Financial Management: Long-standing Financial Systems Weaknesses
Present a Formidable Challenge (03-AUG-07, GAO-07-914).
The Federal Financial Management Improvement Act of 1996 (FFMIA)
requires the 24 Chief Financial Officers (CFO) Act agencies to
implement and maintain financial management systems that comply
substantially with (1) federal financial management systems
requirements, (2) federal accounting standards, and (3) the U.S.
Government Standard General Ledger (SGL). FFMIA also requires GAO
to report annually on the implementation of the act. This report,
primarily based on GAO and inspectors general reports, discusses
(1) the problems that continued to affect agencies systems' FFMIA
compliance in fiscal year 2006 and (2) the initiatives under way
to help move federal financial management toward FFMIA
compliance.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-07-914
ACCNO: A73934
TITLE: Financial Management: Long-standing Financial Systems
Weaknesses Present a Formidable Challenge
DATE: 08/03/2007
SUBJECT: Accountability
Accounting standards
Financial management
Financial management systems
Financial records
Financial statement audits
Financial statements
Internal controls
Noncompliance
Regulatory agencies
Reporting requirements
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-07-914
* [1]Results in Brief
* [2]Background
* [3]Guidance for FFMIA Issued by OMB
* [4]Financial Audit Manual Section on FFMIA Developed by GAO and
* [5]Scope and Methodology
* [6]FFMIA Assessments Identify Marginal Improvements in Some Cas
* [7]FFMIA Guidance Issues
* [8]Problems Reported by Agency Auditors
* [9]Nonintegrated Financial Management Systems
* [10]Inadequate Reconciliation Procedures
* [11]Lack of Accurate and Timely Recording of Financial
Informati
* [12]Noncompliance with the SGL
* [13]Lack of Adherence to Federal Accounting Standards
* [14]Weak Security Controls over Information Systems
* [15]Efforts Are Under Way to Address Federal Financial Managemen
* [16]Comprehensive Remediation Plans Are Critical to Agencies' Im
* [17]Agencies Struggle with Financial Management Systems Moderniz
* [18]Challenges of Implementing the Financial Management Line
of
* [19]Comptroller General Convening Forum on FFMIA Issues
* [20]Conclusion
* [21]Agency Comments and Our Evaluation
* [22]Financial Management Systems Requirements
* [23]FFMIA Guidance
* [24]Federal Accounting Standards
* [25]U.S. Government Standard General Ledger (SGL)
* [26]Internal Control Standards
* [27]GAO Contact
* [28]Acknowledgments
* [29]GAO's Mission
* [30]Obtaining Copies of GAO Reports and Testimony
* [31]Order by Mail or Phone
* [32]To Report Fraud, Waste, and Abuse in Federal Programs
* [33]Congressional Relations
* [34]Public Affairs
Report to the Committee on Homeland Security and Governmental Affairs,
U.S. Senate, and the Committee on Government Oversight and Reform, House
of Representatives
United States Government Accountability Office
GAO
August 2007
FINANCIAL MANAGEMENT
Long-standing Financial Systems Weaknesses Present a Formidable Challenge
GAO-07-914
Contents
Letter 1
Results in Brief 2
Background 8
Scope and Methodology 12
FFMIA Assessments Identify Marginal Improvements in Some Cases 13
Efforts Are Under Way to Address Federal Financial Management System
Challenges 27
Conclusion 36
Agency Comments and Our Evaluation 37
Appendix I Requirements and Standards Supporting Federal Financial
Management 40
Financial Management Systems Requirements 40
Federal Accounting Standards 43
U.S. Government Standard General Ledger (SGL) 44
Internal Control Standards 44
Appendix II Publications in the Federal Financial Management Systems
Requirements Series 46
Appendix III Statements of Federal Financial Accounting Concepts,
Standards, Interpretations, and Technical Bulletins 47
Appendix IV Accounting and Auditing Policy Committee Technical Releases 50
Appendix V Checklists for Reviewing Systems under the Federal Financial
Management Improvement Act 51
Appendix VI Comments from the Office of Management and Budget 52
Appendix VII GAO Contact and Staff Acknowledgments 54
Figures
Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006 3
Figure 2: Number of Agencies with Reported FFMIA Compliance Problems for
Fiscal Years 2002 through 2006 5
Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006
13
Figure 4: Number of Agencies with Reported FFMIA Compliance Problems for
Fiscal Years 2002 through 2006 18
Figure 5: Number of CFO Act Agencies with Reported Nonintegrated Financial
Management Systems Problems for Fiscal Years 2002 through 2006 20
Figure 6: Number of CFO Act Agencies with Reported Inadequate
Reconciliation Procedures Problems for Fiscal Years 2002 through 2006 21
Figure 7: Number of CFO Act Agencies with Reported Lack of Accurate and
Timely Recording Problems for Fiscal Years 2002 through 2006 22
Figure 8: Number of CFO Act Agencies with Reported Noncompliance with the
SGL Problems for Fiscal Years 2002 through 2006 23
Figure 9: Number of CFO Act Agencies with Reported Lack of Adherence to
Federal Accounting Standards Problems for Fiscal Years 2002 through 2006
25
Figure 10: Number of CFO Act Agencies with Reported Weak Security over
Information Systems Problems for Fiscal Years 2002 through 2006 26
Figure 11: Summary of Analysis of Elements Included in 12 Agencies'
Summarized Remediation Plans for Fiscal Year 2006 29
Figure 12: Agency Systems Architecture 41
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
United States Government Accountability Office
Washington, DC 20548
August 3, 2007
The Honorable Joseph I. Lieberman
Chairman
The Honorable Susan M. Collins
Ranking Member
Committee on Homeland Security and Governmental Affairs
United States Senate
The Honorable Henry A. Waxman
Chairman
The Honorable Tom Davis
Ranking Member
Committee on Oversight and Government Reform
House of Representatives
Having the reliable, useful, and timely financial data needed to
efficiently and effectively manage their day-to-day operations is a
long-standing challenge for federal agencies. To address this challenge,
the Congress mandated financial management reform within the federal
government by enacting the Chief Financial Officers (CFO) Act of 1990.1
The CFO Act laid the foundation for a comprehensive reform of federal
financial management by establishing a leadership structure, requiring
audited financial statements, and strengthening accountability reporting.
This act also requires agencies to implement modern financial management
systems in order to attain the systematic measurement of performance; the
development of cost information; and the integration of program, budget,
and financial information for management reporting. The end goal of the
CFO Act is to greatly enhance the ability of federal managers to do their
jobs by providing the full range of financial information needed for
day-to-day management.
Building on the foundation laid by the CFO Act, the Federal Financial
Management Improvement Act of 19962 (FFMIA) requires the major departments
and agencies covered by the CFO Act to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards, and (3) the U.S. Government Standard General Ledger (SGL) at
the transaction level. The act also requires the heads of agencies and
auditors to determine whether the agencies' financial management systems
comply with the act's requirements. In addition, we are required to report
annually on the implementation of the act.
1Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990).
2Federal Financial Management Improvement Act of 1996, Pub. L. No.
104-208, div. A., S 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept.
30, 1996).
This report discusses (1) the auditors' assessments of federal agency
systems' compliance with FFMIA requirements for fiscal years 1997 through
2006 and the financial management systems problems that continued to
affect systems' FFMIA compliance in fiscal year 2006 and (2) the
initiatives under way to help move federal financial management toward the
goals of the CFO Act and FFMIA compliance. This report incorporates
historical information from our prior FFMIA reports, other reports issued
by GAO, and reports issued by inspectors general (IG). We analyzed and
summarized information from these reports that related to FFMIA issues and
determined that the data in these reports were sufficiently reliable for
the purposes of this report. We conducted our work from January through
June 2007 in Washington, D.C., in accordance with generally accepted
government auditing standards. We requested comments on a draft of this
report from the Director of the Office of Management and Budget (OMB) or
his designee. We received written comments from the OMB Controller. OMB's
comments are discussed in the Agency Comments and Our Evaluation section
and reprinted in appendix VI.
Results in Brief
Since the passage of FFMIA, agencies have made progress in improving their
financial management systems. We have seen incremental improvements
throughout government, with some agencies making dramatic improvements. At
the same time, much work remains to fulfill the underlying goals of FFMIA.
As shown in figure 1, the number of agencies reported as having systems
that were not in substantial compliance with at least one of the three
FFMIA systems requirements improved from 20 in fiscal year 1997 to 17 in
fiscal year 2006. In fiscal year 2006, as in the past, the majority of
agencies' financial management systems were still not able to routinely
produce reliable, useful, and timely financial information for day-to-day
management. These shortcomings impede agency managers' access to adequate
financial data to effectively manage and oversee their major programs.
Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006
In fiscal year 2006, auditors for one CFO Act agency, the U.S. Agency for
International Development (AID), provided positive assurance--which is an
opinion based on the nature and extent of audit work performed--that AID's
financial management systems substantially complied with the requirements
of FFMIA. Auditors for the remaining six3 CFO Act agencies provided
negative assurance of FFMIA compliance. In essence, they reported that
nothing came to their attention during the course of the audit to indicate
that these agencies' financial management systems did not meet FFMIA
requirements. Negative assurance is the level of assurance specified by
OMB's audit guidance for reporting on FFMIA compliance. However, as we
have previously reported, the extent of FFMIA compliance can be reliably
determined through adequately testing systems to provide positive
assurance.
3Department of Commerce (Commerce), Environmental Protection Agency (EPA),
General Services Administration (GSA), National Science Foundation (NSF),
Office of Personnel Management (OPM), and Social Security Administration
(SSA).
As shown in figure 2, agencies with systems reported not to be in
substantial compliance with FFMIA requirements have made some progress in
addressing the six problem areas that we have previously reported. For
example, in fiscal year 2006 financial statement audit reports, auditors
identified 7 instances of noncompliance with the SGL,4 compared with 11
reported in fiscal year 2005. As a case in point, auditors at AID
identified various actions taken to improve the level of compliance, such
as retiring legacy systems that were not SGL compliant and replacing them
with new systems that comply with the SGL. Nevertheless, the nature and
seriousness of the problems reported indicate that most agencies'
financial management systems are frequently unable to routinely produce
reliable, useful, and timely financial information to support day-to-day
management. Addressing the problems with agencies' financial management
systems remains a significant challenge to improved financial management
in the federal government. This problem is particularly severe at the
Department of Defense. Many agencies are still a long way from
accomplishing the goals of the CFO Act of 1990 and FFMIA.
4The SGL provides a standard chart of accounts and standardized
transactions that agencies are to use in all their financial systems.
Figure 2: Number of Agencies with Reported FFMIA Compliance Problems for
Fiscal Years 2002 through 2006
With regard to initiatives that are under way to help move federal
agencies toward FFMIA compliance, we noted continued progress in two key
areas: (1) agencies' summarized remediation plans in their performance and
accountability reports (PARs) and (2) OMB's efforts to address system
implementation problems. Heads of agencies that have systems not in
substantial compliance are required to establish remediation plans to
correct system deficiencies. FFMIA specifically requires that remedies,
resources, and target dates be included in the remediation plans. OMB
guidance requires agencies to summarize these plans in their PARs. A lack
of the required data in the remediation plans can reduce the likelihood of
successfully implementing corrective actions. Remediation plans provide a
"road map" for management and staff to resolve financial management
problems in a transparent manner, and also help hold managers accountable
for needed improvements. For 55of the 17 agencies for which the auditors
reported FFMIA noncompliance for fiscal year 2006, the agency heads
disagreed with the auditors and considered their agencies' systems to be
substantially compliant with FFMIA. Therefore, they did not prepare
remediation plans. We reviewed the remaining 12 fiscal year 2006 PARs for
the agencies' systems that were deemed noncompliant by their agency head
and auditor to determine if a summarized remediation plan with the
required information was included in the agency PAR. All of the agencies'
PARs included summarized remediation plans along with proposed corrective
actions. However, 4 of the 12 agencies did not include information on
staffing resources required to complete the planned corrective actions.
One agency omitted target dates for completion of the corrective actions
to become substantially compliant with FFMIA. A discussion of the resource
requirements needed to implement the corrective actions and the time frame
for completion of corrective actions is essential in determining whether
the corrective actions can realistically be accomplished. The significance
of the issues facing federal agencies, now and in the future, necessitates
remediation plans that clearly and fully describe the corrective actions
necessary to resolve problems, as well as the resources and time frames
required to successfully implement those actions.
To help address systems implementation problems, OMB continues to move
forward on initiatives that support the President's Management Agenda
(PMA) to enhance financial management and provide results-oriented
information in the federal government. A key initiative has been the
further development of the financial management line of business to
promote leveraging shared service solutions to enhance the government's
performance and services. OMB has demonstrated continued progress toward
implementation of the financial management line of business initiative by
developing, for example, migration planning guidance and financial
management service performance metrics. OMB's initial framework for the
competitive migration to either a public shared service provider or a
qualified private sector provider under the initiative is expected to help
agencies maximize value by considering alternative solutions in a reasoned
and structured manner.
5Departments of Education, Housing and Urban Development (HUD), Interior,
Labor, and State.
Continuing progress needs to be made to provide a sound foundation for
this initiative. For example, as we reported in March 2006,6 the lack of a
federal governmentwide concept of operations7 significantly impairs the
potential success of this initiative. Moreover, shared service providers
have been designated without common business rules and potential customer
agencies continue to implement and operate individual stove-piped systems
that may require additional work to adopt these processes. In addition, as
of the completion of our audit work, none of the major CFO Act agencies
had moved their financial management systems activities to an
OMB-designated shared service provider,8 although actions are under way at
several major agencies to do so.
To further understand the underlying issues that affect the development of
sound financial management systems and FFMIA implementation and to develop
steps to overcome long-standing challenges, the Comptroller General plans
to convene a forum later this year to bring together key subject matter
experts and practitioners to discuss these issues. After the forum, we
plan to issue a separate report summarizing the discussion and consider
the key issues in our future FFMIA work. Accordingly, we are not making
any new recommendations in this report.
In commenting on a draft of this report, OMB agreed with our assessment
that federal agencies have continued to make progress in financial
management and that many agencies still need to improve their financial
systems so that reliable, useful, and timely financial management
information is available for day-to-day operations. OMB stated that it was
working aggressively to assist agencies in building a strong foundation
for financial management practices and also applauded our plans to convene
a forum on these issues. As in previous years, we and OMB have differing
views on the level of audit assurance necessary for assessing and
reporting on compliance with FFMIA. OMB stated in its comments that
requiring a statement of positive assurance would be costly and would not
provide additional information that would be of benefit to the federal
agency, OMB, or the taxpayer. We continue to believe that a statement of
positive assurance is a statutory requirement under the act and there are
a number of techniques that auditors can use to minimize the incremental
cost of providing positive assurance.9 In our view, the confidence
afforded by auditors providing positive assurance that agency financial
management systems convey reliable, useful, and timely information to help
government leaders invest resources, oversee programs, and reduce costs,
would be of significant value to the agency, OMB, the Congress, and the
taxpayer. We will continue to work with OMB on this issue. OMB did agree
to take under advisement our prior recommendation to clarify the meaning
of "substantial compliance" as it updates OMB Circular No. A-127,
Financial Management Systems. Our detailed discussion of OMB's comments
can be found in the Agency Comments and Our Evaluation section. We have
reprinted OMB's comments in appendix VI.
6GAO, Financial Management Systems: Additional Efforts Needed to Address
Key Causes of Modernization Failures, [35]GAO-06-184 (Washington, D.C.:
Mar. 15, 2006).
7A concept of operations defines how an organization's day-to-day
operations are (or will be) carried out to meet mission needs. It includes
high-level descriptions of information systems, their interrelationships,
and information flows. It also describes the operations that must be
performed, who must perform them, and where and how the operations will be
carried out.
8Some CFO Act agencies, such as the Department of Transportation, the
General Services Administration, and the Nuclear Regulatory Commission
were already using the shared service provider concept prior to OMB's
financial management line of business initiative.
Background
FFMIA is part of a series of management reform legislation passed by the
Congress over the past two decades. This series of legislation started
with the Federal Managers' Financial Integrity Act of 198210 (FMFIA),
which the Congress passed to strengthen internal controls and accounting
systems throughout the federal government, among other purposes. Issued
pursuant to FMFIA, the Comptroller General's Standards for Internal
Control in the Federal Government11 provides the standards that are
directed at helping agency managers implement effective internal control,
an integral part of improving financial management systems. Internal
control is a major part of managing an organization and comprises the
plans, methods, and procedures used to meet missions, goals, and
objectives. In summary, internal control helps government program managers
achieve desired results through effective management of public resources.
9GAO has worked in partnership with the President's Council on Integrity
and Efficiency (PCIE) to develop and maintain the joint Financial Audit
Manual, which provides specific procedures auditors should perform when
assessing FFMIA compliance.
10Pub. L. No. 97-255, 96 Stat. 814 (Sept. 8, 1982) (codified at 31 U.S.C.
S 3512 (c), (d)).
11GAO, Standards for Internal Control in the Federal Government,
[36]GAO/AIMD-00-21 .3.1 (Washington, D.C.: November 1999).
Effective internal control also helps in managing change to cope with
shifting environments and evolving demands and priorities. As programs
change and agencies strive to enhance operational processes and implement
new technological developments, management must continually assess and
evaluate its internal control to ensure that the control activities being
used are effective and updated when necessary. While agencies had achieved
some early success in identifying and correcting material internal control
and accounting system weaknesses, their efforts to implement FMFIA had not
produced the results intended by the Congress.
Therefore, beginning in the 1990s, the Congress passed additional
management reform legislation to improve the general and financial
management of the federal government. This legislation includes the (1)
CFO Act of 1990, (2) Government Performance and Results Act of 1993,12 (3)
Government Management Reform Act of 1994,13 (4) FFMIA, (5) Clinger-Cohen
Act of 1996,14 (6) Accountability of Tax Dollars Act of 2002,15 (7)
Improper Payments Information Act of 2002,16 (8) The Federal Information
Security Management Act of 2002,17 and (9) Department of Homeland Security
(DHS) Financial Accountability Act of 2004.18 The combination of reforms
ushered in by these laws, if successfully implemented, provides a solid
foundation to improve the accountability of government programs and
operations as well as to routinely produce valuable cost and operating
performance information. These financial management reform acts emphasize
the importance of improving financial management of the federal
government.
12Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993).
13Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994).
14Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996).
15Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002) (codified at 31
U.S.C. S 3515). The Accountability of Tax Dollars Act of 2002 extends the
requirement to prepare and submit audited financial statements to most
executive agencies not subject to the CFO Act unless they are exempted by
OMB. However, these agencies are not required to have systems that are
compliant with FFMIA requirements.
16Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002).
17Pub L. No. 107-347, title III 116 Stat. 2946 (Dec. 17, 2002).
18Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004).
In particular, building on the foundation laid by the CFO Act, FFMIA
emphasizes the need for CFO Act agencies to have systems that ensure
ongoing accountability and generate reliable, useful, and timely
information for decision-making purposes. FFMIA requires the departments
and agencies covered by the CFO Act to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards,19 and (3) the SGL at the transaction level. FFMIA also requires
auditors to state in their CFO Act financial statement audit reports
whether the agencies' financial management systems substantially comply
with these three FFMIA systems requirements. Appendixes I through IV
include details on the various requirements and standards that support
federal financial management.
Guidance for FFMIA Issued by OMB
OMB establishes governmentwide financial management systems policies and
requirements and has issued two sources of guidance related to FFMIA
reporting. First, OMB Bulletin No. 06-03, Audit Requirements for Federal
Financial Statements, dated August 23, 2006, prescribes audit
requirements, including language auditors should use when reporting on an
agency system's substantial compliance with the three FFMIA requirements.
Specifically, this guidance calls for auditors to provide negative
assurance when reporting on an agency system's FFMIA compliance. Second,
in the OMB Memorandum, Revised Implementation Guidance for the Federal
Financial Management Improvement Act (Jan. 4, 2001), OMB provides guidance
for agencies and auditors to use in assessing substantial compliance.20
The guidance describes some of the factors that should be considered in
determining whether an agency's systems substantially comply with FFMIA's
three requirements and examples of indicators that should be used in
assessing whether an agency's systems are in substantial compliance with
each of the three FFMIA requirements. Finally, the guidance addresses the
development of remediation plans to be developed by agency officials for
bringing their systems into compliance with FFMIA.
19The American Institute of Certified Public Accountants recognizes the
federal accounting standards promulgated by the Federal Accounting
Standards Advisory Board as generally accepted accounting principles. For
a further description of federal accounting standards, see app. I.
20OMB has announced that this guidance is under review and will be revised
in 2007.
Financial Audit Manual Section on FFMIA Developed by GAO and the President's
Council on Integrity and Efficiency
We have worked in partnership with the President's Council on Integrity
and Efficiency21 (PCIE) to develop and maintain the joint GAO/PCIE
Financial Audit Manual (FAM). The FAM includes sections that provide
specific procedures auditors should perform when assessing FFMIA
compliance.22 These sections include detailed audit steps for testing
agency systems' substantial compliance with the requirements of FFMIA.
As detailed in appendix V, we have also issued a series of checklists to
help assess whether agencies' systems meet systems requirements. The FAM
guidance on FFMIA assessments recognizes that while financial statement
audits offer some assurance on FFMIA compliance, auditors should design
and implement additional testing to satisfy FFMIA criteria. For example,
in performing financial statement audits, auditors generally focus on the
ability of the financial management systems to process and summarize
financial information that flows into annual agency financial statements.
In contrast, FFMIA requires auditors to assess whether an agency's
financial management systems comply with system requirements, accounting
standards, and the SGL. To do this, auditors need to consider whether
agency systems provide reliable, useful, and timely information for
managing day-to-day operations so that agency managers would have the
necessary information to measure performance on an ongoing basis rather
than just at year end. Further, OMB's current audit guidance23 calls for
financial statement auditors to review performance information for
consistency with the financial statements, but does not require auditors
to determine whether this information is available to managers for
day-to-day decision making as called for by the FAM guidance for testing
compliance with FFMIA. In collaboration with the PCIE, we are currently in
the process of updating the FAM and expect to issue an updated version
later in 2007.
21The PCIE--which is governed by Executive Order No. 12805 of May 11,
1992--was established to (1) address integrity, economy, and effectiveness
issues that transcend individual government agencies and (2) increase the
professionalism and effectiveness of inspectors general personnel
throughout the government. The PCIE is composed primarily of the
presidentially appointed inspectors general. Officials from OMB, the
Federal Bureau of Investigation, Office of Government Ethics, Office of
Special Counsel, and OPM serve on the PCIE as well.
22 [37]GAO-01-765G , section 260.58-.60 and [38]GAO-03-466G , sections
701, 701A, and 701B.
23OMB Bulletin No. 06-03, Audit Requirements for Federal Financial
Statements (Aug. 23, 2006).
Scope and Methodology
We reviewed the fiscal year 2006 financial statement audit reports for the
24 CFO Act agencies to identify the auditors' assessments of agency
financial systems' compliance and the problems that affect FFMIA
compliance. To determine whether the data were sufficiently reliable, we
performed the following procedures. We gained an understanding of the
quality control environments at the respective IGs; leveraged our
understanding of the methodology used by the IGs and their contract
auditors in past years to reach conclusions with respect to FFMIA
compliance at the respective agencies; considered management responses to
the auditor's findings and conclusions; and asked questions to improve our
understanding of the procedures applied and/or conclusions drawn, where
appropriate. We also reviewed the data for obvious inconsistencies or
errors, completeness, and changes from the prior year. When we found data
which were inconsistent or incomplete we brought them to the attention of
the cognizant IG staff and worked with them to resolve any issues before
using the data as a basis for this report. When we encountered data that
varied from the prior year, we reviewed the PAR and/or IPA report to
determine the reason for the change. Based on these actions, we determined
that the data from these reports were sufficiently reliable for the
purposes of our report.
Using the auditors' reports for the 24 CFO Act agencies, we identified
problems reported by the auditors that affect agency systems' compliance
with FFMIA. The problems identified in these reports are consistent with
long-standing financial management weaknesses we have reported based on
our work at a number of agencies. However, we caution that the occurrence
of problems in a particular category may be even greater than auditors'
reports of FFMIA noncompliance would suggest, because auditors may not
have identified all instances of noncompliance with systems requirements
and included all problems in their reports. Further, we identified other
GAO and IG reports that discussed financial management systems issues and
summarized the reports. We also obtained data from agencies' annual PAR
reports. We also met with OMB officials to discuss their current efforts
to improve federal financial management and address our prior
recommendations related to FFMIA. In addition, we reviewed documentation
provided by OMB regarding its current initiatives.
We conducted our work from January through June 2007, in accordance with
U.S. generally accepted government auditing standards. We requested
written comments on a draft of this report from the Director of OMB or his
designee. We received written comments from the OMB Controller. OMB's
comments are discussed in the Agency Comments and Our Evaluation section
and reprinted in appendix VI. We also received technical comments from
OMB, which we incorporated as appropriate.
FFMIA Assessments Identify Marginal Improvements in Some Cases
Many agencies still do not have effective financial management systems in
place that can produce reliable, useful, and timely financial information,
including cost data, with which to make informed decisions and help ensure
accountability on an ongoing basis. Agencies are making progress in
addressing their financial management systems weaknesses--some
dramatically. Most agency systems, though, are not yet substantially in
compliance with FFMIA's requirements. As shown in figure 3, IGs and their
contract auditors reported for fiscal year 2006 that 17 of the 24 CFO Act
agencies did not substantially comply with at least one of FFMIA's three
requirements--federal financial management systems requirements,
applicable federal accounting standards, or the SGL at the transaction
level. Figure 3 also shows that the number of agencies' systems reported
by auditors as noncompliant with FFMIA has decreased marginally (from 20
agencies to 17 agencies) since FFMIA was enacted.
Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006
Of the seven remaining CFO Act agencies, one auditor provided positive
assurance of FFMIA compliance, while the other six provided negative
assurance in fiscal year 2006. However, it would be erroneous to assume
that statements of negative assurance provided by auditors for the six
agencies equate to compliance with FFMIA. Auditors' assessments for three
agencies changed from fiscal year 2005 to 2006. For fiscal year 2006,
auditors for GSA provided negative assurance that GSA's financial
management systems, as a whole, were substantially compliant with FFMIA's
three requirements. Auditors for AID provided positive assurance that
AID's financial management systems complied with FFMIA in fiscal year
2006. In fiscal year 2005, both AID and GSA were deemed noncompliant with
FFMIA by the independent auditors. According to management, AID was able
to become compliant due to completion of outstanding remediation items and
the worldwide deployment of its financial management system. Conversely,
auditors for the Department of Labor (Labor) reported that Labor's
financial management systems did not substantially comply with FFMIA
requirements in fiscal year 2006, but had provided positive assurance of
FFMIA compliance in fiscal year 2005. The change was primarily due to
weaknesses Labor auditors identified concerning general computer access
controls, application access controls, and related manual controls.
FFMIA Guidance Issues
Auditors for six agencies (Commerce, EPA, GSA, NSF, OPM, and SSA) provided
negative assurance that the agencies' systems were compliant with FFMIA
requirements. Auditors provide negative assurance when they state that
nothing came to their attention during the course of their planned
procedures to indicate that the agency's financial management systems did
not meet FFMIA requirements. Although OMB's current audit guidance24
instructs auditors to test for compliance with FFMIA, it does not provide
guidance on the nature and extent of tests to be performed. It calls for
auditors to provide negative assurance when reporting whether an agency's
systems are in substantial compliance with the three FFMIA requirements.
However, financial statement users not familiar with the concept of
negative assurance may incorrectly assume that these six agencies' systems
have been fully tested by the auditors and that the agencies have achieved
FFMIA compliance. In addition, without adequately testing systems for
FFMIA compliance in a manner that is sufficient to support an opinion,
auditors may not identify all areas of noncompliance; therefore, the
number of problems may be even greater than those currently disclosed in
auditors' reports on FFMIA compliance based on negative assurance.
24OMB Bulletin No. 06-03, Audit Requirements for Federal Financial
Statements (Aug. 23, 2006).
As we have previously reported, from our perspective, FFMIA requires
auditors to provide positive assurance, which is an opinion. Section 803
(b) (1) of FFMIA requires auditors to "report whether the agency financial
management systems comply with the requirements of [the act]." Providing
positive assurance on FFMIA compliance involves additional testing to
determine whether an agency's financial management systems comply
substantially with systems requirements, the SGL at the transaction level,
and accounting standards. The procedures necessary to provide such
assurance go beyond those needed for performing a financial statement
audit. While financial statement audits in general will offer some
assurance on FFMIA compliance, auditors should also design and implement
additional testing to satisfy the criteria in FFMIA. For example, in
fiscal year 2006, agency auditors for AID stated that they interviewed
staff and contract personnel and reviewed documentation related to the
capabilities of Phoenix, AID's core financial system. According to AID
auditors, they examined documentation, including reports, system queries,
system screen captures, testing documents generated during system
implementation, and documents generated for certification and
accreditation activity in order to determine if the implemented systems
provide complete, accurate, and timely information for managing day-to-day
operations necessary to achieve positive assurance. When reporting an
agency's financial management systems to be in substantial compliance,
positive assurance from independent auditors can provide users with
confidence that the agency systems provide the reliable, useful, and
timely information envisioned by the act. The fact that AID's auditors
provided positive assurance on FFMIA compliance is a noteworthy
achievement.
In addition, performing audit procedures designed to provide positive
assurance of an agency's financial management systems' substantial
compliance with FFMIA requirements can identify weaknesses and lead to
improvements that enhance the performance, productivity, and efficiency of
federal financial management systems in support of day-to-day managerial
decision making. It also provides a clear "bottom line," whereas negative
assurance does not. Some auditors we interviewed in prior years indicated
that a revision to OMB's guidance on FFMIA reporting would be necessary
for them to provide an opinion of FFMIA compliance. Therefore, as we have
discussed in prior reports covering fiscal years 2000 through 2005,25 we
continue to believe that our prior recommendation for OMB to require
agency auditors to thoroughly examine agencies' financial management
systems and provide a statement of positive assurance when reporting an
agency's systems to be in substantial compliance with the three FFMIA
systems requirements is appropriate and required. Doing so will be key to
achieving the act's goal of effective financial management systems across
government.
However, OMB has not concurred with our recommendation in its responses to
our prior reports and in its comments on a draft of this report. For
example, last year, in response to our report26 on fiscal year 2005 FFMIA
results, OMB stated that the broad scope of the President's Management
Agenda and the fundamental changes occurring under the Financial
Management Line of Business initiative, combined with strengthened
reporting requirements under Circular No. A-123, are helping agencies
identify and correct FFMIA deficiencies. In that context, OMB reiterated
its belief that requiring a statement of positive assurance would prove
only marginally useful.
Further, as we have previously reported, a number of auditors have
expressed a need for clarification on the definition of "substantial
compliance." They cited a need for additional guidance to assist them in
assessing whether agency systems substantially comply with the three FFMIA
requirements. The auditors reported a need for clearer guidance from OMB
on assessing FFMIA compliance that is consistent with the GAO/PCIE FAM. As
a result, we continue to believe that implementation of our recommendation
for OMB to explore clarifying the definition of "substantial compliance"
would be useful. Other related concerns of agency auditors included a need
for (1) more clearly defined and objective criteria to assist in their
determination of FFMIA compliance, (2) more specific guidance on testing
and sampling methodologies, and (3) additional guidance for assessing
compliance with certain accounting standards, such as the Statement of
Federal Financial Accounting Standards (SFFAS) No. 4, Managerial Cost
Accounting Concepts and Standards for the Federal Government. In its
comments on prior reports, OMB stated that its growing experience helping
agencies implement the PMA enables it to refine the existing FFMIA
indicators associated with substantial compliance. Accordingly, OMB said
it would consider our recommendation in any future policy and guidance
updates. In commenting on a draft of this report, OMB agreed to take this
recommendation under advisement as it updates Circular No. A-127,
Financial Management Systems.
25GAO, Financial Management: FFMIA Implementation Critical for Federal
Accountability, [39]GAO-02-29 (Washington, D.C.: Oct. 1, 2001); Financial
Management: FFMIA Implementation Necessary to Achieve Accountability,
[40]GAO-03-31 (Washington, D.C.: Oct. 1, 2002); Financial Management:
Sustained Efforts Needed to Achieve FFMIA Accountability, [41]GAO-03-1062
(Washington, D.C.: Sept. 30, 2003); Financial Management: Improved
Financial Systems Are Key to FFMIA Compliance, [42]GAO-05-20 (Washington,
D.C.: Oct. 1, 2004); Financial Management: Achieving FFMIA Compliance
Continues to Challenge Agencies, [43]GAO-05-881 (Washington, D.C.: Sept.
20, 2005); and Financial Management: Improvements Under Way but Serious
Financial Systems Problems Persist, [44]GAO-06-970 (Washington, D.C.:
Sept. 26, 2006).
26 [45]GAO-06-970 .
Problems Reported by Agency Auditors
Based on our review of the fiscal year 2006 audit reports for the 17
agencies reported to have systems not in substantial compliance with one
or more of FFMIA's three requirements, we identified six primary reasons
for agency systems not being compliant:
o nonintegrated financial management systems,
o inadequate reconciliation procedures,
o lack of accurate and timely recording of financial information,
o noncompliance with the SGL,
o lack of adherence to federal accounting standards, and
o weak security controls over information systems.
The weaknesses reported by the auditors ranged from serious,
pervasive systems problems to less serious problems that may
affect only one aspect of an agency's accounting operation. While
at some agencies, the problems were so serious that they affected
the auditor's opinion on the agency's financial statements, at
other agencies, the auditors cited problems that represented
significant deficiencies in the design or operation of internal
control, but were not material to the financial statements as a
whole.
Figure 4 shows the relative frequency of these problems at the
agencies reported to have noncompliant systems from fiscal years
2002 through 2006. The same six types of problems have been cited
by auditors although the auditors may not have reported these
problems as specific reasons for their systems' lack of
substantial compliance with FFMIA's requirements. Some agencies
have made little progress addressing these areas. In addition, as
previously discussed, the occurrence of problems in any particular
category may be even greater than auditors' reports of FFMIA
noncompliance would suggest because auditors may not have
identified all problems in their reviews conducted to provide
negative assurance.
Figure 4: Number of Agencies with Reported FFMIA Compliance Problems for
Fiscal Years 2002 through 2006
Nonintegrated Financial Management Systems
The CFO Act calls for agencies to develop and maintain integrated
accounting and financial management systems27 that comply with federal
systems requirements and provide for (1) complete, reliable, consistent,
and timely information that is responsive to the financial information
needs of the agency and facilitates the systematic measurement of
performance; (2) the development and reporting of cost management
information; and (3) the integration of accounting, budgeting, and program
information. OMB Circular No. A-127, Financial Management Systems,
requires agencies to establish and maintain a single integrated financial
management system that conforms to functional requirements now issued by
the Office of Federal Financial Management (OFFM).28 More details on the
financial management systems requirements can be found in appendixes I and
II.
27Federal financial system requirements define an integrated financial
system as one that coordinates a number of previously unconnected
functions to improve overall efficiency and control. Characteristics of
such a system include (1) standard data classifications for recording
financial events; (2) common processes for processing similar
transactions; (3) consistent control over data entry, transaction
processing, and reporting; and (4) a system design that eliminates
unnecessary duplication of transaction entry. OMB Circular No. A-127,
Financial Management Systems, paragraph 7(b) (Revised Dec. 1, 2004).
The lack of integrated financial management systems typically results in
agencies expending major effort and resources, including in some cases
hiring external consultants, to develop information that their systems
should be able to provide on a daily or recurring basis. Agencies with
nonintegrated financial systems are also more likely to devote more time
and resources to collecting information than those with integrated
systems. In addition, opportunities for errors are increased when
agencies' systems are not integrated.
Auditors frequently cited the lack of integrated financial management
systems in their fiscal year 2006 audit reports. Although improvements
have been made, as shown in figure 5, auditors for 12 of the 17 agencies
with noncompliant systems in fiscal year 2006 reported nonintegrated
systems as a problem, compared with 13 of the 18 agencies reporting such
problems in fiscal year 2005.
28Effective December 1, 2004, all financial management system requirements
documents and other guidance initially issued by the Joint Financial
Management Improvement Program were transferred to OFFM and remain in
effect until modified.
Figure 5: Number of CFO Act Agencies with Reported Nonintegrated Financial
Management Systems Problems for Fiscal Years 2002 through 2006
As a case in point, auditors for the Department of State (State) reported
the lack of a modern, integrated financial management system in their
fiscal year 2006 audit report. Since September 30, 2003, auditors have
reported that State's financial and accounting systems are inadequate,
thus preventing the department from routinely issuing timely financial
statements and increasing the risk of materially misstating financial
information. The principal areas of weakness included (1) certain elements
of the financial statements, including, but not limited to, personal
property, capital leases, and certain accounts payable, were developed
from sources other than the general ledger; and (2) the department used
several systems that were not integrated with the department's centralized
financial management system for the management of grants and other types
of financial assistance.
Inadequate Reconciliation Procedures
A reconciliation process, whether manual or automated, is a necessary and
valuable internal control in a sound financial management system. The less
integrated the financial management system, the greater the need for
adequate reconciliations because data are being accumulated from a number
of different sources. Reconciliations are needed to ensure that data have
been recorded properly between the various systems and manual records. As
shown in figure 6, for fiscal year 2006, auditors for 14 of the 17
agencies with noncompliant systems reported that the agencies had
reconciliation problems, as compared with 14 of the 18 agencies reporting
such problems in fiscal year 2005.
Figure 6: Number of CFO Act Agencies with Reported Inadequate
Reconciliation Procedures Problems for Fiscal Years 2002 through 2006
While reconciling balances with the Department of the Treasury (Treasury)
remains a common problem, many other types of reconciliation problems were
also cited during fiscal year 2006. For example, at the Department of
Agriculture (Agriculture), the independent auditor reported that over 50
abnormal balances exceeding $360 million existed at year end. The abnormal
balances stemmed from a variety of causes. In one case, the auditors
reported that Agriculture did not perform timely research to ensure that
account relationships were reconciled and corresponding corrections
promptly made. The number and dollar value of abnormal account balances
had been significantly reduced from last year at Agriculture; however,
when abnormal balances exist, immediate research should be performed to
identify the cause and correct the condition.
Lack of Accurate and Timely Recording of Financial Information
As shown in figure 7, auditors for 15 of 17 agencies with noncompliant
systems reported the lack of accurate and timely recording of financial
information as a problem for fiscal year 2006, compared with 17 of 18
agencies reporting such problems in fiscal year 2005.
Figure 7: Number of CFO Act Agencies with Reported Lack of Accurate and
Timely Recording Problems for Fiscal Years 2002 through 2006
Accurate and timely recording of financial information is essential for
effective financial management. Timely recording of transactions
facilitates accurate reporting in agencies' financial reports and other
management reports used to guide managerial decision making. In addition,
having systems that record information in an accurate and timely manner is
critical for key governmentwide initiatives, such as integrating budget
and performance information.
In contrast, lack of timely recording of transactions during the fiscal
year can result in agencies making substantial efforts at fiscal year end
to perform extensive manual financial statement preparation efforts that
are susceptible to error and increase the risk of misstatements. For
example, auditors for the Department of Energy (Energy) noted that the
department has not completed all of the corrective actions needed to
reconcile obligation data converted from Energy's legacy systems to its
new financial management system, the Standard Accounting and Reporting
System (STARS), affecting the accuracy of undelivered order balances at
every field office tested by the auditors. As of September 30, 2006,
Energy reported undelivered orders of $11.3 billion. Errors in recording
obligations, such as duplicating obligation entries or recording
obligations in subsequent periods, resulted in misstatements of the
undelivered orders balance. These problems precluded the department from
providing assurance of accurate and complete undelivered orders balance in
Energy's consolidated financial statements. Further, such problems
typically result in funds not being available for use that otherwise would
be, and in managers not having accurate financial information during the
year for well-informed decisions.
Noncompliance with the SGL
As shown in figure 8, auditors for 7 of the 17 agencies with noncompliant
systems reported that the agencies' systems did not comply with SGL
requirements for fiscal year 2006, compared with 11 of the 18 agencies
reporting such problems in fiscal year 2005.
Figure 8: Number of CFO Act Agencies with Reported Noncompliance with the
SGL Problems for Fiscal Years 2002 through 2006
FFMIA specifically requires federal agencies to implement the SGL at the
transaction level. Using the SGL promotes consistency in financial
transaction processing and reporting by providing a uniform chart of
accounts and pro forma transactions and provides a basis for comparison at
the agency and governmentwide levels. The defined accounts and pro forma
transactions standardize the accumulation of agency financial information
as well as enhance financial control and support internal and external
reporting.
According to auditors at Interior and AID, progress has been made in this
area as a result of the agencies retiring legacy systems and implementing
new systems that conform to the SGL. Nevertheless, failure to adhere to
the SGL continues to impede the ability of some agencies to prepare
accurate financial statements. For example, auditors for the Department of
Health and Human Services (HHS) noted that its Division of Financial
Operations (DFO) CORE accounting system, which supports net outlays of
more than $93 billion, is a legacy accounting system and does not fully
support the SGL. Specifically, the auditors found that HHS compiles its
financial statements through a multistep process using a combination of
manual and automated procedures. Further, agency auditors identified over
100 instances with an approximate value of over $3 billion of general
ledger accounts and crosswalks that were not used consistently or in
compliance with Treasury's guidance on the SGL. To address this issue, HHS
is in the process of implementing a new financial management system.
Lack of Adherence to Federal Accounting Standards
One of FFMIA's requirements is that agencies' financial management systems
account for transactions in accordance with federal accounting standards.
Appendixes III and IV list the federal financial accounting standards and
other guidance issued by the Federal Accounting Standards Advisory Board
and its Accounting and Auditing Committee, respectively. The purpose of
these standards and other guidance is to ensure that federal agencies'
financial reports provide users with understandable, relevant, and
reliable information about the financial position, activities, and results
of operations of the U.S. government and its components. Many agencies
face continuing challenges in this area. As shown in figure 9, for fiscal
year 2006, auditors for 10 of the 17 agencies with noncompliant systems
reported that these agencies had problems complying with one or more
federal accounting standards.
Figure 9: Number of CFO Act Agencies with Reported Lack of Adherence to
Federal Accounting Standards Problems for Fiscal Years 2002 through 2006
Two agencies, the Department of the Interior (Interior) and Department of
Transportation (DOT), reported weaknesses affecting compliance with the
recently issued SFFAS 27, Identifying and Reporting Earmarked Funds, which
became effective for fiscal year 2006. For example, at Interior, auditors
noted that the Sport Fish Restoration and Boating Trust Fund was properly
classified as an earmarked fund but that Interior had not fully
established controls to ensure that its portion of the fund was accurately
included in the financial statements. As a result, Interior analyzed and
adjusted the financial statements. While newly issued standards may cause
significant compliance problems, agencies also struggled to implement
standards which have been in effect for some time.
Auditors reported compliance problems with 11 specific accounting
standards in fiscal year 2006. Of those standards, the 4 that were most
troublesome for agencies were SFFAS No. 1, Accounting for Selected Assets
and Liabilities; SFFAS No. 4, Managerial Cost Accounting Concepts and
Standards; SFFAS No. 6, Accounting for Property, Plant, and Equipment; and
SFFAS No. 7, Accounting for Revenue and Other Financing Sources.
Weak Security Controls over Information Systems
Information security weaknesses are a major concern for federal agencies
and the general public and one of the frequent problems auditors cited
concerning noncompliance with FFMIA. As shown in figure 10, auditors for
15 of the 17 agencies with noncompliant systems reported security
weaknesses in information systems to be a problem, compared with 16 of the
18 agencies reporting such problems in fiscal year 2005.
Figure 10: Number of CFO Act Agencies with Reported Weak Security over
Information Systems Problems for Fiscal Years 2002 through 2006
These control weaknesses place vast amounts of government assets at risk
of inadvertent or deliberate misuse, financial information at risk of
unauthorized modification or destruction, sensitive information at risk of
inappropriate disclosure, and critical operations at risk of disruption.
Since 1997, we have considered information security to be a high-risk area
at a governmentwide level and continue to emphasize it on our most recent
list issued in January 2007.29
For example, the Nuclear Regulatory Commission (NRC) auditors reported
that only 1 out of 30 operational NRC information systems had a current
certification and accreditation. Auditors also noted that in the past 4
years NRC has not performed a current certification and accreditation of
its general support systems. As a result, all NRC information systems that
depend on the security controls provided by these general support systems
are subject to an unknown potential risk. Two of NRC's financial reporting
systems, Federal Financial System (FFS) and the Federal Personnel and
Payroll System (FPPS), were outsourced to the Department of Interior's
National Business Center (DOI-NBC) but continue to rely on the NRC's
general support system. According to the auditors, their reliance on the
top tier of controls of the general support systems puts the FFS and the
FPPS at risk despite the DOI-NBC assurance that the certification and
accreditations for the two systems have been performed.
The security breaches at Department of Veterans Affairs (VA), Treasury,
and other agencies compromised the personal data of millions of U.S.
citizens and highlighted the importance of adequate system security
policies and programs. Robust federal security programs are critically
important to properly protect personal and financial information and the
privacy of individuals. When there is a lack of reasonable assurance that
controls are correctly implemented, operating as intended, and producing
the desired outcome with respect to meeting the security requirements of
the agency, the agencies' information and systems are left vulnerable to
attack or compromise.
Efforts Are Under Way to Address Federal Financial Management System Challenges
Agencies and OMB have a number of efforts under way to address their
existing financial management systems problems. For example, noncompliant
agencies are required by OMB to include in their annual PARs a summary of
their detailed remediation plans including corrective actions as well as
the resources and target dates for implementing the corrective actions. A
number of those corrective actions involve implementing new financial
management systems, which over time has proven to be very challenging.
Efforts to modernize financial management systems have often exceeded
budgeted costs, experienced delays in delivery dates, and not provided the
anticipated system functionality and performance. This problem is
particularly serious at the Department of Defense. To help provide a
governmentwide solution, OMB has developed the financial management line
of business (FMLOB) initiative. While progress has been made in defining
standard business processes and issuing draft guidance to facilitate a
smooth transition to shared service providers, the FMLOB initiative
involves complex issues that have far-reaching implications for the
government and private sector shared service providers. As we reported30
last year, the key for federal agencies to avoid the long-standing
problems that have plagued financial management system improvement efforts
is to address the foremost causes of those problems and adopt solutions
that reduce the risks associated with these efforts to acceptable levels.
29GAO, High-Risk Series: An Update, [46]GAO-07-310 (Washington, D.C.: Jan.
31, 2007).
Comprehensive Remediation Plans Are Critical to Agencies' Improvement Efforts
Correcting financial management system problems has proven to be
particularly difficult for many agencies. To assist in this effort, FFMIA
requires the heads of agencies with noncompliant systems to prepare
detailed remediation plans to bring agencies' systems into substantial
compliance with the law. Specifically, the law requires the head of the
agency to establish a remediation plan that includes resources, remedies,
and intermediate target dates necessary to bring the agency's financial
management systems into substantial compliance. Further, OMB Circular A-11
requires agencies with noncompliant systems to include in their annual
PARs a summary of their detailed remediation plans containing (1)
corrective actions to be taken, (2) resources to be used for
implementation of the corrective actions, and (3) target dates for
implementation of the corrective actions.
As previously discussed, auditors reported that 17 agency systems were
substantially noncompliant with FFMIA in fiscal year 2006. The agency
heads for 5 of these agencies31 disagreed with the auditor and considered
their agencies' systems to be substantially compliant with FFMIA. The law
does not require an agency to prepare a remediation plan if the agency
head determines that the agency's systems are in substantial compliance
with the law even if the agency's auditor determines the agency's systems
are not substantially compliant. The remaining 12 agencies32 are required
to include summarized remediation plans in their PARs. We reviewed the 12
PARs for those agencies to determine if their summarized remediation plans
included the required information. Figure 11 presents the results of our
analysis.
30 [47]GAO-06-184 .
31Departments of Education, Housing and Urban Development (HUD), Interior,
Labor, and State.
Figure 11: Summary of Analysis of Elements Included in 12 Agencies'
Summarized Remediation Plans for Fiscal Year 2006
As shown in figure 11, all of the agencies' summarized remediation plans
included corrective actions. However, one third of the agencies'
summarized remediation plans did not include a discussion of the staffing
resources required to complete the planned corrective actions. Remediation
plans provide a "road map" to resolve financial management problems in a
transparent manner, and also help hold managers accountable for needed
improvements. A discussion of the resources to be used when implementing
the corrective actions is essential in determining whether the corrective
actions can realistically be accomplished within the specified time
frames. Assigning resources to a corrective action facilitates on-time
implementation and helps avoid confusion over what funding sources will be
used and the personnel responsible for the implementation.
32Agriculture, DOD, Energy, HHS, DHS, DOJ, DOT, Treasury, VA, NASA, NRC,
and SBA.
One agency did not include target dates for completing corrective actions
to become substantially compliant with FFMIA. Setting specific target
dates, including intermediate target dates, facilitates tracking the
progress agencies are making in reaching their specified goals. If
agencies do not include target dates in their remediation plans, it is
difficult for the Congress and the American taxpayer to hold them
accountable for correcting long-standing financial management system
problems.
Agencies Struggle with Financial Management Systems Modernization
Across the government, agencies have many efforts under way to implement
new financial management systems or to upgrade existing systems that may
help improve FFMIA compliance. However, these efforts far too often result
in systems that do not meet their cost, schedule, and performance goals.
While agencies anticipate that the new systems will provide reliable,
useful, and timely data to support managerial decision making, our work
and that of others has shown that has often not been the case. For
example, many of DOD's over 2,000 business systems are nonintegrated,
stove piped, and not capable of providing departmental management and the
Congress accurate and reliable information on DOD's day-to-day operations.
For decades, DOD has been challenged in modernizing its timeworn business
systems. In 1995, we designated DOD's business systems modernization
program as high-risk, and we continue to designate it as such in our most
recent high-risk report.33 In another case, HHS has been plagued with
systems implementation issues with its Unified Financial Management System
(UFMS) from inception. In fiscal year 2006, HHS auditors reported that the
agency continued to experience significant challenges in resolving issues
with the system conversion and implementation and that sustained efforts
will be necessary to overcome the continuing serious weaknesses.
Furthermore, modernization efforts at DHS and DOJ have been hampered
because these agencies did not follow best practices in systems
development and implementation efforts (commonly referred to as
disciplined processes34).
33 [48]GAO-07-310 .
o Since its establishment, DHS has faced the daunting task of
bringing together 22 diverse agencies and developing an integrated
financial management system. DHS halted implementation of the
Electronically Managing Enterprise Resources for Government
Effectiveness and Efficiency (Emerge2) program in December 2005,
which was expected to integrate financial management systems
across the entire department and to address its financial
management weaknesses. DHS officials have stated that
approximately $52 million in total was spent on the Emerge2
project before it was halted. In fiscal year 2006, we testified35
and provided an assessment of the status of DHS's efforts to
modernize its financial management systems. In early March 2007,
DHS officials issued a high-level plan to address the existing
internal control weaknesses. However, as we recently reported and
testified,36 more detailed implementation strategies will be
necessary to fully address the financial management system
challenges. DHS has received permission from OMB to leverage its
current investments by consolidating and migrating components to
either the Transportation Security Administration (TSA) or Customs
and Border Protection financial management systems models. Our
concern is that these components have numerous financial
management weaknesses. For example, auditors for TSA reported that
they were unable to provide sufficient evidential matter or make
knowledgeable representations to support fiscal year 2005 and 2006
transactions and account balances, particularly for budgetary
accounting and undelivered orders, and property, plant, and
equipment, among others.
o The Department of Justice has developed plans for a Unified
Financial Management System (UFMS) intended to correct many of its
financial accounting and reporting issues. The UFMS is expected to
standardize and integrate financial processes and systems to more
efficiently support accounting operations, facilitate preparation
of financial statements, and streamline audit processes. The
department's efforts over the past few years to implement the UFMS
to replace the seven major accounting systems currently used
throughout the department have been challenging. For example, 2
years after the department selected a vendor for the unified
system, problems with funding, staff turnover, and other competing
priorities caused delays in implementation of the new system. As
of September 2006, none of Justice's accounting systems were
integrated with each other. The Drug Enforcement Administration
(DEA) is scheduled to begin implementing the UFMS in fiscal year
2008, and current plans are for implementing the system in all
department components by fiscal year 2012.
34Disciplined processes have been shown to reduce the risks associated
with software development and acquisition efforts to acceptable levels and
are fundamental to successful system implementations.
35GAO, Financial Management Systems: DHS Has an Opportunity to Incorporate
Best Practices in Modernization Efforts, [51]GAO-06-553T (Washington,
D.C.: Mar. 29, 2006).
36GAO, Homeland Security: Departmentwide Integrated Financial Management
Systems Remain a Challenge, GAO-07-536 (Washington, D.C.: June 21, 2007);
Homeland Security: Transforming Departmentwide Financial Management
Systems Remains a Challenge, GAO-07-1041T (Washington, D.C.: June 28,
2007).
Challenges of Implementingthe Financial Management Line of Business
OMB's FMLOB initiative, launched in March 2004, promotes
business-driven, common solutions to enhance the federal
government's performance and services. This initiative is intended
to address past financial management systems' weaknesses and
implementation failures and support the PMA goal of expanding
electronic government.
The goals of OMB's Financial Management Line of Business
initiative include:
o providing timely and accurate data for decision
making;
o facilitating stronger internal controls that ensure
integrity in accounting and other stewardship
activities;
o reducing costs by providing a competitive
alternative for agencies to acquire, develop,
implement, and operate financial management systems
through shared service solutions;
o standardizing systems, business processes, and data
elements; and
o providing for seamless data exchange between and
among federal agencies by implementing a common
language and structure for financial information and
system interfaces.
OMB's initial framework for the competitive migration to either a
public shared service provider or a qualified private sector
provider under the initiative is expected to help agencies
maximize value by considering alternative solutions in a reasoned
and structured manner. We have long supported and called for
initiatives to standardize and streamline common systems, which
can reduce costs and, if done correctly, improve accountability.
Likewise, OMB has correctly recognized that enhancing the
government's ability to implement financial management systems
that are capable of providing accurate, reliable, and timely
information on the results of operations needs to be addressed as
a governmentwide solution, rather than individual agency
stove-piped efforts designed to meet a given entity's needs. The
FMLOB is a work in progress, and OMB has not yet fully defined and
implemented the processes necessary to successfully complete it.
In our March 2006 report,37 we recommended that careful
consideration of the following four concepts, each one building
upon the former, would be integral to the success of OMB's FMLOB
initiative and could help break the cycle of failure in
implementing financial management systems. The four concepts were
(1) developing a concept of operations, (2) defining standard
business processes, (3) developing a strategy for ensuring that
agencies migrate to a limited number of service providers in
accordance with OMB's stated approach, and (4) defining and
effectively implementing disciplined processes necessary to
properly manage the specific projects.
OMB has taken steps to develop the foundational guidance needed
for the FMLOB, but many challenging tasks remain. As we reported
last year, OMB has designated four federal agencies38 as shared
service providers; released a competition framework in May 2006;
issued migration planning guidance in September 2006; and
encouraged private sector providers that can satisfy the shared
services requirements to participate in the procurement process
for these services. In November 2006, OMB released an exposure
draft of a common governmentwide accounting classification
structure that may address lack of standardization among agency
accounts. A critical factor for this project will be the ability
to develop an approach that captures all stakeholders' needs with
minimal redundancy and complexity.
In addition, OMB and the Financial Systems Integration Office39
(FSIO) have also developed and released an exposure draft for the
funds control standard business process40 and the payment
management standard business process.41 Further, in March 2007,
the Financial Services Assessment Guide (SAG)42 was issued to
establish a set of financial service metrics to facilitate an
assessment of opportunities to improve performance and
affordability of financial services provided by shared service
providers and federal agencies. In order to promote consistency
among agencies and service providers, starting June 15, 2007, and
every month thereafter, OMB is requiring monthly reporting from
all agencies on their performance data through a single system
managed by FSIO, including data for each system listed as a core
financial management system.
37 [52]GAO-06-184 .
38The four agencies designated as shared service providers were the
Department of the Interior (National Business Center), GSA (Federal
Integrated Solutions Center), Department of the Treasury (Bureau of the
Public Debt Administrative Resource Center), and Department of
Transportation (Enterprise Services Center).
39FSIO was formerly known as the Joint Financial Management Improvement
Program (JFMIP) staff office. In December 2004, the JFMIP Principals voted
to modify the roles and responsibilities of the JFMIP Program Office, now
FSIO. The FSIO Executive reports to OMB's Office of Federal Financial
Management Controller. See OMB, Update on the Financial Management Line of
Business and the Financial Systems Integration Office Memorandum
(Washington, D.C.: Dec. 16, 2005).
40OMB, FMLOB Funds Control Standard Business Process, Exposure Draft
(Washington, D.C.: March 2007).
Furthermore, FSIO released its core financial system product
compliance test policy,43 documenting the specific core financial
systems qualifications test policy and procedures starting in
2007. This new policy provided detailed information about each
test, including schedule, scope, and requirements to be tested.
This is a useful tool to promote consistency in core financial
systems governmentwide, clarify the system requirements, and
reduce the risk that agencies will acquire noncompliant or
ineffective core financial system software. This, though, does not
eliminate the need for agencies to conduct comprehensive testing
efforts to ensure that financial system software meets their
requirements, and the implementation of FSIO-tested software does
not guarantee that the agencies will have financial systems that
are compliant with FFMIA.
While much has been accomplished by OMB, many important issues
remain unresolved. For example, one of the recommendations in our
March 2006 report44 called for a concept of operations to provide
the foundation for the FMLOB. An effective concept of operations
would describe, at a high level, (1) how all of the various
elements of federal financial systems and mixed systems relate to
each other and (2) how information flows from and through these
systems. A concept of operations would provide a useful tool to
explain how financial management systems at the agency and
governmentwide levels can operate cohesively. It would be geared
to a governmentwide solution rather than individual agency
stove-piped efforts. Because the federal government does not have
an overall concept of operations, there is no clear understanding
of the interrelationships among federal financial systems and how
the shared service provider concept fits into this framework. OMB
officials recognize that standardization is important and are
developing a standard set of business processes in four areas:
funds control, accounts payable, accounts receivable, and
financial reporting. In addition, as the FMLOB initiative moves
forward, there are numerous additional areas where standardization
is also important, such as inventory, supplies, and material
management, as well as the loan management areas. Absent this
standardization, shared service providers have been designated
without common business rules and potential customer agencies
continue to implement and operate individual stove-piped systems
that may require additional work to adopt these processes.
41OMB, FMLOB Payment Management Standard Business Process Exposure Draft
(Washington, D.C.: May 2007).
42OMB, Financial Services Assessment Guide Version 1 (Washington, D.C.:
Mar. 30, 2007).
43FSIO, Core Financial System Product Qualification Test Policy
(Washington, D.C.: March 2007).
44 [53]GAO-06-184 .
Further, as we reported in September 2006,45 there are a number of
factors that affect FFMIA compliance, including the quality of
transaction data in agency feeder systems; the success of
converting data from legacy systems; and the interaction of
people, process, and technology within an agency's environment.
The shared service provider concept, if adopted, will still
require that agencies address long-standing human capital problems
and develop long-term strategies for acquiring, developing, and
retaining an organization's total workforce to meet the needs of
the future. To date, none of the major CFO Act agencies has moved
to an OMB-designated shared service provider to handle their
financial management system activities, although some agencies,
such as DOT, GSA, and NRC were already using the shared service
provider concept prior to OMB's financial management line of
business initiative. In addition, other agencies such as Labor,
use a commercial shared service provider to provide hosting and
operations and maintenance services. There are some major CFO Act
agencies, such as EPA, HUD, Agriculture, and OPM that are in the
process of selecting a shared service provider for full financial
management systems activities. OMB officials told us that a
successful FMLOB outcome would be for agencies to solicit for
government or commercial shared service providers, identify the
best value, and move forward in the FMLOB process. Whether
agencies move to a shared service provider or implement their own
systems, they must have disciplined processes in place to achieve
the intended results, within established resources, and on
schedule.
45GAO, Financial Management: Improvements Under Way but Serious Financial
Systems Problems Persist, [54]GAO-06-970 (Washington, D.C..: Sept. 26,
2006).
Comptroller General Convening Forum on FFMIA Issues
To address the challenges CFO agency managers and auditors face in
implementing and maintaining financial management systems that
meet the intent of the CFO Act and the requirements of FFMIA, we
are convening a Comptroller General forum later this year in
Washington, D.C. The forum is intended to build on 10 years of
experience with FFMIA implementation and foster discussion with a
select group of experts and knowledgeable officials on the
financial management systems opportunities and challenges facing
agencies across the federal government. The discussion will focus
on options for addressing the impediments faced by federal
managers in attempting to bring their respective agencies into
compliance with the requirements of the law. More importantly,
after 10 years, this forum provides an opportunity to "think
outside the box" and foster innovative ideas on how the federal
government can overcome long-standing challenges in improving
financial management systems with the goal of providing meaningful
data to support managerial decision making on a daily basis.
Invitees to the forum will include representatives from the
federal Chief Financial Officer and inspector general communities,
key OMB officials and congressional staff, and selected other
knowledgeable officials from the public and private sectors. After
the forum, we plan to issue a separate report summarizing the
discussion and to consider the key issues in our future FFMIA
work. Accordingly, we are not making any new recommendations in
this report.
Conclusion
Over the 10 years since FFMIA's enactment, the federal government
has continued to make incremental improvement in implementing
financial management systems that substantially comply with the
requirements of the act. Nonetheless, significant and
long-standing obstacles remain for developing and implementing
effective financial management systems that can provide essential
financial data in support of day-to-day managerial decision
making--the ultimate goal of FFMIA. Continued high-priority and
sustained top-level commitment by OMB and leaders throughout the
federal government will be required to fully and effectively
achieve the goal of FFMIA. In addition, to help address the
fundamental obstacles impeding FFMIA implementation, we are taking
a proactive stance by convening a forum to help identify
innovative approaches and corrective actions.
Agency Comments and Our Evaluation
In written comments (reprinted in app. VI) on a draft of this
report, OMB agreed with our assessment that while federal agencies
have continued to make progress in financial management, many
agencies still need to improve their financial systems so that
reliable, useful, and timely financial management information is
available for day-to-day operations. OMB stated that it was
working aggressively to assist agencies in building a strong
foundation for financial management practices and also applauded
our plans to convene a forum on these issues.
As in previous years, we and OMB have differing views on the
necessity of agency auditors providing a statement of positive
assurance when reporting agency systems to be in substantial
compliance with the requirements of FFMIA. OMB stated that its
three major initiatives, the PMA, FMLOB, and the revised Circular
No. A-123, are helping agencies identify and correct FFMIA
deficiencies. Further, OMB stated that many of the ongoing
assessments required under the revised Circular No. A-123 mirror
the types of assessments that would occur in establishing a
statement of positive assurance under FFMIA. As a result, OMB
believed that requiring a statement of positive assurance would be
costly and would not provide additional information that would be
of benefit to the federal agency, OMB, or the taxpayer.
While we agree that these initiatives are helping drive
improvements, auditors need to consider other aspects of financial
management systems when assessing FFMIA compliance that are not
fully addressed through the current reporting structure. For
example, in preparing the PMA scorecard assessments, OMB officials
meet with agencies to discuss a number of financial management
issues and have systems demonstrations. Our concern is that some
of the information provided by this approach does not come under
audit scrutiny and may not be reliable. Similarly, internal
control assessments performed under Circular No. A-123 are
management's judgments and are subject to an opinion-level review
by independent auditors only in limited circumstances. An opinion
by an independent auditor on FFMIA compliance would confirm
whether an agency's systems substantially met the requirements of
FFMIA and could also provide additional confidence in the
information provided as a result of the PMA, FMLOB, and Circular
No. A-123 initiatives. In our view, confidence that agency
financial management systems provide reliable, useful, and timely
information to help government leaders invest resources, oversee
programs, and reduce costs, would be of significant value to the
federal agency, OMB, the Congress, and the taxpayer. Moreover, to
minimize the cost of providing an audit opinion, the GAO/PCIE
Financial Audit Manual includes a number of techniques that
auditors can use to reduce the incremental cost of providing
positive assurance. Finally, we continue to believe that a
statement of positive assurance is a statutory requirement under
the act.
With regard to our prior recommendation for revised guidance that
clarifies the definition of substantial compliance, OMB stated
that in its update to Circular No. A-127, Financial Management
Systems, its goal will be to simplify FFMIA compliance
requirements as well as to better balance the FFMIA objectives of
generating audited financial statements and providing meaningful
information for decision makers. Accordingly, OMB agreed to take
this recommendation under advisement. As we noted in our prior
reports,46 auditors we interviewed expressed a need for
clarification regarding the meaning of substantial compliance.
OMB also provided technical comments which we incorporated as
appropriate.
We are sending copies of this report to the Chairman and Ranking
Member, Subcommittee on Federal Financial Management, Government
Information, Federal Services, and International Security, Senate
Committee on Homeland Security and Governmental Affairs, and to
the Chairman and Ranking Member, Subcommittee on Government
Management, Organization, and Procurement, House Committee on
Oversight and Government Reform. We are also sending copies to the
Director of the Office of Management and Budget, the heads of the
24 CFO Act agencies in our review, and agency CFOs and inspectors
general. Copies will be made available to others upon request. In
addition, this report will be available at no charge on the GAO
Web site at [49]http://www.gao.gov .
46 [55]GAO-02-29 , [56]GAO-03-31 , [57]GAO-05-20 , [58]GAO-05-881 , and
[59]GAO-06-970 .
This report was prepared under the direction of McCoy Williams,
Director, Financial Management and Assurance, who may be reached
at (202) 512-9095 or [50][email protected] if you have any
questions. Contact points for our Offices of Congressional
Relations and Public Affairs may be found on the last page of this
report. GAO staff that made key contributions to this report are
listed in appendix VII.
David M. Walker
Comptroller General of the United States
Appendix I: Requirements and Standards Supporting Federal Financial
Management
Financial Management Systems Requirements
The policies and standards prescribed for executive agencies to
follow in developing, operating, evaluating, and reporting on
financial management systems are defined in Office of Management
and Budget (OMB) Circular No. A-127, Financial Management Systems.
The components of an integrated financial management system
include the core financial system,1 managerial cost accounting
system, administrative systems, and certain programmatic systems.
Administrative systems are those that are common to all federal
agency operations,2 and programmatic systems are those needed to
fulfill an agency's mission. Circular No. A-127 refers to the
series of publications entitled Federal Financial Management
Systems Requirements, initially issued by the Joint Financial
Management Improvement Program's (JFMIP) Program Management Office
(PMO) as the primary source of governmentwide requirements for
financial management systems. However, as of December 2004, the
Financial Systems Integration Office (FSIO) assumed responsibility
for coordinating the work related to federal financial management
systems requirements and OMB's Office of Federal Financial
Management (OFFM) is responsible for issuing the new or revised
regulations. In December 2004, the JFMIP Principals voted to
modify the roles and responsibilities of JFMIP, resulting in the
creation of FSIO. Appendix II lists the federal financial
management systems requirements published to date. Figure 12 is
the current model that illustrates how these systems interrelate
in an agency's overall systems architecture.
1Core financial systems, as defined by the Office of Federal Financial
Management (OFFM), include managing general ledger, funding, payments,
receivables, and certain basic cost functions.
2Examples of administrative systems include budget, acquisition, travel,
property, and human resources and payroll.
Figure 12: Agency Systems Architecture
FFMIA Guidance
OMB establishes governmentwide financial management policies and
requirements and has issued two sources of guidance related to FFMIA
reporting. First, in OMB Memorandum, Revised Implementation Guidance for
the Federal Financial Management Improvement Act (Jan. 4, 2001), OMB
provides guidance for agencies and auditors to use in assessing
substantial compliance. The guidance describes the factors that should be
considered in determining whether an agency's systems substantially comply
with FFMIA's three requirements. Further, the guidance provides examples
of the types of indicators that should be used as a basis for assessing
whether an agency's systems are in substantial compliance with each of the
three FFMIA requirements. Finally, the guidance discusses the corrective
action plans, to be developed by agency heads, for bringing their systems
into compliance with FFMIA. Second, on August 23, 2006, OMB issued
Bulletin No. 06-03, Audit Requirements for Federal Financial Statements,
which superseded OMB Bulletin No. 01-02. This new bulletin did not
substantially revise the FFMIA audit guidance included in Bulletin No.
01-02, which calls for auditors to provide negative assurance when
reporting on an agency system's FFMIA compliance.
We have worked in partnership with representatives from the President's
Council on Integrity and Efficiency (PCIE) to develop and maintain the
joint GAO/PCIE Financial Audit Manual (FAM). The FAM provides specific
procedures auditors should perform when assessing FFMIA compliance.3 As
detailed in appendix V, we have also issued a series of checklists to help
assess whether agencies' systems meet systems requirements. The FAM
guidance on FFMIA assessments recognizes that while financial statement
audits offer some assurance regarding FFMIA compliance, auditors should
design and implement additional testing to satisfy FFMIA criteria.
OMB Circular No. A-127 also requires agencies to purchase commercial
off-the-shelf (COTS) software that has been tested and certified through
the PMO software certification process when acquiring core financial
systems. However, in December 2004, OMB transferred the responsibility of
certifying systems to FSIO as part of the realignment of JFMIP. In March
2007, FSIO updated the testing policy for COTS software. However, the
certification process does not eliminate or significantly reduce the need
for agencies to develop and conduct comprehensive testing efforts to
ensure that the COTS software meets their requirements. Moreover, core
financial systems certification does not mean that agencies that install
these packages will have financial management systems that are compliant
with FFMIA. Many other factors can affect the capability of the systems to
comply with FFMIA, including modifications made to the FSIO-certified core
financial management systems software and the validity and completeness of
data from feeder systems.
3 [60]GAO-01-765G , section 260.58-.60 and [61]GAO-03-466G , sections 701,
701A, and 701B.
Federal Accounting Standards
The Federal Accounting Standards Advisory Board (FASAB)4 promulgates
federal accounting standards and concepts that agency chief financial
officers use in developing financial management systems and preparing
financial statements. FASAB develops the appropriate accounting standards
and concepts after considering the financial and budgetary information
needs of the Congress, executive agencies, and other users of federal
financial information and comments from the public. FASAB forwards the
standards and concepts to the Comptroller General, the Director of OMB,
the Secretary of the Treasury, and the Director of the Congressional
Budget Office (CBO) for a 90-day review. If, within 90 days, neither the
Comptroller General nor the Director of OMB objects to the standard or
concept, then it is issued and becomes final. FASAB announces finalized
concepts and standards in The Federal Register.
The American Institute of Certified Public Accountants designated the
federal accounting standards promulgated by FASAB as being generally
accepted accounting principles for the federal government. This
recognition enhances the acceptability of the standards, which form the
foundation for preparing consistent and meaningful financial statements
both for individual agencies and the government as a whole. Currently,
there are 32 Statements of Federal Financial Accounting Standards (SFFAS)
and 4 Statements of Federal Financial Accounting Concepts (SFFAC).5 The
concepts and standards are the basis for OMB's guidance to agencies on the
form and content of their financial statements and for the government's
consolidated financial statements. Appendix III lists the concepts,
standards, interpretations,6 and technical bulletins, along with their
respective effective dates.
4In October 1990, the Secretary of the Treasury, the Director of OMB, and
the Comptroller General established FASAB to develop a set of generally
accepted accounting standards and concepts for the federal government.
Effective October 1, 2003, FASAB is comprised of six nonfederal or public
members, one member from the Congressional Budget Office, and the three
sponsors.
5Accounting standards are authoritative statements of how particular types
of transactions and other events should be reflected in financial
statements. SFFACs explain the objectives and ideas upon which FASAB
develops the standards.
6An interpretation is a document of narrow scope that provides
clarifications of original meaning, additional definitions, or other
guidance pertaining to an existing federal accounting standard.
FASAB's Accounting and Auditing Policy Committee (AAPC)7 assists in
resolving issues related to the implementation of accounting standards.
AAPC's efforts result in guidance for preparers and auditors of federal
financial statements in connection with implementation of accounting
standards. To date, AAPC has issued six technical releases, which are
listed in appendix IV along with their release dates.
U.S. Government Standard General Ledger (SGL)
The SGL was established by an interagency task force under the direction
of OMB and mandated for use by agencies in OMB and Treasury regulations in
1986. The SGL promotes consistency in financial transaction processing and
reporting by providing a uniform chart of accounts and pro forma
transactions used to standardize federal agencies' financial information
accumulation and processing throughout the year, enhance financial
control, and support budget and external reporting, including financial
statement preparation. The SGL is intended to improve data stewardship
throughout the federal government, enabling consistent reporting at all
levels within the agencies and providing comparable data and financial
analysis governmentwide.8
Internal Control Standards
The Congress enacted legislation, 31 U.S.C. S 3512(c), (d) (commonly
referred to as the Federal Managers' Financial Integrity Act of 1982
(FMFIA)), to strengthen internal controls and accounting systems
throughout the federal government, among other purposes. Issued pursuant
to FMFIA, the Comptroller General's Standards for Internal Control in the
Federal Government9 provides standards that are directed at helping agency
managers implement effective internal control, an integral part of
improving financial management systems. Internal control is a major part
of managing an organization and comprises the plans, methods, and
procedures used to meet missions, goals, and objectives. In summary,
internal control, which under OMB's guidance for FMFIA is synonymous with
management control, helps government program managers achieve desired
results through effective stewardship of public resources.
7In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the Chief
Financial Officers Council, and the President's Council on Integrity and
Efficiency, established AAPC to assist the federal government in improving
financial reporting.
8SGL guidance is published in the Treasury Financial Manual. Treasury's
Financial Management Service is responsible for maintaining the SGL and
answering agency inquiries.
9GAO, Standards for Internal Control in the Federal Government,
[62]GAO/AIMD-00-21 .3 (Washington, D.C.: November 1999).
Effective fiscal year 2006, OMB strengthened the requirements for
conducting management's assessment of internal control over financial
reporting by revising OMB Circular No. A-123.10 Significant revisions
contained in Appendix A of the circular include requiring Chief Financial
Officers (CFO) Act agency management to annually assess the adequacy of
internal control over financial reporting, provide a report on identified
material weaknesses and corrective actions, and provide a separate
assurance statement on the agency's internal control over financial
reporting. In initiating the revisions, OMB cited the internal control
requirements for publicly traded companies that are contained in section
404 of the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley).11 Sarbanes-Oxley
was enacted in response to corporate accountability failures of several
years prior to its enactment and contains a provision (section 404)
calling for management's assessment of internal control over financial
reporting similar to the long-standing requirements for executive branch
agencies contained in FMFIA to issue annual statements of assurance over
internal control in the agencies. Opinions on internal control over
financial reporting as required by Sarbanes-Oxley for publicly traded
companies are important to protect investors by improving the accuracy and
reliability of corporate disclosures made pursuant to the securities laws.
10OMB Circular No. A-123, Management's Responsibility for Internal Control
(revised Dec. 21, 2004).
11Pub. L. No. 107-204, S 404, 116 Stat. 745, 789 (July 30, 2002).
Appendix II: Publications in the Federal Financial Management Systems
Requirements Series
FFMSR document Issue date
FFMSR-8 System Requirements for Managerial Cost February 1998
Accounting
JFMIP-SR-99-5 Human Resources & Payroll Systems April 1999
Requirements
JFMIP-SR-99-8 Direct Loan System Requirements June 1999
JFMIP-SR-99-9 Travel System Requirements July 1999
JFMIP-SR-99-14 Seized Property and Forfeited Assets December 1999
Systems Requirements
JFMIP-SR-00-01 Guaranteed Loan System Requirements March 2000
JFMIP-SR-00-3 Grant Financial System Requirements June 2000
JFMIP-SR-00-4 Property Management Systems Requirements October 2000
JFMIP-SR-01-01 Benefit System Requirements September 2001
JFMIP-SR-02-02 Acquisition/Financial Systems Interface June 2002
Requirements
JFMIP-SR-03-01 Revenue System Requirements January 2003
JFMIP-SR-03-02 Inventory, Supplies and Materials System August 2003
Requirements
JFMIP-SR-02-01 Addendum to Core Financial System March 2004
Requirements
JFMIP-SR-01-04 Framework for Federal Financial Management April 2004
Systems
OFFM-NO-0106 Core Financial System Requirements January 2006
OFFM-NO-0206 Insurance System Requirements June 2006
Source: OMB's Office of Federal Financial Management (OFFM).
Note: Effective December 1, 2004, all financial management system
requirements documents and other guidance initially issued by the JFMIP
were transferred to OFFM and remain in effect until modified.
Appendix III: Statements of Federal Financial Accounting Concepts,
Standards, Interpretations, and Technical Bulletins
Concepts
SFFAC No. 1 Objectives of Federal Financial Reporting
SFFAC No. 2 Entity and Display
SFFAC No. 3 Management's Discussion and Analysis
SFFAC No. 4 Intended Audience and Qualitative
Characteristics for the Consolidated Financial Report
of the United States Government
Standards Effective for fiscal
yeara
SFFAS No. 1 Accounting for Selected Assets and 1994
Liabilities
SFFAS No. 2 Accounting for Direct Loans and Loan 1994
Guarantees
SFFAS No. 3 Accounting for Inventory and Related 1994
Property
SFFAS No. 4 Managerial Cost Accounting Concepts and 1998
Standards for the Federal Government
SFFAS No. 5 Accounting for Liabilities of the 1997
Federal Government
SFFAS No. 6 Accounting for Property, Plant, and 1998
Equipment
SFFAS No. 7 Accounting for Revenue and Other 1998
Financing Sources and Concepts for Reconciling
Budgetary and Financial Accounting
SFFAS No. 8 Supplementary Stewardship Reporting 1998
SFFAS No. 9 Deferral of the Effective Date of 1998
Managerial Cost Accounting Standards for the Federal
Government in SFFAS No. 4
SFFAS No. 10 Accounting for Internal Use Software 2001
SFFAS No.11 Amendments to Accounting for Property, 1999
Plant, and Equipment--Definitional Changes
SFFAS No.12 Recognition of Contingent Liabilities 1998
Arising from Litigation: An Amendment of SFFAS No.
5, Accounting for Liabilities of the Federal
Government
SFFAS No. 13 Deferral of Paragraph 65.2--Material 1999
Revenue-Related Transactions Disclosures
SFFAS No. 14 Amendments to Deferred Maintenance 1999
Reporting
SFFAS No. 15 Management's Discussion and Analysis 2000
SFFAS No. 16 Amendments to Accounting for Property, 2000
Plant, and Equipment
SFFAS No. 17 Accounting for Social Insurance 2000
SFFAS No. 18 Amendments to Accounting Standards for 2001
Direct Loans and Loan Guarantees in Statement of
Federal Financial Accounting Standards No. 2
SFFAS No. 19 Technical Amendments to Accounting 2003
Standards for Direct Loans and Loan Guarantees in
Statement of Federal Financial Accounting Standards
No. 2
SFFAS No. 20 Elimination of Certain Disclosures 2001
Related to Tax Revenue Transactions by the Internal
Revenue Service, Customs, and Others
SFFAS No. 21 Reporting Corrections of Errors and 2002
Changes in Accounting Principles
SFFAS No. 22 Change in Certain Requirements for 2001
Reconciling Obligations and Net Cost of Operations
SFFAS No. 23 Eliminating the Category National 2003
Defense Property, Plant, and Equipment
SFFAS No. 24 Selected Standards for the Consolidated 2002
Financial Report of the United States Government
SFFAS No. 25 Reclassification of Stewardship 2006
Responsibilities and Eliminating the Current
Services Assessment
SFFAS No. 26 Presentation of Significant Assumptions 2006
for the Statement of Social Insurance: Amending
SFFAS 25
SFFAS No. 27 Identifying and Reporting Earmarked 2006
Funds
SFFAS No. 28 Deferral of the Effective Date of 2006
Reclassification of the Statement of Social
Insurance: Amending SFFAS 25 and 26
SFFAS No. 29 Heritage Assets and Stewardship Land 2006
SFFAS No. 30 Inter-Entity Cost Implementation 2009
Amending SFFAS 4, Managerial Cost Accounting
Standards and Concepts
SFFAS No. 31 Accounting for Fiduciary Activities 2009
SFFAS No. 32 CFR of the U.S. Government Requirements 2006
Interpretations
No. 1 Reporting on Indian Trust Funds
No. 2 Accounting for Treasury Judgment Fund Transactions
No. 3 Measurement Date for Pension and Retirement Health Care Liabilities
No. 4 Accounting for Pension Payments in Excess of Pension Expense
No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue
No. 6 Accounting for Imputed Intra-departmental Costs
No. 7 Items Held for Remanufacture
Technical bulletins
TB 2000-1 Purpose and Scope of FASAB Technical Bulletins and Procedures
for Issuance
TB 2002-1 Assigning to Component Entities Costs and Liabilities That
Result From Legal Claims Against the Federal Government
TB 2002-2 Disclosures Required by Paragraph 79(g) of SFFAS 7, Accounting
for Revenue and Other Financing Sources and Concepts for Reconciling
Budgetary and Financial Accounting
TB 2003-1 Certain Questions and Answers Related to the Homeland Security
Act of 2002
TB 2006-1 Recognition and Measurement of Asbestos-Related Cleanup Costs
Source: FASAB.
aEffective dates do not apply to Statements of Federal Financial
Accounting Concepts, Interpretations, and Technical Bulletins.
Appendix IV: Accounting and Auditing Policy Committee Technical Releases
Technical release AAPC release date
TR-1 Audit Legal Representation Letter Guidance March 1, 1998
TR-2 Determining Probable and Reasonably Estimable for March 15, 1998
Environmental Liabilities in the Federal Government
TR-3 Preparing and Auditing Direct Loan and Loan July 31, 1999
Guarantee Subsidies Under the Federal Credit Reform Act
TR-4 Reporting on Non-Valued Seized and Forfeited July 31, 1999
Property
TR-5 Implementation Guidance on SFFAS No. 10: Accounting May 14, 2001
for Internal Use Software
TR-6 Preparing Estimates for Direct Loan and Loan January 2004
Guarantee Subsidies Under the Federal Credit Reform Act
(Amendments to TR-3)
Source: FASAB.
Appendix V: Checklists for Reviewing Systems under the Federal Financial
Management Improvement Act
Checklist Issue date
[63]GAO/AIMD-00-21.2.3 Human Resources and Payroll Systems March 2000
Requirements
[64]GAO-01-99G Seized Property and Forfeited Assets October 2000
Systems Requirements
[65]GAO/AIMD-21-2.6 Direct Loan System Requirements April 2000
[66]GAO/AIMD-21.2.8 Travel System Requirements May 2000
[67]GAO/AIMD-99-21.2.9 System Requirements for Managerial January 1999
Cost Accounting
[68]GAO-01-371G Guaranteed Loan System Requirements March 2001
[69]GAO-01-911G Grant Financial System Requirements September 2001
[70]GAO-02-171G Property Management Systems Requirements December 2001
[71]GAO-04-22G Benefit System Requirements October 2003
[72]GAO-04-650G Acquisition/Financial Systems Interface June 2004
Requirements
[73]GAO-05-225G Core Financial System Requirements February 2005
Source: GAO.
Appendix VI: Comments from the Office of Management and Budget
Appendix VII: GAO Contact and Staff Acknowledgments
GAO Contact
McCoy Williams, (202) 512-9095 or [email protected]
Acknowledgments
In addition to the contact named above, Kay L. Daly, Assistant Director;
F. Abe Dymond, Assistant General Counsel; Debra Cottrell; Francine
DelVecchio; Lauren Fassler; C. Robin Hodge; Jennifer Leone; Sheila D.
Miller; and George Warnock made key contributions to this report.
(195101)
GAO's Mission
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( [74]www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
[75]www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548
To order by Phone: Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061
To Report Fraud, Waste, and Abuse in Federal Programs
Contact:
Web site: [76]www.gao.gov/fraudnet/fraudnet.htm
E-mail: [77][email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470
Congressional Relations
Gloria Jarmon, Managing Director, [78][email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548
Public Affairs
Paul Anderson, Managing Director, [79][email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
[80]transparent illustrator graphic
[81]www.gao.gov/cgi-bin/getrpt?GAO-07-914 .
To view the full product, including the scope
and methodology, click on the link above.
For more information, contact McCoy Williams at (202) 512-9095 or
[email protected].
Highlights of GAO- [82]07-914 , a report to the Committee on Homeland
Security and Governmental Affairs, U.S. Senate, and the Committee on
Oversight and Government Reform, House of Representatives
AuAugust 2007
FINANCIAL MANAGEMENT
Long-standing Financial Systems Weaknesses Present a Formidable Challenge
The Federal Financial Management Improvement Act of 1996 (FFMIA) requires
the 24 Chief Financial Officers (CFO) Act agencies to implement and
maintain financial management systems that comply substantially with (1)
federal financial management systems requirements, (2) federal accounting
standards, and (3) the U.S. Government Standard General Ledger (SGL).
FFMIA also requires GAO to report annually on the implementation of the
act.
This report, primarily based on GAO and inspectors general reports,
discusses (1) the problems that continued to affect agencies systems'
FFMIA compliance in fiscal year 2006 and (2) the initiatives under way to
help move federal financial management toward FFMIA compliance.
[83]What GAO Recommends
To further understand the key issues that affect FFMIA implementation and
challenges in improving financial management systems, the Comptroller
General is convening a forum later this year to bring together key
officials and experts for a candid discussion of these issues.
Accordingly, this report does not include any new recommendations. OMB was
supportive of the forum, agreed with GAO's assessment, and stated it was
working aggressively to assist agencies in building a strong foundation of
financial management practices.
Federal agencies have continued to make progress in meeting the
requirements of FFMIA since the passage of the law in 1996. Most agencies
though, have not yet progressed to the stage that their systems are
substantially compliant, and some agencies have made little progress.
Accordingly, agencies continue to fall short in their attempts to
establish the financial systems needed to create the full range of
information needed for effective day-to-day management. In fiscal year
2006, auditors for 17 of the 24 CFO Act agencies reported that agencies'
financial management systems did not substantially comply with at least
one of the three FFMIA requirements. As shown below, based on audit
reports, GAO identified six types of problems primarily related to
agencies' systems. These problems with agency financial systems remain a
significant obstacle to supporting effective management of the federal
government.
Number of Agencies with Reported FFMIA Compliance Problems for Fiscal
Years 2002 through 2006
With regard to improvement initiatives, GAO noted continued progress in
two key areas: (1) agencies' required remediation plans and (2) the Office
of Management and Budget's (OMB) efforts to address system implementation
problems. All 12 of the remediation plans GAO reviewed included corrective
actions, but several were missing key elements. Moreover, agencies
continue to struggle with efforts to modernize their financial management
systems. This problem is particularly acute at the Department of Defense.
Agency modernization efforts have been consistently hampered by failure to
follow best practices in systems development and implementation, commonly
referred to as disciplined processes. As a result, these efforts far too
often do not meet cost, schedule, and performance goals. To help address
these problems, OMB has demonstrated continued progress in the
implementation of the financial management line of business initiative.
However, additional steps forward are needed to provide a foundation for
this initiative.
References
Visible links
35. http://www.gao.gov/cgi-bin/getrpt?GAO-06-184
36. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21
37. http://www.gao.gov/cgi-bin/getrpt?GAO-01-765G
38. http://www.gao.gov/cgi-bin/getrpt?GAO-03-466G
39. http://www.gao.gov/cgi-bin/getrpt?GAO-02-29
40. http://www.gao.gov/cgi-bin/getrpt?GAO-03-31
41. http://www.gao.gov/cgi-bin/getrpt?GAO-03-1062
42. http://www.gao.gov/cgi-bin/getrpt?GAO-05-20
43. http://www.gao.gov/cgi-bin/getrpt?GAO-05-881
44. http://www.gao.gov/cgi-bin/getrpt?GAO-06-970
45. http://www.gao.gov/cgi-bin/getrpt?GAO-06-970
46. http://www.gao.gov/cgi-bin/getrpt?GAO-07-310
47. http://www.gao.gov/cgi-bin/getrpt?GAO-06-184
48. http://www.gao.gov/cgi-bin/getrpt?GAO-07-310
49. http://www.gao.gov/
50. mailto:[email protected]
51. http://www.gao.gov/cgi-bin/getrpt?GAO-06-553T
52. http://www.gao.gov/cgi-bin/getrpt?GAO-06-184
53. http://www.gao.gov/cgi-bin/getrpt?GAO-06-184
54. http://www.gao.gov/cgi-bin/getrpt?GAO-06-970
55. http://www.gao.gov/cgi-bin/getrpt?GAO-02-29
56. http://www.gao.gov/cgi-bin/getrpt?GAO-03-31
57. http://www.gao.gov/cgi-bin/getrpt?GAO-05-20
58. http://www.gao.gov/cgi-bin/getrpt?GAO-05-881
59. http://www.gao.gov/cgi-bin/getrpt?GAO-06-970
60. http://www.gao.gov/cgi-bin/getrpt?GAO-01-765G
61. http://www.gao.gov/cgi-bin/getrpt?GAO-03-466G
62. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21
63. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.2.3
64. http://www.gao.gov/cgi-bin/getrpt?GAO-01-99G
65. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21-2.6
66. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21-2.8
67. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-99-21.2.9
68. http://www.gao.gov/cgi-bin/getrpt?GAO-01-371G
69. http://www.gao.gov/cgi-bin/getrpt?GAO-01-911G
70. http://www.gao.gov/cgi-bin/getrpt?GAO-02-171G
71. http://www.gao.gov/cgi-bin/getrpt?GAO-04-22G
72. http://www.gao.gov/cgi-bin/getrpt?GAO-04-650G
73. http://www.gao.gov/cgi-bin/getrpt?GAO-05-225G
74. http://www.gao.gov/
75. http://www.gao.gov/
76. http://www.gao.gov/fraudnet/fraudnet.htm
77. mailto:[email protected]
78. mailto:[email protected]
79. mailto:[email protected]
81. http://www.gao.gov/cgi-bin/getrpt?GAO-07-914
82. http://www.gao.gov/cgi-bin/getrpt?GAO-07-914
*** End of document. ***