Administration (FHA), which continues to conduct some day-to-day business
operations with legacy-based systems, thereby limiting its ability to
integrate the financial processing environment, although the auditors
noted that FHA is making progress in achieving compliance with federal
financial system requirements. Consequently, according to the HUD Office
of Inspector General, since HUD's existing core financial system could be
better integrated, more user-friendly, and less costly to maintain, HUD
management is proceeding with plans to develop and implement a modern
financial management system through the HUD Integrated Financial
Management Improvement Project.

At DHS, auditors reported that the financial management systems for
Immigration and Customs Enforcement (ICE) and the U.S. Coast Guard lack
appropriate integration. Specifically, DHS auditors reported that ICE had
not successfully integrated the accounting processes of the five DHS
components for which it became responsible in fiscal year 2004. Auditors
also noted that ICE continued to operate unreliable processes and
procedures that support accounting and financial reporting, resulting in
material errors, irregularities, and abnormal balances in the DHS
consolidated financial statements that existed for most of fiscal year
2004 and continued unresolved in fiscal year 2005. As a result, auditors
reported that ICE's financial systems were inadequate to process financial
transactions for the five DHS components. Further, auditors for the Coast
Guard reported that the financial reporting process was complex and
labor-intensive with a significant number of adjustments being made
outside the core accounting system. In addition, Coast Guard officials had
to perform a significant amount of manual review in order to integrate
data from three separate general ledger systems. As a result, the auditors
found that DHS was unable to prepare a consolidated financial statement
for fiscal year 2005 until November 2005 and that the consolidated
financial statement disclosures and notes contained critical errors and
inconsistencies that required material adjustments to correct.

Inadequate Reconciliation Procedures

A reconciliation process, whether manual or automated, is a necessary and
valuable part of a sound financial management system. The less integrated
the financial management system, the greater the need for adequate
reconciliations because data are being accumulated from a number of
different sources. Reconciliations are needed to ensure that data have
been recorded properly between the various systems and manual records. The
Comptroller General's Standards for Internal Control in the Federal
Government highlight reconciliation as a key control activity.

As shown in figure 5, auditors for 14 of the 18 agencies with noncompliant
systems reported that the agencies had reconciliation problems, including
a number of agencies that could not reconcile their Fund Balance with
Treasury (FBWT) accounts with the Department of the Treasury's (Treasury)
records, compared with 11 of the 16 agencies reported with noncompliant
systems in fiscal year 2004. Treasury policy requires agencies to
reconcile their accounting records with Treasury records monthly
(comparable to individuals reconciling their personal checkbooks to their
monthly bank statements).

As a case in point, in fiscal year 2005, the auditor for GSA reported
instances of improper reconciliation procedures that contributed to errors
in financial reporting. Specifically, the auditor noted that differences
between budgetary account balances in various GSA subsystems and the core
financial management system had not been reconciled, nor had proper
budgetary account reconciliation procedures been developed. These
weaknesses inhibit GSA management's ability to detect and prevent
budgetary accounting and reporting misstatements. Further, the auditors
noted that GSA continued to lack adequate controls for reconciling
intragovernmental balances. As a result, GSA has developed extensive
manual workarounds and used estimates to determine the break down of
revenue and receivables for DOD-the largest customer of GSA's Federal
Acquisition Service. For example, as of June 30, 2005, GSA was unable to
assign $582 million in unidentified receivable transactions to a specific
department within DOD and therefore simply allocated this difference among
the Department of the Army, Department of the Navy, and the Department of
the Air Force. Proper reconciliation procedures would allow GSA to resolve
these types of unidentified transactions, identify material out-of-balance
conditions between federal entities, assist in the preparation of
governmentwide financial statements, help ensure that intra-governmental
balances are properly eliminated in the governmentwide financial
statements, and provide some level of assurance that balances have been
accurately and appropriately recorded.

Lack of Accurate and Timely Recording of Financial Information

As shown in figure 5, auditors for 17 of 18 agencies with noncompliant
systems reported the lack of accurate and timely recording of financial
information as a problem for fiscal year 2005, compared with 16 of 16
agencies reported with noncompliant systems in fiscal year 2004. Accurate
and timely recording of financial information is essential for successful
financial management. Timely recording of transactions facilitates
accurate reporting in agencies' financial reports and other management
reports used to guide managerial decision making. In addition, having
systems that record information in an accurate and timely manner is
critical for key governmentwide initiatives, such as integrating budget
and performance information.

In contrast, lack of timely recording of transactions during the fiscal
year can result in agencies making substantial efforts at fiscal year-end
to perform extensive manual financial statement preparation efforts that
are susceptible to error and increase the risk of misstatements. For
example, auditors for the Department of Health and Human Services (HHS)
noted that one of the monthly reports prepared by the Program Support
Center to reconcile the general ledger with Treasury's records has lost
its usefulness due to old and invalid items that remain in the general
ledger. Specifically, they identified differences with an absolute value
of approximately $5.5 billion, in part due to transactions dating back to
as early as 1993. In addition, the auditors noted that 53 of 105
reconciliations selected for review were not completed within HHS's
allotted 30-day deadline-several taking up to 84 days to complete.
Finally, the auditors identified more than 32,000 grants with net
obligation balances of approximately $2.3 billion that were eligible to be
closed. Many of those grants have been eligible for closure for several
years. As a result of these and other problems, more than 270 entries with
an absolute value of more than $208 billion were recorded outside the
general ledger system. The auditors noted that the majority of these
entries could have been eliminated by more timely analyses and
reconciliations, as well as improved estimation methodologies.

Noncompliance with the SGL

As shown in figure 5, auditors for 11 of the 18 agencies with noncompliant
systems reported that the agencies' systems did not comply with SGL
requirements for fiscal year 2005, compared with 11 of the 16 agencies
reported with noncompliant systems in fiscal year 2004. FFMIA specifically
requires federal agencies to implement the SGL at the transaction level.
Using the SGL promotes consistency in financial transaction processing and
reporting by providing a uniform chart of accounts and pro forma
transactions and provides a basis for comparison at the agency and
governmentwide levels. The defined accounts and pro
forma transactions standardize the accumulation of agency financial
information as well as enhance financial control and support financial
statement preparation and other external reporting.

A lack of adherence to the SGL impedes the ability of the federal
government to complete accurate, governmentwide financial statements. For
example, auditors for the Small Business Administration (SBA) noted that
certain accounting transactions were not recorded, processed, summarized,
or reported in accordance with the SGL. Specifically, the auditors found
that the SBA used improper rules to record a transaction, resulting in a
subsidy account having a zero balance, while an expense account was
misstated by $58 million. SBA also incorrectly characterized $30.5 million
as a decrease in borrowing authority instead of an actual repayment of
debt. Finally, the department used improper posting logic in preparing
budget pro forma data, resulting in various overstatements and
understatements totaling $24.2 million.

Moreover, by not implementing the SGL, agencies may experience
difficulties in providing consistent financial information across their
components and functions. For example, auditors for the Department of
Justice (DOJ) found that DOJ does not substantially comply with the SGL,
in part due to noncompliance issues at the Federal Bureau of Investigation
(FBI) and the United States Marshals Service (USMS). Specifically, the
auditors noted that the FBI's financial management systems do not permit
use of the SGL at the transaction level, in that certain transactions are
processed outside of the core system and then must be recorded into the
core system through a manual or automated batch transaction process.
Further, USMS does not maintain transaction-level detail for upward and
downward adjustments of prior-year undelivered orders and does not use an
appropriate liability account, as called for by the SGL.

Lack of Adherence to Federal Accounting Standards

One of FFMIA's requirements is that agencies' financial management systems
account for transactions in accordance with federal accounting standards;
however, agencies continue to face significant challenges in implementing
these standards. As shown in figure 5, auditors for 11 of the 18 agencies
with noncompliant systems reported that these agencies had problems
complying with one or more federal accounting standards for fiscal year
2005, compared with 11 of the 16 agencies reported with noncompliant
systems in fiscal year 2004. Appendixes III and IV list the federal
financial accounting standards and other guidance issued by the Federal
Accounting Standards Advisory Board and its Accounting and Auditing Policy
Committee, respectively. The purpose of these standards and other guidance
is to ensure that federal agencies' financial reports provide users with
understandable, relevant, and reliable information about the financial
position, activities, and results of operations of the U.S. government and
its components.

Auditors expressly reported compliance problems with 11 specific
accounting standards in fiscal year 2005. Of those standards, the 3 that
were most troublesome for agencies were SFFAS No. 1, Accounting for
Selected Assets and Liabilities; SFFAS No. 4, Managerial Cost Accounting
Concepts and Standards for the Federal Government; and SFFAS No. 6,
Accounting for Property, Plant, and Equipment. In particular, SFFAS No. 4,
which became effective in 1998 and requires the use of managerial cost
accounting information in the decision-making process, continues to be
difficult for federal managers to fully implement. As we recently
reported,32 the Department of Transportation (DOT) has in recent years
shown strong leadership in developing managerial cost accounting systems
both departmentwide and at the individual component agencies. For example,
according to DOT officials, the Federal Aviation Administration-DOT's
largest component agency-has completed the initial implementation of a
managerial cost accounting system. Several other DOT component agencies
are also implementing detailed costing and billing systems to meet their
cost accounting needs. However, DOT management reported that it will be
several years before cost accounting data systems are fully mature and
include historical data that will allow DOT managers to integrate
performance and accounting information. As a result, DOT managers will not
know the full costs associated with their programs and activities, which
could impair their decision-making abilities.

Accurate and timely cost management information is critical for federal
managers to transform how government agencies manage the business of
government and vital in developing meaningful links between budget,
accounting, and performance. Starting in July 2005, we performed a series

GAO, Managerial Cost Accounting Practices: Departments of Education,
Transportation, and the Treasury, GAO-06-301R (Washington, D.C.: Dec. 19,
2005).

Page 28 GAO-06-970 FFMIA Fiscal Year 2005 Results

of congressional briefings and issued corresponding reports33 concerning
the status of managerial cost accounting activities at several large
federal agencies, including Labor, Education, HHS, DOT, SSA, Treasury, and
Veterans Affairs (VA). We found that generally these agencies have
experienced uneven success in the implementation of managerial cost
accounting and that managerial cost accounting-related internal controls
within the agencies need to be strengthened. We also identified strong
upper-level management support and leadership as a key component in the
successful implementation of managerial cost accounting and promotion of
managerial cost accounting information departmentwide.

Weak Security Controls over Information Systems

Information security weaknesses are a major concern for federal agencies
and the general public and one of the frequently cited reasons for
noncompliance with FFMIA. As shown in figure 5, auditors for 16 of the 18
agencies with noncompliant systems reported security weaknesses in
information systems to be a problem, compared with 15 of the 16 agencies
reported with noncompliant systems in fiscal year 2004. These control
weaknesses place vast amounts of government assets at risk of inadvertent
or deliberate misuse, financial information at risk of unauthorized
modification or destruction, sensitive information at risk of
inappropriate disclosure, and critical operations at risk of disruption.
Since 1997, we have considered information security to be high-risk area
at a governmentwide level.

For example, the Department of Agriculture (Agriculture) and its component
agencies accelerated their efforts during fiscal year 2005 to comply with
the federal information security requirements; however, even though
progress was made, the auditors noted that several material security
weaknesses still exist. The weaknesses identified include an unreliable
certification and accreditation process and ineffective controls in the
general control environment, as well as weaknesses in controls over
physical and logical access, inventory of systems and network equipment,

33

GAO, Managerial Cost Accounting Practices: Leadership and Internal
Controls Are Key to Successful Implementation, GAO-05-1013R (Washington,
D.C.: Sept. 2, 2005); Managerial Cost Accounting Practices: Departments of
Labor and Veterans Affairs, GAO-05-1031T (Washington, D.C.: Sept. 21,
2005); Managerial Cost Accounting Practices: Departments of Education,
Transportation, and the Treasury, GAO-06-301R (Washington, D.C.: Dec. 19,
2005); and Managerial Cost Accounting Practices: Department of Health and
Human Services and Social Security Administration, GAO-06-599R
(Washington, D.C.: Apr. 18, 2006).

effective policies and procedures, and vulnerability scanning34 and
mitigation. The auditors noted that these departmental weaknesses have a
significant impact on the integrity, confidentiality, and availability of
systems and data.

The recent information security breaches at Agriculture, VA, and other
agencies compromised the personal data of millions of U.S. citizens and
highlighted the importance of adequate system security policies and
programs. Robust federal security programs are critically important to
properly protect personal and financial information and the privacy of
individuals. On June 20, 2006, we reported35 on a number of actions that
agencies can take to help guard against the possibility that databases of
personally identifiable information are inadvertently compromised. We
noted that a key step is to develop a privacy impact assessment-an
analysis of how personal information is collected, stored, shared, and
managed-whenever information technology is used to process personal
information. In addition, agencies can take more specific practical
measures aimed at preventing data breaches, including limiting the
collection of personal information, limiting the time that these data are
retained, limiting access to personal information and training personnel
accordingly, and considering the use of technological controls, such as
encryption, when data need to be stored on portable devices. On June 23,
2006, OMB issued a memorandum36 focusing on the protection of information
that is being accessed remotely or physically transported outside an
agency's secured location. Federal agencies are required to implement
guidance developed by the National Institute of Standards and Technology
for the protection of remote information. In addition, OMB recommends that
all agencies implement additional safeguards, including data encryption
and proper user authentication procedures for the remote access of data.

34

A vulnerability is the existence of a flaw or weakness in hardware or
software that can be exploited resulting in a violation of an implicit or
explicit security policy. Vulnerability scanners are software applications
that can be used to identify vulnerabilities on computer hosts and
networks.

35GAO, Information Security: Leadership Needed to Address Weaknesses and
Privacy Issues at Veterans Affairs, GAO-06-897T (Washington, D.C.: June
20, 2006).

36

OMB, Protection of Sensitive Agency Information, M-06-16 (Washington,
D.C.: June 23, 2006).

Unresolved information security weaknesses can also compromise the
reliability and availability of data recorded in or transmitted by an
agency's financial management system. As a case in point, in fiscal year
2005, auditors for Treasury noted that the general controls over the
department's computer systems did not effectively prevent unauthorized
access to and disclosure of sensitive information, unauthorized changes to
systems and application software, and unauthorized access to programs and
files that control computer hardware and secure applications. In
particular, weaknesses we reported37 in information security controls at
the Internal Revenue Service (IRS) could result in unauthorized
individuals being able to access, alter, or abuse proprietary IRS programs
and electronic data and taxpayer information. The auditors noted that a
key reason for Treasury's information security weaknesses was that the
department had not yet fully implemented an agencywide information
security program to ensure that controls were effectively established and
maintained. They further reported that Treasury's information security
programs and practices needed additional improvements to adequately
protect the information systems that support the department's operations.

  Federal Financial Management System Initiatives Continue to Evolve

Agencies have a number of efforts under way to address their existing
financial management systems problems. Recent efforts to modernize
financial management systems have often exceeded budgeted costs, resulted
in delays in delivery dates, and not provided the anticipated system
functionality and performance. The key for federal agencies to avoid the
long-standing problems that have plagued financial management system
improvement efforts is to address the foremost causes of those problems
and adopt solutions that reduce the risks associated with these efforts to
acceptable levels. Our March 2006 report38 discusses in detail the key
causes of past financial management system implementation failures, the
significant governmentwide initiatives currently under way, and actions
that can be taken to improve the management and control of agency
financial management system modernization efforts. The report also
highlights some of the issues we identified with OMB's financial
management line of business initiative and includes actions that would
help reduce the risks associated with financial management system

37

GAO, Tax Administration: IRS Improved Some Filing Season Services, but
Long-term Goals Would Help Manage Strategic Trade-offs , GAO-06-51
(Washington, D.C.: Nov. 14, 2005).

38

GAO-06-184.

Page 31 GAO-06-970 FFMIA Fiscal Year 2005 Results

implementation efforts. In a related initiative, OMB established the FSIO
to address some of the responsibilities of the former JFMIP Program
Management Office, which was realigned in December 2004. OMB will provide
oversight and guidance to FSIO on priorities and expected performance, in
consultation with the FSIO Transformation Team of the CFO Council.
Further, OMB's December 2004 revision of Circular No. A123, Management's
Responsibility for Internal Control, which was effective for fiscal year
2006, is intended to strengthen requirements for conducting management's
assessment of internal control over financial reporting. Through these
various initiatives, OMB is taking action to improve financial management
in the federal government. However, establishing good financial management
throughout the federal government will also require changing the
organizational culture of some federal agencies; therefore, the sustained
leadership and support of the Congress has been and continues to be
essential to the reform of financial management in the federal government.

    Adherence to Best Practices Is Critical to Successful Modernization
    Initiatives

Across government, agencies have many efforts under way to implement new
financial management systems or to upgrade existing systems that may help
improve FFMIA compliance. However, these efforts far too often result in
systems that do not meet their cost, schedule, and performance goals.
While agencies anticipate that the new systems will provide reliable,
useful, and timely data to support managerial decision making, our work
and that of others has shown that has often not been the case. For
example, modernization efforts at Energy, HHS, DOD, and Treasury have been
hampered by agencies not following best practices in systems development
and implementation efforts (commonly referred to as disciplined
processes).

o  According to Energy's independent auditor,39 Energy implemented a new
financial accounting system in April 2005, shortly after reorganizing and
consolidating its finance and accounting services organization in October
2004. At the same time, Energy also adopted a new chart of accounts in
conjunction with the new accounting system. Prior to 2005, Energy's
auditors had consistently provided negative assurance that the financial
management systems were in compliance with FFMIA; however, the
reorganization and consolidation adversely affected the financial
accounting staffing levels and skills mix

39

KPMG, Independent Auditor's Report (Washington, D.C.: Nov. 9, 2005).

throughout the department and Energy did not complete corrective actions
to address these weaknesses. As a result, in the process of implementing
the new system, Energy encountered a number of problems involving data
conversion, reconciliation, posting, and reporting. Energy's auditor
specifically noted problems in accounting for obligations, monitoring
budget execution and control, reconciling integrated contractor trial
balances with departmental records, reconciling accounting system modules
to the general ledger, resolving various posting errors, and identifying
and reporting intragovernmental transactions. The auditor also noted that,
after the implementation of the new system, many reports needed for
management, internal control, and audit purposes were no longer available.
These problems hindered the department's ability to assure the accuracy
and completeness of data needed for audit testing and it was unable to
provide the accurate and supportable financial statements required for
audit. As a result, Energy's auditors issued a disclaimer on the fiscal
year 2005 financial statements and concluded that the financial management
systems did not substantially comply with federal financial management
systems requirements and federal accounting standards.

o  As part of its modernization effort, HHS developed plans to reduce the
number of financial management systems from five to two using the Unified
Financial Management System (UFMS). This system is expected to integrate
the HHS financial management structure to provide more timely and
consistent information and to promote the consolidation of accounting
services throughout HHS. On the basis of our fiscal year 2004 review of
UFMS,40 we reported that HHS had not effectively implemented the best
practices needed to reduce the risks associated with the implementation of
a new system. Specifically, we reported that the UFMS implementation
project was schedule driven rather than event driven based on effectively
implemented disciplined processes, with limited time devoted to critical
steps in the system development life cycle. We also stated that data
conversion and system interface challenges were critical to the ultimate
success of UFMS. In April 2005, HHS deployed the core financial portion of
UFMS at the Centers for Disease Control and Prevention (CDC) and the Food
and Drug Administration (FDA). Subsequently, auditors at HHS reported

GAO, Financial Management Systems: Lack of Disciplined Processes Puts
Implementation of HHS' Financial System at Risk, GAO-04-1008 (Washington,
D.C.: Sept. 23, 2004).

Page 33 GAO-06-970 FFMIA Fiscal Year 2005 Results

problems with the implementation process at CDC and FDA.41 Specifically,
they stated that HHS experienced significant challenges in resolving
issues with the system conversion and implementation, including
configuration issues, insufficient resources, inadequate training, and
limited report capability of financial and budget activity within the
system. Furthermore, the auditors noted that UFMS, as currently
configured, cannot produce financial statements. Therefore, FDA and CDC
used cumbersome processes to crosswalk the unadjusted trial balance to the
financial statements and to record thousands of nonstandard accounting
entries both prior and subsequent to the UFMS conversion. For example, FDA
recorded about 14,000 nonstandard accounting entries totaling an absolute
value of approximately $9.4 billion to create the September 30, 2005,
financial statements. In addition, CDC had to record (1) accounting
entries totaling an absolute value of approximately $11.3 billion either
to its financial statements or those of another HHS operating division;

(2) adjustments totaling an absolute value of about $24.4 billion, related
to conversion, data cleanup, corrections, account reclassifications, and
other adjustments to conform to UFMS processing; and (3) an approximately
$19.1 billion absolute value adjustment to the database used to generate
financial statements as a result of conversion adjustments made in UFMS
that could not be extracted into the database. The auditors reported that
HHS management continues to develop and implement corrective actions to
improve its implementation of UFMS, develop internal controls, train
personnel, and develop necessary reports, policies, and procedures;
however, they noted that sustained efforts will be necessary to overcome
the seriousness of the weaknesses noted.

o  According to DOD management, the department's inability to comply
materially with FFMIA is primarily the result of structural problems
related to legacy accounting systems that do not accurately account for
both budgetary and proprietary activities.42 Quite simply, according to
DOD management, the department does not have the systems and accounting
structures in place to achieve compliance with FFMIA. We have reported
that DOD has historically been unable to develop and implement business
systems on time, within budget, and with the

41

Ernst & Young, Report of Independent Auditors (Washington, D.C.: Nov. 11,
2005).

42

Department of Defense, FY 2005 Performance and Accountability Report
(Washington, D.C.: Nov. 15, 2005).

Page 34 GAO-06-970 FFMIA Fiscal Year 2005 Results

promised capability. For example, in September 2005, we reported43 that
the Department of the Navy spent approximately $1 billion for four largely
failed pilot Enterprise Resource Planning (ERP) system44 efforts, without
marked improvement in its day-to-day operations. Although the pilots used
the same ERP commercial off-the-shelf software, inconsistencies in the
design and implementation resulted in them not being interoperable.
Furthermore, if there had been effective project management oversight of
the pilot programs at the outset, there would not have been a need to, in
essence, start over. The Navy now has a new ERP project under way, which
early Navy estimates indicate will cost another $800 million. While the
new project, as currently envisioned, has the potential to address some of
the Navy's financial management weaknesses, it will not provide an
all-inclusive end-to-end corporate solution for the Navy. For example, the
current scope of the ERP does not provide for real-time asset visibility
of shipboard inventory, which has been and continues to be a long-standing
problem within the department. Further, there are still significant
challenges and risks ahead as the project moves forward, such as
developing and implementing 44 system interfaces with other Navy and DOD
systems and converting data from legacy systems to the ERP system. In
addition, the Navy does not have in place the structure to capture
quantitative data that can be used to assess the effectiveness of the
overall effort and has not established an independent verification and
validation function.

o  The ability to prepare the consolidated financial statements of the
U.S. government (CFS) has been a long-standing challenge for Treasury's
Financial Management Service. To address some of the internal control
weaknesses identified in our audit report,45 Treasury began developing the
Governmentwide Financial Report System (GFRS). The goal of this new system
is to directly link information from federal agencies' audited financial
statements to amounts reported in the CFS. We

43

GAO, DOD Business Systems Modernization: Navy ERP Adherence to Best
Business Practices Critical to Avoid Past Failures , GAO-05-858 (
Washington, D.C.: Sept. 29, 2005).

44

An ERP solution is an automated system using commercial off-the-shelf
software consisting of multiple, integrated functional modules that
perform a variety of businessrelated tasks such as payroll, general ledger
accounting, and supply chain management.

45

Department of the Treasury, 2005 Financial Report of the United States
Government (Washington, D.C.: Dec. 2005).

found46 that Treasury had not yet effectively implemented the disciplined
processes necessary to provide reasonable assurance that GFRS will meet
its performance, schedule, and cost goals. Specifically, Treasury had not
(1) developed a concept of operations or any other document that
adequately defines or documents the expected performance of GFRS, (2)
developed a detailed project plan and schedule through completion of GFRS,
(3) developed a budget justification for GFRS as called for in OMB
Circular No. A-11,47 and

(4) implemented the disciplined processes necessary to effectively manage
the GFRS project. These deficiencies have contributed to the various
usability problems encountered by its users. Going forward, it will be
important for Treasury to better mitigate its risks so that longstanding
internal control weaknesses regarding the preparation of the CFS can be
eliminated and, more importantly, so that Treasury ends up with a system
that fully meets its and agencies' needs.

In addition to the examples above, our March 2006 report48 summarizes many
of the agencies' financial management system implementation failures that
have been previously reported by us and agency inspectors general. In our
report, we identified several problems related to agencies' implementation
of financial management systems in three recurring and overarching themes:
disciplined processes, human capital management, and other information
technology (IT) management practices. Key causes of failure within each
area are identified in table 1. Although the implementation of any major
system will never be a risk-free proposition, organizations that follow
and effectively implement disciplined processes, along with effective
human capital and other IT management practices, can reduce the risks of
financial management system modernization efforts to acceptable levels.

46

GAO, Financial Management Systems: Lack of Disciplined Processes Puts
Effective Implementation of Treasury's Governmentwide Financial Report
System at Risk, GAO-06-413 (Washington, D.C.: Apr. 21, 2006).

47

Section 300 of OMB Circular No. A-11, Preparation, Submission, and
Execution of the Budget (Nov. 2, 2005), set forth requirements for federal
agencies for planning, budgeting, acquiring, and managing information
technology capital assets.

48GAO-06-184.

Table 1: Key Causes of Systems Implementation Failure
                                 Human capital
Disciplined processes      management                Other IT management   
Requirements management          Strategic workforce Enterprise            
                                               planning architecture          
Testing                    Human resources           Investment management 
Data conversion and system Change management         Information security  
interfaces                                           
Risk management                                      
Project management                                   

              Source: GAO analysis and inspectors general reports.

    Goals for the Financial Management Line of Business Have Been Established

To help address financial management systems' weaknesses and
implementation failures and to support the President's Management Agenda
goal to expand electronic government, OMB launched the financial
management line of business in March 2004. The financial management line
of business was one of five original lines of business that were initiated
to develop business-driven, common solutions for specific lines of
business that extend across the entire federal government. OMB and
designated agency lines of business task forces plan to use enterprise
architecture-based principles and best practices to identify common
solutions for business processes, technology-based shared services, or
both, to be made available to government agencies. The original five lines
of business were financial management, human resources management, grants,
federal health architecture, and case management.49 These lines of
business share similar business requirements and processes. In March 2005,
OMB started a task force to address a sixth line of business on IT
security. As introduced in the President's fiscal year 2007 budget
proposal, three new lines of business initiatives will join the six
existing lines of business. The three new lines of business are IT
infrastructure optimization, geospatial, and budget formulation and
execution.50

49

Case management involves managing claims or investigations including
creating, routing, tracing, assigning and closing a case, as well as
collaboration among case handlers.

50

In March 2006, OMB launched task forces to conduct governmentwide analysis
for the three new lines of business based on an analysis of the fiscal
year 2007 budget that shows significant opportunities for improvement in
sharing common information technology infrastructure, geospatial data and
capabilities, and budgeting processes and functions across government.

The financial management line of business initiative promotes leveraging
shared service solutions to enhance the government's performance and
services, such as establishing shared service providers to consolidate
financial management activities for major agencies. Under this initiative,
OMB developed an approach for competitively migrating financial management
systems to a limited number of shared service providers, including OMB
designated federal shared service providers, or private sector entities.51
As part of the fiscal year 2006 budget process, in February 2005 OMB
designated four federal agencies52 as governmentwide financial management
shared service providers. OMB evaluated business cases submitted by
agencies using a due diligence checklist and selected the four agencies to
be shared service providers. Three of the agencies have had significant
experience providing financial management services to other small federal
entities.

OMB has indicated that other agencies may also serve as shared service
providers in the future, but has not yet established any limits or targets
on the number of providers to be designated. Although there have been
subsequent requests by agencies and departments to become shared services
providers, as of September 2006, OMB has not designated any new providers
beyond the four original service providers previously selected. According
to OMB's Migration Planning Guidance that was issued in September 2006,
OMB has encouraged private sector providers that can satisfy the shared
services requirements to participate in the procurement process for these
services. Agencies are responsible for determining, through competition,
if a private sector shared service provider meets the financial management
line of business requirements. OMB officials told us they may consider the
designation of these providers in the future.

In a December 2005 memorandum53 to agency CFOs, OMB provided an update on
the financial management line of business. The memorandum

51

OMB has not designated any private sector entities as shared service
providers, but may consider doing so in the future.

52

The four agencies designated as shared service providers were the
Department of the Interior (National Business Center), General Services
Administration (Federal Integrated Solutions Center), Department of the
Treasury (Bureau of the Public Debt's Administrative Resource Center), and
Department of Transportation (Enterprise Services Center).

53

OMB, Update on the Financial Management Line of Business and the Financial
Systems Integration Office, Memorandum (Washington, D.C.: Dec. 16, 2005).

explained that the overall vision of the financial management line of
business (as depicted in fig. 6) is to improve the cost, quality, and
performance of financial management systems by leveraging shared service
solutions and implementing other governmentwide reforms that foster
efficiencies in federal financial operations. The memorandum also stated
that the goals of the financial management line of business include

     o providing timely and accurate data for decision-making;
     o facilitating stronger internal controls that ensure integrity in
       accounting and other stewardship activities;
     o reducing costs by providing a competitive alternative for agencies to
       acquire, develop, implement, and operate financial management systems
       through shared service solutions;
     o standardizing systems, business processes, and data elements; and
     o providing for seamless data exchange between and among federal
       agencies by implementing a common language and structure for financial
       information and system interfaces.

Figure 6: Overall Vision of the Financial Management Line of Business

                    Source: Office of Management and Budget.

OMB stated, in the December 2005 memorandum, that federal agencies have
begun implementing the financial management line of business initiative by
actively migrating to shared service providers and initiating solutions to
integrate financial data among and between agency business

Page 40 GAO-06-970 FFMIA Fiscal Year 2005 Results

systems. In August 2005, OPM was the first CFO Act agency to announce its
plans to move to a designated shared service provider. In addition, in
March 2006, Labor awarded a 5-year contract to a private sector firm to
provide financial management hosting and operation and maintenance
services, which includes hardware, software, and other services. As part
of its best-value determination, EPA was also considering the designated
shared service providers as well as private sector providers for software,
integration, and hosting and plans to award its contract no later than the
first quarter of fiscal year 2007. Moreover, DHS officials testified in
March 2006,54 that rather than acquiring, configuring, and implementing a
new system within DHS, they recognized the opportunity to leverage
investments that have already been made, both within DHS and at
OMBdesignated shared service providers.

OMB noted that nothing in the December 2005 memorandum changes the
expectations that agencies will continue to take all the necessary steps
(in the earliest possible time frames) to meet the financial management
line of business goals. OMB stated that it had instituted a policy that
agencies seeking to modernize their financial systems must either be
designated as a public shared service provider or must migrate to a shared
service provider (public, private, or a combination of both). However,
exceptions will be made in limited situations when an agency demonstrates
compelling evidence of a best value and lower risk alternative. It is
OMB's intent to avoid investments in "in-house" solutions wherever
possible so that the shared service framework can fully achieve potential
and anticipated returns.

    Challenges and Implications in Implementing the Financial Management Line of
    Business

We have long supported and called for initiatives to standardize and
streamline common systems, which can reduce costs and, if done correctly,
improve accountability. Likewise, OMB has correctly recognized that
enhancing the government's ability to implement financial management
systems that are capable of providing accurate, reliable, and timely
information on the results of operations needs to be addressed as a
governmentwide solution, rather than individual agency stove-piped efforts
designed to meet a given entity's needs. However, this is a significant
change in how agencies acquire new system capacity and raises numerous
complex issues that have far-reaching implications for the

54

DHS, Information Technology Investments and the Future of the eMerge2
Program (Washington, D.C.: Mar. 29, 2006).

Page 41 GAO-06-970 FFMIA Fiscal Year 2005 Results

government and private sector shared service providers. As we reported in
March 2006,55 OMB has not yet fully defined and implemented the processes
necessary to successfully complete the financial management line of
business initiative.

OMB has been proactive since the beginning of the financial management
line of business initiative in making speeches, discussing the initiative
with the media, including it in the President's budget request,
highlighting it on its Web site, and issuing draft guidance. Until
recently there were limited tools and guidance available. In our March
2006 report,56 we found, for example, that the requirements for agencies
and private sector firms to become shared service providers and the
services that they must provide have not been adequately documented or
effectively communicated to agencies and the private sector. In addition,
OMB had not provided shared service providers with standard document
templates needed to minimize risk, provide assurance, and develop
understandings with customers on topics such as service-level agreements
and a concept of operations. We made a number of recommendations to
address these issues, and OMB has been taking steps to address them. For
example, in May 2006, OMB issued an initial competition framework57 and
draft Migration Planning Guidance that was circulated to agencies and the
public for comment and included some of this important information. The
Migration Planning Guidance issued in September 2006 included change
management best practices and templates for service level agreements and
project plans, among other items. As explained later, FSIO plays a key
role in developing the guidance to move the financial management line of
business forward.

OMB has stated that agencies will consistently meet cost, schedule, and
performance goals when implementing new financial management systems once
the financial management line of business is fully realized. However,
agencies' financial management system problems may not all be solved by
moving to a shared service provider and this may actually create
additional problems if agencies put less focus on their risk management
and financial management efforts. In addition, there may be some
misconception that moving to a shared service provider would guarantee

55GAO-06-184.

56GAO-06-184.

See OMB Memorandum, Competition Framework for Financial Management Lines
of Business Migrations (May 22, 2006), for the initial Competition
Framework which will be incorporated into the Migration Planning Guidance.

Page 42 GAO-06-970 FFMIA Fiscal Year 2005 Results

an agency of getting a clean audit opinion and being compliant with FFMIA.
There are a number of factors that affect FFMIA compliance, including the
quality of transaction data in agency feeder systems, the success of
converting data from legacy systems, and the interaction of people,
process, and technology within an agency's environment.

In March 2006,58 we reported that careful consideration of the following
four concepts, each one building upon the next, would be integral to the
success of OMB's initiatives and could help break the cycle of failure in
implementing financial management systems. The four concepts were

        (1)
                developing a concept of operations, (2) defining standard
                business processes, (3) developing a strategy for ensuring
                that agencies migrate to a limited number of service
                providers in accordance with OMB's stated approach, and (4)
                defining and effectively implementing disciplined processes
                necessary to properly manage the specific projects. Because
                these issues have not been addressed, a firm foundation to
                address the long-standing problems that have impeded success
                has not yet been established. A concept of operations would
                help provide the foundation for the financial management line
                of business. An effective concept of operations would
                describe, at a high level, (1) how all of the various
                elements of federal financial systems and mixed systems
                relate to each other and

(2)
           how information flows from and through these systems. A concept of
           operations would provide a useful tool to explain how financial
           management systems at the agency and governmentwide levels can
           operate cohesively. It would be geared to a governmentwide
           solution rather than individual agency stove-piped efforts.
           Because the federal government has lacked such a document, a clear
           understanding of the interrelationships among federal financial
           systems and how the shared service provider concept fits into this
           framework has not yet been achieved.

Standard business processes are critical to implementing the financial
management line of business and need to be defined and communicated to all
federal agencies. Standard business processes promote consistency and
provide the framework for agencies and shared service providers. OMB
officials recognize that standardization is important and are developing a
standard set of business processes in four areas: funds control, accounts

58GAO-06-184.

payable, accounts receivable, and financial reporting. As illustrated
previously in figure 6, OMB is also developing a common accounting code
that may help address some of this lack of standardization. According to
OMB officials, OMB also has other initiatives under way to develop
standard interfaces for feeder systems such as acquisitions. While these
are positive steps, there are numerous other areas where standardization
is important, such as inventory, supplies, and material management as well
as the loan management areas. Absent this standardization, shared service
providers have been designated without common business rules and potential
customer agencies continue to implement and operate individual stove-piped
systems that may require additional work to adopt these processes.

To maximize the success of a new system acquisition, organizations need to
consider the redesign of current business processes. As we noted in our

Executive Guide: Creating Value Through World-class Financial
Management,59 leading finance organizations have found that productivity
gains typically result from more efficient processes, not from simply
automating old processes. In the past, agencies have resisted change and
failed to develop transition plans, reengineer business processes, and
limit customization. Agencies may continue to resist change and this
approach for outsourcing their financial management systems because of the
perceived (1) loss of control of their own data, (2) potential increase in
costs with a decrease in the level of customer service and quality,

(3) inability of providers to meet specific user needs, (4) loss of
control to upgrade the system, and (5) negative effect on an agency's
individual employees. The shared service provider concept will still
require that agencies address long-standing human capital problems by
incorporating elements of strategic workforce planning such as aligning an
organization's human capital program with its current and emerging mission
and programmatic goals, and developing long-term strategies for acquiring,
developing, and retaining an organization's total workforce to meet the
needs of the future.

A clear migration strategy for implementing the financial management line
of business will be crucial. However, OMB has not articulated a clear and
measurable strategy for achieving this goal. This is important because
there has been a historical tendency for agencies and units within
agencies

GAO, Executive Guide: Creating Value Through World-class Financial
Management, GAO/AIMD-00-134 ( Washington, D.C.: April 2000).

Page 44 GAO-06-970 FFMIA Fiscal Year 2005 Results

to prefer internally developed processes and resist standardization. OMB's
general principle is that agencies should migrate to shared service
providers when it is cost effective to do so and they have maximized the
useful life and investment in the current system, which averages about 5
to 7 years. According to OMB's draft Migration Planning Guidance, it is
anticipated that within 10 years all agencies will have decided whether to
migrate their technology hosting and application management to a shared
service provider, or will have become a shared service provider
themselves. However, OMB does not plan to establish a specific migration
path or time table for agencies to move to a shared service provider. It
is not clear how this will impact the adoption of this initiative. Given
the pressures to reduce budgets, instilling discipline with respect to
following a clear migration path will be essential. Furthermore, without a
clear migration path, while some agencies may readily migrate to a shared
service provider to minimize the tremendous undertaking of implementing or
significantly upgrading a financial system, other agencies will likely
perpetuate the waste of taxpayer dollars previously described related to
failed system implementation efforts.

Whether agencies move to a shared service provider or implement their own
systems, they must have disciplined processes (e.g., testing, requirements
management, and risk management) in place to achieve the intended results
within established resources on schedule. Effective implementation and
testing processes are still required to ensure that the system delivers
the desired functionality on time and within budget. Agencies have
frequently struggled to implement key best practices when implementing
commercial off-the-shelf financial management systems and relied too
heavily on JFMIP testing and certification. A standard set of best
practices will be needed to guide the migration from legacy systems to new
systems and shared service providers. The Migration Planning Guidance is a
good first step in stressing the importance of this standard set of best
practices.

    Financial Systems Integration Office Established and Priorities Identified

In accordance with a December 2004 memorandum,60 JFMIP responsibilities
were realigned and the four JFMIP principals61 will continue to meet at
their discretion to discuss major financial management issues. FSIO has
been established with staff from the previous JFMIP program management
office to address some of the former JFMIP responsibilities. According to
a December 2005 OMB memorandum,62 the governance structure for financial
management system initiatives gives FSIO direct responsibility for
completing priority projects under the financial management line of
business, such as developing the Migration Planning Guidance. As depicted
in figure 7, OMB will provide oversight and guidance to FSIO on priorities
and expected performance, in consultation with the FSIO Transformation
Team of the CFO Council. According to OMB, the updated governance
structure ensures that the FSIO, financial management line of business,
and the FSIO Transformation Team do not operate in separate stovepipes.
Responsibility for work products will now rest with FSIO where full-time
dedicated staff including the FSIO Executive Director will be held
accountable for achieving financial management line of business
milestones. FSIO will coordinate the collection and expenditure of
financial management line of business funds.

60OMB, Realignment of Responsibilities for Federal Financial Management
Policy and Oversight, Memorandum (Washington, D.C.: Dec. 2, 2004).

61

The JFMIP principals are the Comptroller General of the United States, the
Secretary of the Treasury, and the Directors of OMB and OPM.

62

OMB, Update on the Financial Management Line of Business and the Financial
Systems Integration Office, Memorandum (Washington, D.C.: Dec. 16, 2005).

Page 46 GAO-06-970 FFMIA Fiscal Year 2005 Results

Figure 7: Governance Structure

                                      FSIO

Source: Office of Management and Budget.

OMB will continue its role as Executive Sponsor of the financial
management line of business. In December 2005, FSIO moved from GSA's
Office of the Chief Financial Officer to the Office of Governmentwide
Policy, Office of Technology Strategy (OTS). OMB named GSA the managing
partner responsible for project management of the financial management
line of business. Specifically, GSA's responsibilities include organizing
the work effort, involving the Federal CFO community in the initiative,
and setting the schedule of priorities with input from Executive Steering
Committee members selected from partner agencies. The Executive Steering
Committee provides strategic direction and agency sponsorship, assists in
priority setting, and approves partner agency resource contributions. The
members of the committee meet quarterly or on an as-needed basis and are
comprised of the FSIO Executive Director, six representatives from CFO Act
agencies at the CFO or Deputy CFOlevel, a non-voting representative from
OMB's Office of E-Government and a non-voting representative from OMB's
Office of Federal Financial Management. The members were selected from the
CFO Act agencies to represent diverse perspectives in regards to size of
agency, financial management technical platform, and migration status.

The FSIO Transformation Team meets monthly and has a larger membership
than the Executive Steering Committee, including agency representatives
from all CFO Act agencies. The team functions as an advisory group to the
Executive Steering Committee, manages the delivery of interdisciplinary
work packages, and makes recommendations to the FSIO Executive Committee
and the financial management line of business managing partner. The team
is responsible for: (1) providing an internal review function for final
work products, (2) providing recommendations to the financial management
line of business project management office, and (3) continuously seeking
to refine processes to increase the quality of and buy-in for their work
products.

In terms of mission and scope, FSIO has three major areas of
responsibilities: (1) continuing its primary role of core financial system
requirements development, testing, and certification; (2) providing
support to the federal financial community by taking on special priority
projects as determined by the OMB Controller, CFO Council, and the FSIO
Executive Director; and (3) conducting outreach through an annual
financial management conference sponsored by the JFMIP principals and
other related activities. The projects that the FSIO undertakes will
directly reflect the priorities of the CFO community and OMB. The priority
projects to be undertaken in the near term will relate to the transparency
and standardization initiatives of the financial management line of
business, which were previously discussed and illustrated in figures 6 and
7.

    Opinions on Internal Control May Further Strengthen New Internal Control
    Reporting Requirements

Another key initiative for improving financial management in the federal
government was OMB's December 2004 revision of Circular No. A-123,63 which
we support, and was effective at the start of fiscal year 2006.64
Financial systems weaknesses are frequently caused by a lack of adequate
internal control within an agency. The revisions to OMB Circular No. A-123
were intended to strengthen the requirements for conducting management's
assessment of internal control over financial reporting at CFO Act
agencies. One major revision requires CFO Act agency management to
annually provide a separate assurance statement on internal control over
financial reporting in its performance and accountability report, along
with a report on identified material weaknesses and corrective actions.
The revision also establishes that OMB may, at its discretion, require a
CFO Act agency to obtain an opinion on internal control over financial
reporting.

We view auditor opinions on internal control over financial reporting as
an important component of monitoring the effectiveness of an entity's risk
management and accountability systems. OMB's efforts to enhance Circular
No. A-123 through the December 2004 revision and its continued efforts to
improve the quality of internal control in the federal government
financial management environment reflect substantial progress in both the
criteria and expectations for this issue. As we point out in our recent
report65 on this issue, because agencies are not uniformly ready for such
audits, specific criteria to ascertain when an agency should initially be
required to obtain an audit opinion on its internal control over financial
reporting are critical to ensuring that the internal control audits fully
contribute to the overarching goal of ongoing improvement in federal
agency internal control and accountability. Additionally, implementing a
multiyear cycle for an opinion on internal control over financial
reporting could assist in mitigating the cost of the requirement while
still providing an effective quality control mechanism for ascertaining
that management's assessment of its internal control is reliable. Although
all of the benefits associated with obtaining an audit opinion on internal
control are not

63

OMB Circular No. A-123, Management's Responsibility for Internal Control
(revised Dec. 2004).

64GAO, Financial Management: Effective Internal Control Is Key to
Accountability, GAO-05-321T (Washington, D.C.: Feb. 16, 2005).

65

GAO, Internal Control: Analysis of Joint Study on Estimating the Costs and
Benefits of Rendering Opinions on Internal Control over Financial
Reporting in the Federal Government , GAO-06-255R (Washington, D.C.: Sept.
6, 2006).

quantifiable in monetary terms, it is clear that having set criteria as to
when an agency should initially be required to obtain an auditor opinion
on internal control over financial reporting would be a key oversight
mechanism for the Congress and ultimately the U.S. taxpayer.

    Sustained and Committed Leadership Is Key to Success for Financial
    Management Initiatives

Sustained leadership will be key to a successful strategy for moving
federal agencies towards consolidated financial management systems and
FFMIA compliance. In our Executive Guide: Creating Value Through
World-class Financial Management,66 we found that leading organizations
made financial management improvement an entitywide priority by, among
other things, providing clear, strong executive leadership. We also
reported that making financial management a priority throughout the
federal government involves changing the organizational culture of federal
agencies. Much work remains to develop a change management strategy to
minimize the risk associated with the implementation of the financial
management line of business initiative. Because the tenure of political
appointees is relatively short, the current and future administrations
must continue a strong emphasis on top-notch financial management. In
addition, continued attention and oversight by the Congress is crucial to
the success of these initiatives and federal financial management reform.

The leadership and support demonstrated by the Congress have been and
continue to be essential in the reform of financial management in the
federal government. As previously discussed, the legislative framework
provided by the CFO Act and FFMIA, among others, established a solid
foundation to stimulate change needed to achieve sound financial systems
management. Further, in October 2004, the Congress added DHS to the list
of CFO Act agencies and thus subject to FFMIA in fiscal year 2005.
Sustained congressional interest in these issues has been demonstrated by
the number of hearings on federal financial management and reform held
over the past several years. For example, hearings have recently been held
on the financial management line of business initiative that provided a
constructive discussion on some of the challenges inherent in such a large
undertaking. It is critical that the various appropriations, budget,
authorizing, and oversight committees hold agency top management
accountable for resolving these problems and that the committees continue
to support improvement efforts.

66

GAO/AIMD-00-134.

  Conclusions

The size and complexity of the federal government and the long-standing
nature of its financial management systems weaknesses continues to present
a formidable management challenge. Modernizing and improving financial
management systems will require continued attention from the highest
levels of government. We recognize that it will take time, investment, and
sustained emphasis on correcting these deficiencies to improve federal
financial management systems to the level required by FFMIA. However, with
concerted and coordinated effort, including attention from top agency
management and the Congress, the federal government can make progress
toward improving its financial management systems and thus achieve the
goals of the CFO Act and provide accountability to the nation's taxpayers.

We continue to be concerned that the full nature and scope of the problems
have not yet been identified because most auditors have only provided
negative assurance in their FFMIA reports. We also believe the law
requires auditors to provide positive assurance on FFMIA compliance.
Therefore, we reaffirm our recommendation made in prior reports that OMB
revise its current FFMIA guidance to require agency auditors to provide a
statement of positive assurance when reporting an agency's systems to be
in substantial compliance with FFMIA. A key benefit of providing positive
assurance is that auditors will need to perform additional audit
procedures in order to have a strong basis for definitively stating
whether agencies' financial management systems substantially comply with
FFMIA's three requirements. We also reaffirm our other prior
recommendation for OMB to explore further clarification of the definition
of "substantial compliance" in its FFMIA guidance to encourage consistent
reporting among agency auditors. As we have stated in prior reports,67 the
auditors that we interviewed continue to express concerns about providing
positive assurance in reporting on agency systems' FFMIA compliance due to
a perceived need for a clearer definition of substantial compliance.
Further, some auditors that we interviewed stated that a change in OMB's
guidance on FFMIA reporting will be necessary in order for them to provide
an opinion on FFMIA compliance.

Agency Comments and Our Evaluation

In written comments (reprinted in app. VI) on a draft of this report, OMB
generally agreed with our assessment that while federal agencies continue
and Our Evaluation to make progress in addressing financial management
systems

67 GAO-02-29 , GAO-03-31, GAO-05-20, andGAO-05-881.

weaknesses, many agencies still need to make improvements to produce the
information needed to efficiently and effectively manage day-to-day
operations. As in previous years, OMB did not see the necessity of our
recommendation for agency auditors to provide a statement of positive
assurance when reporting agency systems to be in substantial compliance
with the requirements of FFMIA. While OMB commended Labor's auditors for
performing the additional level of audit work needed to provide positive
assurance of compliance with FFMIA and encouraged similar efforts at other
agencies, OMB stated that requiring a statement of positive assurance
would prove only marginally useful.

OMB stated that the goals of its various initiatives-the President's
Management Agenda (PMA), the Financial Management Line of Business
(FMLOB), and the strengthened internal control requirements incorporated
into the revised OMB Circular No. A-123, Management's Responsibility for
Internal Control-align with the goal of FFMIA to create the full range of
information needed for day-to-day management. From OMB's perspective, the
broad scope of the PMA and the fundamental changes occurring under the
FMLOB initiative, combined with the strengthened reporting requirements of
Circular No. A-123, are helping agencies to identify and correct FFMIA
deficiencies.

While we agree that the PMA, FMLOB, and OMB Circular No. A-123 initiatives
are helping to drive improvements, auditors need to consider other aspects
of financial management systems as well when assessing FFMIA compliance
that are not fully addressed through the current reporting structure. For
example, in preparing the PMA scorecard assessments, OMB officials meet
with agencies to discuss a number of financial management issues and have
systems demonstrations. Our concern is that some of the information
provided by this approach does not come under audit scrutiny and may not
be reliable. Similarly, internal control assessments performed under
Circular No. A-123 are based on management's judgment and are subject to
an opinion-level review by independent auditors only in limited
circumstances. From our perspective, an opinion by an independent auditor
on FFMIA compliance would confirm whether an agency's systems
substantially met the requirements of FFMIA and provide additional
confidence in the information provided as a result of the PMA, FMLOB, and
Circular No. A-123 initiatives. Finally, we continue to believe that a
statement of positive assurance is a statutory requirement under the act.

With regard to our prior recommendation, which we reaffirmed in this
report, for revised guidance that clarifies the definition of substantial
compliance, OMB said that the experience obtained from helping agencies
implement the high standards incorporated in the PMA and the FMLOB will
allow a further refinement of the FFMIA indicators associated with
substantial compliance. Therefore, OMB agreed to consider clarifying the
definition of "substantial compliance" in future policy and guidance
updates. As we noted in our prior reports,68 auditors that we interviewed
expressed a need for clarification regarding the meaning of substantial
compliance; and in fiscal year 2005, auditors for 7 of the 12 agencies we
visited stated that additional guidance on the definition of substantial
compliance would be useful.

OMB and the Departments of Health and Human Services and Transportation
also provided technical comments, which we incorporated as appropriate.

We are sending copies of this report to the Chairman and Ranking Minority
Member, Subcommittee on Federal Financial Management, Government
Information, and International Security, Senate Committee on Homeland
Security and Governmental Affairs, and to the Chairman and Ranking
Minority Member, Subcommittee on Government Management, Finance, and
Accountability, House Committee on Government Reform. We are also sending
copies to the Director of the Office of Management and Budget, the heads
of the 24 CFO Act agencies in our review, and agency CFOs and Inspectors
General. Copies will be made available to others upon request. In
addition, this report will be available at no charge on the GAO Web site
at http://www.gao.gov.

68 GAO-02-29, GAO-03-31 , GAO-05-20, and GAO-05-881.

This report was prepared under the direction of McCoy Williams, Director,
Financial Management and Assurance, who may be reached at (202) 5129095 or
[email protected] if you have any questions. Contact points for our
Offices of Congressional Relations and Public Affairs may be found on the
last page of this report. GAO staff who made key contributions to this
report are listed in appendix VIII.

David M. Walker Comptroller General of the United States

 Appendix I: Requirements and Standards Supporting Federal Financial Management

  Financial Management Systems Requirements

The policies and standards prescribed for executive agencies to follow in
developing, operating, evaluating, and reporting on financial management
systems are defined in Office of Management and Budget (OMB) Circular No.
A-127, Financial Management Systems. The components of an integrated
financial management system include the core financial system,1 managerial
cost accounting system, administrative systems, and certain programmatic
systems. Administrative systems are those that are common to all federal
agency operations,2 and programmatic systems are those needed to fulfill
an agency's mission. Circular No. A-127 refers to the series of
publications entitled Federal Financial Management Systems Requirements,
initially issued by the Joint Financial Management Improvement Program's
(JFMIP) Program Management Office (PMO) as the primary source of
governmentwide requirements for financial management systems. However, as
of December 2004, the Financial Systems Integration Office (FSIO) assumed
responsibility for coordinating the work related to federal financial
management systems requirements and OMB's Office of Federal Financial
Management (OFFM) is responsible for issuing the new or revised
regulations. In December 2004, the JFMIP Principals voted to modify the
roles and responsibilities of JFMIP, resulting in the creation of FSIO.
Appendix II lists the federal financial management systems requirements
published to date. Figure 8 is the current model that illustrates how
these systems interrelate in an agency's overall systems architecture.

1

Core financial systems, as defined by the Office of Federal Financial
Management (OFFM), include managing general ledger, funding, payments,
receivables, and certain basic cost functions.

2

Examples of administrative systems include budget, acquisition, travel,
property, and human resources and payroll.

Page 55 GAO-06-970 FFMIA Fiscal Year 2005 Results

 Appendix I: Requirements and Standards Supporting Federal Financial Management

                     Figure 8: Agency Systems Architecture

Source: OMB, Core Financial Systems Requirements, OFFM-NO-0106
(Washington, D.C.: January 2006).

                                 FFMIA Guidance
											
 	OMB establishes governmentwide financial management policies and
requirements and has issued two sources of guidance related to FFMIA
reporting. First, OMB Bulletin No. 01-02, Audit Requirements for Federal
Financial Statements, dated October 16, 2000, prescribed specific language
auditors should use when reporting on an agency system's substantial
compliance with the three FFMIA requirements. Specifically, this guidance
called for auditors to provide negative assurance when reporting on an
agency system's FFMIA compliance. On August 23, 2006, OMB issued Bulletin
No. 06-03, Audit Requirements for Federal Financial Statements, which
superseded OMB Bulletin No. 01-02. This bulletin did not substantially
revise the FFMIA audit guidance included in Bulletin No. 01-02. Second, in
OMB Memorandum, Revised Implementation Guidance for the Federal Financial
Management Improvement Act (Jan. 4, 2001), OMB provides guidance for
agencies and auditors to use in assessing substantial compliance. The
guidance describes the factors that should be

Appendix I: Requirements and Standards Supporting Federal Financial
Management

considered in determining whether an agency's systems substantially comply
with FFMIA's three requirements. Further, the guidance provides examples
of the types of indicators that should be used as a basis for assessing
whether an agency's systems are in substantial compliance with each of the
three FFMIA requirements. Finally, the guidance discusses the corrective
action plans, to be developed by agency heads, for bringing their systems
into compliance with FFMIA.

We have worked in partnership with representatives from the President's
Council on Integrity and Efficiency (PCIE) to develop and maintain the
joint GAO/PCIE Financial Audit Manual (FAM). The FAM provides specific
procedures auditors should perform when assessing FFMIA compliance.3 As
detailed in appendix V, we have also issued a series of checklists to help
assess whether agencies' systems meet systems requirements. The FAM
guidance on FFMIA assessments recognizes that while financial statement
audits offer some assurance regarding FFMIA compliance, auditors should
design and implement additional testing to satisfy FFMIA criteria.

OMB Circular No. A-127 also requires agencies to purchase commercial
off-the-shelf (COTS) software that has been tested and certified through
the PMO software certification process when acquiring core financial
systems. However, in December 2004, OMB transferred the responsibility of
certifying systems to FSIO as part of the realignment of JFMIP. The
certification process does not eliminate or significantly reduce the need
for agencies to develop and conduct comprehensive testing efforts to
ensure that the COTS software meets their requirements. Moreover, core
financial systems certification does not mean that agencies that install
these packages will have financial management systems that are compliant
with FFMIA. Many other factors can affect the capability of the systems to
comply with FFMIA, including modifications made to the FSIO-certified core
financial management systems software and the validity and completeness of
data from feeder systems.

3 GAO-01-765G , sections 701, 701A, 701B, and 260.58-.60.

 Appendix I: Requirements and Standards Supporting Federal Financial Management

  Federal Accounting Standards

The Federal Accounting Standards Advisory Board (FASAB)4 promulgates
federal accounting standards and concepts that agency chief financial
officers use in developing financial management systems and preparing
financial statements. FASAB develops the appropriate accounting standards
and concepts after considering the financial and budgetary information
needs of the Congress, executive agencies, and other users of federal
financial information and comments from the public. FASAB forwards the
standards and concepts to the Comptroller General, the Director of OMB,
the Secretary of the Treasury, and the Director of the Congressional
Budget Office (CBO) for a 90-day review. If, within 90 days, neither the
Comptroller General nor the Director of OMB objects to the standard or
concept, then it is issued and becomes final. FASAB announces finalized
concepts and standards in The Federal Register.

The American Institute of Certified Public Accountants designated the
federal accounting standards promulgated by FASAB as being generally
accepted accounting principles for the federal government. This
recognition enhances the acceptability of the standards, which form the
foundation for preparing consistent and meaningful financial statements
both for individual agencies and the government as a whole. Currently,
there are 30 Statements of Federal Financial Accounting Standards (SFFAS)
and 4 Statements of Federal Financial Accounting Concepts (SFFAC).5 The
concepts and standards are the basis for OMB's guidance to agencies on the
form and content of their financial statements and for the government's
consolidated financial statements. Appendix III lists the concepts,
standards, interpretations,6 and technical bulletins, along with their
respective effective dates.

4

In October 1990, the Secretary of the Treasury, the Director of OMB, and
the Comptroller General established FASAB to develop a set of generally
accepted accounting standards and concepts for the federal government.
Effective October 1, 2003, FASAB is comprised of six nonfederal or public
members, one member from the Congressional Budget Office, and the three
sponsors.

5

Accounting standards are authoritative statements of how particular types
of transactions and other events should be reflected in financial
statements. SFFACs explain the objectives and ideas upon which FASAB
develops the standards.

6

An interpretation is a document of narrow scope that provides
clarifications of original meaning, additional definitions, or other
guidance pertaining to an existing federal accounting standard.

 Appendix I: Requirements and Standards Supporting Federal Financial Management

FASAB's Accounting and Auditing Policy Committee (AAPC)7 assists in
resolving issues related to the implementation of accounting standards.
AAPC's efforts result in guidance for preparers and auditors of federal
financial statements in connection with implementation of accounting
standards and the reporting and auditing requirements contained in OMB's
Bulletin No. 01-09, Form and Content of Agency Financial Statements (Sept.
25, 2001), and Bulletin No. 01-02,8 Audit Requirements for Federal
Financial Statements (Oct. 16, 2000). To date, AAPC has issued six
technical releases, which are listed in appendix IV along with their
release dates.

  U.S. Government Standard General Ledger

The U.S. Government Standard General Ledger (SGL) was established by an
interagency task force under the direction of OMB and mandated for use by
agencies in OMB and Treasury regulations in 1986. The SGL promotes
consistency in financial transaction processing and reporting by providing
a uniform chart of accounts and pro forma transactions used to standardize
federal agencies' financial information accumulation and processing
throughout the year, enhance financial control, and support budget and
external reporting, including financial statement preparation. The SGL is
intended to improve data stewardship throughout the federal government
enabling consistent reporting at all levels within the agencies and
providing comparable data and financial analysis governmentwide.9

  Internal Control Standards

Congress enacted legislation, 31 U.S.C. S: 3512(c), (d) (commonly referred
to as the Federal Managers' Financial Integrity Act of 1982 (FMFIA)), to
strengthen internal controls and accounting systems throughout the federal
government, among other purposes. Issued pursuant to FMFIA, the
Comptroller General's Standards for Internal Control in the Federal
Government10 provides standards that are directed at helping agency

7

In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the Chief
Financial Officers Council, and the President's Council on Integrity and
Efficiency, established AAPC to assist the federal government in improving
financial reporting.

8

On August 23, 2006, OMB issued Bulletin No. 06-03, Audit Requirements for
Federal Financial Statements. This bulletin did not substantially revise
FFMIA audit guidance.

9

SGL guidance is published in the Treasury Financial Manual. Treasury's
Financial Management Service is responsible for maintaining the SGL and
answering agency inquiries.

10GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3 (Washington, D.C.: Nov. 1999).


managers implement effective internal control, an integral part of
improving financial management systems. Internal control is a major part
of managing an organization and comprises the plans, methods, and
procedures used to meet missions, goals, and objectives. In summary,
internal control, which under OMB's guidance for FMFIA is synonymous with
management control, helps government program managers achieve desired
results through effective stewardship of public resources.

In December 2004, OMB revised Circular No. A-12311 (effective beginning
with fiscal year 2006) to strengthen the requirements for conducting
management's assessment of internal control over financial reporting.
Significant revisions contained in Appendix A of the circular include
requiring Chief Financial Officers (CFO) Act agency management to annually
assess the adequacy of internal control over financial reporting, provide
a report on identified material weaknesses and corrective actions, and
provide a separate assurance statement on the agency's internal control
over financial reporting. In initiating the revisions, OMB cited the
internal control requirements for publicly traded companies that are
contained in section 404 of the Sarbanes-Oxley Act of 2002
(Sarbanes-Oxley).12 Sarbanes-Oxley was enacted in response to corporate
accountability failures of several years prior to its enactment and
contains a provision (section 404) calling for management's assessment of
internal control over financial reporting similar to the long-standing
requirements for executive branch agencies contained in FMFIA to issue
annual statements of assurance over internal control in the agencies.
Opinions on internal control over financial reporting as required by
Sarbanes-Oxley for publicly traded companies are important to protect
investors by improving the accuracy and reliability of corporate
disclosures made pursuant to the securities laws. Regulators, public
companies, audit firms, and investors generally agree that Sarbanes-Oxley
has had a positive and significant impact on investor protection and
confidence.

11

OMB Circular No. A-123, Management's Responsibility for Internal Control
(revised Dec. 21, 2004).

12

Pub. L. No. 107-204, S: 404, 116 Stat. 745, 789 (July 30, 2002).

Appendix II: Publications in the Federal Financial Management Systems
Requirements Series

                           FFMSR document Issue date

    FFMSR-8 System Requirements for Managerial Cost Accounting February 1998

     JFMIP-SR-99-5 Human Resources & Payroll Systems RequirementsApril 1999

             JFMIP-SR-99-8 Direct Loan System RequirementsJune 1999

               JFMIP-SR-99-9 Travel System RequirementsJuly 1999

JFMIP-SR-99-14 Seized Property and Forfeited AssetsSystems RequirementsDecember
                                      1999

          JFMIP-SR-00-01 Guaranteed Loan System RequirementsMarch 2000

           JFMIP-SR-00-3 Grant Financial System RequirementsJune 2000

       JFMIP-SR-00-4 Property Management Systems RequirementsOctober 2000

            JFMIP-SR-01-01 Benefit System RequirementsSeptember 2001

  JFMIP-SR-02-02 Acquisition/Financial Systems Interface RequirementsJune 2002

             JFMIP-SR-03-01 Revenue System RequirementsJanuary 2003

 JFMIP-SR-03-02 Inventory, Suppliesand MaterialsSystem RequirementsAugust 2003

  JFMIP-SR-01-04 Framework for Federal Financial Management SystemsApril 2004

          OFFM-NO-0106 Core Financial System RequirementsJanuary 2006

              OFFM-NO-0206 Insurance System RequirementsJune 2006

Source: OMB's Office of Federal Financial Management (OFFM).

Note: Effective December 1, 2004, all financial management system
requirements documents and other guidance initially issued by the JFMIP
were transferred to OFFM and remain in effect until modified.

Appendix III: Statements of Federal Financial Accounting Concepts, Standards,
Interpretations, and Technical Bulletins

  Concepts

              SFFAC No. 1Objectives of Federal Financial Reporting

                         SFFAC No. 2 Entity and Display

                SFFAC No. 3 Management's Discussion and Analysis

SFFAC No. 4 Intended Audience and Qualitative Characteristics for the
Consolidated Financial Report of the United States Government

                      Standards Effective for fiscal yeara

SFFAS No. 1 Accounting for Selected Assetsand Liabilities

SFFAS No. 2 Accounting for Direct Loansand Loan Guarantees

SFFAS No. 3 Accounting for Inventory and Related Property

SFFAS No. 4 Managerial Cost Accounting Conceptsand Standards for the
Federal Government

SFFAS No. 5 Accounting for Liabilities of the Federal Government

SFFAS No. 6 Accounting for Property, Plant, and Equipment

SFFAS No. 7 Accounting for Revenue and Other FinancingSourcesand Concepts
for Reconciling Budgetary and Financial Accounting

SFFAS No. 8 SupplementaryStewardship Reporting

SFFAS No. 9 Deferral of the Effective Date of Managerial Cost
AccountingStandards for the Federal Government in SFFAS No. 4

SFFAS No. 10 Accounting for Internal Use Software

SFFAS No. 11 Amendments to Accounting for Property, Plant, and
Equipment-Definitional Changes

SFFAS No. 12 Recognition of Contingent Liabilities Arising from
Litigation: An Amendment of SFFASNo. 5, Accounting for Liabilities of the
Federal Government

SFFAS No. 13 Deferral of Paragraph 65.2-Material Revenue-Related
Transactions Disclosures

SFFAS No. 14 Amendments to Deferred Maintenance Reporting

SFFAS No. 15 Management's Discussion and Analysis

SFFAS No. 16 Amendments to Accounting for Property, Plant, and Equipment

SFFAS No. 17 Accounting for Social Insurance

SFFAS No. 18 Amendments to Accounting Standards for Direct Loansand Loan
Guarantees in Statement of Federal Financial Accounting Standards No. 2

SFFAS No. 19 Technical Amendments to Accounting Standards for Direct
Loansand Loan Guarantees in Statement of Federal Financial Accounting
Standards No. 2

SFFAS No. 20 Elimination of Certain Disclosures Related to Tax Revenue
Transactions by the Internal Revenue Service, Customs, and Others

SFFAS No. 21 Reporting Corrections of Errorsand Changes in Accounting
Principles

SFFAS No. 22 Change in Certain Requirements for Reconciling Obligationsand
Net Cost of Operations

SFFAS No. 23 Eliminating the Category National Defense Property, Plant,
and Equipment

SFFAS No. 24 Selected Standards for the Consolidated Financial Report of
the UnitedStatesGovernment 2002

SFFAS No. 25 Reclassification of Stewardship Responsibilitiesand
Eliminating the Current ServicesAssessment 2006

Appendix III: Statements of Federal Financial Accounting Concepts,
Standards, Interpretations, and Technical Bulletins

Concepts                                              
SFFAC No. 1Objectives of Federal Financial Reporting  
SFFAC No. 2 Entity and Display                        
SFFAC No. 3 Management's Discussion and Analysis      
SFFAC No. 4 Intended Audience and Qualitative Characteristics for the
Consolidated Financial Report                         
of the United States Government                       
Standards                                             Effective for fiscal 
                                                                       year a 
SFFAS No. 26 Presentation of Significant Assumptions  
for the Statement of Social Insurance:                
Amending SFFAS 25                                                     2006 
SFFAS No. 27 Identifying and Reporting Earmarked                      2006 
Funds                                                 
SFFAS No. 28 Deferral of the Effective Date of        
Reclassification of the Statement of Social           
Insurance:                                            
Amending SFFAS 25 and 26                                              2006 
SFFAS No. 29 Heritage Assetsand Stewardship Land                      2006 
SFFAS No. 30 Inter-Entity Cost Implementation         
Amending SFFAS 4, Managerial Cost Accounting          
Standardsand Concepts                                                 2009 
Interpretations                                       
No. 1 Reporting on Indian Trust Funds                 
No. 2 Accounting for Treasury Judgment Fund           
Transactions                                          
No. 3 Measurement Date for Pension and Retirement     
Health Care Liabilities                               
No. 4 Accounting for Pension Payments in Excess of    
Pension Expense                                       
No. 5 Recognition by Recipient Entities of Receivable 
Nonexchange Revenue                                   
No. 6 Accounting for Imputed Intra-departmental Costs 
Technical bulletins                                   
TB 2000-1 Purpose and Scope of FASAB Technical        
Bulletinsand Procedures for Issuance                  
TB 2002-1 Assigning to Component Entities Costsand    
Liabilities That Result From Legal Claims             
Against the Federal Government                        
TB 2002-2 Disclosures Required by Paragraph 79(g) of  
SFFAS 7, Accounting for Revenue and Other             
Financing Sourcesand Concepts for Reconciling         
Budgetary and Financial Accounting                    
TB 2003-1 Certain Questionsand Answers Related to the 
Homeland Security Act of 2002                         

Source: FASAB.

a

Effective dates do not apply to Statements of Federal Financial Accounting
Concepts, Interpretations, and Technical Bulletins.

                      Appendix IV: AAPC Technical Releases

                      Technical release AAPC release date

         TR-1 Audit Legal Representation Letter Guidance March 1, 1998

TR-2 Determining Probable and Reasonably Estimable for Environmental
Liabilities in the Federal March 15, 1998 Government

TR-3 Preparing and Auditing Direct Loan and Loan Guarantee SubsidiesUnder
the Federal Credit Reform July 31, 1999 Act

    TR-4 Reporting on Non-Valued Seized and Forfeited Property July 31, 1999

TR-5 Implementation Guidance on SFFAS No. 10: Accounting for Internal Use
                             Software May 14, 2001

TR-6 Preparing Estimates for Direct Loan and Loan Guarantee SubsidiesUnder
the Federal Credit Reform January 2004 Act (Amendments to TR-3)

                                 Source: FASAB.

Appendix V: Checklists for Reviewing Systems under the Federal Financial
Management Improvement Act

                              Checklist Issue date

  GAO/AIMD-00-21.2.3 Human Resourcesand Payroll Systems RequirementsMarch 2000

GAO-01-99G Seized Property and Forfeited AssetsSystems RequirementsOctober 2000

           GAO/AIMD-21-2.6 Direct Loan System RequirementsApril 2000

               GAO/AIMD-21.2.8 Travel System RequirementsMay 2000

 GAO/AIMD-99-21.2.9 System Requirements for Managerial Cost Accounting January
                                      1999

           GAO-01-371G Guaranteed Loan System RequirementsMarch 2001

         GAO-01-911G Grant Financial System RequirementsSeptember 2001

       GAO-02-171G Property Management Systems RequirementsDecember 2001

               GAO-04-22G Benefit System RequirementsOctober 2003

GAO-04-650G Acquisition/Financial Systems Interface RequirementsJune 2004

          GAO-05-225G Core Financial System RequirementsFebruary 2005

                                  Source: GAO.

Appendix VI: Comments from the Office of Management and Budget

Appendix VII: Auditors' FFMIA Assessments for Fiscal Year 2005

Department of Agriculture                      X       X       X         X 
Department of Commerce                 X                            
Department of Defense                          X       X       X         X 
Department of Education                        X       X            
Department of Energy                           X       X       X    
Department of Health and Human                 X       X                 X 
Services                                                            
Department of Homeland Security                X       X       X         X 
Department of Housing and Urban                X       X            
Development                                                         
Department of the Interior                     X               X         X 
Department of Justice                          X       X       X         X 
Department of Labor                    X                            
Department of State                            X       X       X    
Department of Transportation                   X       X       X         X 
Department of the Treasury                     X       X       X         X 
Department of Veterans Affairs                 X       X            
Agency for International Development           X       X                 X 
Environmental Protection Agency        X                            
General Services Administration                X       X            
National Aeronautics and Space                 X       X       X         X 
Administration                                                      
National Science Foundation            X                            
Nuclear Regulatory Commission                  X       X            
Office of Personnel Management         X                            
Small Business Administration                  X       X       X         X 
Social Security Administration         X                            
Total                                  6      18      17      11        11 

  Source: GAO, prepared from analysis of fiscal year 2005 financial statement
                                 audit reports.

Appendix VIII: GAO Contact and Staff Acknowledgments


  GAO Contact
  
McCoy Williams, (202) 512-9095

In addition to the contact named above, Kay L. Daly, Assistant Director;

Jeremy Cockrum; Debra Cottrell; Daniel Egan; C. Robin Hodge; Michael
LaForge; W. Stephen Lowrey; Bennet E. Severson; and George Warnock made
key contributions to this report.

(195076)

  GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site (www.gao.gov). Each weekday, GAO posts GAO
Reports and newly released reports, testimony, and correspondence on its
Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

                             Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

Obtaining Copies of GAO Reports and Testimony

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm

  E-mail: [email protected]

Federal Programs Automated answering system: (800) 424-5454 or (202)
512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Relations
Washington, D.C. 20548

  Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800

U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

    PRINTED ON

RECYCLED PAPER
*** End of document. ***