Financial Management: Long-standing Financial Systems Weaknesses 
Present a Formidable Challenge (03-AUG-07, GAO-07-914). 	 
                                                                 
The Federal Financial Management Improvement Act of 1996 (FFMIA) 
requires the 24 Chief Financial Officers (CFO) Act agencies to	 
implement and maintain financial management systems that comply  
substantially with (1) federal financial management systems	 
requirements, (2) federal accounting standards, and (3) the U.S. 
Government Standard General Ledger (SGL). FFMIA also requires GAO
to report annually on the implementation of the act. This report,
primarily based on GAO and inspectors general reports, discusses 
(1) the problems that continued to affect agencies systems' FFMIA
compliance in fiscal year 2006 and (2) the initiatives under way 
to help move federal financial management toward FFMIA		 
compliance.							 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-914 					        
    ACCNO:   A73934						        
  TITLE:     Financial Management: Long-standing Financial Systems    
Weaknesses Present a Formidable Challenge			 
     DATE:   08/03/2007 
  SUBJECT:   Accountability					 
	     Accounting standards				 
	     Financial management				 
	     Financial management systems			 
	     Financial records					 
	     Financial statement audits 			 
	     Financial statements				 
	     Internal controls					 
	     Noncompliance					 
	     Regulatory agencies				 
	     Reporting requirements				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-914

   

     * [1]Results in Brief
     * [2]Background

          * [3]Guidance for FFMIA Issued by OMB
          * [4]Financial Audit Manual Section on FFMIA Developed by GAO and

     * [5]Scope and Methodology
     * [6]FFMIA Assessments Identify Marginal Improvements in Some Cas

          * [7]FFMIA Guidance Issues
          * [8]Problems Reported by Agency Auditors

               * [9]Nonintegrated Financial Management Systems
               * [10]Inadequate Reconciliation Procedures
               * [11]Lack of Accurate and Timely Recording of Financial
                 Informati
               * [12]Noncompliance with the SGL
               * [13]Lack of Adherence to Federal Accounting Standards
               * [14]Weak Security Controls over Information Systems

     * [15]Efforts Are Under Way to Address Federal Financial Managemen

          * [16]Comprehensive Remediation Plans Are Critical to Agencies' Im
          * [17]Agencies Struggle with Financial Management Systems Moderniz

               * [18]Challenges of Implementing the Financial Management Line
                 of

          * [19]Comptroller General Convening Forum on FFMIA Issues

     * [20]Conclusion
     * [21]Agency Comments and Our Evaluation
     * [22]Financial Management Systems Requirements

          * [23]FFMIA Guidance

     * [24]Federal Accounting Standards
     * [25]U.S. Government Standard General Ledger (SGL)
     * [26]Internal Control Standards
     * [27]GAO Contact
     * [28]Acknowledgments
     * [29]GAO's Mission
     * [30]Obtaining Copies of GAO Reports and Testimony

          * [31]Order by Mail or Phone

     * [32]To Report Fraud, Waste, and Abuse in Federal Programs
     * [33]Congressional Relations
     * [34]Public Affairs

Report to the Committee on Homeland Security and Governmental Affairs,
U.S. Senate, and the Committee on Government Oversight and Reform, House
of Representatives

United States Government Accountability Office

GAO

August 2007

FINANCIAL MANAGEMENT

Long-standing Financial Systems Weaknesses Present a Formidable Challenge

GAO-07-914

Contents

Letter 1

Results in Brief 2
Background 8
Scope and Methodology 12
FFMIA Assessments Identify Marginal Improvements in Some Cases 13
Efforts Are Under Way to Address Federal Financial Management System
Challenges 27
Conclusion 36
Agency Comments and Our Evaluation 37
Appendix I Requirements and Standards Supporting Federal Financial
Management 40
Financial Management Systems Requirements 40
Federal Accounting Standards 43
U.S. Government Standard General Ledger (SGL) 44
Internal Control Standards 44
Appendix II Publications in the Federal Financial Management Systems
Requirements Series 46
Appendix III Statements of Federal Financial Accounting Concepts,
Standards, Interpretations, and Technical Bulletins 47
Appendix IV Accounting and Auditing Policy Committee Technical Releases 50
Appendix V Checklists for Reviewing Systems under the Federal Financial
Management Improvement Act 51
Appendix VI Comments from the Office of Management and Budget 52
Appendix VII GAO Contact and Staff Acknowledgments 54

Figures

Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006 3
Figure 2: Number of Agencies with Reported FFMIA Compliance Problems for
Fiscal Years 2002 through 2006 5
Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006
13
Figure 4: Number of Agencies with Reported FFMIA Compliance Problems for
Fiscal Years 2002 through 2006 18
Figure 5: Number of CFO Act Agencies with Reported Nonintegrated Financial
Management Systems Problems for Fiscal Years 2002 through 2006 20
Figure 6: Number of CFO Act Agencies with Reported Inadequate
Reconciliation Procedures Problems for Fiscal Years 2002 through 2006 21
Figure 7: Number of CFO Act Agencies with Reported Lack of Accurate and
Timely Recording Problems for Fiscal Years 2002 through 2006 22
Figure 8: Number of CFO Act Agencies with Reported Noncompliance with the
SGL Problems for Fiscal Years 2002 through 2006 23
Figure 9: Number of CFO Act Agencies with Reported Lack of Adherence to
Federal Accounting Standards Problems for Fiscal Years 2002 through 2006
25
Figure 10: Number of CFO Act Agencies with Reported Weak Security over
Information Systems Problems for Fiscal Years 2002 through 2006 26
Figure 11: Summary of Analysis of Elements Included in 12 Agencies'
Summarized Remediation Plans for Fiscal Year 2006 29
Figure 12: Agency Systems Architecture 41

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

United States Government Accountability Office
Washington, DC 20548

August 3, 2007

The Honorable Joseph I. Lieberman
Chairman
The Honorable Susan M. Collins
Ranking Member
Committee on Homeland Security and Governmental Affairs
United States Senate

The Honorable Henry A. Waxman
Chairman
The Honorable Tom Davis
Ranking  Member
Committee on Oversight and Government Reform
House of Representatives

Having the reliable, useful, and timely financial data needed to
efficiently and effectively manage their day-to-day operations is a
long-standing challenge for federal agencies. To address this challenge,
the Congress mandated financial management reform within the federal
government by enacting the Chief Financial Officers (CFO) Act of 1990.1
The CFO Act laid the foundation for a comprehensive reform of federal
financial management by establishing a leadership structure, requiring
audited financial statements, and strengthening accountability reporting.
This act also requires agencies to implement modern financial management
systems in order to attain the systematic measurement of performance; the
development of cost information; and the integration of program, budget,
and financial information for management reporting. The end goal of the
CFO Act is to greatly enhance the ability of federal managers to do their
jobs by providing the full range of financial information needed for
day-to-day management.

Building on the foundation laid by the CFO Act, the Federal Financial
Management Improvement Act of 19962 (FFMIA) requires the major departments
and agencies covered by the CFO Act to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards, and (3) the U.S. Government Standard General Ledger (SGL) at
the transaction level. The act also requires the heads of agencies and
auditors to determine whether the agencies' financial management systems
comply with the act's requirements. In addition, we are required to report
annually on the implementation of the act.

1Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990).

2Federal Financial Management Improvement Act of 1996, Pub. L. No.
104-208, div. A., S 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept.
30, 1996).

This report discusses (1) the auditors' assessments of federal agency
systems' compliance with FFMIA requirements for fiscal years 1997 through
2006 and the financial management systems problems that continued to
affect systems' FFMIA compliance in fiscal year 2006 and (2) the
initiatives under way to help move federal financial management toward the
goals of the CFO Act and FFMIA compliance. This report incorporates
historical information from our prior FFMIA reports, other reports issued
by GAO, and reports issued by inspectors general (IG). We analyzed and
summarized information from these reports that related to FFMIA issues and
determined that the data in these reports were sufficiently reliable for
the purposes of this report. We conducted our work from January through
June 2007 in Washington, D.C., in accordance with generally accepted
government auditing standards. We requested comments on a draft of this
report from the Director of the Office of Management and Budget (OMB) or
his designee. We received written comments from the OMB Controller. OMB's
comments are discussed in the Agency Comments and Our Evaluation section
and reprinted in appendix VI.

Results in Brief

Since the passage of FFMIA, agencies have made progress in improving their
financial management systems. We have seen incremental improvements
throughout government, with some agencies making dramatic improvements. At
the same time, much work remains to fulfill the underlying goals of FFMIA.
As shown in figure 1, the number of agencies reported as having systems
that were not in substantial compliance with at least one of the three
FFMIA systems requirements improved from 20 in fiscal year 1997 to 17 in
fiscal year 2006. In fiscal year 2006, as in the past, the majority of
agencies' financial management systems were still not able to routinely
produce reliable, useful, and timely financial information for day-to-day
management. These shortcomings impede agency managers' access to adequate
financial data to effectively manage and oversee their major programs.

Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006

In fiscal year 2006, auditors for one CFO Act agency, the U.S. Agency for
International Development (AID), provided positive assurance--which is an
opinion based on the nature and extent of audit work performed--that AID's
financial management systems substantially complied with the requirements
of FFMIA. Auditors for the remaining six3 CFO Act agencies provided
negative assurance of FFMIA compliance. In essence, they reported that
nothing came to their attention during the course of the audit to indicate
that these agencies' financial management systems did not meet FFMIA
requirements. Negative assurance is the level of assurance specified by
OMB's audit guidance for reporting on FFMIA compliance. However, as we
have previously reported, the extent of FFMIA compliance can be reliably
determined through adequately testing systems to provide positive
assurance.

3Department of Commerce (Commerce), Environmental Protection Agency (EPA),
General Services Administration (GSA), National Science Foundation (NSF),
Office of Personnel Management (OPM), and Social Security Administration
(SSA).

As shown in figure 2, agencies with systems reported not to be in
substantial compliance with FFMIA requirements have made some progress in
addressing the six problem areas that we have previously reported. For
example, in fiscal year 2006 financial statement audit reports, auditors
identified 7 instances of noncompliance with the SGL,4 compared with 11
reported in fiscal year 2005. As a case in point, auditors at AID
identified various actions taken to improve the level of compliance, such
as retiring legacy systems that were not SGL compliant and replacing them
with new systems that comply with the SGL. Nevertheless, the nature and
seriousness of the problems reported indicate that most agencies'
financial management systems are frequently unable to routinely produce
reliable, useful, and timely financial information to support day-to-day
management. Addressing the problems with agencies' financial management
systems remains a significant challenge to improved financial management
in the federal government. This problem is particularly severe at the
Department of Defense. Many agencies are still a long way from
accomplishing the goals of the CFO Act of 1990 and FFMIA.

4The SGL provides a standard chart of accounts and standardized
transactions that agencies are to use in all their financial systems.

Figure 2: Number of Agencies with Reported FFMIA Compliance Problems for
Fiscal Years 2002 through 2006

With regard to initiatives that are under way to help move federal
agencies toward FFMIA compliance, we noted continued progress in two key
areas: (1) agencies' summarized remediation plans in their performance and
accountability reports (PARs) and (2) OMB's efforts to address system
implementation problems. Heads of agencies that have systems not in
substantial compliance are required to establish remediation plans to
correct system deficiencies. FFMIA specifically requires that remedies,
resources, and target dates be included in the remediation plans. OMB
guidance requires agencies to summarize these plans in their PARs. A lack
of the required data in the remediation plans can reduce the likelihood of
successfully implementing corrective actions. Remediation plans provide a
"road map" for management and staff to resolve financial management
problems in a transparent manner, and also help hold managers accountable
for needed improvements. For 55of the 17 agencies for which the auditors
reported FFMIA noncompliance for fiscal year 2006, the agency heads
disagreed with the auditors and considered their agencies' systems to be
substantially compliant with FFMIA. Therefore, they did not prepare
remediation plans. We reviewed the remaining 12 fiscal year 2006 PARs for
the agencies' systems that were deemed noncompliant by their agency head
and auditor to determine if a summarized remediation plan with the
required information was included in the agency PAR. All of the agencies'
PARs included summarized remediation plans along with proposed corrective
actions. However, 4 of the 12 agencies did not include information on
staffing resources required to complete the planned corrective actions.
One agency omitted target dates for completion of the corrective actions
to become substantially compliant with FFMIA. A discussion of the resource
requirements needed to implement the corrective actions and the time frame
for completion of corrective actions is essential in determining whether
the corrective actions can realistically be accomplished. The significance
of the issues facing federal agencies, now and in the future, necessitates
remediation plans that clearly and fully describe the corrective actions
necessary to resolve problems, as well as the resources and time frames
required to successfully implement those actions.

To help address systems implementation problems, OMB continues to move
forward on initiatives that support the President's Management Agenda
(PMA) to enhance financial management and provide results-oriented
information in the federal government. A key initiative has been the
further development of the financial management line of business to
promote leveraging shared service solutions to enhance the government's
performance and services. OMB has demonstrated continued progress toward
implementation of the financial management line of business initiative by
developing, for example, migration planning guidance and financial
management service performance metrics. OMB's initial framework for the
competitive migration to either a public shared service provider or a
qualified private sector provider under the initiative is expected to help
agencies maximize value by considering alternative solutions in a reasoned
and structured manner.

5Departments of Education, Housing and Urban Development (HUD), Interior,
Labor, and State.

Continuing progress needs to be made to provide a sound foundation for
this initiative. For example, as we reported in March 2006,6 the lack of a
federal governmentwide concept of operations7 significantly impairs the
potential success of this initiative. Moreover, shared service providers
have been designated without common business rules and potential customer
agencies continue to implement and operate individual stove-piped systems
that may require additional work to adopt these processes. In addition, as
of the completion of our audit work, none of the major CFO Act agencies
had moved their financial management systems activities to an
OMB-designated shared service provider,8 although actions are under way at
several major agencies to do so.

To further understand the underlying issues that affect the development of
sound financial management systems and FFMIA implementation and to develop
steps to overcome long-standing challenges, the Comptroller General plans
to convene a forum later this year to bring together key subject matter
experts and practitioners to discuss these issues. After the forum, we
plan to issue a separate report summarizing the discussion and consider
the key issues in our future FFMIA work. Accordingly, we are not making
any new recommendations in this report.

In commenting on a draft of this report, OMB agreed with our assessment
that federal agencies have continued to make progress in financial
management and that many agencies still need to improve their financial
systems so that reliable, useful, and timely financial management
information is available for day-to-day operations. OMB stated that it was
working aggressively to assist agencies in building a strong foundation
for financial management practices and also applauded our plans to convene
a forum on these issues. As in previous years, we and OMB have differing
views on the level of audit assurance necessary for assessing and
reporting on compliance with FFMIA. OMB stated in its comments that
requiring a statement of positive assurance would be costly and would not
provide additional information that would be of benefit to the federal
agency, OMB, or the taxpayer. We continue to believe that a statement of
positive assurance is a statutory requirement under the act and there are
a number of techniques that auditors can use to minimize the incremental
cost of providing positive assurance.9 In our view, the confidence
afforded by auditors providing positive assurance that agency financial
management systems convey reliable, useful, and timely information to help
government leaders invest resources, oversee programs, and reduce costs,
would be of significant value to the agency, OMB, the Congress, and the
taxpayer. We will continue to work with OMB on this issue. OMB did agree
to take under advisement our prior recommendation to clarify the meaning
of "substantial compliance" as it updates OMB Circular No. A-127,
Financial Management Systems. Our detailed discussion of OMB's comments
can be found in the Agency Comments and Our Evaluation section. We have
reprinted OMB's comments in appendix VI.

6GAO, Financial Management Systems: Additional Efforts Needed to Address
Key Causes of Modernization Failures, [35]GAO-06-184 (Washington, D.C.:
Mar. 15, 2006).

7A concept of operations defines how an organization's day-to-day
operations are (or will be) carried out to meet mission needs. It includes
high-level descriptions of information systems, their interrelationships,
and information flows. It also describes the operations that must be
performed, who must perform them, and where and how the operations will be
carried out.

8Some CFO Act agencies, such as the Department of Transportation, the
General Services Administration, and the Nuclear Regulatory Commission
were already using the shared service provider concept prior to OMB's
financial management line of business initiative.

Background

FFMIA is part of a series of management reform legislation passed by the
Congress over the past two decades. This series of legislation started
with the Federal Managers' Financial Integrity Act of 198210 (FMFIA),
which the Congress passed to strengthen internal controls and accounting
systems throughout the federal government, among other purposes. Issued
pursuant to FMFIA, the Comptroller General's Standards for Internal
Control in the Federal Government11 provides the standards that are
directed at helping agency managers implement effective internal control,
an integral part of improving financial management systems. Internal
control is a major part of managing an organization and comprises the
plans, methods, and procedures used to meet missions, goals, and
objectives. In summary, internal control helps government program managers
achieve desired results through effective management of public resources.

9GAO has worked in partnership with the President's Council on Integrity
and Efficiency (PCIE) to develop and maintain the joint Financial Audit
Manual, which provides specific procedures auditors should perform when
assessing FFMIA compliance.

10Pub. L. No. 97-255, 96 Stat. 814 (Sept. 8, 1982) (codified at 31 U.S.C.
S 3512 (c), (d)).

11GAO, Standards for Internal Control in the Federal Government,
[36]GAO/AIMD-00-21 .3.1 (Washington, D.C.: November 1999).

Effective internal control also helps in managing change to cope with
shifting environments and evolving demands and priorities. As programs
change and agencies strive to enhance operational processes and implement
new technological developments, management must continually assess and
evaluate its internal control to ensure that the control activities being
used are effective and updated when necessary. While agencies had achieved
some early success in identifying and correcting material internal control
and accounting system weaknesses, their efforts to implement FMFIA had not
produced the results intended by the Congress.

Therefore, beginning in the 1990s, the Congress passed additional
management reform legislation to improve the general and financial
management of the federal government. This legislation includes the (1)
CFO Act of 1990, (2) Government Performance and Results Act of 1993,12 (3)
Government Management Reform Act of 1994,13 (4) FFMIA, (5) Clinger-Cohen
Act of 1996,14 (6) Accountability of Tax Dollars Act of 2002,15 (7)
Improper Payments Information Act of 2002,16 (8) The Federal Information
Security Management Act of 2002,17 and (9) Department of Homeland Security
(DHS) Financial Accountability Act of 2004.18 The combination of reforms
ushered in by these laws, if successfully implemented, provides a solid
foundation to improve the accountability of government programs and
operations as well as to routinely produce valuable cost and operating
performance information. These financial management reform acts emphasize
the importance of improving financial management of the federal
government.

12Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993).

13Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994).

14Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996).

15Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002) (codified at 31
U.S.C. S 3515). The Accountability of Tax Dollars Act of 2002 extends the
requirement to prepare and submit audited financial statements to most
executive agencies not subject to the CFO Act unless they are exempted by
OMB. However, these agencies are not required to have systems that are
compliant with FFMIA requirements.

16Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002).

17Pub L. No. 107-347, title III 116 Stat. 2946 (Dec. 17, 2002).

18Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004).

In particular, building on the foundation laid by the CFO Act, FFMIA
emphasizes the need for CFO Act agencies to have systems that ensure
ongoing accountability and generate reliable, useful, and timely
information for decision-making purposes. FFMIA requires the departments
and agencies covered by the CFO Act to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards,19 and (3) the SGL at the transaction level. FFMIA also requires
auditors to state in their CFO Act financial statement audit reports
whether the agencies' financial management systems substantially comply
with these three FFMIA systems requirements. Appendixes I through IV
include details on the various requirements and standards that support
federal financial management.

Guidance for FFMIA Issued by OMB

OMB establishes governmentwide financial management systems policies and
requirements and has issued two sources of guidance related to FFMIA
reporting. First, OMB Bulletin No. 06-03, Audit Requirements for Federal
Financial Statements, dated August 23, 2006, prescribes audit
requirements, including language auditors should use when reporting on an
agency system's substantial compliance with the three FFMIA requirements.
Specifically, this guidance calls for auditors to provide negative
assurance when reporting on an agency system's FFMIA compliance. Second,
in the OMB Memorandum, Revised Implementation Guidance for the Federal
Financial Management Improvement Act (Jan. 4, 2001), OMB provides guidance
for agencies and auditors to use in assessing substantial compliance.20
The guidance describes some of the factors that should be considered in
determining whether an agency's systems substantially comply with FFMIA's
three requirements and examples of indicators that should be used in
assessing whether an agency's systems are in substantial compliance with
each of the three FFMIA requirements. Finally, the guidance addresses the
development of remediation plans to be developed by agency officials for
bringing their systems into compliance with FFMIA.

19The American Institute of Certified Public Accountants recognizes the
federal accounting standards promulgated by the Federal Accounting
Standards Advisory Board as generally accepted accounting principles. For
a further description of federal accounting standards, see app. I.

20OMB has announced that this guidance is under review and will be revised
in 2007.

Financial Audit Manual Section on FFMIA Developed by GAO and the President's
Council on Integrity and Efficiency

We have worked in partnership with the President's Council on Integrity
and Efficiency21 (PCIE) to develop and maintain the joint GAO/PCIE
Financial Audit Manual (FAM). The FAM includes sections that provide
specific procedures auditors should perform when assessing FFMIA
compliance.22 These sections include detailed audit steps for testing
agency systems' substantial compliance with the requirements of FFMIA.

As detailed in appendix V, we have also issued a series of checklists to
help assess whether agencies' systems meet systems requirements. The FAM
guidance on FFMIA assessments recognizes that while financial statement
audits offer some assurance on FFMIA compliance, auditors should design
and implement additional testing to satisfy FFMIA criteria. For example,
in performing financial statement audits, auditors generally focus on the
ability of the financial management systems to process and summarize
financial information that flows into annual agency financial statements.
In contrast, FFMIA requires auditors to assess whether an agency's
financial management systems comply with system requirements, accounting
standards, and the SGL. To do this, auditors need to consider whether
agency systems provide reliable, useful, and timely information for
managing day-to-day operations so that agency managers would have the
necessary information to measure performance on an ongoing basis rather
than just at year end. Further, OMB's current audit guidance23 calls for
financial statement auditors to review performance information for
consistency with the financial statements, but does not require auditors
to determine whether this information is available to managers for
day-to-day decision making as called for by the FAM guidance for testing
compliance with FFMIA. In collaboration with the PCIE, we are currently in
the process of updating the FAM and expect to issue an updated version
later in 2007.

21The PCIE--which is governed by Executive Order No. 12805 of May 11,
1992--was established to (1) address integrity, economy, and effectiveness
issues that transcend individual government agencies and (2) increase the
professionalism and effectiveness of inspectors general personnel
throughout the government. The PCIE is composed primarily of the
presidentially appointed inspectors general. Officials from OMB, the
Federal Bureau of Investigation, Office of Government Ethics, Office of
Special Counsel, and OPM serve on the PCIE as well.

22 [37]GAO-01-765G , section 260.58-.60 and [38]GAO-03-466G , sections
701, 701A, and 701B.

23OMB Bulletin No. 06-03, Audit Requirements for Federal Financial
Statements (Aug. 23, 2006).

Scope and Methodology

We reviewed the fiscal year 2006 financial statement audit reports for the
24 CFO Act agencies to identify the auditors' assessments of agency
financial systems' compliance and the problems that affect FFMIA
compliance. To determine whether the data were sufficiently reliable, we
performed the following procedures. We gained an understanding of the
quality control environments at the respective IGs; leveraged our
understanding of the methodology used by the IGs and their contract
auditors in past years to reach conclusions with respect to FFMIA
compliance at the respective agencies; considered management responses to
the auditor's findings and conclusions; and asked questions to improve our
understanding of the procedures applied and/or conclusions drawn, where
appropriate. We also reviewed the data for obvious inconsistencies or
errors, completeness, and changes from the prior year. When we found data
which were inconsistent or incomplete we brought them to the attention of
the cognizant IG staff and worked with them to resolve any issues before
using the data as a basis for this report. When we encountered data that
varied from the prior year, we reviewed the PAR and/or IPA report to
determine the reason for the change. Based on these actions, we determined
that the data from these reports were sufficiently reliable for the
purposes of our report.

Using the auditors' reports for the 24 CFO Act agencies, we identified
problems reported by the auditors that affect agency systems' compliance
with FFMIA. The problems identified in these reports are consistent with
long-standing financial management weaknesses we have reported based on
our work at a number of agencies. However, we caution that the occurrence
of problems in a particular category may be even greater than auditors'
reports of FFMIA noncompliance would suggest, because auditors may not
have identified all instances of noncompliance with systems requirements
and included all problems in their reports. Further, we identified other
GAO and IG reports that discussed financial management systems issues and
summarized the reports. We also obtained data from agencies' annual PAR
reports. We also met with OMB officials to discuss their current efforts
to improve federal financial management and address our prior
recommendations related to FFMIA. In addition, we reviewed documentation
provided by OMB regarding its current initiatives.

We conducted our work from January through June 2007, in accordance with
U.S. generally accepted government auditing standards. We requested
written comments on a draft of this report from the Director of OMB or his
designee. We received written comments from the OMB Controller. OMB's
comments are discussed in the Agency Comments and Our Evaluation section
and reprinted in appendix VI. We also received technical comments from
OMB, which we incorporated as appropriate.

FFMIA Assessments Identify Marginal Improvements in Some Cases

Many agencies still do not have effective financial management systems in
place that can produce reliable, useful, and timely financial information,
including cost data, with which to make informed decisions and help ensure
accountability on an ongoing basis. Agencies are making progress in
addressing their financial management systems weaknesses--some
dramatically. Most agency systems, though, are not yet substantially in
compliance with FFMIA's requirements. As shown in figure 3, IGs and their
contract auditors reported for fiscal year 2006 that 17 of the 24 CFO Act
agencies did not substantially comply with at least one of FFMIA's three
requirements--federal financial management systems requirements,
applicable federal accounting standards, or the SGL at the transaction
level. Figure 3 also shows that the number of agencies' systems reported
by auditors as noncompliant with FFMIA has decreased marginally (from 20
agencies to 17 agencies) since FFMIA was enacted.

Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006

Of the seven remaining CFO Act agencies, one auditor provided positive
assurance of FFMIA compliance, while the other six provided negative
assurance in fiscal year 2006. However, it would be erroneous to assume
that statements of negative assurance provided by auditors for the six
agencies equate to compliance with FFMIA. Auditors' assessments for three
agencies changed from fiscal year 2005 to 2006. For fiscal year 2006,
auditors for GSA provided negative assurance that GSA's financial
management systems, as a whole, were substantially compliant with FFMIA's
three requirements. Auditors for AID provided positive assurance that
AID's financial management systems complied with FFMIA in fiscal year
2006. In fiscal year 2005, both AID and GSA were deemed noncompliant with
FFMIA by the independent auditors. According to management, AID was able
to become compliant due to completion of outstanding remediation items and
the worldwide deployment of its financial management system. Conversely,
auditors for the Department of Labor (Labor) reported that Labor's
financial management systems did not substantially comply with FFMIA
requirements in fiscal year 2006, but had provided positive assurance of
FFMIA compliance in fiscal year 2005. The change was primarily due to
weaknesses Labor auditors identified concerning general computer access
controls, application access controls, and related manual controls.

FFMIA Guidance Issues

Auditors for six agencies (Commerce, EPA, GSA, NSF, OPM, and SSA) provided
negative assurance that the agencies' systems were compliant with FFMIA
requirements. Auditors provide negative assurance when they state that
nothing came to their attention during the course of their planned
procedures to indicate that the agency's financial management systems did
not meet FFMIA requirements. Although OMB's current audit guidance24
instructs auditors to test for compliance with FFMIA, it does not provide
guidance on the nature and extent of tests to be performed. It calls for
auditors to provide negative assurance when reporting whether an agency's
systems are in substantial compliance with the three FFMIA requirements.
However, financial statement users not familiar with the concept of
negative assurance may incorrectly assume that these six agencies' systems
have been fully tested by the auditors and that the agencies have achieved
FFMIA compliance. In addition, without adequately testing systems for
FFMIA compliance in a manner that is sufficient to support an opinion,
auditors may not identify all areas of noncompliance; therefore, the
number of problems may be even greater than those currently disclosed in
auditors' reports on FFMIA compliance based on negative assurance.

24OMB Bulletin No. 06-03, Audit Requirements for Federal Financial
Statements (Aug. 23, 2006).

As we have previously reported, from our perspective, FFMIA requires
auditors to provide positive assurance, which is an opinion. Section 803
(b) (1) of FFMIA requires auditors to "report whether the agency financial
management systems comply with the requirements of [the act]." Providing
positive assurance on FFMIA compliance involves additional testing to
determine whether an agency's financial management systems comply
substantially with systems requirements, the SGL at the transaction level,
and accounting standards. The procedures necessary to provide such
assurance go beyond those needed for performing a financial statement
audit. While financial statement audits in general will offer some
assurance on FFMIA compliance, auditors should also design and implement
additional testing to satisfy the criteria in FFMIA. For example, in
fiscal year 2006, agency auditors for AID stated that they interviewed
staff and contract personnel and reviewed documentation related to the
capabilities of Phoenix, AID's core financial system. According to AID
auditors, they examined documentation, including reports, system queries,
system screen captures, testing documents generated during system
implementation, and documents generated for certification and
accreditation activity in order to determine if the implemented systems
provide complete, accurate, and timely information for managing day-to-day
operations necessary to achieve positive assurance. When reporting an
agency's financial management systems to be in substantial compliance,
positive assurance from independent auditors can provide users with
confidence that the agency systems provide the reliable, useful, and
timely information envisioned by the act. The fact that AID's auditors
provided positive assurance on FFMIA compliance is a noteworthy
achievement.

In addition, performing audit procedures designed to provide positive
assurance of an agency's financial management systems' substantial
compliance with FFMIA requirements can identify weaknesses and lead to
improvements that enhance the performance, productivity, and efficiency of
federal financial management systems in support of day-to-day managerial
decision making. It also provides a clear "bottom line," whereas negative
assurance does not. Some auditors we interviewed in prior years indicated
that a revision to OMB's guidance on FFMIA reporting would be necessary
for them to provide an opinion of FFMIA compliance. Therefore, as we have
discussed in prior reports covering fiscal years 2000 through 2005,25 we
continue to believe that our prior recommendation for OMB to require
agency auditors to thoroughly examine agencies' financial management
systems and provide a statement of positive assurance when reporting an
agency's systems to be in substantial compliance with the three FFMIA
systems requirements is appropriate and required. Doing so will be key to
achieving the act's goal of effective financial management systems across
government.

However, OMB has not concurred with our recommendation in its responses to
our prior reports and in its comments on a draft of this report. For
example, last year, in response to our report26 on fiscal year 2005 FFMIA
results, OMB stated that the broad scope of the President's Management
Agenda and the fundamental changes occurring under the Financial
Management Line of Business initiative, combined with strengthened
reporting requirements under Circular No. A-123, are helping agencies
identify and correct FFMIA deficiencies. In that context, OMB reiterated
its belief that requiring a statement of positive assurance would prove
only marginally useful.

Further, as we have previously reported, a number of auditors have
expressed a need for clarification on the definition of "substantial
compliance." They cited a need for additional guidance to assist them in
assessing whether agency systems substantially comply with the three FFMIA
requirements. The auditors reported a need for clearer guidance from OMB
on assessing FFMIA compliance that is consistent with the GAO/PCIE FAM. As
a result, we continue to believe that implementation of our recommendation
for OMB to explore clarifying the definition of "substantial compliance"
would be useful. Other related concerns of agency auditors included a need
for (1) more clearly defined and objective criteria to assist in their
determination of FFMIA compliance, (2) more specific guidance on testing
and sampling methodologies, and (3) additional guidance for assessing
compliance with certain accounting standards, such as the Statement of
Federal Financial Accounting Standards (SFFAS) No. 4, Managerial Cost
Accounting Concepts and Standards for the Federal Government. In its
comments on prior reports, OMB stated that its growing experience helping
agencies implement the PMA enables it to refine the existing FFMIA
indicators associated with substantial compliance. Accordingly, OMB said
it would consider our recommendation in any future policy and guidance
updates. In commenting on a draft of this report, OMB agreed to take this
recommendation under advisement as it updates Circular No. A-127,
Financial Management Systems.

25GAO, Financial Management: FFMIA Implementation Critical for Federal
Accountability, [39]GAO-02-29 (Washington, D.C.: Oct. 1, 2001); Financial
Management: FFMIA Implementation Necessary to Achieve Accountability,
[40]GAO-03-31 (Washington, D.C.: Oct. 1, 2002); Financial Management:
Sustained Efforts Needed to Achieve FFMIA Accountability, [41]GAO-03-1062
(Washington, D.C.: Sept. 30, 2003); Financial Management: Improved
Financial Systems Are Key to FFMIA Compliance, [42]GAO-05-20 (Washington,
D.C.: Oct. 1, 2004); Financial Management: Achieving FFMIA Compliance
Continues to Challenge Agencies, [43]GAO-05-881 (Washington, D.C.: Sept.
20, 2005); and Financial Management: Improvements Under Way but Serious
Financial Systems Problems Persist, [44]GAO-06-970 (Washington, D.C.:
Sept. 26, 2006).

26 [45]GAO-06-970 .

Problems Reported by Agency Auditors

Based on our review of the fiscal year 2006 audit reports for the 17
agencies reported to have systems not in substantial compliance with one
or more of FFMIA's three requirements, we identified six primary reasons
for agency systems not being compliant:

           o nonintegrated financial management systems,
           o inadequate reconciliation procedures,
           o lack of accurate and timely recording of financial information,
           o noncompliance with the SGL,
           o lack of adherence to federal accounting standards, and
           o weak security controls over information systems.

           The weaknesses reported by the auditors ranged from serious,
           pervasive systems problems to less serious problems that may
           affect only one aspect of an agency's accounting operation. While
           at some agencies, the problems were so serious that they affected
           the auditor's opinion on the agency's financial statements, at
           other agencies, the auditors cited problems that represented
           significant deficiencies in the design or operation of internal
           control, but were not material to the financial statements as a
           whole.

           Figure 4 shows the relative frequency of these problems at the
           agencies reported to have noncompliant systems from fiscal years
           2002 through 2006. The same six types of problems have been cited
           by auditors although the auditors may not have reported these
           problems as specific reasons for their systems' lack of
           substantial compliance with FFMIA's requirements. Some agencies
           have made little progress addressing these areas. In addition, as
           previously discussed, the occurrence of problems in any particular
           category may be even greater than auditors' reports of FFMIA
           noncompliance would suggest because auditors may not have
           identified all problems in their reviews conducted to provide
           negative assurance.

Figure 4: Number of Agencies with Reported FFMIA Compliance Problems for
Fiscal Years 2002 through 2006

  Nonintegrated Financial Management Systems

The CFO Act calls for agencies to develop and maintain integrated
accounting and financial management systems27 that comply with federal
systems requirements and provide for (1) complete, reliable, consistent,
and timely information that is responsive to the financial information
needs of the agency and facilitates the systematic measurement of
performance; (2) the development and reporting of cost management
information; and (3) the integration of accounting, budgeting, and program
information. OMB Circular No. A-127, Financial Management Systems,
requires agencies to establish and maintain a single integrated financial
management system that conforms to functional requirements now issued by
the Office of Federal Financial Management (OFFM).28 More details on the
financial management systems requirements can be found in appendixes I and
II.

27Federal financial system requirements define an integrated financial
system as one that coordinates a number of previously unconnected
functions to improve overall efficiency and control. Characteristics of
such a system include (1) standard data classifications for recording
financial events; (2) common processes for processing similar
transactions; (3) consistent control over data entry, transaction
processing, and reporting; and (4) a system design that eliminates
unnecessary duplication of transaction entry. OMB Circular No. A-127,
Financial Management Systems, paragraph 7(b) (Revised Dec. 1, 2004).

The lack of integrated financial management systems typically results in
agencies expending major effort and resources, including in some cases
hiring external consultants, to develop information that their systems
should be able to provide on a daily or recurring basis. Agencies with
nonintegrated financial systems are also more likely to devote more time
and resources to collecting information than those with integrated
systems. In addition, opportunities for errors are increased when
agencies' systems are not integrated.

Auditors frequently cited the lack of integrated financial management
systems in their fiscal year 2006 audit reports. Although improvements
have been made, as shown in figure 5, auditors for 12 of the 17 agencies
with noncompliant systems in fiscal year 2006 reported nonintegrated
systems as a problem, compared with 13 of the 18 agencies reporting such
problems in fiscal year 2005.

28Effective December 1, 2004, all financial management system requirements
documents and other guidance initially issued by the Joint Financial
Management Improvement Program were transferred to OFFM and remain in
effect until modified.

Figure 5: Number of CFO Act Agencies with Reported Nonintegrated Financial
Management Systems Problems for Fiscal Years 2002 through 2006

As a case in point, auditors for the Department of State (State) reported
the lack of a modern, integrated financial management system in their
fiscal year 2006 audit report. Since September 30, 2003, auditors have
reported that State's financial and accounting systems are inadequate,
thus preventing the department from routinely issuing timely financial
statements and increasing the risk of materially misstating financial
information. The principal areas of weakness included (1) certain elements
of the financial statements, including, but not limited to, personal
property, capital leases, and certain accounts payable, were developed
from sources other than the general ledger; and (2) the department used
several systems that were not integrated with the department's centralized
financial management system for the management of grants and other types
of financial assistance.

  Inadequate Reconciliation Procedures

A reconciliation process, whether manual or automated, is a necessary and
valuable internal control in a sound financial management system. The less
integrated the financial management system, the greater the need for
adequate reconciliations because data are being accumulated from a number
of different sources. Reconciliations are needed to ensure that data have
been recorded properly between the various systems and manual records. As
shown in figure 6, for fiscal year 2006, auditors for 14 of the 17
agencies with noncompliant systems reported that the agencies had
reconciliation problems, as compared with 14 of the 18 agencies reporting
such problems in fiscal year 2005.

Figure 6: Number of CFO Act Agencies with Reported Inadequate
Reconciliation Procedures Problems for Fiscal Years 2002 through 2006

While reconciling balances with the Department of the Treasury (Treasury)
remains a common problem, many other types of reconciliation problems were
also cited during fiscal year 2006. For example, at the Department of
Agriculture (Agriculture), the independent auditor reported that over 50
abnormal balances exceeding $360 million existed at year end. The abnormal
balances stemmed from a variety of causes. In one case, the auditors
reported that Agriculture did not perform timely research to ensure that
account relationships were reconciled and corresponding corrections
promptly made. The number and dollar value of abnormal account balances
had been significantly reduced from last year at Agriculture; however,
when abnormal balances exist, immediate research should be performed to
identify the cause and correct the condition.

  Lack of Accurate and Timely Recording of Financial Information

As shown in figure 7, auditors for 15 of 17 agencies with noncompliant
systems reported the lack of accurate and timely recording of financial
information as a problem for fiscal year 2006, compared with 17 of 18
agencies reporting such problems in fiscal year 2005.

Figure 7: Number of CFO Act Agencies with Reported Lack of Accurate and
Timely Recording Problems for Fiscal Years 2002 through 2006

Accurate and timely recording of financial information is essential for
effective financial management. Timely recording of transactions
facilitates accurate reporting in agencies' financial reports and other
management reports used to guide managerial decision making. In addition,
having systems that record information in an accurate and timely manner is
critical for key governmentwide initiatives, such as integrating budget
and performance information.

In contrast, lack of timely recording of transactions during the fiscal
year can result in agencies making substantial efforts at fiscal year end
to perform extensive manual financial statement preparation efforts that
are susceptible to error and increase the risk of misstatements. For
example, auditors for the Department of Energy (Energy) noted that the
department has not completed all of the corrective actions needed to
reconcile obligation data converted from Energy's legacy systems to its
new financial management system, the Standard Accounting and Reporting
System (STARS), affecting the accuracy of undelivered order balances at
every field office tested by the auditors. As of September 30, 2006,
Energy reported undelivered orders of $11.3 billion. Errors in recording
obligations, such as duplicating obligation entries or recording
obligations in subsequent periods, resulted in misstatements of the
undelivered orders balance. These problems precluded the department from
providing assurance of accurate and complete undelivered orders balance in
Energy's consolidated financial statements. Further, such problems
typically result in funds not being available for use that otherwise would
be, and in managers not having accurate financial information during the
year for well-informed decisions.

  Noncompliance with the SGL

As shown in figure 8, auditors for 7 of the 17 agencies with noncompliant
systems reported that the agencies' systems did not comply with SGL
requirements for fiscal year 2006, compared with 11 of the 18 agencies
reporting such problems in fiscal year 2005.

Figure 8: Number of CFO Act Agencies with Reported Noncompliance with the
SGL Problems for Fiscal Years 2002 through 2006

FFMIA specifically requires federal agencies to implement the SGL at the
transaction level. Using the SGL promotes consistency in financial
transaction processing and reporting by providing a uniform chart of
accounts and pro forma transactions and provides a basis for comparison at
the agency and governmentwide levels. The defined accounts and pro forma
transactions standardize the accumulation of agency financial information
as well as enhance financial control and support internal and external
reporting.

According to auditors at Interior and AID, progress has been made in this
area as a result of the agencies retiring legacy systems and implementing
new systems that conform to the SGL. Nevertheless, failure to adhere to
the SGL continues to impede the ability of some agencies to prepare
accurate financial statements. For example, auditors for the Department of
Health and Human Services (HHS) noted that its Division of Financial
Operations (DFO) CORE accounting system, which supports net outlays of
more than $93 billion, is a legacy accounting system and does not fully
support the SGL. Specifically, the auditors found that HHS compiles its
financial statements through a multistep process using a combination of
manual and automated procedures. Further, agency auditors identified over
100 instances with an approximate value of over $3 billion of general
ledger accounts and crosswalks that were not used consistently or in
compliance with Treasury's guidance on the SGL. To address this issue, HHS
is in the process of implementing a new financial management system.

  Lack of Adherence to Federal Accounting Standards

One of FFMIA's requirements is that agencies' financial management systems
account for transactions in accordance with federal accounting standards.
Appendixes III and IV list the federal financial accounting standards and
other guidance issued by the Federal Accounting Standards Advisory Board
and its Accounting and Auditing Committee, respectively. The purpose of
these standards and other guidance is to ensure that federal agencies'
financial reports provide users with understandable, relevant, and
reliable information about the financial position, activities, and results
of operations of the U.S. government and its components. Many agencies
face continuing challenges in this area. As shown in figure 9, for fiscal
year 2006, auditors for 10 of the 17 agencies with noncompliant systems
reported that these agencies had problems complying with one or more
federal accounting standards.

Figure 9: Number of CFO Act Agencies with Reported Lack of Adherence to
Federal Accounting Standards Problems for Fiscal Years 2002 through 2006

Two agencies, the Department of the Interior (Interior) and Department of
Transportation (DOT), reported weaknesses affecting compliance with the
recently issued SFFAS 27, Identifying and Reporting Earmarked Funds, which
became effective for fiscal year 2006. For example, at Interior, auditors
noted that the Sport Fish Restoration and Boating Trust Fund was properly
classified as an earmarked fund but that Interior had not fully
established controls to ensure that its portion of the fund was accurately
included in the financial statements. As a result, Interior analyzed and
adjusted the financial statements. While newly issued standards may cause
significant compliance problems, agencies also struggled to implement
standards which have been in effect for some time.

Auditors reported compliance problems with 11 specific accounting
standards in fiscal year 2006. Of those standards, the 4 that were most
troublesome for agencies were SFFAS No. 1, Accounting for Selected Assets
and Liabilities; SFFAS No. 4, Managerial Cost Accounting Concepts and
Standards; SFFAS No. 6, Accounting for Property, Plant, and Equipment; and
SFFAS No. 7, Accounting for Revenue and Other Financing Sources.

  Weak Security Controls over Information Systems

Information security weaknesses are a major concern for federal agencies
and the general public and one of the frequent problems auditors cited
concerning noncompliance with FFMIA. As shown in figure 10, auditors for
15 of the 17 agencies with noncompliant systems reported security
weaknesses in information systems to be a problem, compared with 16 of the
18 agencies reporting such problems in fiscal year 2005.

Figure 10: Number of CFO Act Agencies with Reported Weak Security over
Information Systems Problems for Fiscal Years 2002 through 2006

These control weaknesses place vast amounts of government assets at risk
of inadvertent or deliberate misuse, financial information at risk of
unauthorized modification or destruction, sensitive information at risk of
inappropriate disclosure, and critical operations at risk of disruption.
Since 1997, we have considered information security to be a high-risk area
at a governmentwide level and continue to emphasize it on our most recent
list issued in January 2007.29

For example, the Nuclear Regulatory Commission (NRC) auditors reported
that only 1 out of 30 operational NRC information systems had a current
certification and accreditation. Auditors also noted that in the past 4
years NRC has not performed a current certification and accreditation of
its general support systems. As a result, all NRC information systems that
depend on the security controls provided by these general support systems
are subject to an unknown potential risk. Two of NRC's financial reporting
systems, Federal Financial System (FFS) and the Federal Personnel and
Payroll System (FPPS), were outsourced to the Department of Interior's
National Business Center (DOI-NBC) but continue to rely on the NRC's
general support system. According to the auditors, their reliance on the
top tier of controls of the general support systems puts the FFS and the
FPPS at risk despite the DOI-NBC assurance that the certification and
accreditations for the two systems have been performed.

The security breaches at Department of Veterans Affairs (VA), Treasury,
and other agencies compromised the personal data of millions of U.S.
citizens and highlighted the importance of adequate system security
policies and programs. Robust federal security programs are critically
important to properly protect personal and financial information and the
privacy of individuals. When there is a lack of reasonable assurance that
controls are correctly implemented, operating as intended, and producing
the desired outcome with respect to meeting the security requirements of
the agency, the agencies' information and systems are left vulnerable to
attack or compromise.

Efforts Are Under Way to Address Federal Financial Management System Challenges

Agencies and OMB have a number of efforts under way to address their
existing financial management systems problems. For example, noncompliant
agencies are required by OMB to include in their annual PARs a summary of
their detailed remediation plans including corrective actions as well as
the resources and target dates for implementing the corrective actions. A
number of those corrective actions involve implementing new financial
management systems, which over time has proven to be very challenging.
Efforts to modernize financial management systems have often exceeded
budgeted costs, experienced delays in delivery dates, and not provided the
anticipated system functionality and performance. This problem is
particularly serious at the Department of Defense. To help provide a
governmentwide solution, OMB has developed the financial management line
of business (FMLOB) initiative. While progress has been made in defining
standard business processes and issuing draft guidance to facilitate a
smooth transition to shared service providers, the FMLOB initiative
involves complex issues that have far-reaching implications for the
government and private sector shared service providers. As we reported30
last year, the key for federal agencies to avoid the long-standing
problems that have plagued financial management system improvement efforts
is to address the foremost causes of those problems and adopt solutions
that reduce the risks associated with these efforts to acceptable levels.

29GAO, High-Risk Series: An Update, [46]GAO-07-310 (Washington, D.C.: Jan.
31, 2007).

Comprehensive Remediation Plans Are Critical to Agencies' Improvement Efforts

Correcting financial management system problems has proven to be
particularly difficult for many agencies. To assist in this effort, FFMIA
requires the heads of agencies with noncompliant systems to prepare
detailed remediation plans to bring agencies' systems into substantial
compliance with the law. Specifically, the law requires the head of the
agency to establish a remediation plan that includes resources, remedies,
and intermediate target dates necessary to bring the agency's financial
management systems into substantial compliance. Further, OMB Circular A-11
requires agencies with noncompliant systems to include in their annual
PARs a summary of their detailed remediation plans containing (1)
corrective actions to be taken, (2) resources to be used for
implementation of the corrective actions, and (3) target dates for
implementation of the corrective actions.

As previously discussed, auditors reported that 17 agency systems were
substantially noncompliant with FFMIA in fiscal year 2006. The agency
heads for 5 of these agencies31 disagreed with the auditor and considered
their agencies' systems to be substantially compliant with FFMIA. The law
does not require an agency to prepare a remediation plan if the agency
head determines that the agency's systems are in substantial compliance
with the law even if the agency's auditor determines the agency's systems
are not substantially compliant. The remaining 12 agencies32 are required
to include summarized remediation plans in their PARs. We reviewed the 12
PARs for those agencies to determine if their summarized remediation plans
included the required information. Figure 11 presents the results of our
analysis.

30 [47]GAO-06-184 .

31Departments of Education, Housing and Urban Development (HUD), Interior,
Labor, and State.

Figure 11: Summary of Analysis of Elements Included in 12 Agencies'
Summarized Remediation Plans for Fiscal Year 2006

As shown in figure 11, all of the agencies' summarized remediation plans
included corrective actions. However, one third of the agencies'
summarized remediation plans did not include a discussion of the staffing
resources required to complete the planned corrective actions. Remediation
plans provide a "road map" to resolve financial management problems in a
transparent manner, and also help hold managers accountable for needed
improvements. A discussion of the resources to be used when implementing
the corrective actions is essential in determining whether the corrective
actions can realistically be accomplished within the specified time
frames. Assigning resources to a corrective action facilitates on-time
implementation and helps avoid confusion over what funding sources will be
used and the personnel responsible for the implementation.

32Agriculture, DOD, Energy, HHS, DHS, DOJ, DOT, Treasury, VA, NASA, NRC,
and SBA.

One agency did not include target dates for completing corrective actions
to become substantially compliant with FFMIA. Setting specific target
dates, including intermediate target dates, facilitates tracking the
progress agencies are making in reaching their specified goals. If
agencies do not include target dates in their remediation plans, it is
difficult for the Congress and the American taxpayer to hold them
accountable for correcting long-standing financial management system
problems.

Agencies Struggle with Financial Management Systems Modernization

Across the government, agencies have many efforts under way to implement
new financial management systems or to upgrade existing systems that may
help improve FFMIA compliance. However, these efforts far too often result
in systems that do not meet their cost, schedule, and performance goals.
While agencies anticipate that the new systems will provide reliable,
useful, and timely data to support managerial decision making, our work
and that of others has shown that has often not been the case. For
example, many of DOD's over 2,000 business systems are nonintegrated,
stove piped, and not capable of providing departmental management and the
Congress accurate and reliable information on DOD's day-to-day operations.
For decades, DOD has been challenged in modernizing its timeworn business
systems. In 1995, we designated DOD's business systems modernization
program as high-risk, and we continue to designate it as such in our most
recent high-risk report.33 In another case, HHS has been plagued with
systems implementation issues with its Unified Financial Management System
(UFMS) from inception. In fiscal year 2006, HHS auditors reported that the
agency continued to experience significant challenges in resolving issues
with the system conversion and implementation and that sustained efforts
will be necessary to overcome the continuing serious weaknesses.

Furthermore, modernization efforts at DHS and DOJ have been hampered
because these agencies did not follow best practices in systems
development and implementation efforts (commonly referred to as
disciplined processes34).

33 [48]GAO-07-310 .

           o Since its establishment, DHS has faced the daunting task of
           bringing together 22 diverse agencies and developing an integrated
           financial management system. DHS halted implementation of the
           Electronically Managing Enterprise Resources for Government
           Effectiveness and Efficiency (Emerge2) program in December 2005,
           which was expected to integrate financial management systems
           across the entire department and to address its financial
           management weaknesses. DHS officials have stated that
           approximately $52 million in total was spent on the Emerge2
           project before it was halted. In fiscal year 2006, we testified35
           and provided an assessment of the status of DHS's efforts to
           modernize its financial management systems. In early March 2007,
           DHS officials issued a high-level plan to address the existing
           internal control weaknesses. However, as we recently reported and
           testified,36 more detailed implementation strategies will be
           necessary to fully address the financial management system
           challenges. DHS has received permission from OMB to leverage its
           current investments by consolidating and migrating components to
           either the Transportation Security Administration (TSA) or Customs
           and Border Protection financial management systems models. Our
           concern is that these components have numerous financial
           management weaknesses. For example, auditors for TSA reported that
           they were unable to provide sufficient evidential matter or make
           knowledgeable representations to support fiscal year 2005 and 2006
           transactions and account balances, particularly for budgetary
           accounting and undelivered orders, and property, plant, and
           equipment, among others.
           o The Department of Justice has developed plans for a Unified
           Financial Management System (UFMS) intended to correct many of its
           financial accounting and reporting issues. The UFMS is expected to
           standardize and integrate financial processes and systems to more
           efficiently support accounting operations, facilitate preparation
           of financial statements, and streamline audit processes. The
           department's efforts over the past few years to implement the UFMS
           to replace the seven major accounting systems currently used
           throughout the department have been challenging. For example, 2
           years after the department selected a vendor for the unified
           system, problems with funding, staff turnover, and other competing
           priorities caused delays in implementation of the new system. As
           of September 2006, none of Justice's accounting systems were
           integrated with each other. The Drug Enforcement Administration
           (DEA) is scheduled to begin implementing the UFMS in fiscal year
           2008, and current plans are for implementing the system in all
           department components by fiscal year 2012.

34Disciplined processes have been shown to reduce the risks associated
with software development and acquisition efforts to acceptable levels and
are fundamental to successful system implementations.

35GAO, Financial Management Systems: DHS Has an Opportunity to Incorporate
Best Practices in Modernization Efforts, [51]GAO-06-553T (Washington,
D.C.: Mar. 29, 2006).

36GAO, Homeland Security: Departmentwide Integrated Financial Management
Systems Remain a Challenge, GAO-07-536 (Washington, D.C.: June 21, 2007);
Homeland Security: Transforming Departmentwide Financial Management
Systems Remains a Challenge, GAO-07-1041T (Washington, D.C.: June 28,
2007).

           Challenges of Implementingthe Financial Management Line of Business

           OMB's FMLOB initiative, launched in March 2004, promotes
           business-driven, common solutions to enhance the federal
           government's performance and services. This initiative is intended
           to address past financial management systems' weaknesses and
           implementation failures and support the PMA goal of expanding
           electronic government.

           The goals of OMB's Financial Management Line of Business
           initiative include:

                        o providing timely and accurate data for decision
                        making;
                        o facilitating stronger internal controls that ensure
                        integrity in accounting and other stewardship
                        activities;
                        o reducing costs by providing a competitive
                        alternative for agencies to acquire, develop,
                        implement, and operate financial management systems
                        through shared service solutions;
                        o standardizing systems, business processes, and data
                        elements; and
                        o providing for seamless data exchange between and
                        among federal agencies by implementing a common
                        language and structure for financial information and
                        system interfaces.

           OMB's initial framework for the competitive migration to either a
           public shared service provider or a qualified private sector
           provider under the initiative is expected to help agencies
           maximize value by considering alternative solutions in a reasoned
           and structured manner. We have long supported and called for
           initiatives to standardize and streamline common systems, which
           can reduce costs and, if done correctly, improve accountability.
           Likewise, OMB has correctly recognized that enhancing the
           government's ability to implement financial management systems
           that are capable of providing accurate, reliable, and timely
           information on the results of operations needs to be addressed as
           a governmentwide solution, rather than individual agency
           stove-piped efforts designed to meet a given entity's needs. The
           FMLOB is a work in progress, and OMB has not yet fully defined and
           implemented the processes necessary to successfully complete it.
           In our March 2006 report,37 we recommended that careful
           consideration of the following four concepts, each one building
           upon the former, would be integral to the success of OMB's FMLOB
           initiative and could help break the cycle of failure in
           implementing financial management systems. The four concepts were
           (1) developing a concept of operations, (2) defining standard
           business processes, (3) developing a strategy for ensuring that
           agencies migrate to a limited number of service providers in
           accordance with OMB's stated approach, and (4) defining and
           effectively implementing disciplined processes necessary to
           properly manage the specific projects.

           OMB has taken steps to develop the foundational guidance needed
           for the FMLOB, but many challenging tasks remain. As we reported
           last year, OMB has designated four federal agencies38 as shared
           service providers; released a competition framework in May 2006;
           issued migration planning guidance in September 2006; and
           encouraged private sector providers that can satisfy the shared
           services requirements to participate in the procurement process
           for these services. In November 2006, OMB released an exposure
           draft of a common governmentwide accounting classification
           structure that may address lack of standardization among agency
           accounts. A critical factor for this project will be the ability
           to develop an approach that captures all stakeholders' needs with
           minimal redundancy and complexity.

           In addition, OMB and the Financial Systems Integration Office39
           (FSIO) have also developed and released an exposure draft for the
           funds control standard business process40 and the payment
           management standard business process.41 Further, in March 2007,
           the Financial Services Assessment Guide (SAG)42 was issued to
           establish a set of financial service metrics to facilitate an
           assessment of opportunities to improve performance and
           affordability of financial services provided by shared service
           providers and federal agencies. In order to promote consistency
           among agencies and service providers, starting June 15, 2007, and
           every month thereafter, OMB is requiring monthly reporting from
           all agencies on their performance data through a single system
           managed by FSIO, including data for each system listed as a core
           financial management system.

37 [52]GAO-06-184 .

38The four agencies designated as shared service providers were the
Department of the Interior (National Business Center), GSA (Federal
Integrated Solutions Center), Department of the Treasury (Bureau of the
Public Debt Administrative Resource Center), and Department of
Transportation (Enterprise Services Center).

39FSIO was formerly known as the Joint Financial Management Improvement
Program (JFMIP) staff office. In December 2004, the JFMIP Principals voted
to modify the roles and responsibilities of the JFMIP Program Office, now
FSIO. The FSIO Executive reports to OMB's Office of Federal Financial
Management Controller. See OMB, Update on the Financial Management Line of
Business and the Financial Systems Integration Office Memorandum
(Washington, D.C.: Dec. 16, 2005).

40OMB, FMLOB Funds Control Standard Business Process, Exposure Draft
(Washington, D.C.: March 2007).

           Furthermore, FSIO released its core financial system product
           compliance test policy,43 documenting the specific core financial
           systems qualifications test policy and procedures starting in
           2007. This new policy provided detailed information about each
           test, including schedule, scope, and requirements to be tested.
           This is a useful tool to promote consistency in core financial
           systems governmentwide, clarify the system requirements, and
           reduce the risk that agencies will acquire noncompliant or
           ineffective core financial system software. This, though, does not
           eliminate the need for agencies to conduct comprehensive testing
           efforts to ensure that financial system software meets their
           requirements, and the implementation of FSIO-tested software does
           not guarantee that the agencies will have financial systems that
           are compliant with FFMIA.

           While much has been accomplished by OMB, many important issues
           remain unresolved. For example, one of the recommendations in our
           March 2006 report44 called for a concept of operations to provide
           the foundation for the FMLOB. An effective concept of operations
           would describe, at a high level, (1) how all of the various
           elements of federal financial systems and mixed systems relate to
           each other and (2) how information flows from and through these
           systems. A concept of operations would provide a useful tool to
           explain how financial management systems at the agency and
           governmentwide levels can operate cohesively. It would be geared
           to a governmentwide solution rather than individual agency
           stove-piped efforts. Because the federal government does not have
           an overall concept of operations, there is no clear understanding
           of the interrelationships among federal financial systems and how
           the shared service provider concept fits into this framework. OMB
           officials recognize that standardization is important and are
           developing a standard set of business processes in four areas:
           funds control, accounts payable, accounts receivable, and
           financial reporting. In addition, as the FMLOB initiative moves
           forward, there are numerous additional areas where standardization
           is also important, such as inventory, supplies, and material
           management, as well as the loan management areas. Absent this
           standardization, shared service providers have been designated
           without common business rules and potential customer agencies
           continue to implement and operate individual stove-piped systems
           that may require additional work to adopt these processes.
			  
41OMB, FMLOB Payment Management Standard Business Process Exposure Draft
(Washington, D.C.: May 2007).

42OMB, Financial Services Assessment Guide Version 1 (Washington, D.C.:
Mar. 30, 2007).

43FSIO, Core Financial System Product Qualification Test Policy
(Washington, D.C.: March 2007).

44 [53]GAO-06-184 .

           Further, as we reported in September 2006,45 there are a number of
           factors that affect FFMIA compliance, including the quality of
           transaction data in agency feeder systems; the success of
           converting data from legacy systems; and the interaction of
           people, process, and technology within an agency's environment.
           The shared service provider concept, if adopted, will still
           require that agencies address long-standing human capital problems
           and develop long-term strategies for acquiring, developing, and
           retaining an organization's total workforce to meet the needs of
           the future. To date, none of the major CFO Act agencies has moved
           to an OMB-designated shared service provider to handle their
           financial management system activities, although some agencies,
           such as DOT, GSA, and NRC were already using the shared service
           provider concept prior to OMB's financial management line of
           business initiative. In addition, other agencies such as Labor,
           use a commercial shared service provider to provide hosting and
           operations and maintenance services. There are some major CFO Act
           agencies, such as EPA, HUD, Agriculture, and OPM that are in the
           process of selecting a shared service provider for full financial
           management systems activities. OMB officials told us that a
           successful FMLOB outcome would be for agencies to solicit for
           government or commercial shared service providers, identify the
           best value, and move forward in the FMLOB process. Whether
           agencies move to a shared service provider or implement their own
           systems, they must have disciplined processes in place to achieve
           the intended results, within established resources, and on
           schedule.
			  
45GAO, Financial Management: Improvements Under Way but Serious Financial
Systems Problems Persist, [54]GAO-06-970 (Washington, D.C..: Sept. 26,
2006).

           Comptroller General Convening Forum on FFMIA Issues

           To address the challenges CFO agency managers and auditors face in
           implementing and maintaining financial management systems that
           meet the intent of the CFO Act and the requirements of FFMIA, we
           are convening a Comptroller General forum later this year in
           Washington, D.C. The forum is intended to build on 10 years of
           experience with FFMIA implementation and foster discussion with a
           select group of experts and knowledgeable officials on the
           financial management systems opportunities and challenges facing
           agencies across the federal government. The discussion will focus
           on options for addressing the impediments faced by federal
           managers in attempting to bring their respective agencies into
           compliance with the requirements of the law. More importantly,
           after 10 years, this forum provides an opportunity to "think
           outside the box" and foster innovative ideas on how the federal
           government can overcome long-standing challenges in improving
           financial management systems with the goal of providing meaningful
           data to support managerial decision making on a daily basis.

           Invitees to the forum will include representatives from the
           federal Chief Financial Officer and inspector general communities,
           key OMB officials and congressional staff, and selected other
           knowledgeable officials from the public and private sectors. After
           the forum, we plan to issue a separate report summarizing the
           discussion and to consider the key issues in our future FFMIA
           work. Accordingly, we are not making any new recommendations in
           this report.
			  
			  Conclusion

           Over the 10 years since FFMIA's enactment, the federal government
           has continued to make incremental improvement in implementing
           financial management systems that substantially comply with the
           requirements of the act. Nonetheless, significant and
           long-standing obstacles remain for developing and implementing
           effective financial management systems that can provide essential
           financial data in support of day-to-day managerial decision
           making--the ultimate goal of FFMIA. Continued high-priority and
           sustained top-level commitment by OMB and leaders throughout the
           federal government will be required to fully and effectively
           achieve the goal of FFMIA. In addition, to help address the
           fundamental obstacles impeding FFMIA implementation, we are taking
           a proactive stance by convening a forum to help identify
           innovative approaches and corrective actions.
			  
			  Agency Comments and Our Evaluation

           In written comments (reprinted in app. VI) on a draft of this
           report, OMB agreed with our assessment that while federal agencies
           have continued to make progress in financial management, many
           agencies still need to improve their financial systems so that
           reliable, useful, and timely financial management information is
           available for day-to-day operations. OMB stated that it was
           working aggressively to assist agencies in building a strong
           foundation for financial management practices and also applauded
           our plans to convene a forum on these issues.

           As in previous years, we and OMB have differing views on the
           necessity of agency auditors providing a statement of positive
           assurance when reporting agency systems to be in substantial
           compliance with the requirements of FFMIA. OMB stated that its
           three major initiatives, the PMA, FMLOB, and the revised Circular
           No. A-123, are helping agencies identify and correct FFMIA
           deficiencies. Further, OMB stated that many of the ongoing
           assessments required under the revised Circular No. A-123 mirror
           the types of assessments that would occur in establishing a
           statement of positive assurance under FFMIA. As a result, OMB
           believed that requiring a statement of positive assurance would be
           costly and would not provide additional information that would be
           of benefit to the federal agency, OMB, or the taxpayer.

           While we agree that these initiatives are helping drive
           improvements, auditors need to consider other aspects of financial
           management systems when assessing FFMIA compliance that are not
           fully addressed through the current reporting structure. For
           example, in preparing the PMA scorecard assessments, OMB officials
           meet with agencies to discuss a number of financial management
           issues and have systems demonstrations. Our concern is that some
           of the information provided by this approach does not come under
           audit scrutiny and may not be reliable. Similarly, internal
           control assessments performed under Circular No. A-123 are
           management's judgments and are subject to an opinion-level review
           by independent auditors only in limited circumstances. An opinion
           by an independent auditor on FFMIA compliance would confirm
           whether an agency's systems substantially met the requirements of
           FFMIA and could also provide additional confidence in the
           information provided as a result of the PMA, FMLOB, and Circular
           No. A-123 initiatives. In our view, confidence that agency
           financial management systems provide reliable, useful, and timely
           information to help government leaders invest resources, oversee
           programs, and reduce costs, would be of significant value to the
           federal agency, OMB, the Congress, and the taxpayer. Moreover, to
           minimize the cost of providing an audit opinion, the GAO/PCIE
           Financial Audit Manual includes a number of techniques that
           auditors can use to reduce the incremental cost of providing
           positive assurance. Finally, we continue to believe that a
           statement of positive assurance is a statutory requirement under
           the act.

           With regard to our prior recommendation for revised guidance that
           clarifies the definition of substantial compliance, OMB stated
           that in its update to Circular No. A-127, Financial Management
           Systems, its goal will be to simplify FFMIA compliance
           requirements as well as to better balance the FFMIA objectives of
           generating audited financial statements and providing meaningful
           information for decision makers. Accordingly, OMB agreed to take
           this recommendation under advisement. As we noted in our prior
           reports,46 auditors we interviewed expressed a need for
           clarification regarding the meaning of substantial compliance.

           OMB also provided technical comments which we incorporated as
           appropriate.

           We are sending copies of this report to the Chairman and Ranking
           Member, Subcommittee on Federal Financial Management, Government
           Information, Federal Services, and International Security, Senate
           Committee on Homeland Security and Governmental Affairs, and to
           the Chairman and Ranking Member, Subcommittee on Government
           Management, Organization, and Procurement, House Committee on
           Oversight and Government Reform. We are also sending copies to the
           Director of the Office of Management and Budget, the heads of the
           24 CFO Act agencies in our review, and agency CFOs and inspectors
           general. Copies will be made available to others upon request. In
           addition, this report will be available at no charge on the GAO
           Web site at [49]http://www.gao.gov .
			  
46 [55]GAO-02-29 , [56]GAO-03-31 , [57]GAO-05-20 , [58]GAO-05-881 , and
[59]GAO-06-970 .

           This report was prepared under the direction of McCoy Williams,
           Director, Financial Management and Assurance, who may be reached
           at (202) 512-9095 or [50][email protected] if you have any
           questions. Contact points for our Offices of Congressional
           Relations and Public Affairs may be found on the last page of this
           report. GAO staff that made key contributions to this report are
           listed in appendix VII.

           David M. Walker
			  Comptroller General of the United States
			  
			  Appendix I: Requirements and Standards Supporting Federal Financial
           Management
			  
			  Financial Management Systems Requirements

           The policies and standards prescribed for executive agencies to
           follow in developing, operating, evaluating, and reporting on
           financial management systems are defined in Office of Management
           and Budget (OMB) Circular No. A-127, Financial Management Systems.
           The components of an integrated financial management system
           include the core financial system,1 managerial cost accounting
           system, administrative systems, and certain programmatic systems.
           Administrative systems are those that are common to all federal
           agency operations,2 and programmatic systems are those needed to
           fulfill an agency's mission. Circular No. A-127 refers to the
           series of publications entitled Federal Financial Management
           Systems Requirements, initially issued by the Joint Financial
           Management Improvement Program's (JFMIP) Program Management Office
           (PMO) as the primary source of governmentwide requirements for
           financial management systems. However, as of December 2004, the
           Financial Systems Integration Office (FSIO) assumed responsibility
           for coordinating the work related to federal financial management
           systems requirements and OMB's Office of Federal Financial
           Management (OFFM) is responsible for issuing the new or revised
           regulations. In December 2004, the JFMIP Principals voted to
           modify the roles and responsibilities of JFMIP, resulting in the
           creation of FSIO. Appendix II lists the federal financial
           management systems requirements published to date. Figure 12 is
           the current model that illustrates how these systems interrelate
           in an agency's overall systems architecture.
			  
1Core financial systems, as defined by the Office of Federal Financial
Management (OFFM), include managing general ledger, funding, payments,
receivables, and certain basic cost functions.

2Examples of administrative systems include budget, acquisition, travel,
property, and human resources and payroll.

Figure 12: Agency Systems Architecture

FFMIA Guidance

OMB establishes governmentwide financial management policies and
requirements and has issued two sources of guidance related to FFMIA
reporting. First, in OMB Memorandum, Revised Implementation Guidance for
the Federal Financial Management Improvement Act (Jan. 4, 2001), OMB
provides guidance for agencies and auditors to use in assessing
substantial compliance. The guidance describes the factors that should be
considered in determining whether an agency's systems substantially comply
with FFMIA's three requirements. Further, the guidance provides examples
of the types of indicators that should be used as a basis for assessing
whether an agency's systems are in substantial compliance with each of the
three FFMIA requirements. Finally, the guidance discusses the corrective
action plans, to be developed by agency heads, for bringing their systems
into compliance with FFMIA. Second, on August 23, 2006, OMB issued
Bulletin No. 06-03, Audit Requirements for Federal Financial Statements,
which superseded OMB Bulletin No. 01-02. This new bulletin did not
substantially revise the FFMIA audit guidance included in Bulletin No.
01-02, which calls for auditors to provide negative assurance when
reporting on an agency system's FFMIA compliance.

We have worked in partnership with representatives from the President's
Council on Integrity and Efficiency (PCIE) to develop and maintain the
joint GAO/PCIE Financial Audit Manual (FAM). The FAM provides specific
procedures auditors should perform when assessing FFMIA compliance.3 As
detailed in appendix V, we have also issued a series of checklists to help
assess whether agencies' systems meet systems requirements. The FAM
guidance on FFMIA assessments recognizes that while financial statement
audits offer some assurance regarding FFMIA compliance, auditors should
design and implement additional testing to satisfy FFMIA criteria.

OMB Circular No. A-127 also requires agencies to purchase commercial
off-the-shelf (COTS) software that has been tested and certified through
the PMO software certification process when acquiring core financial
systems. However, in December 2004, OMB transferred the responsibility of
certifying systems to FSIO as part of the realignment of JFMIP. In March
2007, FSIO updated the testing policy for COTS software. However, the
certification process does not eliminate or significantly reduce the need
for agencies to develop and conduct comprehensive testing efforts to
ensure that the COTS software meets their requirements. Moreover, core
financial systems certification does not mean that agencies that install
these packages will have financial management systems that are compliant
with FFMIA. Many other factors can affect the capability of the systems to
comply with FFMIA, including modifications made to the FSIO-certified core
financial management systems software and the validity and completeness of
data from feeder systems.

3 [60]GAO-01-765G , section 260.58-.60 and [61]GAO-03-466G , sections 701,
701A, and 701B.

Federal Accounting Standards

The Federal Accounting Standards Advisory Board (FASAB)4 promulgates
federal accounting standards and concepts that agency chief financial
officers use in developing financial management systems and preparing
financial statements. FASAB develops the appropriate accounting standards
and concepts after considering the financial and budgetary information
needs of the Congress, executive agencies, and other users of federal
financial information and comments from the public. FASAB forwards the
standards and concepts to the Comptroller General, the Director of OMB,
the Secretary of the Treasury, and the Director of the Congressional
Budget Office (CBO) for a 90-day review. If, within 90 days, neither the
Comptroller General nor the Director of OMB objects to the standard or
concept, then it is issued and becomes final. FASAB announces finalized
concepts and standards in The Federal Register.

The American Institute of Certified Public Accountants designated the
federal accounting standards promulgated by FASAB as being generally
accepted accounting principles for the federal government. This
recognition enhances the acceptability of the standards, which form the
foundation for preparing consistent and meaningful financial statements
both for individual agencies and the government as a whole. Currently,
there are 32 Statements of Federal Financial Accounting Standards (SFFAS)
and 4 Statements of Federal Financial Accounting Concepts (SFFAC).5 The
concepts and standards are the basis for OMB's guidance to agencies on the
form and content of their financial statements and for the government's
consolidated financial statements. Appendix III lists the concepts,
standards, interpretations,6 and technical bulletins, along with their
respective effective dates.

4In October 1990, the Secretary of the Treasury, the Director of OMB, and
the Comptroller General established FASAB to develop a set of generally
accepted accounting standards and concepts for the federal government.
Effective October 1, 2003, FASAB is comprised of six nonfederal or public
members, one member from the Congressional Budget Office, and the three
sponsors.

5Accounting standards are authoritative statements of how particular types
of transactions and other events should be reflected in financial
statements. SFFACs explain the objectives and ideas upon which FASAB
develops the standards.

6An interpretation is a document of narrow scope that provides
clarifications of original meaning, additional definitions, or other
guidance pertaining to an existing federal accounting standard.

FASAB's Accounting and Auditing Policy Committee (AAPC)7 assists in
resolving issues related to the implementation of accounting standards.
AAPC's efforts result in guidance for preparers and auditors of federal
financial statements in connection with implementation of accounting
standards. To date, AAPC has issued six technical releases, which are
listed in appendix IV along with their release dates.

U.S. Government Standard General Ledger (SGL)

The SGL was established by an interagency task force under the direction
of OMB and mandated for use by agencies in OMB and Treasury regulations in
1986. The SGL promotes consistency in financial transaction processing and
reporting by providing a uniform chart of accounts and pro forma
transactions used to standardize federal agencies' financial information
accumulation and processing throughout the year, enhance financial
control, and support budget and external reporting, including financial
statement preparation. The SGL is intended to improve data stewardship
throughout the federal government, enabling consistent reporting at all
levels within the agencies and providing comparable data and financial
analysis governmentwide.8

Internal Control Standards

The Congress enacted legislation, 31 U.S.C. S 3512(c), (d) (commonly
referred to as the Federal Managers' Financial Integrity Act of 1982
(FMFIA)), to strengthen internal controls and accounting systems
throughout the federal government, among other purposes. Issued pursuant
to FMFIA, the Comptroller General's Standards for Internal Control in the
Federal Government9 provides standards that are directed at helping agency
managers implement effective internal control, an integral part of
improving financial management systems. Internal control is a major part
of managing an organization and comprises the plans, methods, and
procedures used to meet missions, goals, and objectives. In summary,
internal control, which under OMB's guidance for FMFIA is synonymous with
management control, helps government program managers achieve desired
results through effective stewardship of public resources.

7In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the Chief
Financial Officers Council, and the President's Council on Integrity and
Efficiency, established AAPC to assist the federal government in improving
financial reporting.

8SGL guidance is published in the Treasury Financial Manual. Treasury's
Financial Management Service is responsible for maintaining the SGL and
answering agency inquiries.

9GAO, Standards for Internal Control in the Federal Government,
[62]GAO/AIMD-00-21 .3 (Washington, D.C.: November 1999).

Effective fiscal year 2006, OMB strengthened the requirements for
conducting management's assessment of internal control over financial
reporting by revising OMB Circular No. A-123.10 Significant revisions
contained in Appendix A of the circular include requiring Chief Financial
Officers (CFO) Act agency management to annually assess the adequacy of
internal control over financial reporting, provide a report on identified
material weaknesses and corrective actions, and provide a separate
assurance statement on the agency's internal control over financial
reporting. In initiating the revisions, OMB cited the internal control
requirements for publicly traded companies that are contained in section
404 of the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley).11 Sarbanes-Oxley
was enacted in response to corporate accountability failures of several
years prior to its enactment and contains a provision (section 404)
calling for management's assessment of internal control over financial
reporting similar to the long-standing requirements for executive branch
agencies contained in FMFIA to issue annual statements of assurance over
internal control in the agencies. Opinions on internal control over
financial reporting as required by Sarbanes-Oxley for publicly traded
companies are important to protect investors by improving the accuracy and
reliability of corporate disclosures made pursuant to the securities laws.

10OMB Circular No. A-123, Management's Responsibility for Internal Control
(revised Dec. 21, 2004).

11Pub. L. No. 107-204, S 404, 116 Stat. 745, 789 (July 30, 2002).

Appendix II: Publications in the Federal Financial Management Systems
Requirements Series

FFMSR document                                              Issue date     
FFMSR-8        System Requirements for Managerial Cost      February 1998  
                  Accounting                                                  
JFMIP-SR-99-5  Human Resources & Payroll Systems            April 1999     
                  Requirements                                                
JFMIP-SR-99-8  Direct Loan System Requirements              June 1999      
JFMIP-SR-99-9  Travel System Requirements                   July 1999      
JFMIP-SR-99-14 Seized Property and Forfeited Assets         December 1999  
                  Systems Requirements                                        
JFMIP-SR-00-01 Guaranteed Loan System Requirements          March 2000     
JFMIP-SR-00-3  Grant Financial System Requirements          June 2000      
JFMIP-SR-00-4  Property Management Systems Requirements     October 2000   
JFMIP-SR-01-01 Benefit System Requirements                  September 2001 
JFMIP-SR-02-02 Acquisition/Financial Systems Interface      June 2002      
                  Requirements                                                
JFMIP-SR-03-01 Revenue System Requirements                  January 2003   
JFMIP-SR-03-02 Inventory, Supplies  and Materials  System   August 2003    
                  Requirements                                                
JFMIP-SR-02-01 Addendum to Core Financial System            March 2004     
                  Requirements                                                
JFMIP-SR-01-04 Framework for Federal Financial Management   April 2004     
                  Systems                                                     
OFFM-NO-0106   Core Financial System Requirements           January 2006   
OFFM-NO-0206   Insurance System Requirements                June 2006      

Source: OMB's Office of Federal Financial Management (OFFM).

Note: Effective December 1, 2004, all financial management system
requirements documents and other guidance initially issued by the JFMIP
were transferred to OFFM and remain in effect until modified.

Appendix III: Statements of Federal Financial Accounting Concepts,
Standards, Interpretations, and Technical Bulletins 

Concepts                                                                   
SFFAC No. 1 Objectives of Federal Financial Reporting                      
SFFAC No. 2 Entity and Display                                             
SFFAC No. 3 Management's Discussion and Analysis                           
SFFAC No. 4 Intended Audience and Qualitative                              
Characteristics for the Consolidated Financial Report                      
of the United States Government                                            
Standards                                             Effective for fiscal 
                                                         yeara                
SFFAS No. 1 Accounting for Selected Assets  and       1994                 
Liabilities                                                                
SFFAS No. 2 Accounting for Direct Loans  and Loan     1994                 
Guarantees                                                                 
SFFAS No. 3 Accounting for Inventory and Related      1994                 
Property                                                                   
SFFAS No. 4 Managerial Cost Accounting Concepts  and  1998                 
Standards for the Federal Government                                       
SFFAS No. 5 Accounting for Liabilities of the         1997                 
Federal Government                                                         
SFFAS No. 6 Accounting for Property, Plant, and       1998                 
Equipment                                                                  
SFFAS No. 7 Accounting for Revenue and Other          1998                 
Financing Sources  and Concepts for Reconciling                            
Budgetary and Financial Accounting                                         
SFFAS No. 8 Supplementary Stewardship Reporting       1998                 
SFFAS No. 9 Deferral of the Effective Date of         1998                 
Managerial Cost Accounting Standards for the Federal                       
Government in SFFAS No. 4                                                  
SFFAS No. 10 Accounting for Internal Use Software     2001                 
SFFAS No.11 Amendments to Accounting for Property,    1999                 
Plant, and Equipment--Definitional Changes                                 
SFFAS No.12 Recognition of Contingent Liabilities     1998                 
Arising from Litigation: An Amendment of SFFAS No.                         
5, Accounting for Liabilities of the Federal                               
Government                                                                 
SFFAS No. 13 Deferral of Paragraph 65.2--Material     1999                 
Revenue-Related Transactions Disclosures                                   
SFFAS No. 14 Amendments to Deferred Maintenance       1999                 
Reporting                                                                  
SFFAS No. 15 Management's Discussion and Analysis     2000                 
SFFAS No. 16 Amendments to Accounting for Property,   2000                 
Plant, and Equipment                                                       
SFFAS No. 17 Accounting for Social Insurance          2000                 
SFFAS No. 18 Amendments to Accounting Standards for   2001                 
Direct Loans  and Loan Guarantees in Statement of                          
Federal Financial Accounting Standards No. 2                               
SFFAS No. 19 Technical Amendments to Accounting       2003                 
Standards for Direct Loans  and Loan Guarantees in                         
Statement of Federal Financial Accounting Standards                        
No. 2                                                                      
SFFAS No. 20 Elimination of Certain Disclosures       2001                 
Related to Tax Revenue Transactions by the Internal                        
Revenue Service, Customs, and Others                                       
SFFAS No. 21 Reporting Corrections of Errors  and     2002                 
Changes in Accounting Principles                                           
SFFAS No. 22 Change in Certain Requirements for       2001                 
Reconciling Obligations  and Net Cost of Operations                        
SFFAS No. 23 Eliminating the Category National        2003                 
Defense Property, Plant, and Equipment                                     
SFFAS No. 24 Selected Standards for the Consolidated  2002                 
Financial Report of the United States Government                           
SFFAS No. 25 Reclassification of Stewardship          2006                 
Responsibilities  and Eliminating the Current                              
Services Assessment                                                        
SFFAS No. 26 Presentation of Significant Assumptions  2006                 
for the Statement of Social Insurance: Amending                            
SFFAS 25                                                                   
SFFAS No. 27 Identifying and Reporting Earmarked      2006                 
Funds                                                                      
SFFAS No. 28 Deferral of the Effective Date of        2006                 
Reclassification of the Statement of Social                                
Insurance: Amending SFFAS 25 and 26                                        
SFFAS No. 29 Heritage Assets  and Stewardship Land    2006                 
SFFAS No. 30 Inter-Entity Cost Implementation         2009                 
Amending SFFAS 4, Managerial Cost Accounting                               
Standards  and Concepts                                                    
SFFAS No. 31 Accounting for Fiduciary Activities      2009                 
SFFAS No. 32 CFR of the U.S. Government Requirements  2006                 
Interpretations                                      
No. 1 Reporting on Indian Trust Funds                
No. 2 Accounting for Treasury Judgment Fund Transactions
No. 3 Measurement Date for Pension and Retirement Health Care Liabilities
No. 4 Accounting for Pension Payments in Excess of Pension Expense
No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue
No. 6 Accounting for Imputed Intra-departmental Costs
No. 7 Items Held for Remanufacture                   
Technical bulletins                                  
TB 2000-1 Purpose and Scope of FASAB Technical Bulletins  and Procedures
for Issuance                                         
TB 2002-1 Assigning to Component Entities Costs  and Liabilities That
Result From Legal Claims Against the Federal Government
TB 2002-2 Disclosures Required by Paragraph 79(g) of SFFAS 7, Accounting
for Revenue and Other Financing Sources  and Concepts for Reconciling
Budgetary and Financial Accounting                   
TB 2003-1 Certain Questions  and Answers Related to the Homeland Security
Act of 2002                                          
TB 2006-1 Recognition and Measurement of Asbestos-Related Cleanup Costs

Source: FASAB.

aEffective dates do not apply to Statements of Federal Financial
Accounting Concepts, Interpretations, and Technical Bulletins.

Appendix IV: Accounting and Auditing Policy Committee Technical Releases

Technical release                                        AAPC release date 
TR-1 Audit Legal Representation Letter Guidance          March 1, 1998     
TR-2 Determining Probable and Reasonably Estimable for   March 15, 1998    
Environmental Liabilities in the Federal Government                        
TR-3 Preparing and Auditing Direct Loan and Loan         July 31, 1999     
Guarantee Subsidies Under the Federal Credit Reform Act                    
TR-4 Reporting on Non-Valued Seized and Forfeited        July 31, 1999     
Property                                                                   
TR-5 Implementation Guidance on SFFAS No. 10: Accounting May 14, 2001      
for Internal Use Software                                                  
TR-6 Preparing Estimates for Direct Loan and Loan        January 2004      
Guarantee Subsidies Under the Federal Credit Reform Act                    
(Amendments to TR-3)                                                       

Source: FASAB.

Appendix V: Checklists for Reviewing Systems under the Federal Financial
Management Improvement Act

Checklist                                                   Issue date     
[63]GAO/AIMD-00-21.2.3 Human Resources  and Payroll Systems March 2000     
Requirements                                                               
[64]GAO-01-99G Seized Property and Forfeited Assets         October 2000   
Systems Requirements                                                       
[65]GAO/AIMD-21-2.6 Direct Loan System Requirements         April 2000     
[66]GAO/AIMD-21.2.8 Travel System Requirements              May 2000       
[67]GAO/AIMD-99-21.2.9 System Requirements for Managerial   January 1999   
Cost Accounting                                                            
[68]GAO-01-371G Guaranteed Loan System Requirements         March 2001     
[69]GAO-01-911G Grant Financial System Requirements         September 2001 
[70]GAO-02-171G Property Management Systems Requirements    December 2001  
[71]GAO-04-22G Benefit System Requirements                  October 2003   
[72]GAO-04-650G Acquisition/Financial Systems Interface     June 2004      
Requirements                                                               
[73]GAO-05-225G Core Financial System Requirements          February 2005  

Source: GAO.

Appendix VI: Comments from the Office of Management and Budget

Appendix VII: GAO Contact and Staff Acknowledgments

GAO Contact

McCoy Williams, (202) 512-9095 or [email protected]

Acknowledgments

In addition to the contact named above, Kay L. Daly, Assistant Director;
F. Abe Dymond, Assistant General Counsel; Debra Cottrell; Francine
DelVecchio; Lauren Fassler; C. Robin Hodge; Jennifer Leone; Sheila D.
Miller; and George Warnock made key contributions to this report.

(195101)

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( [74]www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
[75]www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: [76]www.gao.gov/fraudnet/fraudnet.htm
E-mail: [77][email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [78][email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [79][email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

[80]transparent illustrator graphic

[81]www.gao.gov/cgi-bin/getrpt?GAO-07-914 .

To view the full product, including the scope
and methodology, click on the link above.

For more information, contact McCoy Williams at (202) 512-9095 or
[email protected].

Highlights of GAO- [82]07-914 , a report to the Committee on Homeland
Security and Governmental Affairs, U.S. Senate, and the Committee on
Oversight and Government Reform, House of Representatives

AuAugust 2007

FINANCIAL MANAGEMENT

Long-standing Financial Systems Weaknesses Present a Formidable Challenge

The Federal Financial Management Improvement Act of 1996 (FFMIA) requires
the 24 Chief Financial Officers (CFO) Act agencies to implement and
maintain financial management systems that comply substantially with (1)
federal financial management systems requirements, (2) federal accounting
standards, and (3) the U.S. Government Standard General Ledger (SGL).
FFMIA also requires GAO to report annually on the implementation of the
act.

This report, primarily based on GAO and inspectors general reports,
discusses (1) the problems that continued to affect agencies systems'
FFMIA compliance in fiscal year 2006 and (2) the initiatives under way to
help move federal financial management toward FFMIA compliance.

[83]What GAO Recommends

To further understand the key issues that affect FFMIA implementation and
challenges in improving financial management systems, the Comptroller
General is convening a forum later this year to bring together key
officials and experts for a candid discussion of these issues.
Accordingly, this report does not include any new recommendations. OMB was
supportive of the forum, agreed with GAO's assessment, and stated it was
working aggressively to assist agencies in building a strong foundation of
financial management practices.

Federal agencies have continued to make progress in meeting the
requirements of FFMIA since the passage of the law in 1996. Most agencies
though, have not yet progressed to the stage that their systems are
substantially compliant, and some agencies have made little progress.
Accordingly, agencies continue to fall short in their attempts to
establish the financial systems needed to create the full range of
information needed for effective day-to-day management. In fiscal year
2006, auditors for 17 of the 24 CFO Act agencies reported that agencies'
financial management systems did not substantially comply with at least
one of the three FFMIA requirements. As shown below, based on audit
reports, GAO identified six types of problems primarily related to
agencies' systems. These problems with agency financial systems remain a
significant obstacle to supporting effective management of the federal
government.

Number of Agencies with Reported FFMIA Compliance Problems for Fiscal
Years 2002 through 2006

With regard to improvement initiatives, GAO noted continued progress in
two key areas: (1) agencies' required remediation plans and (2) the Office
of Management and Budget's (OMB) efforts to address system implementation
problems. All 12 of the remediation plans GAO reviewed included corrective
actions, but several were missing key elements. Moreover, agencies
continue to struggle with efforts to modernize their financial management
systems. This problem is particularly acute at the Department of Defense.
Agency modernization efforts have been consistently hampered by failure to
follow best practices in systems development and implementation, commonly
referred to as disciplined processes. As a result, these efforts far too
often do not meet cost, schedule, and performance goals. To help address
these problems, OMB has demonstrated continued progress in the
implementation of the financial management line of business initiative.
However, additional steps forward are needed to provide a foundation for
this initiative.

References

Visible links
  35. http://www.gao.gov/cgi-bin/getrpt?GAO-06-184
  36. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21
  37. http://www.gao.gov/cgi-bin/getrpt?GAO-01-765G
  38. http://www.gao.gov/cgi-bin/getrpt?GAO-03-466G
  39. http://www.gao.gov/cgi-bin/getrpt?GAO-02-29
  40. http://www.gao.gov/cgi-bin/getrpt?GAO-03-31
  41. http://www.gao.gov/cgi-bin/getrpt?GAO-03-1062
  42. http://www.gao.gov/cgi-bin/getrpt?GAO-05-20
  43. http://www.gao.gov/cgi-bin/getrpt?GAO-05-881
  44. http://www.gao.gov/cgi-bin/getrpt?GAO-06-970
  45. http://www.gao.gov/cgi-bin/getrpt?GAO-06-970
  46. http://www.gao.gov/cgi-bin/getrpt?GAO-07-310
  47. http://www.gao.gov/cgi-bin/getrpt?GAO-06-184
  48. http://www.gao.gov/cgi-bin/getrpt?GAO-07-310
  49. http://www.gao.gov/
  50. mailto:[email protected]
  51. http://www.gao.gov/cgi-bin/getrpt?GAO-06-553T
  52. http://www.gao.gov/cgi-bin/getrpt?GAO-06-184
  53. http://www.gao.gov/cgi-bin/getrpt?GAO-06-184
  54. http://www.gao.gov/cgi-bin/getrpt?GAO-06-970
  55. http://www.gao.gov/cgi-bin/getrpt?GAO-02-29
  56. http://www.gao.gov/cgi-bin/getrpt?GAO-03-31
  57. http://www.gao.gov/cgi-bin/getrpt?GAO-05-20
  58. http://www.gao.gov/cgi-bin/getrpt?GAO-05-881
  59. http://www.gao.gov/cgi-bin/getrpt?GAO-06-970
  60. http://www.gao.gov/cgi-bin/getrpt?GAO-01-765G
  61. http://www.gao.gov/cgi-bin/getrpt?GAO-03-466G
  62. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21
  63. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.2.3
  64. http://www.gao.gov/cgi-bin/getrpt?GAO-01-99G
  65. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21-2.6
  66. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21-2.8
  67. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-99-21.2.9
  68. http://www.gao.gov/cgi-bin/getrpt?GAO-01-371G
  69. http://www.gao.gov/cgi-bin/getrpt?GAO-01-911G
  70. http://www.gao.gov/cgi-bin/getrpt?GAO-02-171G
  71. http://www.gao.gov/cgi-bin/getrpt?GAO-04-22G
  72. http://www.gao.gov/cgi-bin/getrpt?GAO-04-650G
  73. http://www.gao.gov/cgi-bin/getrpt?GAO-05-225G
  74. http://www.gao.gov/
  75. http://www.gao.gov/
  76. http://www.gao.gov/fraudnet/fraudnet.htm
  77. mailto:[email protected]
  78. mailto:[email protected]
  79. mailto:[email protected]
  81. http://www.gao.gov/cgi-bin/getrpt?GAO-07-914
  82. http://www.gao.gov/cgi-bin/getrpt?GAO-07-914
*** End of document. ***