[Independent Auditorsâ Report on the Bureau of Land Managementâs Financial Statements for Fiscal Years 2002 and 2001]
[From the U.S. Government Printing Office, www.gpo.gov]

Report No. 2003-I-0024

Title: Independent Auditorsï¿½ Report on the Bureau of Land Managementï¿½s
       Financial Statements for Fiscal Years 2002 and 2001

  

Date:  February 28,2003

**********DISCLAIMER********** 
This file contains an ASCII representation of an OIG report. No attempt has been made to display graphic images or illustrations. Some tables may be included, but may not resemble those in the printed version. A printed copy of this report may be obtained by referring to the PDF file or by calling the Office of Inspector General, Division of Acquisition and Management Operations at (202) 219-3841. 
******************************


Memorandum

To:  Director, Bureau of Land Management

From: Roger La Rouche, Assistant Inspector General for Audits

Subject:  Independent Auditorsï¿½ Report on the Bureau of Land Managementï¿½s Financial Statements for Fiscal Years 2002 and 2001 (No. 2003-I-0024)

We contracted with KPMG LLP (KPMG), an independent certified public accounting firm, to audit the Bureau of Land Managementï¿½s (BLM) financial statements as of September 30, 2002 and for the year then ended.  The contract required that KPMG conduct its audit in accordance with the Comptroller General of the United States of Americaï¿½s Government Auditing Standards, the Office of Management and Budgetï¿½s Bulletin 01-02 Audit Requirements for Federal Financial Statements, and the General Accounting Office/Presidentï¿½s Council on Integrity and Efficiencyï¿½s Financial Audit Manual.

In its Independent Auditorï¿½s Report dated December 16, 2002 (Attachment 1), KPMG issued an unqualified opinion on BLMï¿½s financial statements.  KPMG identified six reportable conditions related to the following internal controls and financial operations:  (1) accounting for property, (2) accruing year-end payables, (3) security and internal controls over information technology systems, (4) accounting for intra-departmental transactions, (5) internal controls over charge cards, and (6) timely deobligation of undelivered orders.  KPMG considers the first two reportable conditions to be material weaknesses.  With regard to compliance with laws and regulations, KPMG found BLM noncompliant with portions of the Federal Financial Management Improvement Act (FFMIA).  Specifically, KPMG reported BLMï¿½s financial management systems were not in substantial compliance with Federal financial management systems requirements and Federal accounting standards.  

In connection with the contract, we monitored the progress of the audit at key points, reviewed KPMGï¿½s report and selected related working papers, and inquired of its representatives.  Our review, as differentiated from an audit in accordance with the Government Audit Standards, was not intended to enable us to express, and we do not express, an opinion on the BLMï¿½s financial statements, conclusions about the effectiveness of internal controls, conclusions on whether BLMï¿½s financial management systems substantially complied with the three requirements of FFMIA, or conclusions on compliance with laws and regulations.  KPMG is responsible for the auditorsï¿½ report and 
for the conclusions expressed in the report.  Our review disclosed no instances where KPMG did not comply in all material respects with the Government Auditing Standards.

In the January 13, 2003 response to the draft report from the Director, BLM (Attachment 2), BLM concurred with Recommendations A through H.  Based on the response, all seven recommendations are considered resolved but not implemented.  The seven recommendations will be referred to the Assistant Secretary for Policy, Management and Budget for tracking of implementation.

Section 5(a) of the Inspector General Act (5 U.S.C. App. 3) requires the Office of Inspector General to list this report in its semiannual report to the Congress.


Attachments

KPMG LLP. KPMG LLP, a U.S. limited liability partnership, is
a member of KPMG International, a Swiss association.
Suite 2700
707 Seventeenth Street
Denver, CO 80202

INDEPENDENT AUDITORSï¿½ REPORT

The Director of the Bureau of Land Management
and the Inspector General of the Department of the Interior:

We have audited the accompanying consolidated balance sheets of the Bureau of Land Management (BLM) as of September 30, 2002 and 2001, the related consolidated statements of net cost of operations for the years then ended, and the related consolidated statement of changes in net position, combined statement of budgetary resources, and consolidated statement of financing for the year ended September 30, 2002 (hereinafter referred to as the financial statements). The objective of our audits was to express an opinion on the fair presentation of these financial statements. In connection with our audits, we also considered the BLMï¿½s internal control over financial reporting and tested the BLMï¿½s compliance with certain provisions of applicable laws and regulations that could have a direct and material effect on its financial statements.


SUMMARY

As stated in our opinion on the financial statements, we concluded that the BLMï¿½s financial statements are presented fairly, in all material respects, in conformity with accounting principles generally accepted in the United States of America.


Our consideration of internal control over financial reporting resulted in the following conditions being identified as reportable conditions:

Reportable Conditions That Are Considered to be Material Weaknesses


A. Accounting for Property
B. Accruing for Year-end Payables

Other Reportable Conditions

C. Security and Internal Control Over Information Technology Systems
D. Accounting for Intra-departmental Transactions
E. Internal Control Over Charge Cards
F. Timely Deobligation of Undelivered Orders

The results of our tests of compliance with certain provisions of laws and regulations, exclusive of the Federal Financial Management Improvement Act of 1996 (FFMIA), disclosed no instances of noncompliance with laws and regulations that are required to be reported herein under Government Auditing Standards, issued by the Comptroller General of the United States, or Office of Management and Budget (OMB) Bulletin No. 01-02, Audit Requirements for Federal Financial Statements.


The results of our tests of FFMIA disclosed instances where the BLMï¿½s financial management systems did not substantially comply with federal financial management systems requirements and the federal accounting standards.


The following sections discuss our opinion on the BLMï¿½s financial statements, our consideration of the BLMï¿½s internal control over financial reporting, our tests of the BLMï¿½s compliance with certain provisions of applicable laws and regulations, and managementï¿½s and our responsibilities.


OPINION ON THE FINANCIAL STATEMENTS

We have audited the accompanying consolidated balance sheets of the BLM as of September 30, 2002 and 2001, the related consolidated statements of net cost of operations for the years then ended, and the related consolidated statement of changes in net position, combined statement of budgetary resources, and consolidated statement of financing for the year ended September 30, 2002.


In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of the BLM as of September 30, 2002 and 2001, its net cost of operations for the years then ended, and its changes in net position, budgetary resources, and reconciliation of net cost of operations to budgetary obligations for the year ended September 30, 2002, in conformity with accounting principles generally accepted in the United States of America.


As discussed in notes 15 and 19 to the financial statements, the BLM changed its method of accounting for allocation transfers as of October 1, 2001.

The information in the Managementï¿½s Discussion and Analysis, Required Supplementary Stewardship Information (Stewardship Assets), and Required Supplementary Information (Supplementary Statement of Budgetary Resources by Major Budget Accounts and Deferred Maintenance) sections is not a required part of the financial statements, but is supplementary information required by accounting principles generally accepted in the United States of America and OMB Bulletin No. 01-09, Form and Content of Agency Financial Statements. We have applied certain limited procedures, which consisted principally of inquiries of management regarding the methods of measurement and presentation of this information. However, we did not audit this information and, accordingly, we express no opinion on it. 

INTERNAL CONTROL OVER FINANCIAL REPORTING

Our consideration of internal control over financial reporting would not necessarily disclose all matters in the internal control over financial reporting that might be reportable conditions. Under standards issued by the American Institute of Certified Public Accountants, reportable conditions are matters coming to our attention relating to significant deficiencies in the design or operation of the internal control over financial reporting that, in our judgment, could adversely affect the BLMï¿½s ability to record, process, summarize, and report financial data consistent with the assertions by management in the financial statements.

Material weaknesses are reportable conditions in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that misstatements, in amounts that would be material in relation to the financial statements being audited, may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.

In our fiscal year 2002 audit, we noted certain matters involving internal control over financial reporting and its operation that we consider to be reportable conditions. We believe that the following reportable conditions are material weaknesses.

A. Accounting for Property

The BLM does not have adequate internal control to ensure property balances are accurate and complete. As part of our audit, we found weaknesses in the following areas:

1. Property on stewardship lands. Accounting principles generally accepted in the United States of America define general property recorded on the balance sheet as any property used in providing goods or services. However, the BLM does not have procedures in place to capitalize roads, bridges, and dams located on stewardship lands, when the property is used in the production of goods or services. It is estimated the BLM has potentially understated net general property by as much as $5.2 million in its September 30, 2002 financial statements for this issue. 

Currently, roads, bridges, and dams on stewardship lands are expensed in the year of construction or acquisition. These items vary greatly in their degree of use, cost, and sophistication. For example, stewardship lands have various types of roads. These include: (1) rough dirt roads created from years of use, (2) dirt roads created by non-federal land users (e.g., oil and gas exploration crews) and then abandoned, and (3) roads created by the BLM to provide access (e.g., gravel and paved roads). Some of these roads are maintained and are used to produce goods and services, while others merely exist until natural conditions overtake them. An example of property that should be capitalized is BLM roads and bridges used to support timber operations. These types of assets are not permanent improvements to the land, but rather are additions needed to provide access to timber, and thus should be capitalized and depreciated because the cost more closely relates to the timber than to the land.

2. Additions and deletions to property accounts. Our audit revealed inaccuracies in the recording of additions and deletions to property accounts. Although not material to the financial statements, these errors have resulted in current and prior year misstatements of property and expense. This issue is a repeat finding from the prior year. During the current year the BLM has made an effort to identify and correct historical property inaccuracies through the allocation of additional staff, the issuance of additional instructional memorandums , and the performance of internal reviews. However, property discrepancies continue to exist and appear to stem from a variety of factors, including the need for: (1) accurate and timely reporting from the field offices, which includes complete and accurate annual physical inventory examinations; (2) additional training on conducting physical inventories; (3) additional management oversight to ensure appropriate reviews are conducted, and (4) improved communication between the field offices and the BLMï¿½s business center.

3. Capitalizing leases. The BLM does not have adequate procedures to determine, at the inception of a lease, if a lease should be accounted for as a capital lease or as an operating lease. Prior to September 30, 2002, the BLM had not performed an analysis of its leases and had classified all leases as operating. Subsequent to year-end, a limited review of leases was performed by the BLM, and it was determined that some leases met the criteria for capitalization. By not having procedures to evaluate the classification of leases, at the inception of the lease, the BLM increases its risk of understating property balances and lease obligations.

Recommendation

1. Property on stewardship lands. The BLM should implement procedures to analyze and account for general property (e.g., roads, bridges, and dams) on stewardship lands. The procedures should consider the following:

* Determining whether the property is used in the production of goods and services.
* Implementing capitalization thresholds at a level that would not omit a significant amount of property from the balance sheet.


* Establishing useful lives that represent the normal operating life of the property in terms of the propertyï¿½s utility to the BLM.


* Coordinating with other Department of the Interior bureaus to establish property policies and procedures that are consistent across bureaus and offices.

2. Additions and deletions to property accounts. The BLM should continue to strengthen its procedures over the recording of additions and deletions to property. Improvements should include additional training on the initial recording and subsequent monitoring of property, additional management oversight to ensure property inventories are being conducted accurately and timely, and improvements in communication between field offices and the BLM business center.

3. Capitalizing leases. The BLM should implement procedures to evaluate leases at the inception of the lease agreement to determine if the lease should be capitalized. For existing leases, the BLM should perform a thorough evaluation using reasonable lease assumptions. Lease evaluations should consider the economic substance of the lease agreements rather than their legal form. 

Management Response

The BLM concurs with the finding and recommendation. The BLM currently capitalizes roads, bridges, and dams within the confines of an established real property administrative site. Historically, the BLM viewed any of these items outside of an administrative site as stewardship in nature, meeting neither the capitalization nor road design standard, and thus did not capitalize them. The BLM is currently reevaluating its procedures and, with the assistance of a Department capitalization standard to be issued in FY 2003, will begin capitalizing all roads, bridges, and dams that meet capitalization thresholds.

The BLM agrees that some additions and deletions are not always updated timely. The BLM continues to strive to identify and correct deficiencies related to the timely processing of property management documents. This is evident by the aggressive approach taken during the FY 2002 Property Management Reviews. During FY 2002, the team visited three state and twenty-nine field offices where it identified deficiencies and provided corrective and follow-up actions to fix and monitor the status of the property management programs on a daily basis. In addition, a full time property accountant was added to the property staff to ensure records are monitored for accuracy throughout the year.

The BLMï¿½s intentions are not to enter into capital leases. However, as a result of the BLMï¿½s internal year-end review of all of its current leases, it was determined that two immaterial leases, one of which expired in FY 2002, did meet the obscure fourth requirement to be considered a capital le ase. In order to be in strict compliance with the Federal Accounting Standards Advisory Board standard, the BLM, in coordination with the Department, will develop and implement procedures for evaluating all leases at the inception of the lease to determine if the lease should be capitalized. The evaluation will include an analysis of the applicable lease criteria, utilizing the terms of the lease and considering the economic substance of the lease.

B. Accruing for Year-end Payables

The BLM does not have adequate procedures to capture and report the complete amount of accounts payable at year-end. Accounting principles generally accepted in the United States of America require the BLM to record a liability for the unpaid amounts of goods accepted and services received prior to year-end. To the extent that information is not available, the BLM is required to develop reliable, alternative means of estimating amounts owed. The BLMï¿½s current procedures are limited in scope and time, and include a search of subsequent year-end payments through the preparation of the financial statements, which is approximately one month after year-end. Our audit found approximately $16 million of payments that occurred after year-end that should have been accrued. An audit adjustment was made to record the correct liability at year-end. For some of the transactions, the BLM had procedures in place to estimate liabilities and obligate funds for budgetary purposes, however the budgetary estimates were not communicated to those who prepare the financial statements. As timelines for financial reporting continue to be expedited, the lack of a reliable, alternative means of estimating accounts payable may ultimately impact the BLMï¿½s ability to issue reliable financial statements in a timely manner.

Recommendation

The BLM needs to improve procedures for reporting accounts payable at year-end. Improvements should include increased communication between budgetary staff and those who prepare the financial statements, and the development of a reliable means for estimating amounts owed.

Management Response

The BLM concurs with the finding and recommendation. The BLM realizes that the use of estimates must become part of its standard financial statement preparation procedures, however the development of accurate and reliable numbers will be a challenge. For example, fire seasons can vary significantly in both severity and duration from year to year, which affects potential year-end liabilities in one of the BLMï¿½s largest expense areas. This creates a stumbling block in trying to develop trend analysis as a way of estimating accounts payable since there can be extreme variances from year to year. Since the BLM recognizes that the use of estimates related to accounts payable will be necessary in order to meet OMBï¿½s accelerated financial statement reporting deadlines, the Finance Department has scheduled a series of meetings in the near future to discuss how we can improve our accounts payable reporting. From these discussions, as well as with input from the Department and the auditors, we intend to develop an accurate and reliable process for estimating accounts payable.

We noted the following reportable conditions that are not considered material weaknesses:

C. Security and Internal Control Over Information Technology Systems Security and general controls over the BLMï¿½s financial management systems have not been fully implemented. Despite the fact that the BLM has made recent progress in implementing security and controls over its information systems, controls need to be improved in the areas described below, as required by OMB Circular A-130, Management of Federal Information Resources. These conditions could affect the BLMï¿½s ability to prevent or detect unauthorized changes to subsidiary financial information, control electronic access to sensitive information, and protect its information resources.

Security Programs

Security programs, including security policies and a related implementation plan, support systems, and major applications are the foundation of an entityï¿½s security control structure and a reflection of senior managementï¿½s commitment to addressing security risks. As outlined in OMB Circular A-130, an effective security program includes a risk assessment process, a certification process, and rules of behavior that define and guide the use of financial systems. The BLM has not finalized its security plans for the internal network or for certain major financial applications.

Segregation of Duties

Proper segregation of duties should be ensured through the establishment of policies, procedures, and organizational structure such that one individual cannot control key aspects of financial transactions, and thereby conduct unauthorized actions or gain unauthorized access to assets or records. At year-end the BLM had not finalized policies and procedures to ensure that segregation of duties is maintained for its Collections and Billing System (CBS).

This issue is a repeat finding from the prior year. During the current year the BLM distributed guidance to its offices to address compliance with CBS segregation of duty policies, and required the offices to review current access and certify usersï¿½ roles and responsibilities within the system. Based on responses, certifications, and additional discussions with the field offices, the BLM revised access to the CBS system subsequent to year-end.

Access Controls

Access controls should provide reasonable assurance that computer resources (data files, application programs, and computer-related facilities and equipment) are protected against unauthorized modification, disclosure, loss, or impairment. The objectives of limiting access are to ensure that (1) users have only the access needed to perform their duties; (2) access to very sensitive resources, such as security software programs, is limited to very few individuals; (3) employees are restricted from performing incompatible functions or functions beyond their responsibilities; (4) application security configuration settings are sufficient to provide reasonable assurance that access to applications through user log-on cannot be easily compromised; and (5) network security configurations are optimized to provide reasonable assurance that computer resources (data files, application programs, and computer-related facilities and equipment) are protected against unauthorized modification, disclosure, loss, or impairment. Technical and procedural access controls over the BLMï¿½s network and certain subsidiary financial applications have not been developed and implemented to minimize the risks of unauthorized internal access to the network and systems.

Service Continuity

Losing the capability to process, retrieve, and protect information maintained electronically could significantly impact the BLMï¿½s ability to accomplish its mission. The BLM has not finalized its formal plans and tested information technology continuity controls for certain financial applications to ensure that when unexpected events occur, critical operations continue without interruption or are promptly resumed and critical and sensitive data are protected.

Recommendation

We recommend the BLM continue implementation of its formal action plan to improve the internal security and general controls over financial management systems. This plan should address each of the areas discussed above, as well as other areas that might impact the electronic data processing control environment to ensure adequate security and protection of the BLMï¿½s financial management systems.

Management Response

The BLM concurs with the findings and recommendations.

Security Programs and Access Controls

The BLM plans to finalize security plans and certifications for major financial applications and other applications in accordance with OMB A-130. The Department is system owner for financial applications such as FFS, Hyperion, IDEAS, and FPPS. The BLM will incorporate guidance from Department-owned systems into its related applications. The OMB A-130 certification process is based on funding availability through FY 2005, and may be initiated as early as FY 2003, with the BLMï¿½s Collections and Billings System application being the first major financial application to be reviewed due to the number of users involved and the security importance of the application to the BLM.

Certifications of the BLMï¿½s General Support Systems were completed on external network nodes at Portland and Denver, and on the internal portion of networks within regional nodes. Certifications of General Support Systems in State and field offices will follow.

Systems and applications certifications will include a risk assessment, system/major application security plan, security system test plan and report, rules of behavior, contingency plans and certification statements. The contingency pla ns will be tested at least annually in conjunction with other Continuity Of Operations Plans (COOP). All general support systems and major applications will be re-certified every three years.

The BLM has recently established the IT Security Group within National Information Resources Management Center (NIRMC). This Group consists of four BLM employees and four contractor personnel with additional contractor personnel added when necessary. The IT Security Group is tasked with the following:

* Develop an internal network security policy and achieve accreditation for all general support

systems and major applications across the Bureau by December 31, 2005.
* Establish and maintain an IT security patch management effort designed to keep all servers across the Bureau at the current patch level.
* Develop and maintain proper IT security configurations for all BLM operating systems.
* Monitor the scanning of the internal network to ensure that account access is kept up-to-date; strong passwords are utilized where possible; ensure the separation of development systems and production systems where possible; and ensure that security configurations are kept current.

All other recommendations either have been addressed or will be addressed by the IT Security Group prior to April 1, 2003.

Segregation of Duties

The BLMï¿½s efforts to achieve and implement the recommendations were completed during the first quarter of FY 2003. The BLM reviewed all current Collections and Billings System (CBS) users with access to conflicting functions and changed their access or assured their access was appropriate given the circumstances, and the BLM management assumed the minimal risks involved. The BLM developed policies and procedures to require compliance with CBS segregation of duty policies. The National Business Center (NBC) issued three Information Memorandums (IM) to the field addressing segregation of duties including the requirement for a certification of roles and responsibilities within CBS, roles and responsibilities related to separation of duties within CBS, and procedures to be used in third party reviews of collections. Additionally, the BLM is going to revise the CBS certification form, monitor compliance with segregation of duties policies and procedures more frequently and, if necessary, assess and accept the risk associated with offices where proper segregation is not feasible.

Service Continuity

The NIRMC COOP team has updated the NIRMC Business Recovery Plan to be compatible with Denver Center COOP. The Denver Center COOP has been tested twice with mixed results. The NIRMC COOP team will continue to evaluate and update the current COOP. Each individual Major Application will have a Technical Contingency Plan developed as part of the OMB A-130 certification process for that application. This Technical Contingency Plan will address the backup and recovery plans; vendor agreements; off-site storage of forms, critical documents, and supplies; an inventory of forms and media stored at an off-site location and ï¿½warm siteï¿½ testing procedures for the applicable Major Application. The testing of these contingency plans may be undertaken as part of the Denver Center COOP or may be held as a separate event at the discretion of management.


D. Accounting for Intra-departmental Transactions

As part of its reporting process, the BLM is required to communicate and reconcile intra-departmental transactions between other Department of the Interior bureaus (referred to as ï¿½trading partnersï¿½). Variances with trading partners indicate misstatements in financial reporting at both the bureau and Department levels. Trading partner transactions include the following:

1. Exchange transactions. As of year-end, the BLMï¿½s exchange transaction activity with its trading partners was out of balance by approximately $24 million, which was ultimately reduced to an insignificant amount. Variances between trading partners are currently identified through a manual process, which includes entering transaction data into the Departmentï¿½s financial reporting system (Hyperion). This information is accessible by all Department bureaus. Although the information is entered into Hyperion throughout the year, variances are not adequately reconciled and resolved in a timely manner, with a large majority of the reconciliations continuing to occur at year-end and encompassing a significant amount of accounting staff time and resources. 

This issue is a repeat finding from the prior year. During the current year the BLM has devoted resources to identify and correct out of balance variances, has further developed its processes to standardize the data provided to other bureaus, has provided unbilled receivable detail more frequently, and has requested more information as needed from other bureaus on unidentified receivables. These procedures have reduced the amount of the BLMï¿½s variances in exchange transactions with its trading partners. However, the process continues to be informal, manual, and dependent on the cooperation of other bureaus.


2. Allocation transfers. Allocation transfers are amounts of budget authority  and other resources transferred to other agencies to carry out the purposes of the transferorï¿½s authority. Beginning in fiscal year 2002, generally accepted accounting principles required the transferor agency to report the allocation agencyï¿½s budgetary activity in the transferorï¿½s Statement of Budgetary Resources. The BLM is both a transferor agency and a recipient of allocation transfers. However, the BLMï¿½s largest allocation transfer relates to it being the transferor agency for the Wildland Fire Management Account. In fiscal year 2002, the BLM transferred more than $400 million in budgetary authority to other Department of the Interior bureaus for this program. 


The process for communicating allocation transfer amounts at the end of fiscal year 2002 was informal, lacked adequate supporting documentation, and created confusion and variances between the BLM and other Department of the Interior bureaus in the amounts that should be recorded. The informal procedures resulted in the BLM making a large, untimely adjustment, totaling approximately $48 million, to its fiscal year 2002 Statement of Budgetary Resources.


The BLMï¿½s variances for the above types of transactions were ultimately reduced to insignificant amounts for fiscal year 2002 financial reporting purposes. However, as timelines for future yearsï¿½ financial reporting continue to be expedited, the lack of more effective and timely processes to resolve variances in intra-departmental activity may ultimately impact the BLMï¿½s ability to prepare reliable financial statements in a timely manner.


Recommendation

1. Exchange transactions. The BLM, in conjunction with the Department and other Department of the Interior bureaus, should implement an automated process and formal policies and procedures for the proper reconciliation and correction of variances in trading partner exchange transactions. Until formal and automated processes are implemented, the BLM should continue to improve its manual process to reconcile and resolve amounts. The reconciliation process should be completed quarterly and include procedures to resolve and record differences in a timely manner.


2. Allocation transfers. The BLM, in conjunction with the Department and other Department of the Interior bureaus, should implement formal procedures for communicating and reconciling allocation transfers of budgetary authority. Until formal procedures are implemented, the BLM should establish its own standards for reporting and receiving allocation transfer information. 

Management Response

The BLM concurs with the finding and recommendation.

1. Exchange transactions. As noted in the condition section, the BLM has taken steps within the past year to help correct the situation in this area. In addition to what is cited above, the BLM also devoted one full time employee to reconciling eliminating entries within the Department, which allowed the BLM to focus that resource on improving the reconciliation process, even though it continues to be a manual one.

An initiative of the Departmental Eliminations Team, a team created to identify and correct issues with intra-departmental eliminating entries, is to head an automation project that will reduce the effort needed to match transactions between bureaus. It is hoped that this project will be implemented in early FY 2003. Additionally, with OMB requiring quarterly financial statements beginning in FY 2003, greater emphasis will be placed on the intra-departmental variance reconciliation process to be performed on a quarterly basis, which should help reduce the effort needed at year-end.


The BLM feels that the $24 million out of balance number noted in the condition section is misleading. The reason that number was ultimately reduced to an insignificant amount was due to corrections required to be made almost exclusively at other bureaus. The $24 million is not an accurate reflection of anything being misstated at the BLM.


2. Allocation transfers. FY 2002 was the first year that the Department of the 
Interior adopted the OMB requirement for an allocation transferor to report all transfereesï¿½ budgetary activity in its Statement of Budgetary Resources. As a result, the procedures for communicating budgetary information between bureaus were informal and created confusion. The BLM has begun discussions with other bureaus and the Department regarding creating and implementing formal procedures on communicating allocation transfer information.


E. Internal Control Over Charge Cards

The BLM has not ensured compliance with established procedures to review charge card transactions. We found instances of Program Coordinator reviews not being submitted to the BLMï¿½s business center. It is the BLMï¿½s policy that Program Coordinators review charge card usage at least annually and submit their reviews to the business center. A lack of submittal of the reviews indicates they have not been performed. Our audit revealed only 75% of the Program Coordinator reviews were submitted. In those reviews the following problems were noted:

* A lack of cardholder signatures. Thirty-six percent of the reviews found instances of the cardholderï¿½s signature not being present on the charge card statements. A lack of a signature implies the statement may not have been reviewed or validated by the cardholder.


* A lack of approving official signatures. Fifty-four percent of the reviews found instances of the approving officialï¿½s signature not being present on the charge card statements. A lack of a signature implies the statement may not have been properly reviewed and approved.


* A lack of adequate supporting documentation. Twenty-eight percent of the reviews found instances of missing receipts and documentation to support the charge card expenditures. A lack of adequate supporting documentation may indicate the charge card expenditures were not valid or allowable.


By not conducting adequate reviews of charge card transactions and obtaining the necessary supporting documentation for charges, the BLM increases its risk that charge cards may be used for purposes other than official government related business, and these potential misuses will go undetected. The charge card program had approximately $108 million in expenses during the fiscal year 2002, and the number of charge card transactions increased 22% from the prior fiscal year, to approximately 777,000 transactions. Due to the significant volume of transactions, adequate internal control over charge card transactions is important in preventing significant misuse.


Recommendation

Management should be more diligent in monitoring and enforcing compliance with its charge card policies. The BLM should continue to provide additional training to personnel on charge card review procedures and the requirements for adequate supporting documentation. 

Management Response

The BLM concurs that there is some inconsistency with cardholders and Approving Officials signing monthly charge card statements. This issue has been identified as a problem area during internal BLM reviews. According to the above condition statement, 36 percent found instances of missing cardholder signatures and 54 percent of the statements were missing Approving Official signatures. Although a number of the field office annual charge card program reviews cited the absence of cardholder and Approving Official signatures as a deficiency, the reports do not generally give an indication of how many charge card statements were missing the required signatures. Some reviews indicated that there were only one or two instances, while others only had the ï¿½NOï¿½ box checked, indicating that the cardholder and Approving Official signatures were not present 100 percent of the time. 


The charge card program review forms that are submitted by the BLM field offices summarize the findings of an officeï¿½s review. The reviews are performed on the last 12 statements of at least 10 percent of the cardholders in the organization. If there are 50 cardholders in an organization, the review would include as many as 60 statements (5 cardholders times 12 statements). If one statement did not have the required signatures, the ï¿½NOï¿½ box on the summary review form would be checked. The fact that the ï¿½NOï¿½ box is checked does not indicate that all statements reviewed were missing the required signatures. Therefore, the auditorï¿½s observations regarding the percentage of reviews that found instances of missing cardholder or Approving Official signatures are very misleading. The information that would be valuable is the number of statements missing the signatures as a percentage of the total number of statements reviewed. However, this information is not available.

The problem with missing signatures on statements was noted in a similar recommendation during last yearï¿½s audit. That FY 2001 recommendation based the findings on occurrences that were found when reviewing supporting documentation that was provided by the BLM as part of the charge card transaction sampling process. During that review, it was stated that cardholder signatures were absent on 8 statements out of 55 tested and Approving Official signatures were absent on 5 statements of 55 tested. This year the BLM provided statements and supporting documentation for approximately 45 transactions, and to the best of our knowledge, no problems were found. The BLM recognizes that there is an opportunit y for continued improvement; however, based on the information above, the Bureau feels it has made noticeable improvement in this area.


The BLM also concurs that there were a significant number of program coordinators who did not submit their required charge card reviews to the BLMï¿½s National Business Center. However, it is important to note that there was a substantial improvement this year as compared to last year. The FY 2001 NFR stated that only 8 reviews were submitted, while for FY 2002 a total of 127 reviews were submitted.


These problems, and the issue of missing supporting documentation, are recurring issues identified by most DOI bureaus and the DOI Office of Inspector General. In response to Department wide issues, DOI has recently developed, and made mandatory, web-based Approving Official training and charge card Agency/Organization Program Coordinator (A/OPC) training. All Approving Officials were required to complete the training last summer and A/OPCs just received notification to take the training. The A/OPC training must be completed by approximately mid February 2003. These two classes include substantial emphasis on the issue of following established management controls to reduce the possibility of charge card abuse. The BLM also issued, on September 30, 2002, an updated release of the charge card program manual (BLM Manual Release 1512 ï¿½ Charge Cards and Convenience Checks for Travel, Purchase Fleet, and Uniforms). This manual provides current guidance on the management of the charge card program.


An instruction memorandum was issued on December 24, 2002, to remind A/OPCs of the requirement to complete the local charge card program reviews. The memorandum will remind the offices of the requirement to outline corrective actions for problems identified in the review. In order to improve the visibility of this review requirement, the memorandum will require the reviews to be submitted to the BLM National Business Center by memorandum signed by the State Director or the Center Director.


Follow-up will be done with any States or Centers that do not submit the review forms by March 15, 2003. When the BLM-sponsored reviews of States and Centers are conducted, it will be verified that proposed corrective actions have been taken.


F. Timely Deobligation of Undelivered Orders

The BLM has not fully implemented its internal procedures to ensure budgetary account transactions for undelivered orders are deobligated in a timely manner. It is the BLMï¿½s policy that all offices carefully review unliquidated obligation reports and tables in the accounting system to verify the accuracy of unliquidated obligation balances and to ensure outstanding balances do not contain amounts that should be deobligated.


This issue is a repeat finding from the prior year. During the current year the BLM has continued to implement a field office certification process, where offices certify the validity of undelivered orders. However, our audit continued to find instances (projected to be approximately $19 million) of undelivered orders outstanding at year-end that should have been deobligated. In the majority of the instances the invalid undelivered orders were inactive for over one year. Supporting documentation indicated field office reviews were not performed or the reviews erroneously concluded the undelivered order was valid, which indicates reviews are not being performed at the appropriate level of detail. This could stem from a variety of factors, including lack of appropriate training, communication, and management oversight.

Recommendation

The BLM should improve its review procedures for undelivered orders to ensure amounts are deobligated timely. Improvements should include field offices performing effective and complete reviews. In addition, for financial reporting purposes, the BLM should develop procedures to centrally review year-end undelivered orders that have a higher risk of not being valid, such as a review of all undelivered orders that have not had activity for over one year.

Management Response 
The BLM has continued to work to improve in this area, but realizes that more  needs to be done. During FY 2002, the BLM was able to recover over $40 million due to efforts in clearing undelivered orders. In July 2002, the Business Center introduced an improved MIS report making it easier for field office and procurement personnel to review. The Business Center also conducted a thorough sweep of government charge card undelivered orders, resulting in a recovery of over $2 million. Additionally, the BLM has plans to make significant policy and procedural changes in an effort to ensure that field offices perform effective and complete reviews of all procurement documents, with particular attention paid to agreements.

A summary of the status of prior year reportable conditions is included as exhibit I.

We also noted other matters involving internal control over financial reporting and its operation that we have reported to the management of the BLM in a separate letter dated December 16, 2002.

COMPLIANCE WITH LAWS AND REGULATIONS

Our tests of compliance with certain provisions of laws and regulations, as described in the Responsibilities section of this report, exclusive of FFMIA, disclosed no instances of noncompliance that are required to be reported herein under Government Auditing Standards and OMB Bulletin No. 01-02.

G. Federal Financial Management Improvement Act of 1996

The results of our tests of FFMIA disclosed the following instances where the BLMï¿½s financial management systems did not substantially comply with the federal financial management systems requirements and federal accounting standards.

1. Federal Financial Management Systems Requirements. As discussed in the section of our report entitled Internal Control Over Financial Reporting, the BLM needs to improve internal security and internal control over information technology systems. The BLM has not finalized its security plans for the internal network or for certain major subsidiary financial applications; has not developed and implemented technical and procedural access controls over its internal network and certain subsidiary financial applications to minimize the risks of unauthorized internal access to the network and systems; has not finalized plans and has not tested information technology continuity controls for certain subsidiary financial applications to ensure that when unexpected events occur, critical operations continue without interruption or are promptly resumed and critical and sensitive data are protected; has not implemented sufficient internal network security configuration settings to prevent and monitor unauthorized access to the internal network, including weak passwords, unnecessary services running, and unpatched vulnerabilities. As a result, the BLM does not substantially comply with the security and general EDP control requirements of OMB Circular A-130, Management of Federal Information Resources.

2. Federal Accounting Standards. The BLM is required to prepare its financial statements in accordance with federal accounting standards. As discussed in the section of our report entitled Internal Control over Financial Reporting, we identified material weaknesses that affected the BLMï¿½s ability to prepare its financial statements and related disclosures in accordance with federal accounting standards. Specifically, we determined the BLM needs to improve its procedures related to accounting for property and accruing for year-end payables. The foregoing material weaknesses in internal control are also an indication of noncompliance with FFMIA provisions relating to federal accounting standards.

Recommendation

1. Federal Financial Management Systems Requirements. We recommend the BLM improve its internal security and internal control over information technology systems to a level that will allow the BLM to substantially comply with the security and general information technology control requirements of OMB Circular A-130, Management of Federal Information Resources. 

2. Federal Accounting Standards. We recommend the BLM strengthen its procedures and internal control to ensure that its financial statements and related disclosures are prepared in accordance with federal accounting standards.

Management Response 

As discussed in responding to reportable conditions A, B, and C, the BLM will continue to work to strengthen its internal control to ensure that its financial statements and related disclosures are prepared in accordance with federal accounting standards and will continue to work to strengthen its internal security and internal control over information technology systems. 

The results of our tests of FFMIA disclosed no instances in which the BLMï¿½s financial management systems did not substantially comply with the United States Standard General Ledger at the transaction level.

RESPONSIBILITIES

Managementï¿½s Responsibilities

The Government Management Reform Act of 1994 (GMRA) requires each federal agency to report annually to Congress on its financial status and any other information needed to fairly present its financial position and results of operations. To assist the Department of the Interior in meeting the GMRA reporting requirements, the BLM prepares annual financial statements. 

Management is responsible for the financial statements, which includes:

* Preparing the financial statements in conformity with accounting principles generally accepted in the United States of America;

* Establishing and maintaining internal control over financial reporting, and preparation of the Managementï¿½s Discussion and Analysis (including the performance measures), required supplementary information, and required supplementary stewardship information; and 

* Complying with laws and regulations, including FFMIA.

In fulfilling this responsibility, estimates and judgments by management are required to assess the expected benefits and related costs of internal control policies. Because of inherent limitations in internal control, misstatements, due to error or fraud, may nevertheless occur and not be detected.

Auditorsï¿½ Responsibilities

Our responsibility is to express an opinion on the financial statements of the BLM based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States of America, the standards applicable to financial audits contained in Government Auditing Standards and OMB Bulletin No. 01-02. Those standards and OMB Bulletin No. 01-02 require that we plan and perform the audits to obtain reasonable assurance about whether the financial statements are free of material misstatement.

An audit includes:

* Examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements;

* Assessing the accounting principles used and significant estimates made by management; and

* Evaluating the overall financial statement presentation.

We believe that our audits provide a reasonable basis for our opinion.

In planning and performing our fiscal year 2002 audit, we considered the BLMï¿½s internal control over financial reporting by obtaining an understanding of the BLMï¿½s internal control, determining whether internal control had been placed in operation, assessing control risk, and performing tests of controls in order to determine our auditing procedures for the purpose of expressing our opinion on the financial statements. We limited our internal control testing to those controls necessary to achieve the objectives described in OMB Bulletin No. 01-02 and Government Auditing Standards. We did not test all internal control relevant to operating objectives as broadly defined by the Federal Managersï¿½ Financial Integrity Act of 1982. The objective of our audit was not to provide assurance on internal control over financial reporting. Consequently, we do not provide an opinion thereon.

As required by OMB Bulletin No. 01-02, we considered the BLMï¿½s internal control over required supplementary stewardship information by obtaining an understanding of the BLMï¿½s internal control, determining whether internal control had been placed in operation, assessing control risk, and performing tests of controls. Our procedures were not designed to provide assurance on internal control over required supplementary stewardship information and, accordingly, we do not provide an opinion thereon.

As further required by OMB Bulletin No. 01-02, with respect to internal control related to performance measures determined by management to be key and reported in the Managementï¿½s Discussion and Analysis, we obtained an understanding of the design of significant internal control relating to the existence and completeness assertions. Our procedures were not designed to provide assurance on internal control over performance measures and, accordingly, we do not provide an opinion thereon. 

As part of obtaining reasonable assurance about whether the BLMï¿½s fiscal year 2002 financial statements are free of material misstatement, we performed tests of the BLMï¿½s compliance with certain provisions of laws and regulations, noncompliance with which could have a direct and material effect on the determination of financial statement amounts, and certain provisions of other laws and regulations specified in OMB Bulletin No. 01-02, including certain provisions referred to in FFMIA. We limited our tests of compliance to the provisions described in the preceding sentence, and we did not test compliance with all laws and regulations applicable to the BLM. Providing an opinion on compliance with laws and regulations was not an objective of our audit and, accordingly, we do not express such an opinion.

Under OMB Bulletin No. 01-02 and FFMIA, we are required to report whether the BLMï¿½s financial management systems substantially comply with (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) the United States Government Standard General 
Ledger at the transaction level. To meet this requirement, we performed tests of compliance with FFMIA Section 803(a) requirements.

DISTRIBUTION

This report is intended for the information and use of the BLM and Department of the Interiorï¿½s management, Department of the Interiorï¿½s Office of the Inspector General, OMB, and the U.S. Congress, and is not intended to be and should not be used by anyone other than these specified parties.

December 16, 2002

Exhibit I

Bureau of Land Management
Summary of the Status of Prior Year Reportable Conditions September 30, 2002
Reference Condition Area Status

2001-A Accounting for Property This condition has not been corrected and is repeated in fiscal year 2002.

2001-B Accounting for Intra-departmental Transactions This condition has not been corrected and is repeated in fiscal year 2002.

2001-C Accounting Effects of New Legislation This condition has been corrected.

2001-D Timely Deobligation of Undelivered Orders This condition has not been corrected and is repeated in fiscal year 2002.

2001-E Helium Gas Inventory Examinations This condition has been corrected.

2001-F Segregation of Duties Within the Collections and Billings System This condition was not fully addressed until after fiscal year-end 2002, and thus is repeated in fiscal year 2002.

2001-G, H Information Technology Controls at Interiorï¿½s National Business Center
This condition has not been corrected; however the recommendation is not repeated in fiscal year 2002 because the BLM has limited abilities to require the Interior National Business Center (Interior NBC) to produce assurance (similar to a SAS 70 Type II report) that adequate security and controls are in place over Interior NBCï¿½s financial management systems.

2001-I FFMIA ï¿½ Federal Accounting Standards This instance of noncompliance has not been corrected and is repeated in fiscal year 2002.