This is the accessible text file for GAO report number GAO-03-31 
entitled 'Financial Management: FFMIA Implementation Necessary to 
Achieve Accountability' which was released on October 1, 2002.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

United States General Accounting Office:

GAO: 

Report to Congressional Committees: 

October 2002: 

Financial Management: 

FFMIA Implementation Necessary to Achieve Accountability: 

GAO-03-31: 

GAO Highlights: 

Highlights of GAO-03-31 report to Congressional Committees. 

Why GAO Did This Study: 

The ability to produce the data needed to efficiently and effectively 
manage the day-to-day operations of the federal government and provide
accountability to taxpayers has been a long-standing challenge at most 
federal agencies. To help address this challenge, the Federal Financial 
Management Improvement Act of 1996 (FFMIA) requires the 24 Chief 
Financial Officers Act agencies to implement and maintain financial 
management systems that comply substantially with (1) federal systems 
requirements, (2) federal accounting standards, and (3) the U.S. 
Government Standard General Ledger (SGL). FFMIA also requires GAO to
report annually on the implementation of the act. 

What GAO Found: 

Since enactment of FFMIA in 1996, agencies have generally continued to
make progress to achieve compliance with the act. At the same time,
most agencies’ systems continue to have shortcomings. As shown in the
chart below, audit reports highlight 6 recurring problems that were
consistently reported at 20 agencies whose auditors concluded that
systems were not in compliance with one or more FFMIA requirements. 

Figure : Problems Reported by Auditors for Fiscal Years 2000 and 2001: 

Nonintegrated financial management systems: 
Fiscal year 2000: 13 agencies; 
Fiscal year 2001: 14 agencies. 

Inadequate reconciliation procedures: 
Fiscal year 2000: 16 agencies; 
Fiscal year 2001: 13 agencies. 

Lack of accurate and timely reporting: 
Fiscal year 2000: 14 agencies; 
Fiscal year 2001: 12 agencies. 

Noncompliance with the SGL: 
Fiscal year 2000: 8 agencies; 
Fiscal year 2001: 8 agencies. 

Lack of adherence to federal accounting standards: 
Fiscal year 2000: 12 agencies; 
Fiscal year 2001: 14 agencies. 

Weak security over information systems: 
Fiscal year 2000: 19 agencies; 
Fiscal year 2001: 20 agencies. 

[End of table] 

Following OMB’s reporting guidance, auditors for the remaining four
agencies provided negative assurance on compliance, meaning that
nothing came to their attention indicating that these agencies’ 
financial management systems did not meet FFMIA requirements. GAO does 
not believe that this type of reporting is sufficient. FFMIA requires 
the auditor to state “whether” the agency systems are in substantial
compliance, which in our view, requires the auditor to perform 
sufficient audit tests to be able to provide positive assurance. 

Agencies have recognized the seriousness of their financial system 
problems, and many initiatives are planned or underway to overhaul 
financial management systems, including efforts to develop cost 
management information which is key to measuring program performance. 
Increasing attention from the highest levels of the federal government 
is being targeted on improving financial management. The President’s 
Management Agenda Fiscal Year 2002 included improved financial 
performance as one of the five top governmentwide management goals. The 
administration is aggressively pursuing strategies to reform federal 
business practices, and has underscored the need for financial 
management systems modernization. 

What GAO Recommends: 

GAO reaffirms its prior recommendations that OMB revise its FFMIA audit 
testing and reporting guidance including recommendations to: (1) 
provide a statement of positive assurance when reporting an agency’s
systems to be in substantial compliance with FFMIA, and; (2) emphasize 
the significance of agencies’ ability to provide cost management 
information for measuring the results of program performance. 

OMB agreed to reconsider revising its audit guidance once its overall 
federal financial management policy is finalized. 

The full report, including GAO's objectives, scope, methodology, and 
analysis is available at [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-03-31]. For additional information about the report, 
contact Sally Thompson (202-512-9450 or by e-mail at 
thompsons@gao.gov). 

[End of section] 

Contents: 

Letter: 

Results In Brief: 

Background: 

Scope and Methodology: 

Continued System Weaknesses Impair Financial Management Accountability: 

Crosscutting Reasons for Noncompliance Indicate Serious Problems 
Remain: 

Auditors Provided Negative Assurance as to Substantial Compliance: 

Remediation Plans Have Improved: 

Agency Efforts to Implement New Financial Systems: 

Managerial Cost Information Is Critical for Implementing the 
President’s Management Agenda: 

Increasing Emphasis On Improving Financial Management from the Highest 
Levels of Government: 

Conclusions: 

Agency Comments And Our Evaluation: 

Appendixes: 

Appendix I: Publications in the Federal Financial Management Systems 
Requirements Series: 

Appendix II: Statements of Federal Financial Accounting Concepts, 
Standards, and Interpretations: 

Appendix III: AAPC Technical Releases: 

Appendix IV: Checklists for Reviewing Systems Under the Federal 
Financial Management Improvement Act: 

Appendix V: Comments From the Office of Management and Budget: 

Appendix VI: GAO Contacts and Staff Acknowledgments: 

GAO Contacts: 

Acknowledgments: 

Figures: 

Figure 1: Problems Reported by Auditors for Fiscal Years 2000 and 2001: 

Figure 2: Framework for Providing Accountability and Good Management 
Information: 

Figure 3: Agency Systems Architecture: 

Figure 4: Auditors’ FFMIA Determinations for Fiscal Year 2001: 

Figure 5: Problems Reported by Auditors for Fiscal Years 2000 and 2001: 

Figure 6: Results of Review of Fiscal Year 2000 Remediation Plans: 

Abbreviations: 

AAPC: Accounting and Auditing Policy Committee: 

AID: Agency for International Development: 

ARB: Activity-Based Budgeting: 

ABC: Activity-Based Costing: 

BLM: Bureau of Land Management: 

CFO: Chief Financial Officer: 

CIO: Chief Information Officer: 

COTS: Commercial Off-the-Shelf: 

DOD: Department of Defense: 

DOT: Department of Transportation: 

EPA: Environmental Protection Agency: 

FAA: Federal Aviation Administration: 

FAM: Financial Audit Manual: 

FASAB: Federal Accounting Standards Advisory Board: 

FEMA: Federal Emergency Management Agency: 

FFMIA: Federal Financial Management Improvement Act: 

FFMSR: Federal Financial Management Systems Requirements: 

FHA: Federal Housing Administration: 

FIA: Federal Managers’ Financial Integrity Act: 

FMS: Financial Management Service: 

GAO: General Accounting Office: 

GISRA: Government Information Security Reform Act: 

GMRA: Government Management Reform Act: 

GPRA: Government Performance and Results Act: 

GSA: General Services Administration: 

HHS: Health and Human Services: 

HUD: Housing and Urban Development: 

HUDCAPS: Housing and Urban Development’s Central Accounting and Program 
System: 

IFMS: Integrated Financial Management System: 

IG: Inspector General: 

IRS: Internal Revenue Service: 

IT: Information Technology: 

JFMIP: Joint Financial Management Improvement Program: 

MIT: Management Improvement Team: 

NASA: National Aeronautics and Space Administration: 

NRC: National Regulatory Commission: 

NSF: National Science Foundation: 

OCFO: Office of the Chief Financial Officer: 

OMB: Office of Management and Budget: 

OPM: Office of Personnel Management: 

PCIE: President’s Council on Integrity and Efficiency: 

SBA: Small Business Administration: 

SFFAC: Statements of Federal Financial Accounting Concepts: 

SFFAS: Statements of Federal Financial Accounting Standards: 

SGL: Standard General Ledger: 

SSA: Social Security Administration: 

USDA: United States Department of Agriculture: 

[End of section] 

United States General Accounting Office: 
Washington, D.C. 20548: 

October 1, 2002: 

The Honorable Joseph I. Lieberman: 
Chairman: 
The Honorable Fred Thompson: 
Ranking Minority Member: 
Committee on Governmental Affairs: 
United States Senate: 

The Honorable Dan Burton: 
Chairman: 
The Honorable Henry A. Waxman: 
Ranking Minority Member: 
Committee on Government Reform: 
House of Representatives: 

The ability to produce the data needed to efficiently and effectively 
manage the day-to-day operations of the federal government and provide
accountability to taxpayers and the Congress has been a long-standing
challenge at most federal agencies. To address this challenge, the Chief
Financial Officers (CFO) Act of 1990[Footnote 1] calls for the 
modernization of financial management systems, so that the systematic 
measurement of performance, the development of cost information, and 
the integration of program, budget, and financial information for 
management reporting can be achieved. 

The Federal Financial Management Improvement Act of 1996 (FFMIA) 
[Footnote 2] builds on the foundation laid by the CFO Act by 
emphasizing the need for agencies to have systems that can generate 
reliable, useful, and timely information with which to make fully 
informed decisions and to ensure accountability on an ongoing basis. 
FFMIA requires the 24 major departments and agencies covered by the CFO 
Act to implement and maintain financial management systems that comply 
substantially with (1) federal financial management systems 
requirements, (2) applicable federal accounting standards,[Footnote 3] 
and (3) the U.S. Government Standard General Ledger (SGL)[Footnote 4] 
at the transaction level. FFMIA also requires auditors to report in 
their CFO Act financial statement audit reports whether the agencies’ 
financial management systems substantially comply with FFMIA’s systems 
requirements. We are required to report annually on the implementation 
of the act. This, our sixth annual report, discusses (1) auditors’ 
FFMIA determinations and widespread systems problems that affect agency 
systems’ compliance with FFMIA, (2) issues related to auditors 
providing negative assurance as to substantial compliance with the act, 
(3) agency plans to bring their systems into compliance, (4) agency 
efforts to implement new financial management systems and the increasing
importance of managerial cost information, and (5) the impact of the
President’s Management Agenda and the Joint Financial Management 
Improvement Program (JFMIP) Principals[Footnote 5] on improving federal 
financial management. 

Results in Brief: 

Federal agencies are making progress to address financial management 
systems weaknesses. At the same time, the results of the fiscal year 
2001 FFMIA assessments performed by the 24 CFO Act agency inspectors
general (IG) or their contract auditors show that most agencies’ 
financial management systems continue to have shortcomings. While much 
more severe at some agencies than others, the nature and seriousness of 
the problems indicate that, generally, agency management does not yet 
have the full range of information needed for accountability, 
performance reporting, and decision making. 

Auditors for 20 of the 24 CFO Act agencies reported that their agencies’
financial management systems did not comply substantially with certain
FFMIA requirements. Auditors reported the same six types of problems in
their fiscal year 2000 audit reports, as highlighted in figure 1. 

Figure 1: Problems Reported by Auditors for Fiscal Years 2000 and 2001: 

Nonintegrated financial management systems: 
Fiscal year 2000: 13 agencies; 
Fiscal year 2001: 14 agencies. 

Inadequate reconciliation procedures: 
Fiscal year 2000: 16 agencies; 
Fiscal year 2001: 13 agencies. 

Lack of accurate and timely reporting: 
Fiscal year 2000: 14 agencies; 
Fiscal year 2001: 12 agencies. 

Noncompliance with the SGL: 
Fiscal year 2000: 8 agencies; 
Fiscal year 2001: 8 agencies. 

Lack of adherence to federal accounting standards: 
Fiscal year 2000: 12 agencies; 
Fiscal year 2001: 14 agencies. 

Weak security over information systems: 
Fiscal year 2000: 19 agencies; 
Fiscal year 2001: 20 agencies. 

Source: GAO analysis of agency audit reports for fiscal years 2000 and 
2001. We did not independently verify or test the data in the agency 
audit reports. 

[End of table] 

As a result of these problems, most agencies’ financial management 
systems are not yet able to routinely produce reliable, useful, and 
timely financial information. For example, agency financial management 
systems are required to produce information on the full cost of 
programs and projects. Currently, some agencies are only able to 
provide cost accounting information at the end of the year through 
periodic cost surveys. Agencies are experimenting with methods of 
accumulating and assigning costs to obtain the managerial cost 
information needed to enhance programs, improve processes, establish 
fees, develop budgets, prepare financial reports, and report on 
performance. 

Auditors for the remaining four agencies—the Departments of Energy and
Labor, the General Services Administration (GSA), and the Social 
Security Administration (SSA)—provided negative assurance in reporting 
on FFMIA compliance for fiscal year 2001, meaning that while they do 
not opine as to FFMIA compliance, nothing came to their attention 
during the course of their planned procedures indicating that these 
agencies’ financial management systems did not meet FFMIA requirements. 
If readers do not understand the concept of negative assurance, which 
is the type of reporting specified in the Office of Management and 
Budget’s (OMB) auditing guidance, they may have gained an incorrect 
impression that these systems have been fully tested by the auditors 
and found to be substantially compliant. Because the act requires 
auditors to “report whether” agency systems are substantially 
compliant, the auditor needs to provide positive assurance, which would 
be a definitive statement as to whether agency financial management 
systems substantially comply with FFMIA. To provide positive assurance, 
more testing is necessary than that performed for the purposes of 
rendering an opinion on the financial statements. In this regard, OMB 
has not acted on our prior recommendations, but instead focused on new 
initiatives to promote improvements in agency financial management 
systems. 

To address identified problems, FFMIA requires agencies to prepare 
remediation plans describing the actions they took or plan to take to
overcome financial management systems problems and bring them into
FFMIA compliance. At the time of our review, the most current 
remediation plans covered problems reported in fiscal year 2000 audit 
reports. Of the 19 agencies[Footnote 6] whose systems were reported as 
not in substantial compliance during fiscal year 2000, 15 prepared 
remediation plans. Our review of these 15 remediation plans showed 
that, overall, the plans had improved somewhat over the fiscal year 
1999 plans, although some plans still lacked fundamental elements such 
as staffing and funding resources required to complete the proposed 
corrective actions. A lack of substance in the plans, including 
associating resources to detailed corrective actions, can limit the
likelihood of success in adequately implementing the corrective 
actions. To help address our prior recommendations related to 
inadequate remediation plans, OMB has implemented a multidisciplinary 
approach to provide additional expertise to the review and oversight to 
agencies’ plans. Across government, agencies have many efforts underway 
to implement or upgrade financial systems to alleviate long-standing 
problems in financial management. A number of these agencies are in the 
implementation phases of these projects, and other agencies are in the 
planning and design phases. Many of these new financial systems are 
commercial-off-the-shelf (COTS) packages sold by vendors whose software 
has been certified[Footnote 7] by the JFMIP. However, JFMIP’s 
certification that a vendor’s software meets many of the core financial 
management system requirements is just one of the conditions that must 
be met before substantial compliance with FFMIA can be achieved. 

Increasing attention from the highest levels of the federal government 
is being targeted on improving federal financial management. The 
President’s Management Agenda Fiscal Year 2002 included improved 
financial performance as one of the five top governmentwide management 
goals. The administration is using what it refers to as the Executive 
Branch Management Scorecard to highlight agency progress in achieving 
the management and performance improvements embodied in the President’s
Management Agenda. The JFMIP Principals have also actively developed
short- and long-term strategies and plans necessary to address many of 
the financial management problems across government. For example, the
Principals have agreed to criteria for measuring financial management
success, accelerating financial statement reporting, and restructuring 
the Federal Accounting Standards Advisory Board (FASAB). The attention 
of these top leaders along with OMB’s continued aggressive pursuit of
strategies to reform current federal business practices have underscored
the need for financial management systems modernization and are 
essential to achieving federal financial management reform. 

We reaffirm several prior recommendations aimed at enhancing audit 
guidance and improving remediation plans. In commenting on a draft of
this report, OMB generally agreed with our overall observations and 
conclusions that while many agencies are continuing to make progress,
some agencies still have shortcomings in their financial management 
systems. Regarding our recommendation for OMB to change its audit 
guidance to require a statement of positive assurance on compliance with
FFMIA, OMB stated that it is currently updating its financial management
policy guidance and that once the update is completed, new performance
and results-based criteria will be used in future FFMIA assessments. OMB
also stated that once its overall financial management policy is 
finalized, it will reconsider revising its audit guidance to address 
our recommendation. With regard to the lack of resource information in 
agency remediation plans, OMB agreed that stand-alone remediation plans 
do not necessarily contain resource information. However, OMB officials 
pointed out that remediation plan information, such as estimates of 
resources, is included in agency financial management plans, which are 
part of agency budget submissions. We did not have the agency budget 
submissions and therefore we could not determine whether the required 
resource information, not included in the stand-alone plans, was 
included in the budget submission information. Our detailed evaluation 
of OMB’s comments can be found at the end of this letter. 

Background: 

FFMIA and other financial management reform legislation have emphasized 
the importance of improving financial management across the federal 
government. The primary purpose of FFMIA is to ensure that agency 
financial management systems routinely generate timely, accurate, and 
useful information. With such information, government leaders will be
better positioned to invest resources, reduce costs, oversee programs, 
and hold agency managers accountable for the way they run government
programs. Financial management systems’ compliance with federal 
financial management systems requirements, applicable accounting 
standards, and the SGL are building blocks to help achieve these goals. 

Management Reform Legislation: 

FFMIA is part of a series of management reform legislation passed by the
Congress over the past 2 decades. This series of legislation started 
with 31 U.S.C. 3512 (c),(d), (the Federal Managers’ Financial Integrity 
Act of 1982 (FIA)), which the Congress passed to strengthen internal 
controls and accounting systems throughout the federal government, 
among other purposes. Issued pursuant to FIA, the Comptroller General’s 
Standards for Internal Control in the Federal Government[Footnote 8] 
provides the standards that are directed at helping agency managers 
implement effective internal control, an integral part of improving 
financial management systems. Internal control is a major part of 
managing an organization and comprises the plans, methods, and 
procedures used to meet missions, goals, and objectives. In summary, 
internal control, which under OMB’s guidance for FIA is synonymous with 
management control, helps government program managers achieve desired 
results through effective stewardship of public resources. 

Effective internal control also helps in managing change to cope with
shifting environments and evolving demands and priorities. As programs
change and agencies strive to improve operational processes and 
implement new technological developments, management must continually 
assess and evaluate its internal control to ensure that the control 
activities being used are effective and updated when necessary. While 
agencies had achieved some success in identifying and correcting 
material internal control and accounting system weaknesses, their 
efforts to implement the FIA had not produced the results intended by 
the Congress. 

Therefore, in the 1990s, the Congress passed additional management
reform legislation to improve the general and financial management of 
the federal government. As shown in figure 2, the combinations of 
reforms ushered in by the (1) CFO Act, (2) Government Management Reform 
Act (GMRA) of 1994, (3) FFMIA, (4) Government Performance and Results 
Act of 1993 (GPRA), and (5) Clinger-Cohen Act of 1996, if successfully
implemented, provides a basis for improving accountability of government
programs and operations as well as routinely producing valuable cost and
operating performance information, thereby making it possible to better
assess and improve the government’s effectiveness, financial condition,
and operating performance. 

Figure 2: Framework for Providing Accountability and Good Management
Information: 

[See PDF for image] 

This figure is an illustration of the framework for providing 
accountability and good management information. The following data is 
depicted: 

Management Reform Legislation: 
FAI; CFO Act; GMRA; FFMIA; GPRA; Clinger-Gohen. 

Management Reform Legislation: 
Provides impetus for accountability and good management information. 

Fully integrated financial management systems; reliable, timely 
financial statements; effective internal controls; together yield: 
Strong financial management that provides reliable, timely, and useful 
information for decision makers. 

Source: GAO. 

Financial Management Systems Requirements: 

The policies and standards prescribed for executive agencies to follow 
in developing, operating, evaluating, and reporting on financial 
management systems are defined in OMB Circular A-127, Financial 
Management Systems. Circular A-127 references the series of 
publications entitled Federal Financial Management Systems Requirements 
(FFMSR), issued by JFMIP as the primary source of governmentwide 
requirements for financial management systems. JFMIP systems 
requirements, among other things, provide a framework for establishing 
integrated financial management systems to support program and 
financial managers. 

JFMIP’s Framework for Federal Financial Systems, issued in 1995, 
identified multiple components of a financial management system. The
components of an integrated financial management system include the
core financial system, managerial cost accounting system, and numerous
programmatic and administrative systems. Figure 3 is the JFMIP model
that illustrates how these systems interrelate in an agency’s overall 
systems architecture. 

Figure 3: Agency Systems Architecture: 

[See PDF for image] 

This figure is an illustration of agency systems architecture, using a 
series of concentric circles. The following data is depicted: 

Core Financial System: Financial Reporting System and Managerial Cost 
Accounting; 
Next concentric circle: Includes the following: 
* Budge formation system; 
* Revenue system; 
* Acquisition system; 
* Property management system; 
* Inventory system; 
* Grant system; 
* Insurance claim system; 
* Benefit payment system; 
* Guaranteed loan system; 
* Direct loan system; 
* Seized, forfeited asset system; 
* Travel system; 
* Human resources and payroll system; 
* Non-financial systems. 
Next concentric circle: Departmental Executive Information System; 
Final concentric circle: Workstation Support Tools. 

Source: JFMIP. 

[End of figure] 

When FFMIA was enacted in 1996, JFMIP had issued requirement documents 
for the core financial system and six subsidiary systems. However, 
several of these documents needed updating to recognize recently 
enacted laws and regulatory revisions. Since 1998, JFMIP has been 
engaged in an intensive effort to update its system requirements 
documents. In November 2001, JFMIP updated its Core Financial System
Requirements, previously issued in 1999. These requirements were
clarified in some areas; new requirements were added to capture full 
cost and revenue to unique cost objects along with enhancing daily 
internal reports requirements. The updated requirements document is the 
basis of the redevelopment of the JFMIP core software qualification 
test. JFMIP is currently partnering with the CFO and Chief Information 
Officer (CIO) Councils to update its Framework for Federal Financial 
Management Systems. JFMIP also has a project underway to update the 
Inventory System Requirements document. Appendix I lists the current 
publications in the FFMSR series and their issue dates. 

JFMIP helps ensure that financial management system requirements and 
the vendor software remain aligned by testing vendor COTS packages for
core financial systems and certifying that these packages meet certain 
core financial management system requirements. OMB policy requires that
agencies acquiring core financial management systems use software that
has been certified by JFMIP. Under the JFMIP testing process, software
products are certified for 3 years and must then be retested by JFMIP.
Other factors that affect FFMIA compliance include how the software
package works in the agency’s environment, whether any customization is
made to the software, the success of converting data from legacy systems
to new systems, and the quality of transaction data in the feeder 
systems. 

Federal Accounting Standards: 

FASAB[Footnote 9] promulgates federal accounting standards that agency 
CFOs use in developing financial management systems and preparing 
financial statements. FASAB develops the appropriate accounting 
standards after considering the financial and budgetary information 
needs of the Congress, executive agencies, and other users of federal 
financial information and comments from the public. FASAB forwards the 
standards to the three Principals—the Comptroller General, the 
Secretary of the Treasury, and the Director of OMB—for a 90-day review. 
If there are no objections during the review period, the standards are 
considered final and FASAB publishes them on its Web site and in print. 

The American Institute of Certified Public Accountants has recognized 
the federal accounting standards promulgated by FASAB as being generally
accepted accounting principles for the federal government. This 
recognition enhances the acceptability of the standards, which form the
foundation for preparing consistent and meaningful financial statements
both for individual agencies and the government as a whole. 

Currently, there are 22 statements of federal financial accounting 
standards (SFFAS) and 3 statements of federal financial accounting 
concepts (SFFAC).[Footnote 10] The concepts and standards are the basis 
for OMB’s guidance to agencies on the form and content of their 
financial statements and for the government’s consolidated financial 
statements. Appendix II lists the concepts, standards, and 
interpretations[Footnote 11] along with their respective effective 
dates. 

FASAB’s Accounting and Auditing Policy Committee (AAPC)[Footnote 12] 
assists in resolving issues related to the implementation of accounting 
standards. AAPC’s efforts result in guidance for preparers and auditors 
of federal financial statements in connection with implementation of 
accounting standards and the reporting and auditing requirements 
contained in OMB’s Form and Content of Agency’s Financial Statements 
Bulletin and Audit Requirements for Federal Financial Statements 
Bulletin. To date, AAPC has released five technical releases, which are 
listed in appendix III along with their release dates. 

Standard General Ledger: 

The SGL was established by an interagency task force under the 
direction of OMB and mandated for use by agencies in OMB and Treasury 
regulations in 1986. The SGL promotes consistency in financial 
transaction processing and reporting by providing a uniform chart of 
accounts and pro forma transactions used to standardize federal 
agencies’ financial information accumulation and processing throughout 
the year, enhance financial control, and support budget and external 
reporting, including financial statement preparation. The SGL is 
intended to improve data stewardship throughout the government, 
enabling consistent reporting at all levels within the agencies and 
providing comparable data and financial analysis at the governmentwide 
level.[Footnote 13] 

Remediation Plans: 

FFMIA requires an agency head to determine, based on a review of the
auditor’s report on the agency’s financial statements and any other 
relevant information, whether the agency’s financial management systems
substantially comply with the act. The agency head is required to make 
this determination no later than 120 days after (1) the receipt of the 
auditor’s report or (2) the last day of the fiscal year following the 
year covered by the audit, whichever comes first. If the agency head 
disagrees with the auditor’s determination that the systems do not 
substantially comply, the Director of OMB is to review the agency 
head’s determination and report to the appropriate committees of the 
Congress. If the agency head agrees that the systems do not 
substantially comply, FFMIA requires that the agency head, in 
consultation with the Director of OMB, establish a remediation plan to 
bring the systems into substantial compliance with FFMIA’s 
requirements. 

According to FFMIA, the remediation plans should include the corrective
actions, intermediate target dates, and resources necessary to bring
financial systems into substantial compliance with FFMIA’s requirements
within 3 years of the date the agency head’s noncompliance determination
is made.[Footnote 14] If, with concurrence of the Director of OMB, the 
agency head determines that substantial compliance cannot be attained 
within 3 years, the remediation plan must specify the most feasible 
date by which the agency’s systems will achieve compliance and 
designate an official responsible for effecting the necessary 
corrective actions.

In accordance with the revisions to OMB guidance contained in Circular 
A-11, Preparation, Submission, and Execution of the Budget, issued June
27, 2002, agencies are required to include their remediation plans in 
their annual budget submissions due to OMB by September 9, 2002. The
guidance requires that the plans include corrective actions, resources
needed, and interim target dates to bring the financial management 
systems into substantial compliance within 3 years of the date of the
agencies’ determination that their systems are not in substantial 
compliance. The plan must also list the officials responsible for 
bringing the systems into substantial compliance with FFMIA. Agency 
remediation plans are included in agency budget submissions and subject 
to change. OMB considers these budget submissions predecisional and 
therefore not public documents. 

OMB Guidance Related to FFMIA: 

OMB sets governmentwide financial management policies and requirements 
and currently has two sources of guidance related to FFMIA. First, OMB 
Bulletin No. 01-02, Audit Requirements for Federal Financial 
Statements, dated October 16, 2000, prescribes specific language 
auditors should use when reporting on an agency system’s substantial 
compliance with FFMIA. Specifically, this guidance calls for auditors 
to provide negative assurance when reporting on an agency system’s FFMIA
compliance. Second, in a January 4, 2001, Memorandum, Revised 
Implementation Guidance for the Federal Financial Management 
Improvement Act, OMB provided guidance for agencies and auditors to use
in assessing substantial compliance. 

The guidance describes the factors that should be considered in 
determining whether an agency’s systems are in compliance with FFMIA
and provides guidance to agency heads to assist in developing corrective
action plans for bringing their systems into compliance with FFMIA. 
There are examples included in the guidance on the types of indicators 
that should be used as a basis in assessing whether an agency’s systems 
are in substantial compliance with FFMIA. 

Scope and Methodology: 

We reviewed fiscal year 2001 financial statement audit reports for the 
24 CFO Act agencies to determine (1) which agencies had systems that 
their auditors found to be noncompliant with FFMIA requirements, (2) the
reasons why the systems were found to be noncompliant, and (3) the type
of assurance the auditors provided. We did not independently verify or 
test the data in the agency audit reports. Using structured interviews, 
we interviewed auditors and agency management for 7 CFO Act agencies 
[Footnote 15] to obtain their perspectives on FFMIA implementation. 
These 7 agencies included 4 in which the auditors provided negative 
assurance in reporting on FFMIA compliance for fiscal year 2001. We 
also interviewed officials at 3 other agencies in which the auditors 
provided negative assurance for fiscal year 2000 but reported the 
agencies’ systems to be in noncompliance for fiscal year 2001. For 
these 7 agencies, we also reviewed the auditors’ FFMIA workpapers to 
assess the nature and extent of FFMIA testing. We also reviewed the 
auditors’ reports and contacted respective agencies, as needed, to 
identify agency management FFMIA determinations for the 24 CFO Act 
agencies. 

We reviewed the guidance for preparing remediation plans for fiscal year
2000 contained in the revisions to OMB Circular A-11, Preparation,
Submission, and Execution of the Budget. We reviewed agencies’ fiscal
year 2000 remediation plans[Footnote 16] to determine if they contained 
the required elements and if the proposed corrective actions addressed 
were adequately detailed if implemented satisfactorily, to resolve the 
reported instances of noncompliance with FFMIA. We compared the fiscal 
year 2000 plans to the remediation plans submitted for fiscal year 1999 
to determine if any of the plans had improved. Because agency 
remediation plans are included in agency budget submissions, OMB 
considers the plans predecisional and therefore not public documents. 
We did not have the agencies’ complete budget submissions to determine 
whether they provided more details than were available in the stand-
alone agency remediation plans. 

We conducted our work from January through August 2002 at the CFO Act
agencies, OMB, and JFMIP in the Washington, D.C., area in accordance
with generally accepted government auditing standards. We requested 
comments on a draft of this report from the Director of OMB or his 
designee. These comments are discussed in the “Agency Comments and
Our Evaluation” section and reprinted in appendix V. We also requested
oral comments from selected agency and IG officials whose financial
management systems or audit procedures are specifically discussed in the
report. We received oral comments from 4 agency and 3 IG officials of an
editorial and technical nature. Specifically, we received oral comments
from the Departments of Agriculture (Agriculture) and Commerce, Office
of Personnel Management, and SSA agency officials, and from Agriculture,
Department of the Interior (Interior), and Nuclear Regulatory 
Commission NRC) IG officials. These comments have been incorporated as
appropriate. 

Continued System Weaknesses Impair Financial Management Accountability: 

Many agencies still do not have reliable, useful, and timely financial
information, including cost data, with which to make informed decisions
and help ensure accountability on an ongoing basis. While agencies are
undeniably making progress in addressing their financial management 
systems weaknesses, most agency systems are still not substantially in
compliance with FFMIA’s requirements. IGs and their contract auditors
reported for fiscal year 2001 that the systems of 20 of the 24 CFO Act
agencies did not substantially comply with at least one of FFMIA’s three
requirements—federal financial management systems requirements, 
applicable federal accounting standards, or the SGL. 

For fiscal year 2001, 7 agencies were reported not to be in substantial
compliance with all three FFMIA requirements. Figure 4 summarizes the
auditors’ determinations regarding how many of the 24 CFO Act agencies
were reported as not in substantial compliance with each of the three
FFMIA requirements. 

Figure 4: Auditors’ FFMIA Determinations for Fiscal Year 2001: 

[See PDF for image] 

This figure is a bar graph that depicts the following data: 

System requirements: 
Agencies not in compliance: 19. 

Accounting standards: 
Agencies not in compliance: 14. 

SGL: 
Agencies not in compliance: 8. 

Note: Management for 22 of the 24 agencies agreed with their auditors' 
FFMIA determinations. Management for 2 agencies--the Environmental 
Protection Agency (EPA) and the National Science Foundation (NSF)--did 
not agree with their auditors' determinations. EPA management disagreed 
with the IG's determination that EPA was noncompliant with SFFAS No. 4 
because EPA did not comply with the requirements to provide cost per 
output to management in a timely fashion. NSF management disagreed with 
its auditors that several weaknesses in its agency security over 
information systems rendered NSF noncompliant with OMB Circular A-130, 
and therefore FFMIA. 

Source: GAO analysis of agency audit reports. We did not independently 
verify or test the data in the agency audit reports. 

[End of figure] 

While more CFO Act agencies have obtained clean or unqualified audit
opinions on their financial statements, there is little evidence of 
marked improvements in agencies’ capacities to create the full range of 
information needed to manage day-to-day operations. The number of 
unqualified opinions has been increasing over the past 5 years, from 11 
in fiscal year 1997 to 18 for fiscal years 2000 and 2001. This increase 
in unqualified audit opinions generally results from monumental efforts 
in which agencies expend significant resources simply to prepare 
auditable financial statements. While the increase in unqualified 
opinions is noteworthy, the number of agencies for which auditors 
provided negative assurance of FFMIA compliance has remained relatively 
constant throughout this same period. When more agencies receive clean 
opinions, expectations are raised that the government has sound 
financial management and can produce reliable, useful, and timely 
information on demand throughout the year, whereas FFMIA assessments 
offer a different perspective. 

Crosscutting Reasons for Noncompliance Indicate Serious Problems 
Remain: 

Based on our review of the fiscal year 2001 audit reports for the 20 
agencies reported to have systems not in substantial compliance with 
one or more of FFMIA’s three requirements, we identified six primary 
reasons related to FFMIA noncompliance. The weaknesses reported by the 
auditors, which are grouped into the following categories, ranged from 
serious, pervasive systems problems to less serious problems that may 
affect one aspect of an agency’s accounting operation: 

* nonintegrated financial management systems; 
* inadequate reconciliation procedures; 
* lack of accurate and timely recording of financial information; 
* noncompliance with the SGL; 
* lack of adherence to federal accounting standards, and; 
* weak security controls over information systems. 

Figure 5 shows the relative frequency of these problems at the 20 
agencies reported to have noncompliant systems and the problems 
relevant to FFMIA that were reported by their auditors. The same six 
types of problems were cited by auditors in their fiscal year 2000 
audit reports, as highlighted in figure 5. However, the auditors may 
not have reported these problems as specific reasons for lack of 
substantial compliance with FFMIA. We caution that the degree of 
noncompliance in a particular category may be even greater because 
auditors reporting FFMIA noncompliance may not have included all 
problems in their reports. As we discuss later, the FFMIA testing may 
not be comprehensive and other problems may exist that were not 
identified and reported. For some agencies, the problems are so serious 
and well known that the auditor can readily determine that the systems 
lack substantial compliance without examining every facet of FFMIA 
compliance. 

Figure 5: Problems Reported by Auditors for Fiscal Years 2000 and 2001: 

[See PDF for image] 

This figure is a vertical bar graph, depicting the problems reported by 
auditors for fiscal years 2000 and 2001 as follows: 

Nonintegrated financial management systems: 
Fiscal year 2000: 13 agencies; 
Fiscal year 2001: 14 agencies. 

Inadequate reconciliation procedures: 
Fiscal year 2000: 16 agencies; 
Fiscal year 2001: 13 agencies; 

Lack of accurate and timely reporting: 
Fiscal year 2000: 14 agencies; 
Fiscal year 2001: 12 agencies; 

Noncompliance with the SGL: 
Fiscal year 2000: 8 agencies; 
Fiscal year 2001: 8 agencies; 

Lack of adherence to federal accounting standards: 
Fiscal year 2000: 12 agencies; 
Fiscal year 2001: 14 agencies; 

Weak security over information systems: 
Fiscal year 2000: 19 agencies; 
Fiscal year 2001: 20 agencies; 

Source: GAO analysis of agency audit reports for fiscal year 2001. We 
did not independently verify or test the data in the agency audit 
reports. 

[End of figure] 

Nonintegrated financial management systems: 

The CFO Act calls for agencies to develop and maintain an integrated
accounting and financial management system[Footnote 17] that complies 
with federal systems requirements and provides for (1) complete, 
reliable, consistent, and timely information that is responsive to the 
financial information needs of the agency and facilitates the 
systematic measurement of performance, (2) the development and 
reporting of cost information, and (3) the integration of accounting, 
budgeting, and program information. In this regard, OMB Circular A-127, 
Financial Management Systems, requires agencies to establish and 
maintain a single integrated financial management system that conforms 
with functional requirements published by JFMIP. 

An integrated financial system coordinates a number of functions to
improve overall efficiency and control. For example, integrated 
financial management systems are designed to avoid unnecessary 
duplication of transaction entry and greatly lessen reconciliation 
issues. With integrated systems, transactions are entered only once and 
are available for multiple purposes or functions. Moreover, with an 
integrated financial management system, an agency is more likely to 
have reliable, useful, and timely financial information for day-to-day 
decision making as well as external reporting. 

Agencies that do not have integrated financial management systems
typically must expend major effort and resources, including in some 
cases hiring external consultants, to develop information that their 
systems should be able to provide on a daily or recurring basis. In 
addition, opportunities for errors are increased when agencies’ systems 
are not integrated. Agencies with nonintegrated financial systems are 
more likely to be required to devote more resources to collecting 
information than those with integrated systems. OMB’s accelerated 
reporting dates for agency performance and accountability reports 
[Footnote 18] may make such efforts and devotion of resources 
unsustainable in the long term. As a result, many agencies must 
accelerate their efforts to improve underlying financial management 
systems and controls, which is consistent with reaching the financial 
management success measures envisioned by the President’s Management 
Agenda and the JFMIP Principals. 

Auditors frequently mentioned the lack of modern, integrated financial
management systems in their fiscal year 2001 audit reports. As shown in
figure 5, auditors for 14 of the 20 agencies with noncompliant systems
reported this as a problem. For example, the Department of Education’s
(Education) lack of a fully integrated financial management system
seriously affected its ability to accumulate, analyze, and present 
reliable financial information. According to its auditors, Education 
compiled its fiscal year 2001 financial statements through a multistep 
process that includes both manual and automated procedures, which 
increases the risk of errors in the departmentwide financial 
statements. These manual processes can lead to errors that may affect 
current and prior fiscal years. For example, Education recorded 
numerous restatements and reclassifications of prior fiscal year 
financial statement balances based on its extensive analysis of certain 
general ledger balances in an effort to resolve errors that existed in 
past years. While the auditors noted that some of the entries to 
correct or reclassify amounts resulted from Education’s extensive 
analysis, the identification of these errors reinforces concerns about 
Education’s lack of an integrated financial management system. 
According to the auditors, Education processed and approved adjustments
to correct or reclassify amounts that were later discovered to be 
erroneous. As a result, additional manual adjustments were needed to 
correct these new errors, which cast doubt on the sufficiency of the 
process for reviewing and approving adjustments. To focus attention on 
long-standing financial management issues, the Secretary of Education 
created a Management Improvement Team (MIT). The MIT’s goals include 
addressing outstanding recommendations related to the financial 
statement audits and ensuring an environment with effective internal 
controls. The Education IG noted that the MIT has identified corrective 
actions for improving the department’s programs and operations. 

Inadequate reconciliation procedures: 

A reconciliation process, even if performed manually, is a valuable 
part of a sound financial management system. In fact, the less 
integrated the financial management system, the greater the need for 
adequate reconciliations because data for the same transaction may be 
separately entered in multiple systems, causing the risk of errors to 
be greater. For example, according to its auditors, the Agency for 
International Development (AID) must place a greater reliance on 
processes like reconcilations because it lacks an integrated system. 
Reconciliation procedures are a control necessary to maintain and 
substantiate the accuracy of the data reported in an agency’s financial 
statements and reports. The Comptroller General’s Standards for 
Internal Control in the Federal Government highlights reconciliation as 
a key control activity. 

As shown in figure 5, auditors for 13 of the 20 agencies with 
noncompliant systems reported that the agencies had reconciliation 
problems, including difficulty reconciling their fund balance with 
Treasury accounts [Footnote 19] with Treasury’s records. Treasury 
policy requires agencies to reconcile their accounting records with 
Treasury records monthly, which is comparable to individuals 
reconciling their checkbooks to their monthly bank statements. However, 
such reconciliations were not being routinely performed. For example, 
during fiscal year 2001 some of the fund balances with Treasury for the 
Department of State (State) did not reconcile with Treasury’s fund 
balance amounts. State’s auditors reported that the absolute difference 
[Footnote 20] between State’s and Treasury’s balances as of September 
30, 2001, was about $131 million. State’s auditors noted that while 
progress had been made in reducing the net difference between State’s 
and Treasury’s records, weaknesses in the reconciliation process still 
remained, particularly affecting older fund balances. The auditors 
recommended that State reexamine its reconciliation processes and also 
assess whether adjustments should be made to its records. 

Inadequate reconciliation procedures also complicate the identification
and elimination of intragovernmental transactions, which is one of the
principal reasons we continue to disclaim on the government’s
consolidated financial statements. As we testified in April 2002, 
[Footnote 21] agencies have not reconciled intragovernmental balances 
with their trading partners [Footnote 22] and, as a result, information 
reported to Treasury is not reliable. For several years, OMB and 
Treasury have required the CFO Act agencies to reconcile selected 
intragovernmental activity and balances with their trading partners. 
However, numerous agencies did not fully perform these reconciliations 
for fiscal year 2000. Beginning with fiscal year 2001, OMB and Treasury 
required agency CFOs to report on the extent and results of 
intragovernmental activity reconciliation efforts. The IGs reviewed 
these reports and communicated the results to OMB, Treasury, and GAO. 
IGs reported that the required reconciliations for fiscal year 2001 
were not fully performed, citing reasons such as (1) trading partners 
not providing needed data, (2) limitations and incompatibility of 
agency and trading partner systems, and (3) human resource issues. For 
fiscal years 2001 and 2000, amounts reported for certain 
intragovernmental accounts were significantly out of balance. OMB has 
proposed “business rules” for certain types of intragovernmental 
transactions. The continued involvement of OMB and the CFO Act agencies 
will be critical to resolving this issue. 

Lack of accurate and timely recording of financial information: 

Accurate and timely recording of financial information is key to 
successful financial management. Timely recording of transactions can 
facilitate accurate reporting in agencies’ financial reports and other 
management reports that are used to guide managerial decision making. 
The Comptroller General’s Standards for Internal Control in the Federal
Government states that transactions should be promptly recorded to 
maintain their relevance and value to management in controlling 
operations and making decisions. As shown in figure 5, auditors for 12 
of the 20 agencies with noncompliant systems found that agencies did not
record transactions in the general ledger in an accurate and timely 
manner. 

The lack of timely transaction recording can also result in the use of
inaccurate information for decision making. For example, auditors for 
six agencies reported that unliquidated obligations [Footnote 23] were 
not deobligated in a timely manner due to the lack of procedures for 
reviewing unliquidated obligations or the failure to follow prescribed 
procedures. Agency failure to deobligate funds in a timely manner may 
result in the loss of the use of those funds. For example, auditors for 
the Department of Transportation (DOT) identified about $293 million of 
obligations that were no longer needed and could be used for other 
valid purposes or returned to the U.S. Treasury. 

Untimely transaction recording during the fiscal year can also result in
substantial efforts at fiscal year-end to perform extensive manual 
financial statement preparation efforts that are susceptible to error 
and increase the risk of misstatements. For example, auditors reported 
that Department of Justice (Justice) components did not perform their 
accrual-based financial transaction processing on an ongoing basis. 
Auditors for two components, the Drug Enforcement Administration and 
the Offices, Boards, and Divisions, stated that the financial statement 
preparation effort must be a componentwide effort, involving all 
program budget and administrative offices. Gathering financial data 
only at year-end does not provide adequate time to analyze transactions 
or account balances. Without time to perform these analyses, misstated 
or unsupported financial statement account balances can occur. Further, 
it impedes management’s ability throughout the year to have timely and 
useful information for decision making. 

Noncompliance with the SGL: 

Implementing the SGL at the transaction level is one of the specific
requirements of FFMIA. However, as shown in figure 5, auditors for 8 of 
the 20 noncompliant agencies reported that the agencies’ systems did not
comply with SGL requirements. The SGL promotes consistency in financial
transaction processing and reporting by providing a uniform chart of 
accounts and pro forma transactions. It also provides a basis for 
comparison at the agency and governmentwide levels. These defined 
accounts and pro forma transactions are used to standardize the 
accumulation of agency financial information, as well as enhance 
financial control and support financial statement preparation and other 
external reporting. By not implementing the SGL, agencies are 
challenged to provide consistent financial information across their 
component agencies and functions. For example, auditors for AID 
reported that AID does not report on its mission activities [Footnote 
24] using the SGL at the transaction level. These mission activities 
account for approximately 52 percent of AID’s total net cost of 
operations. AID recorded its mission activities in its Mission 
Accounting and Control System—an automated system that uses transaction 
codes that do not match to the SGL chart of accounts. AID used a 
monthly process to crosswalk these mission transactions to the SGL, but 
could not ensure that transactions were posted properly and 
consistently from mission to mission. OMB officials have stated that 
while this monthly process may be a good interim solution until AID has 
fully implemented its new core financial system, this process does not 
allow AID’s systems to be substantially compliant with the SGL at the 
transaction level. Until AID deploys its newly implemented core 
financial system worldwide, [Footnote 25] it will continue to use the 
Mission Accounting and Control System for its overseas missions. 

The Department of Housing and Urban Development’s (HUD) Federal Housing 
Administration (FHA) must use several manual processing steps to 
convert its commercial accounts to SGL accounts. FHA’s legacy core 
financial system, which includes its general ledger, is based on 
commercial rather than governmental accounting. FHA has 22 systems that 
feed transactions to its core financial system, 15 of which cannot 
process transactions in the SGL format. FHA’s manual processes include 
the use of personal computer-based software to convert its commercial 
accounts to the SGL. FHA then transfers the balances to HUD’s Central 
Accounting and Program System (HUDCAPS). HUD’s auditors noted that 
FHA’s current process does not meet federal financial management 
systems requirements that a core financial system “provide for the 
automated and year-end closing of SGL accounts and rollover of the SGL 
account balances.” FHA has completed the initial phases of its project 
to implement a COTS financial software system. FHA intends to complete 
implementation of the general ledger module of this COTS system by the 
beginning of fiscal year 2003, including the implementation of the SGL 
at the transaction level. 

Lack of adherence to federal accounting standards: 

One of FFMIA’s requirements is that agencies’ financial management
systems account for transactions in accordance with federal accounting
standards. Agencies face significant challenges implementing these
standards. As shown in figure 5, auditors for 14 of the 20 agencies with
noncompliant systems reported that these agencies had problems 
complying with one or more federal accounting standards. Auditors
reported that agencies are having problems implementing standards that
have been in effect for some time, as well as standards that have been
promulgated in the last few years. Auditors for 3 agencies—HUD, 
Interior, and Justice—reported weaknesses affecting compliance with 
SFFAS No. 7, Revenue and Other Financing Sources, which became 
effective in fiscal year 1998. Auditors for several Justice components 
reported that improvements are needed in their accounting processes for 
earned and deferred revenue. For example, auditors for Justice’s 
Immigration and Naturalization Service (INS) reported that INS does not 
have a reliable system that can provide regular and timely data on the 
number and value of immigration applications and petitions received, 
completed, and pending. INS needs this data to support general ledger 
entries for recording the earned revenues when the applications are 
completed. Auditors for 5 agencies—the Department of Defense (DOD), 
AID, EPA, the Federal Emergency Management Agency (FEMA), and the 
NRC—reported trouble implementing SFFAS No. 10, Accounting for Internal 
Use Software, which became effective at the beginning of fiscal year 
2001. For example, auditors reported that while NRC had developed 
policies to implement SFFAS No. 10, NRC had not satisfactorily 
implemented the management controls needed to ensure compliance with 
SFFAS No. 10 and did not have an adequate system to track the labor 
time spent on information technology projects. 

The requirement for managerial cost information has been in place since
1990 under the CFO Act and since 1998 as a federal accounting standard.
Auditors for eight agencies [Footnote 26] reported problems 
implementing SFFAS No. 4, Managerial Cost Accounting Concepts and 
Standards. For example, auditors reported that FEMA does not have a 
managerial cost accounting system and its financial management system 
did not capture data at a detailed enough level. Having such a 
managerial cost capability would allow FEMA to give managers timely 
access to program costing reports and more effectively present 
performance measures. FEMA has developed a three-phase remediation plan 
to address issues related to compliance with FFMIA. In the third phase, 
FEMA plans to address the issues related to the need for cost 
management information to give managers timely access to program 
costing reports. 

Managerial cost information is critical for implementation of the
President’s Management Agenda. SFFAS No. 4 uses the term “managerial
cost accounting.” Some agencies have adopted the term “cost management” 
to emphasize that cost, budget, and performance data are needed to 
improve management decision making throughout the year, and are more 
comprehensive than the cost data required for external reporting. We 
later discuss further implications related to cost management and 
agencies that have made promising strides toward implementing this
critical tool. 

Weak security controls over information systems: 

Information security weaknesses are one of the frequently cited reasons
for noncompliance with FFMIA and are a major concern for federal 
agencies and the general public. These weaknesses are placing enormous
amounts of government assets at risk of inadvertent or deliberate 
misuse, financial information at risk of unauthorized modification or 
destruction, sensitive information at risk of inappropriate disclosure, 
and critical operations at risk of disruption. Auditors for all 20 of 
the agencies reported as noncompliant with FFMIA identified weaknesses 
in security controls over information systems. In addition, auditors 
for the 4 agencies that provided negative assurance in reporting on 
compliance with FFMIA in their fiscal year 2001 audit reports 
identified computer security problems at those agencies, but did not 
consider those problems significant enough to be instances of a lack of 
substantial compliance with FFMIA. Unresolved information security 
weaknesses could adversely affect the ability of agencies to produce 
accurate data for decision making and financial reporting because such 
weaknesses could compromise the reliability and availability of data 
that are recorded in or transmitted by an agency’s financial management 
system. 

Since 1997, GAO has considered information security a governmentwide
high-risk area. [Footnote 27] As shown by our work and work performed 
by the IGs, security program management continues to be a widespread 
problem. Concerned with reports of significant weaknesses in federal 
computer systems that make them vulnerable to attack, the Congress 
enacted Government Information Security Reform (GISRA) provisions 
[Footnote 28] to reduce these risks and provide more effective 
oversight of federal information security. GISRA requires agencies to 
implement an information security program that is founded on a 
continuing risk management cycle and largely incorporates existing 
security policies found in OMB Circular A-130, Management of Federal 
Information Resources, Appendix III. GISRA also added an important new 
requirement by calling for both annual management and independent 
evaluations of the information security program and practices of an 
agency. We testified in March 2002 [Footnote 29] that information 
security weaknesses were most often identified [Footnote 30] for (1)
security program management, (2) access controls, and (3) service
continuity controls. Security program management provides the framework 
for ensuring that risks are understood and that effective controls are 
selected and properly implemented. Access controls ensure that only 
authorized individuals can read, alter, or delete data. Service 
continuity controls ensure that when unexpected events occur, such as a
natural disaster, critical operations will continue without undue 
interruption and that crucial, sensitive data are protected. 

As we testified in March 2002, [Footnote 31] OMB is using a combination 
of formal guidance, review and analysis of agency-reported material, 
agency discussion and feedback, and monitoring of corrective actions to 
oversee and coordinate agency compliance with the GISRA provisions. On 
January 16, 2001, OMB issued Guidance on Implementing the Government
Information Security Reform Act that summarized OMB, agency, and IG 
responsibilities as well as provided answers to other specific 
implementation questions. On June 22, 2001, OMB followed up its 
implementation guidance with Reporting Instructions for the Government
Information Security Reform Act that contained final reporting 
instructions that directed agencies to transmit copies of their annual
agency program reviews and IG independent evaluations to OMB. 
Furthermore, on October 17, 2001, OMB also issued Guidance for 
Preparing and Submitting Security Plans of Action and Milestones, which 
included detailed guidance for preparing and submitting security plans 
of action and milestones (corrective action plans), which list 
information security weaknesses identified in agencies’ annual reviews 
and evaluations and describe how and when these weaknesses would be
addressed. OMB is continuing to address information security and for 
fiscal year 2002 issued Reporting Instructions for the Government 
Information Security Reform Act and Updated Guidance on Security Plans 
of Action and Milestones, on July 2, 2002, which updated guidance for 
fiscal year 2002 GISRA reporting and preparation of corrective action 
plans. In addition to providing guidance, OMB also reviewed the results 
of the agencies’ program reviews and independent evaluations and 
consulted with officials in the agencies to clarify information and 
provide feedback. OMB sent letters to the agency heads that provided 
the results of its assessment of the agencies’ submissions for the 
reform provisions and either conditionally approved or disapproved 
their information security programs. Finally, OMB stated in its first 
annual GISRA report to the Congress dated February 2002 that to 
intensify oversight, it will, among other activities, discuss progress 
on information technology (IT) security corrective action plans with 
each agency and integrate IT security as an element contributing to the 
Executive Branch Management Scorecard. 

Auditors Provided Negative Assurance as to Substantial Compliance: 

Auditors for four agencies—the Departments of Energy and Labor, the 
GSA, and SSA—provided negative assurance in reporting on FFMIA 
compliance for fiscal year 2001. In their respective reports, they 
included language stating that while they did not opine as to 
compliance with FFMIA, nothing had come to their attention indicating 
that these agencies’ financial management systems did not meet FFMIA 
requirements. While this form of reporting has useful applications, it 
is not relevant or appropriate for this particular type of engagement 
given the requirements of FFMIA. Our fundamental concern is that this 
type of reporting may provide a false impression that the systems have 
been found to be substantially compliant by the auditors, which is not 
what the auditors are saying. In fact, the provisions of FFMIA require 
auditors to “...report whether the agency financial management systems 
comply with the requirements of [the act].” In providing guidance on 
reporting on substantial compliance with FFMIA, OMB Bulletin No. 01-02, 
Audit Requirements for Federal Financial Statements, states that 
auditors should report that “the results of our tests disclosed no 
instances in which the agency’s financial management systems did not 
substantially comply” [with FFMIA]. If testing disclosed that the 
agencies’ systems are not substantially compliant, auditors are 
required to report the instances of noncompliance identified. This is 
an important distinction because the term “disclosed no instances” 
carries a commonly accepted and well known interpretation across the 
audit community that providing negative assurance requires only limited 
testing because the auditor is not giving an opinion on whether the 
systems are substantially compliant. 

One important consideration is that the law does not specify when the 
FFMIA compliance testing must be done. Thus, auditors can perform FFMIA 
assessments at any time throughout the fiscal year, as long as the 
assessment is updated to the end of the reporting period. FFMIA 
assessments can be a separate review that could be staggered throughout
the year when the auditors’ workloads are not as burdensome or to spread
out the work. While work performed in auditing financial statements 
would naturally offer some perspective regarding FFMIA compliance, the 
work needed to assess substantial compliance of systems with FFMIA 
should be more comprehensive than that performed for purposes of 
rendering an opinion on the financial statements. In performing 
financial statement audits, auditors generally focus on the capability 
of the financial management systems to process and summarize financial 
information that flows into the financial statements. In contrast, 
FFMIA is much broader, and auditors need to consider many other aspects 
of the financial management system including whether an agency’s 
systems comply with systems requirements and provide reliable, useful, 
and timely financial-related information for managing day-to-day 
operations. FFMIA was designed to lead to system improvements that 
would result in agency managers being routinely provided with reliable, 
useful, and timely financial-related information to measure performance 
and increase accountability throughout the year, rather than just at 
year-end. Some of the auditors we interviewed told us that providing 
positive assurance would require more audit work and therefore would 
result in much higher audit fees. For example, auditors for the 
Department of Energy estimated that an additional 400 staff hours would 
be needed to provide positive assurance. Auditors for GSA estimated 
that it would cost an additional $110,000 to $120,000 to provide 
positive assurance. The auditors we interviewed also had concerns about 
providing positive assurance in reporting on agency systems’ FFMIA 
compliance because of a need for clarification regarding the meaning of 
substantial compliance and guidance regarding reporting. 

Today, for some agencies, the auditor may have sufficient knowledge to
conclude that an agency is not in substantial compliance with FFMIA
without performing additional testing beyond that needed for the 
financial statement audit opinion, because systems deficiencies are 
well known and well documented. Because not all areas were tested, 
additional weaknesses might exist that were not identified and 
reported. However, as agencies’ systems move toward substantial 
compliance with FFMIA, auditors will need to perform more comprehensive 
testing to assess agencies’ systems compliance with FFMIA. Some of the 
promising audit procedures noted during our review included detailed 
audit programs and an assessment of financial systems’ functionality. 

Moreover, although the compliance indicators in OMB’s January 4, 2001,
FFMIA guidance were meant only as examples of compliance, auditors for
several of the agencies we interviewed used the indicators as a 
checklist for determining an agency’s systems compliance. If a 
deficiency in a specific indicator was noted, noncompliance was 
reported. This was not the way the OMB indicators should have been used 
because just merely applying those indicators is too limiting and was 
not OMB’s intention. Auditors cannot follow a checklist approach when 
assessing the substantial compliance of agency systems with FFMIA. 
Instead, auditors need to consider the substance of these systems, 
particularly how they function. Without a comprehensive approach, key 
systems’ functionalities may not be assessed, and the extent of 
noncompliance will remain uncertain. Without testing the functionality 
of a financial management system, auditors cannot be assured that the 
agencies’ systems are operating as designed and that the systems 
substantially comply with FFMIA and provide reliable, useful, and 
timely information to managers and other decision makers. In short, the 
auditor’s work needs to be analytical and not viewed as a checklist 
procedure. If auditors are merely checking boxes, we question the value 
of their work and do not believe it meets the expectations of the 
Congress in requiring auditor reporting under FFMIA. 

Last year in reporting on FFMIA, [Footnote 32] we recommended that OMB 
revise its current FFMIA guidance to address a number of issues related 
to FFMIA assessments. We recommended that OMB: 

* require agency auditors to provide positive assurance when reporting 
an agency’s systems to be in substantial compliance; 

* clarify the definition of substantial compliance;

* specify the type of procedures auditors should perform; 

* request auditors to pay special attention to the requirements of
Managerial Cost Accounting Concepts and Standards; and; 

* reiterate that the indicators of compliance in the January 4, 2001, 
FFMIA implementation guidance are not meant to be all-inclusive. 

OMB officials told us that they had not taken any action to modify their
FFMIA guidance to address our recommendations related to improving 
auditors’ FFMIA assessments. Instead, they were focusing on new 
initiatives such as the Executive Branch Management Scorecard to help
stimulate improvements to agency financial management systems. Further,
OMB said that they plan to combine a number of financial management
bulletins and circulars, such as OMB Circular A-127 and OMB Bulletin 01-
02, into a comprehensive document that would provide agencies and 
auditors with more flexibility. We look forward to seeing this new OMB
document which is now under development. 

To help close the gap in the current OMB guidance, we have worked with
representatives from the President’s Council on Integrity and Efficiency
(PCIE) to draft a section for the GAO/PCIE Financial Audit Manual
(FAM) [Footnote 33] with detailed audit steps for testing agency 
systems’ substantial compliance with FFMIA. Appropriately implemented, 
these audit steps would provide a sufficient basis to conclude whether 
agencies’ systems substantially comply with FFMIA. We will continue to 
work with PCIE to finalize this new section of the GAO/PCIE FAM. 
Certain members of the PCIE indicated that auditors would be reluctant 
to perform these additional procedures and provide positive assurance 
unless OMB revises its guidance to require them to do so. 

Remediation Plans Have Improved: 

FFMIA requires agency management to prepare remediation plans, in
consultation with OMB, that describe the corrective actions they plan to
take to resolve their instances of noncompliance, target dates, and
resources necessary to bring financial systems into substantial 
compliance with FFMIA requirements. Further, the President’s Management 
Agenda states that OMB will work with agencies to ensure that federal 
financial systems produce accurate and timely information to support 
operating, budget, and policy decisions. In the past, we have noted 
significant deficiencies in these remediation plans, which limit their 
usefulness as a tool for agency management and staff to use for 
resolving financial management problems. [Footnote 34] In reviewing 
these plans, we measured the completeness of agency remediation plans 
against the law’s criteria that these plans include the corrective 
actions, target dates, and resources necessary to bring their systems 
into substantial compliance. We noted improvement in the presentation 
and amount of detail in the fiscal year 2000 remediation plans for the 
Departments of Agriculture, Health and Human Services, and DOT. 
However, we noted that a number of plans submitted for fiscal year 2000 
still did not have adequate descriptions of the resources needed for 
executing the corrective actions. 

Correcting systems problems is a difficult challenge for agencies 
primarily because of the age and deficiencies of their critical 
financial management systems and the need to be able to integrate a 
range of systems with the accounting systems that provide financial 
information such as personnel and acquisition systems. Some of the 
federal government’s automated systems were originally designed and 
developed years ago (in some cases, over 2 decades ago) and cannot 
provide reliable financial information for key governmentwide 
initiatives, such as integrating budget and performance information. It 
is important that agencies focus on the substance of the information in 
these FFMIA remediation plans, rather than on the format of the plans. 
A lack of substance in the plans, including associating resources to 
detailed corrective actions, can limit the likelihood of success in 
adequately implementing the corrective actions. 

Fifteen of the 19 agencies, whose systems were determined by their IGs 
or contract auditors not to be in substantial compliance for fiscal 
year 2000, prepared remediation plans. Two agencies—EPA and the SSA—did 
not prepare plans because management determined that the agencies’ 
systems substantially complied with FFMIA. According to NRC officials, 
NRC has not updated its remediation plan since the version dated May 
31, 2001; however, NRC did send a condensed version of this plan to OMB 
last fall with its budget submission for fiscal year 2003. According to 
DOD officials, DOD is not going to issue an updated financial 
management improvement plan in light of its ongoing Financial 
Management Modernization Program. This program is expected to address 
the underlying problems of DOD’s financial management systems as well 
as to transform its overall business processes. As we discuss later, 
the development of a departmentwide financial management system 
enterprise architecture at DOD will be an important step in this 
transformation process. 

We reviewed the 15 available remediation plans to determine whether (1)
they included all the instances of noncompliance identified in the 
fiscal year 1999 financial statement audits, (2) the planned corrective 
actions were accompanied by detailed steps, (3) the corrective actions, 
if successfully implemented, could potentially resolve the problems, 
(4) they included information about resources needed, and (5) they 
provided target dates for completing the corrective actions. We have 
not verified the agency actions taken to date. For our report on FFMIA 
compliance last year, [Footnote 35] we reviewed the remediation plans 
prepared by agencies to address problems identified in the fiscal year 
1999 financial statement audits. For this year’s report, we reviewed 
the agencies’ fiscal year 2000 remediation plans. [Footnote 36] 
Remediation plans need to be sufficiently detailed to provide a “road 
map” for agency management and staff to resolve financial management 
problems identified as part of the FFMIA process. OMB requires agencies 
to include the remediation plan as part of a financial management plan 
that is provided with annual budget submissions. The financial 
management plan should address all aspects of financial management 
improvements. Figure 6 presents the results of our analysis. 

Figure 6: Results of Review of Fiscal Year 2000 Remediation Plans: 

[See PDF for image] 

This figure is a bar graph depicting the results of review of fiscal 
year 2000 remediation plans, as follows: 

Are corrective actions for all instances of noncompliance included? 
Yes: 14 plans; 
No: 1 plan. 

Are corrective actions detailed? 
Yes: 15 plans; 
No: 0 plans. 

Will corrective actions likely resolve the problems, if successfully
implemented? 
Yes: 15 plans; 
No: 0 plans. 

Are resources included? 
Yes: 5 plans; 
No: 10 plans. 

Are time frames included? 
Yes: 14 plans; 
No: 1 plan. 

Source: GAO analysis of fiscal year 2000 remediation plans. 

[End of figure] 

As shown in figure 6, 14 of the agencies’ remediation plans included
corrective actions that covered all of the reported instances of
noncompliance identified in the fiscal year 2000 financial statement 
audits. The remediation plans for Treasury did not include corrective 
actions to cover all of the instances of FFMIA noncompliance reported 
by the auditors. For example, Treasury’s Financial Management Service’s 
(FMS) remediation plan for fiscal year 2000 did not address all of its 
information systems security weaknesses. However, FMS officials issued 
a revised remediation plan in June 2002 that they believe addresses its 
fiscal year 2001 instance of noncompliance related to all of the 
information systems security weaknesses. We will include this plan in 
our evaluation next year of the remediation plans submitted to address 
instances of noncompliance reported in the fiscal year 2001 financial 
statement audits. 

One of the areas of improvement in the remediation plans submitted by 
the 15 agencies is in the level of detail provided for the planned 
corrective actions as compared with previous plans. As shown in figure 
6, all agencies were determined to have sufficient details describing 
how the various actions are to be accomplished. DOT showed significant 
improvement in the level of detail in its remediation plan. DOT is 
currently implementing a fully integrated COTS financial management 
system throughout the department. The fiscal year 2000 plan provides 
additional detail on the implementation process, a more detailed 
listing of intermediate tasks and target dates, the status of the 
various steps, and the responsible agency officials. In particular, the 
fiscal year 2000 plan has greatly expanded the information on actions 
to be taken at the Federal Aviation Administration (FAA) compared to 
the fiscal year 1999 plan. This is especially important since FAA 
financial management has been designated as a high-risk area since 
January 1999, because of serious and long-standing accounting and
financial management weaknesses. [Footnote 37] 

OMB’s guidance and FFMIA state that remediation plans are to include
resources and target dates necessary to achieve substantial compliance. 
As shown in figure 6, 10 of the 15 remediation plans we reviewed did not
include a discussion of the staffing and funding resources required to
complete the planned corrective actions. Such information is important 
for agency management and OMB to determine whether corrective actions 
can realistically be accomplished within the specified timeframes. 

Finally, as shown in figure 6, 14 of the 15 agencies included time 
frames for the corrective actions in their remediation plans. Setting 
specific target dates, including intermediate target dates, facilitates 
tracking the progress agencies are making in reaching their specified 
goals. The one exception was FEMA’s remediation plan, which stated that 
the planned corrective actions required a multiphased, multiyear 
approach due to budgetary constraints; therefore, no specific target 
dates were provided. FFMIA specifies that agencies have 3 years to 
bring their systems into compliance after a determination of 
noncompliance is made; however, some agencies have found that the 3-
year time period is not sufficient to address the reported problems. 

FFMIA also provides for an extension of the time needed to complete the 
planned corrective actions with the concurrence of OMB. For example, in 
September 2001 HUD requested and received the concurrence of the 
Director of OMB in extending the statutory 3-year remediation time 
frame for the implementation of a new core financial system at FHA. HUD 
projected that full implementation of the system would be completed by 
December 2006. OMB’s leadership and close oversight of agencies’ 
remediation efforts will continue to be important to help ensure that 
these plans substantively address the problems. 

The advisory role FFMIA established for OMB with respect to agency
remediation plans is important for addressing the types of problems we
noted in remediation plans we reviewed. Therefore, in a prior report, 
[Footnote 38] we recommended that OMB work with the agencies to ensure 
that all remediation plans are prepared and submitted in a timely 
manner. We also recommended that OMB review agencies’ plans for (1) 
detailed corrective actions that fully address reported problems, (2) 
inclusion of resource requirements, and (3) specific time frames needed 
to implement and resolve problems. To fulfill their mandated role, OMB 
has developed a multidisciplinary approach for reviewing agency plans 
to correct FFMIA problems. 

According to OMB officials, OMB reviews the business cases submitted by
agencies to support requests for funding of investments in information
technology. These business cases are included in the agencies’ budget 
submissions. Agencies’ business cases for financial management systems
are to address, among other things, any FIA, FFMIA, and internal control
problems reported by auditors or agency management. OMB officials told
us that agency business cases, which include FFMIA remedial actions, are
reviewed by OMB’s resource management officers as well as 
representatives from OMB’s statutory offices—the Office of Federal 
Financial Management, Office of Federal Procurement Policy, and the
Office of Information and Regulatory Affairs. OMB further stated that,
generally, agency remediation plans are included in agency budget 
submissions and subject to change. OMB considers these budget 
submissions predecisional and therefore not public documents. 

Agency Efforts to Implement New Financial Systems: 

Across government, agencies have many efforts underway to implement or 
upgrade financial systems to alleviate long-standing weaknesses in 
financial management. While progress continues to be made to improve
financial management systems, for some agencies there is a long way to 
go. At some agencies, most notably DOD, the problems are so severe that 
it will be years before the full range of systems weaknesses are 
resolved. To be successful, agencies need to overhaul existing business 
processes by identifying the root causes as to why systems have these 
continuing financial management weaknesses. Some agencies, including the
Departments of Agriculture, Commerce, and DOT, GSA, NASA, the Office
of Personnel Management (OPM), [Footnote 39] and SSA are in the 
implementation phases of new accounting systems. Other agencies are in 
the planning and design phases, such as the Departments of Defense, 
Interior, Energy, and Justice. FEMA is implementing a new version of 
its Integrated Financial Management Information System. Many of these 
new financial systems are COTS packages sold by vendors whose software 
has been certified by JFMIP. [Footnote 40] It is important in 
implementing COTS packages that agencies reengineer business practices 
to avoid customization of the COTS software and maximize the software’s 
utility instead of trying to automate ineffective current business 
practices. 

Agencies can help ensure that financial management systems investments
deliver the intended results by (1) using Clinger-Cohen Act IT 
management requirements, (2) undertaking financial management systems
modernization in a broad enterprise architecture context, and (3)
redesigning business processes in conjunction with implementing new
technology. To assist federal agencies in this process, we have 
developed the IT Investment Management Framework [Footnote 41] to 
provide a common structure for discussing and assessing IT capital 
planning and investment management practices. This framework includes 
steps toward achieving both a stable and mature IT investment 
management process. 

Once a project has been selected, good project management is a critical
ingredient to successful implementation. For example, it is imperative 
that managers sufficiently plan their project and that the sponsors are 
involved in the implementation. Next, deadlines should be realistic and 
project managers should be capable of understanding the complexities of 
the job. Throughout the job, the implementation should be monitored to 
ensure the project is going as planned. 

While many agencies are in the process of implementing COTS systems to
address long-standing financial management problems, implementing a
new system will not resolve these problems without adequate accounting
policies and internal controls in place. For example, about 98 percent 
of the Department of Agriculture has implemented a COTS package to 
serve as its financial management system. According to an Agriculture 
IG report [Footnote 42] dated June 2002, Agriculture’s new system could 
provide the department with a materially strengthened accounting 
system, strengthened financial controls, and better financial 
reporting. But the Office of the Chief Financial Officer (OCFO) 
delegated responsibility to the agencies to establish “agency specific” 
accounting policies and internal controls. The IG found that the 
accounting policies and procedures developed by the agencies were not 
consistent, adequate, or proper. Furthermore, the agencies were not 
following the guidance issued by OCFO. For example, the IG found that 
the agencies were not limiting access, sufficiently segregating duties, 
or monitoring appropriation balances. Therefore, although the 
Department of Agriculture has significantly completed implementing a 
COTS package, its long-standing financial management problems have not 
yet been solved. The Agriculture CFO advised us that they have taken a 
number of steps to strengthen financial management and to address 
issues identified by the IG. 

NASA is working toward implementing an integrated financial management
system that it expects to be fully operational in 2006 at an estimated 
cost of $475 million. As we testified in March 2002, [Footnote 43] this 
is NASA’s third attempt to implement a new financial management system. 
The first two efforts were abandoned after 12 years and expenditures of 
$180 million. Given the high stakes involved, it is critical that 
NASA’s leadership provide the necessary direction, oversight, and 
sustained attention to ensure that this project is successful. 

According to SSA officials, SSA has successfully completed their “test
drive” of a new COTS system. The purpose of the “test drive” was to 
ensure that the COTS system could meet the agency’s needs before 
beginning implementation. SSA decided to purchase the package and to 
begin implementation. Currently, SSA management is analyzing gaps and
reviewing business processes to determine what business processes or
software changes are necessary. 

Problems with DOD’s financial management operations go far beyond its
accounting and finance systems and processes. DOD continues to rely on a
far-flung, complex network of finance, logistics, personnel, 
acquisition, and other management information systems to gather the 
financial data needed to support day-to-day management decision making. 
This network was not designed to be, but rather has evolved into, the 
overly complex and error-prone operation that exists today, including 
(1) little standardization across DOD components, (2) multiple systems 
performing the same tasks, (3) the same data stored in multiple 
systems, (4) manual data entry into multiple systems, and (5) a large 
number of data translations and interfaces that combine to exacerbate 
problems with data integrity. Many of DOD’s business operations are 
mired in old, inefficient processes and legacy systems, some of which 
go back to the 1950s and 1960s. By a wide margin, DOD faces the 
greatest challenge of any agency in overhauling its financial 
management systems. 

Past efforts at reforming DOD’s business operations have been impeded in
part by the (1) lack of sustained top-level leadership and (2) cultural
resistance to change. DOD’s past experience has suggested that top
management has not had a proactive, consistent, and continuing role in
building capacity, integrating daily operations for achieving 
performance goals, and creating incentives. Sustaining top management 
commitment to performance goals is a particular challenge for DOD. In 
the past, the average 1.7-year tenure of the department’s top political 
appointees has served to hinder long-term planning and follow-through. 
Further, Secretary Rumsfeld has articulated that modernizing DOD’s 
business operations and systems is a departmentwide priority and will 
require leadership at every level. Cultural resistance to change and 
military service parochialism have also played a significant role in 
impeding previous attempts to implement broad-based management reforms 
at DOD. The department has acknowledged that it confronts decades-old 
problems deeply grounded in the bureaucratic history and operating 
practices of a complex, multifaceted organization, and that many of 
these practices were developed piecemeal and evolved to accommodate 
different organizations, each with its own policies and procedures. 

As discussed in our June 2002 testimony, [Footnote 44] DOD’s vast array 
of costly, nonintegrated, duplicative, and inefficient financial 
management systems has resulted in part because of the lack of an 
integrated approach to addressing its management challenges. In 
response to our May 2001 report, [Footnote 45] DOD has undertaken the 
development of an enterprise architecture to achieve the Secretary’s 
vision of having “reliable, accurate and timely financial management 
information upon which to make the most effective business decisions.” 
In fiscal year 2002, DOD received approximately $98 million and has 
requested another $96 million for fiscal year 2003 for this effort. 
Consistent with the recommendations contained in our January 1999 
[Footnote 46] and May 2001 reports, DOD has an extensive effort 
underway to document the department’s current “as-is” financial 
management architecture by identifying systems currently relied upon to
carry out financial management operations throughout the department. To
date, DOD has identified over 1,500 systems that are involved in the
processing of financial information. In developing the “as-is” 
environment DOD has recognized that financial management is broader 
than just accounting and finance systems. Rather, it includes the 
department’s budget formulation, acquisition, inventory management, 
logistics, personnel, and property management systems. In developing and
implementing its enterprise architecture, DOD will need to ensure that 
the multitude of systems efforts currently underway are designed as an 
integral part of the future architecture. 

Managerial Cost Information Is Critical for Implementing the President’s
Management Agenda: 

According to the President’s Management Agenda, the accomplishment of
the other four governmentwide initiatives [Footnote 47] will matter 
little without the integration of agency budgets with performance. The 
lack of a consistent information and reporting framework for 
performance, budgeting, and accounting obscures how well government 
programs are performing as well as inhibits comparisons of performance 
and cost across programs. Timely, accurate, and useful financial and 
performance information can form the basis for reconsidering the 
relevance or “fit” of any federal program or activity in today’s world 
and for the future. However, even the most meaningful links between 
performance results and resources consumed are only as good as the 
underlying data. Therefore, agencies must address long-standing 
problems within their financial systems. As agencies implement and 
upgrade their financial management systems, opportunities exist for 
developing cost management information as an integral part of the 
system to provide important information that is timely, reliable, and 
useful. 

As we have previously discussed, laws, regulations, and standards 
emphasize that reliable information on the costs of federal programs 
and activities is crucial for effective management of government 
operations. In particular, the concepts and standards in SFFAS No. 4 
require agencies to develop cost accounting processes that will enable 
them to provide timely and reliable information on the full cost of 
federal programs, their activities, and outputs. Further, good 
information on financial program performance is necessary for the full 
and effective implementation of GPRA. The success of GPRA is crucial to 
transitioning to a more results oriented federal government where 
agencies are held accountable for achieving specific program results. 
Cost information supports decision making in a variety of different 
business environments, such as: 

1. financial accounting—to assist federal financial report users in
evaluating service efforts, costs, and the accomplishment of the
reporting entity; 

2. budgeting—to plan and make resource allocation decisions; and; 

3. managing—to manage resources in the accomplishments of broad program 
purposes, to manage the unit cost of output to ensure that units of 
output are produced as effectively and efficiently as possible, and to 
set fees. 

In each of these environments, management must know the cost of their
activities in order to make good business decisions and to report 
financial and performance information to external parties such as the 
Congress and the public, who in turn will then be able to use this cost 
information to assess the budget integrity, program and operating 
performance, stewardship, systems, and controls of the federal 
government. 

Linking of agency budgets with performance is enhanced when agencies
integrate managerial cost information into their program activities (or 
lines of business). For example, Treasury’s IG stated that one of the 
management and performance challenges [Footnote 48] that Treasury faced 
is the integration of cost accounting with its business activities. The 
IG reported that Treasury managers were unable to link resources to 
results and often reported their accomplishments based on anecdotal 
performance evidence and outdated financial information. 

Agency implementation of managerial cost accounting can be a complex
and arduous task. For example, FAA has been developing a cost accounting
system, as required by the Federal Aviation Reauthorization Act of 
1996, [Footnote 49] for several years. DOT’s IG reported in January 
2002 [Footnote 50] that notwithstanding the progress and successes 
realized so far, FAA still faces significant challenges to complete and 
operate a credible cost accounting system. The IG concluded that FAA 
still needed to (1) implement, on a timely basis, fully developed cost 
accounting and labor distribution systems, (2) establish cost and 
performance management practices, (3) account for overhead costs, (4) 
track assets, and (5) develop an adequate system of internal controls. 
Other agencies have adopted various methods of accumulating and 
assigning costs to obtain managerial cost information needed to enhance 
programs, improve processes, establish fees, develop budgets, prepare 
financial reports, and report on performance. A number of agencies have 
implemented activity-based costing (ABC), which creates a cost model of 
an organization by identifying the activities performed, the resources 
consumed, and the outputs (products and services) produced by that 
organization. ABC then uses accounting and workload data to assign 
costs to the activities and related outputs. For example, the Small 
Business Administration (SBA) uses ABC to support financial reporting,
management decision making, performance reporting, budgeting, and cost
reimbursements. SBA has used information from its cost management
system to prepare the Statement of Net Costs, make resource allocation
decisions, and provide information for outsourcing alternatives. SBA has
also used managerial costing to provide a crosswalk between the costs of
activities and programs and the agency’s strategic goals and objectives.
SBA’s cost allocation model provides information about the full costs
(direct and indirect) of its programs as well as unit costs for many 
program outputs. In fiscal year 2001, SBA began using activity-based 
budgeting (ABB) to analyze program office budgets. The purpose of ABB 
is to show the linkage between the resources the agency plans to 
consume and the outputs it plans to produce. ABC and ABB can provide 
SBA with the information needed for sound decision making. [Footnote 
51] 

While some agencies have found this method to be useful, ABC is not a
universal solution for all organizations. Other agencies have developed
managerial costing approaches that build upon existing accounting 
systems. For example, the Department of the Interior’s Bureau of Land
Management (BLM) has implemented an innovative cost model that aligns
the costs of the bureau’s activities with its work processes and mission
goals. This model was developed with extensive coordination with field
personnel and has been used for management decision making and to
develop budget requests. 

Increasing Emphasis On Improving Financial Management from the Highest
Levels of Government: 

Increasing attention from the highest levels of the federal government 
is being targeted on improving federal financial management. Most 
importantly, The President’s Management Agenda Fiscal Year 2002 
includes improved financial performance as one of the five top 
governmentwide management goals. Improvement in federal financial 
management systems is central to achieving improved financial 
performance. The administration is using the Executive Branch 
Management Scorecard to highlight agency progress in achieving the
management and performance improvements embodied in the President’s
Management Agenda. Moreover, the JFMIP [Footnote 52] Principals—the 
Secretary of the Treasury, the Director of OMB, the Director of OPM, 
and the Comptroller General—have been holding quarterly meetings that 
have resulted in unprecedented substantive deliberations and agreements
focused on key reform issues such as better-defined measures for gauging
financial management success and the establishment of financial 
management committees. 

President’s Management Agenda and the Executive Branch Management 
Scorecard: 

The administration, with its release of the President’s Management 
Agenda in August 2001, has set forth improved financial performance as
one of its five governmentwide initiatives. OMB’s criteria for measuring
improved financial performance include (1) ensuring that financial 
management systems substantially meet federal financial management
system requirements and applicable federal accounting and transaction
standards, (2) producing accurate and timely financial information, (3)
integrating financial and performance management systems to support day-
to-day agency operations, and (4) receiving unqualified and timely 
opinions on the annual financial statements and no material internal 
control weaknesses [Footnote 53] reported by the auditors. This is 
another area that the JFMIP Principals have addressed and on which they 
are in agreement. 

The administration is using the Executive Branch Management Scorecard,
based on OMB’s criteria, to highlight agencies’ progress in achieving 
the improvements embodied in the President’s Management Agenda. This is 
a step in the right direction to improving management and performance. 
The value of the scorecards is not in the scoring, but in the degree to 
which the scores lead to sustained focus and demonstrable improvements 
over time. This will depend on continued efforts to assess progress and 
maintain accountability to ensure that agencies are able to, in fact, 
improve performance. It is important that there be continual rigor in 
the scoring process for the approach to be credible and effective. OMB 
provided its baseline scores judging agency financial management as of 
September 30, 2001, and an updated version of the scorecard was 
released as of June 30, 2002. 

The recent scores indicate that while there has been progress made in
implementing the President’s Management Agenda in many agencies, it has 
not been uniform. The Scorecard had both current status scores and 
progress in implementation scores for financial management. The “status”
is assessed against the standards for success communicated by OMB in its
October 30, 2001, memo to executive departments and agencies. According
to OMB, one agency, the Department of Labor, has been upgraded from red
to yellow for its status score because it has demonstrated commitment to
improving and has made good progress. OMB has identified four tasks to
be done before Labor could be upgraded to a green status score: (1) 
integrate its financial and performance management systems, (2) complete
remedial actions for Wage and Hour’s Back Wage and Civil Monetary
Penalties Systems, (3) develop and implement a plan to reduce erroneous
unemployment insurance payments, and (4) implement a cost accounting
system. 

Two agencies, NASA and SBA, have been downgraded from yellow to red. 
NASA’s score was lowered because its auditors issued a disclaimer of
opinion on NASA’s financial statements and determined that its systems
were not in compliance with FFMIA. Similarly, SBA’s auditors determined
that its systems were not in compliance with FFMIA and reported one
material weakness and three reportable conditions relating to SBA being
unable to provide timely, complete, and reliable financial statements. 

The administration assesses “progress” on a case-by-case basis against 
the deliverables and timelines established for the five initiatives 
that have been agreed upon with each agency. According to the progress 
scores on the Executive Branch Management Scorecard, the majority of 
the agencies are proceeding according to their plans, receiving a 
“green light,” while a few are slipping or require further adjustments 
in order to achieve their objectives timely, receiving a “yellow 
light.” The Department of Interior was the only agency that received a 
“red light” on “progress” because it has failed to make progress on its 
financial performance agenda. 

JFMIP Principals: 

Starting in August 2001, the JFMIP Principals have been meeting 
quarterly to deliberate and reach agreements focused on key financial 
management reform issues. This forum provides an opportunity to reach 
decisions on key issues and undertake strategic activities that 
reinforce the effectiveness of groups such as the CFO Council in making 
progress toward improving federal financial management. In these 
meetings, the Principals have focused on key issues such as the 
following. 

* Defining success measures for financial management performance that
go far beyond an unqualified audit opinion on financial statements and
include measures such as financial management systems that routinely
provide timely, reliable, and useful financial information and no 
material internal control weaknesses or material noncompliance with 
laws and regulations and FFMIA requirements; 

* Restructuring FASAB’s composition to enhance the independence of the
board; 

* Establishing financial management committees for the federal 
government and the CFO Act agencies; 

* Overseeing DOD’s business transformation efforts; 

* Consolidating and standardizing federal payroll systems to reduce the
cost of routine operations; 

* Addressing the impediments to an audit opinion on the U.S. 
government’s consolidated financial statements, including 
intragovernmental transactions. The federal government’s current 
inability to properly account for these transactions hinders true cost
transparency and impedes achievement of the goal of a clean opinion on
the federal government’s consolidated financial statements. Therefore,
OMB has been aggressively pursuing strategies regarding 
intragovernmental transactions to reform current practices in this area
and Treasury has been working to change the process for compiling the
consolidated financial statements; 

* Accelerating financial statement reporting dates. 

In deliberating on these issues, the Principals recognized that a clean 
audit opinion alone only provides credibility to an agency’s financial 
statements as of the date of the financial statements—the last day of 
the fiscal year. It provides no assurance about the effectiveness or 
efficiency of the financial systems used to prepare the statements, the 
quality of internal control, or whether the systems can produce 
reliable data for decision-making purposes on demand throughout the 
year. This recognition led to actions such as enhancing the criteria 
for measuring progress and achievement in the Executive Branch 
Management Scorecard as discussed above, and accelerating the dates for 
issuing the government’s financial statements. With these accelerated 
dates, the government’s financial statements will be issued in a more 
timely manner and will discourage costly efforts by agencies designed 
to obtain unqualified opinions on financial statements without 
addressing the underlying systems and data reliability challenges. 

After the Principals’ endorsement, OMB acted by requiring agencies to
prepare financial statements closer to the end of the reporting period.
Under the accelerated reporting requirements, agency performance and
accountability reports for fiscal year 2002 are due to OMB by February 
1, 2003. OMB is further accelerating the deadline so that by fiscal 
year 2004, agencies will be required to submit these reports by 
November 15, 2004. In addition, in fiscal year 2003, agencies will be 
required to prepare and submit quarterly financial statements no later 
than 45 days after the end of the reporting period. 

The JFMIP Principals have proven to be a collective driving force to
communicate expectations, address impediments, and move the financial
management agenda forward. Future meetings will enable the JFMIP
Principals to reach agreements and monitor progress on strategies 
critical to the full and successful implementation of federal financial 
management reform. 

Conclusions: 

The ultimate objective of FFMIA is to ensure that agency financial
management systems routinely provide reliable, useful, and timely 
financial information, not just at year-end or for financial 
statements, so that government leaders will be better positioned to 
invest resources, reduce costs, oversee programs, and hold agency 
managers accountable for the way they run programs. To achieve the 
financial management improvements envisioned by the CFO Act, FFMIA, and 
more recently, the President’s Management Agenda, agencies need to 
modernize their financial management systems to generate reliable, 
useful, and timely financial information throughout the year and at 
year-end. Meeting the requirements of FFMIA presents long-standing, 
significant challenges that will be attained only through time, 
investment, and sustained emphasis on correcting deficiencies in 
federal financial management systems. 

To assess compliance with FFMIA, auditors need to perform detailed audit
procedures that are more comprehensive and independent of those
performed for rendering an opinion in a financial statement audit. Such 
a comprehensive and independent assessment of an agency’s financial
management system is essential to improving the performance, 
productivity, and efficiency of federal financial management and 
achieving the President’s Management Agenda. In consultation with PCIE, 
we have jointly developed guidance as a part of GAO/PCIE FAM to assist 
auditors to comprehensively test for FFMIA compliance. However, without 
action from OMB to revise its guidance on FFMIA compliance testing and
reporting, the audit community will continue to face conflicting 
guidance. Therefore, we reaffirm the recommendations we made in our 
annual FFMIA report last year [Footnote 54] that OMB specify expected 
procedures for auditors to perform when assessing FFMIA compliance as 
called for in GAO/PCIE FAM. This additional guidance should be 
principle based and should clearly outline (1) the minimum scope of 
work and (2) the procedures for auditors to perform in determining 
whether management has reliable, timely, and useful financial 
information for managing day-today operations. 

We also reaffirm our prior recommendations that OMB require agency
auditors to provide a statement of positive assurance when reporting an
agency’s systems to be in substantial compliance with FFMIA. Further, we
reaffirm our prior recommendation that OMB continue to work with the
CFOs, IGs, and GAO to explore further clarification of the definition of
“substantial compliance” and to explain the appropriate use of the
compliance indicators. Finally, we reaffirm our prior recommendation 
that OMB emphasize to auditors the significance of agencies’ ability to 
meet the Managerial Cost Accounting Concepts and Standards, given the 
crucial need for cost management information for measuring the results 
of program performance. 

The size and complexity of many federal agencies and the discipline 
needed to overhaul or replace their financial management systems present
a significant challenge for many agencies. The significance of these 
issues, now and in the future, emphasizes the need for detailed 
remediation plans. As envisioned by the act, these remediation plans 
would help agencies establish seamless systems and processes to 
routinely generate reliable, useful, and timely information that would 
improve agencies’ accountability. Again this year, our analysis showed 
that while the quality of some of the plans had improved, many 
agencies’ remediation plans continue to lack key elements that could 
preclude the achievement of FFMIA objectives. Therefore, we reaffirm 
our prior recommendation that OMB continue to work with agencies to 
ensure that the remediation plans include all required elements and are 
not making new recommendations at this time related to remediation 
plans. 

The widespread systems problems facing the federal government need
sustained management commitment at the highest levels of government.
Today, we are seeing a strong commitment from the President, the JFMIP
Principals, and the secretaries of major departments, such as DOD, to
ensuring that these needed modernizations come to fruition. This
commitment is critical to the success of the efforts underway and those
still in a formative stage to achieve the goals of the CFO Act and 
FFMIA. 

Agency Comments And Our Evaluation: 

In written comments (reprinted in app.V) on a draft of this report, OMB
agreed with our assessment that while many federal agencies are 
continuing to make progress, some agencies continue to have 
shortcomings in their financial management systems. OMB noted that
changing its audit guidance to require positive assurance when reporting
on FFMIA compliance would not necessarily measure the availability or
quality of financial information, integral to the intent of FFMIA. As we
discussed in the report, OMB officials acknowledged that they are
currently updating their financial management policy guidance, including
guidance related to financial management systems. OMB officials stated
that once the update of its financial management policy guidance has 
been completed, new performance and results-based criteria will be used 
in future FFMIA assessments. OMB further stated that it will reconsider
revising its FFMIA audit guidance once its overall federal financial
management policy has been finalized. 

OMB also commented on our affirmation of our prior recommendation that 
it continue to work with the agencies to ensure that remediation plans 
include all of the required elements. As we state in the report, most 
of the agencies did not include resource requirements for accomplishing 
corrective actions in their remediation plans, as required by FFMIA. 
OMB agrees that the stand-alone agency remediation plans do not 
necessarily include resource information, but noted that agencies have 
been instructed to include this information in their OMB Circular A-11 
budget submissions. OMB officials added that a more comprehensive 
review and assessment of agency plans to correct FFMIA problems is 
conducted as a part of OMB’s annual budget process. While OMB’s 
multidisciplinary approach to reviewing agency remediation plans 
appears to have prompted improvements in the plans, we cannot determine 
whether the required resource information not found in the stand-alone 
remediation plans is included in the budget submission information 
required under OMB Circular A-11 because we did not have the agency 
budget submissions. These documents are subject to change, and OMB 
considers the budget submissions predecisional. Therefore, we based our 
review on the standalone remediation plans received from the agencies 
directly. In reviewing these plans, we found no references to other 
parts of the agency budget submissions that might include resource 
information. Unless we review agency budget submissions, we will only 
be able to report on the contents of the stand-alone remediation plans. 

OMB and several agencies also provided other technical comments that we
incorporated as appropriate. 

We are sending copies of this report to the Chairman and Ranking 
Minority Member, Subcommittee on Oversight of Government Management,
Restructuring, and the District of Columbia, Senate Committee on
Governmental Affairs; and to the Chairman and Ranking Minority Member,
Subcommittee on Government Efficiency, Financial Management, and
Intergovernmental Relations, House Committee on Government Reform.
We are also sending copies to the Director of the Office of Management 
and Budget, the Secretary of the Treasury, the heads of the 24 CFO Act
agencies, and agency CFOs and IGs. Copies will also be made available to
others upon request. 

This report was prepared under the direction of Sally E. Thompson, 
Director, Financial Management and Assurance, who may be reached at 
(202) 512-9450 or by e-mail at thompsons@gao.gov if you have any 
questions. Staff contacts and other key contributors to this report are 
listed in appendix VI. 

Signed by: 

David M. Walker: 
Comptroller General Of the United States: 

[End of section] 

Appendix I: Publications in the Federal Financial Management Systems Requirements 
Series: 

FFMSR document: FFMSR-0 Framework for Federal Financial Management 
Systems; 
Issue date: January 1995. 

FFMSR document: FFMSR-7 Inventory System Requirements; 
Issue date: June 1995. 

FFMSR document: FFMSR-8 Managerial Cost Accounting System Requirements; 
Issue date: February 1998. 

FFMSR document: JFMIP-SR-01-02 Core Financial System Requirements; 
Issue date: November 2001. 

FFMSR document: JFMIP-SR-99-5 Human Resources & Payroll Systems 
Requirements; 
Issue date: April 1999. 

FFMSR document: JFMIP-SR-99-8 Direct Loan System Requirements; 
Issue date: June 1999. 

FFMSR document: JFMIP-SR-99-9 Travel System Requirements; 
Issue date: July 1999. 

FFMSR document: JFMIP-SR-99-14 Seized Property and Forfeited Asset 
Systems Requirements; 
Issue date: December 1999. 

FFMSR document: JFMIP-SR-00-01 Guaranteed Loan System Requirements; 
Issue date: March 2000. 

FFMSR document: JFMIP-SR-00-3 Grant Financial System Requirements; 
Issue date: June 2000. 

FFMSR document: JFMIP-SR-00-4 Property Management Systems Requirements; 
Issue date: October 2000. 

FFMSR document: JFMIP-SR-01-1 Benefit System Requirements; 
Issue date: September 2001. 

FFMSR document: JFMIP-SR-02-02 Acquisition/Financial Systems Interface
Requirements; 
Issue date: June 2002. 

[End of table] 

[End of section] 

Appendix II: Statements of Federal Financial Accounting Concepts, 
Standards, and Interpretations: 

Concepts: 
SFFAC No. 1 Objectives of Federal Financial Reporting; 
SFFAC No. 2 Entity and Display; 
SFFAC No. 3 Management’s Discussion and Analysis; 

Standards: SFFAS No. 1 Accounting for Selected Assets and Liabilities; 
Effective for fiscal year[A]: 1994. 

Standards: SFFAS No. 2 Accounting for Direct Loans and Loan Guarantees; 
Effective for fiscal year[A]: 1994. 

Standards: SFFAS No. 3 Accounting for Inventory and Related Property; 
Effective for fiscal year[A]: 1994. 

Standards: SFFAS No. 4 Managerial Cost Accounting Concepts and 
Standards; 
Effective for fiscal year[A]: 1998. 

Standards: SFFAS No. 5 Accounting for Liabilities of the Federal 
Government; 
Effective for fiscal year[A]: 1997. 

Standards: SFFAS No. 6 Accounting for Property, Plant, and Equipment; 
Effective for fiscal year[A]: 1998. 

Standards: SFFAS No. 7 Accounting for Revenue and Other Financing 
Sources; 
Effective for fiscal year[A]: 1998. 

Standards: SFFAS No. 8 Supplementary Stewardship Reporting; 
Effective for fiscal year[A]: 1998. 

Standards: SFFAS No. 9 Deferral of the Effective Date of Managerial Cost
Accounting Standards for the Federal Government in SFFAS No. 4; 
Effective for fiscal year[A]: 1998. 

Standards: SFFAS No. 10 Accounting for Internal Use Software; 
Effective for fiscal year[A]: 2001. 

Standards: SFFAS No. 11 Amendments to Accounting for Property, Plant, 
and Equipment—Definitional Changes
Effective for fiscal year[A]: 1999. 

Standards: SFFAS No. 12 Recognition of Contingent Liabilities Arising 
from Litigation: An Amendment of SFFAS No. 5, Accounting for 
Liabilities of the Federal Government; 
Effective for fiscal year[A]: 1998. 

Standards: SFFAS No. 13 Deferral of Paragraph 65-2—Material Revenue-
Related Transactions Disclosures; 
Effective for fiscal year[A]: 1999. 

Standards: SFFAS No. 14 Amendments to Deferred Maintenance Reporting; 
Effective for fiscal year[A]: 1999. 

Standards: SFFAS No. 15 Management’s Discussion and Analysis; 
Effective for fiscal year[A]: 2000. 

Standards: SFFAS No. 16 Amendments to Accounting for Property, Plant, 
and Equipment; 
Effective for fiscal year[A]: 2000. 

Standards: SFFAS No. 17 Accounting for Social Insurance; 
Effective for fiscal year[A]: 2000. 

Standards: SFFAS No. 18 Amendments to Accounting Standards for Direct 
Loans and Loan Guarantees in SFFAS No. 2; 
Effective for fiscal year[A]: 2001. 

Standards: SFFAS No. 19 Technical Amendments to Accounting Standards for
Direct Loans and Loan Guarantees in SFFAS No.2; 
Effective for fiscal year[A]: 2003. 

Standards: SFFAS No. 20 Elimination of Certain Disclosures Related to 
Tax Revenue Transactions by the Internal Revenue Service, Customs, and
Others; 
Effective for fiscal year[A]: 2001. 

Standards: SFFAS No. 21 Reporting Corrections of Errors and Changes in
Accounting Principles; 
Effective for fiscal year[A]: 2002. 

Standards: SFFAS No. 22 Change in Certain Requirements for Reconciling
Obligations and Net Cost of Operations; 
Effective for fiscal year[A]: 2001. 

Interpretations: 
No. 1 Reporting on Indian Trust Funds; 
No. 2 Accounting for Treasury Judgment Fund Transactions; 
No. 3 Measurement Date for Pension and Retirement Health Care 
Liabilities; 
No. 4 Accounting for Pension Payments in Excess of Pension Expense; 
No. 5 Recognition by Recipient Entities of Receivable Nonexchange 
Revenue. 

[A] Effective dates do not apply to Statements of Federal Financial 
Accounting Concepts and Interpretations. 

[End of table] 

[End of section] 

Appendix III: AAPC Technical Releases: 

Technical release: TR-1 Audit Legal Letter Guidance; 
AAPC release date: March 1, 1998. 

Technical release: TR-2 Environmental Liabilities Guidance; 
AAPC release date: March 15, 1998. 

Technical release: TR-3 Preparing and Auditing Direct Loan and Loan 
Guarantee Subsidies Under the Federal Credit Reform Act; 
AAPC release date: July 31, 1999. 

Technical release: TR-4 Reporting on Non-Valued Seized and Forfeited 
Property; 
AAPC release date: July 31, 1999. 

Technical release: TR-5 Implementation Guidance on SFFAS No. 10: 
Accounting for Internal Use Software; 
AAPC release date: May 14, 2001. 

[End of table] 

[End of section] 

Appendix IV: Checklists for Reviewing Systems Under the Federal 
Financial Management Improvement Act: 

Checklist: GAO/AIMD-98-21.2.1 Framework for Federal Financial Management
System Checklist; 
Issue date: May 1998. 

Checklist: GAO/AIMD-00-21.2.2 Core Financial System Requirements 
Checklist; 
Issue date: February 2000. 

Checklist: GAO/AIMD-00-21.2.3 Human Resources and Payroll Systems
Requirements Checklist; 
Issue date: March 2000. 

Checklist: GAO/AIMD-98-21.2.4 Inventory System Checklist; 
Issue date: May 1998. 

Checklist: GAO/01-99G Seized Property and Forfeited Assets Systems
Requirements Checklist; 
Issue date: October 2000. 

Checklist: GAO/AIMD-21-2.6 Direct Loan System Requirements Checklist; 
Issue date: April 2000. 

Checklist: GAO/AIMD-21.2.8 Travel System Requirements Checklist; 
Issue date: May 2000. 

Checklist: GAO/AIMD-99-21.2.9 System Requirements for Managerial Cost
Accounting Checklist; 
Issue date: January 1999. 

Checklist: GAO-01-371G Guaranteed Loan System Requirements Checklist; 
Issue date: March 2001. 

Checklist: GAO-01-911G Grant Financial System Requirements Checklist; 
Issue date: September 2001. 

Checklist: GAO-02-171G Property Management Systems Requirements 
Checklist; 
Issue date: December 2001. 

Checklist: GAO-02-762G Benefit System Requirements (Exposure Draft); 
Issue date: September 2002. 

[End of table] 

[End of section] 

Appendix V: Comments From the Office of Management and Budget: 

Executive Office of the President: 
Office of Management and Budget: 
Office of Federal Financial Management: 
Washington, DC 20503: 

September 27, 2002: 

Mt. Jeffrey C. Steinhoff: 
Managing Director, Financial Management and Assurance: 
United States General Accounting Office: 
Washington, DC 20548: 

Dear Mr. Steinhoff: 

Thank you for the opportunity to comment on the proposed report 
entitled "Financial Management: FFMIA Implementation Necessary to 
Achieve Accountability (GAO-03-31)." OMB agrees with your assessment 
that while many Federal agencies are continuing to make progress, some 
agencies continue to have shortcomings in their financial management 
systems. 

In regards to your recommendation for OMB to change its audit guidance 
to require a statement of positive assurance when reporting on FFMIA 
compliance, requiring positive assurance using the current financial 
system guidance as the basis would not necessarily measure the quality 
or availability of financial information which is the intent of the 
Act. OMB currently is updating its financial management policy guidance 
including financial management systems. Once this update is completed, 
new performance and results-based criteria will be used in future FFMIA 
assessments. With respect to your recommendation, we will consider 
revising our audit guidance once our overall Federal financial 
management policy is finalized. 

The report also reaffirms the prior recommendation that OMB continue to 
work with agencies to ensure that remediations plans include all 
required elements. Specifically cited as a problem in the proposed 
report is that the remediation plans do not include resource 
information needed to assess if the corrective actions can be 
accomplished within the specified timeframes. OMB agrees that stand-
alone remediation plans do not necessarily contain resource 
information. However, OMB has instructed agencies in Circular A-11 that 
remediation plan information required by FFMIA should be included in 
the agency's annual financial management plans and budget 
justifications; stand-alone remediation plans are not required. More 
importantly, a more comprehensive review and assessment of agency plans 
to correct FFMIA problems is performed as part of OMB's annual budget 
process. This multidisciplinary approach includes reviewing financial 
management plans, budget justifications, and business cases for 
investments. During this review we examine resource requests, 
timelines, risk mitigation, expected results, and other areas to ensure 
improvement efforts will achieve their intended outcome. Since budget 
information is prepared by the agency and reviewed by OMB, the agency 
and OMB are aware of the resource requirements. 

OMB looks forward to continuing to work with GAO on improving 
management systems. 

Sincerely, 

Singed by: 

Joseph Kull: 
Deputy Controller: 

[End of section] 

Appendix VI: GAO Contacts and Staff Acknowledgments: 

GAO Contacts: 

Sally E. Thompson, (202) 512-9450: 

Kay L. Daly, (202) 512-9312: 

Acknowledgments: 

In addition to those named above, Rosa R. Harris, William S. Lowrey, 
Debra S. Rucker, Sandra S. Silzer, and Bridget A. Skjoldal made key 
contributions to this report. 

[End of section] 

Footnotes: 

[1] Pub. L. No. 101-576, 104 Stat. 2838 (1990). 

[2] Title VIII of Public Law 104-208 is entitled the Federal Financial 
Management Improvement Act of 1996. 

[3] The American Institute of Certified Public Accountants recognizes 
the federal accounting standards promulgated by the Federal Accounting 
Standards Advisory Board (FASAB) as generally accepted accounting 
principles (GAAP). 

[4] The SGL provides a standard chart of accounts and standardized 
transactions that agencies are to use in all their financial systems. 

[5] The JFMIP Principals are the Secretary of the Treasury, the 
Directors of OMB and the Office of Personnel Management (OPM), and the 
Comptroller General of the United States. 

[6] Agency management for two of the remaining four agencies did not 
prepare remediation plans because they determined that their systems 
did substantially comply with FFMIA. The other two agencies did not 
prepare remediation plans for fiscal year 2000 for other reasons. 

[7] Under the auspices of OMB Circular A-127, JFMIP tests vendor COTS 
packages and certifies that they meet certain financial management 
system requirements for core financial systems. 

[8] U.S. General Accounting Office, Standards for Internal Control in 
the Federal Government, GAO/AIMD-00-21.3 (Washington, D.C.: November 
1999). 

[9] In October 1990, the Secretary of the Treasury, the Director of 
OMB, and the Comptroller General established FASAB to develop a set of 
generally accepted accounting standards for the federal government. 
Effective July 1, 2002, FASAB is comprised of six nonfederal or public 
members and representatives of the three Principals. 

[10] Accounting standards are authoritative statements of how 
particular types of transactions and other events should be reflected 
in financial statements. SFFACs explain the objectives and ideas upon 
which FASAB develops the standards. 

[11] An interpretation is a document of narrow scope that provides 
clarifications of original meaning, additional definitions, or other 
guidance pertaining to an existing federal accounting standard. 

[12] In 1997, FASAB, in conjunction with OMB, Department of the 
Treasury (Treasury), GAO, the CFO Council, and the President’s Council 
on Integrity and Efficiency, established AAPC to assist the federal 
government in improving financial reporting. 

[13] SGL guidance is published in the Treasury Financial Manual. 
Treasury’s Financial Management Service is responsible for maintaining 
the SGL and answering agency inquiries. 

[14] Fiscal year 2000 remediation plans, addressing instances of 
noncompliance with FFMIA identified in financial statement audits 
reports covering fiscal year 2000, were due to OMB by September 10, 
2001. Remediation plans addressing instances of noncompliance identified
in the fiscal year 2001 financial statement audit reports were not due 
to OMB until September 9, 2002. Therefore, in reviewing remediation 
plans, we reviewed the fiscal year 2000 plans. 

[15] The seven agencies selected were the Departments of Energy and 
Labor, the General Services Administration (GSA), the National 
Aeronautics and Space Administration (NASA), the National Science 
Foundation (NSF), the Small Business Administration, and the Social
Security Administration. 

[16] The fiscal year 2000 remediation plans were the most recently 
available documents since the plans for responding to issues identified 
for fiscal year 2001 were not due to OMB until September 9, 2002. 

[17] Federal financial system requirements define an integrated 
financial system as one that coordinates a number of previously 
unconnected functions to improve overall efficiency and control. 
Characteristics of such a system include (1) standard data 
classifications for recording financial events, (2) common processes 
for processing similar transactions, (3) consistent control over data 
entry, transaction processing, and reporting, and (4) a system design 
that eliminates unnecessary duplication of transaction entry. 

[18] Agency performance and accountability reports include the audit 
report and the audited financial statements. 

[19] Agencies record their budget spending authorizations in their fund 
balance with Treasury accounts. Agencies increase or decrease these 
accounts as they collect or disburse funds. 

[20] Absolute differences are computed with all numbers considered to 
be positive numbers. 

[21] U.S. General Accounting Office, U.S. Government Financial 
Statements: FY 2001 Results Highlight the Continuing Need to Accelerate 
Federal Financial Management Reform, GAO-02-599T (Washington, D.C.: 
Apr. 9, 2002). 

[22] Trading partners are U.S. government agencies, departments, or 
other components that do business with each other. 

[23] The value of goods and services ordered and obligated which have 
not been paid. 

[24] An AID mission is a representative in a cooperating country. AID 
has overseas missions and offices that manage projects associated with 
this foreign assistance. 

[25] AID has estimated that the worldwide deployment of the core 
financial system will not begin until fiscal year 2008. 

[26] These eight agencies are: Agriculture, DOD, DOT, AID, EPA, FEMA, 
National Aeronautics and Space Administration (NASA), and NRC. 

[27] U.S. General Accounting Office, High-Risk Series: An Update, GAO-
01-263 (Washington, D.C.: January 2001). 

[28] These provisions are part of the Floyd D. Spence National Defense 
Authorization Act for Fiscal Year 2001. 

[29] U.S. General Accounting Office, Information Security: Additional 
Actions Needed to Fully Implement Reform Legislation, GAO-02-470T 
(Washington, D.C.: March 6, 2002). 

[30] We analyzed the results of IG and GAO audit reports published from 
July 2000 through September 2001, including the results of the IGs’ 
independent evaluations. 

[31] GAO-02-470T. 

[32] U.S. General Accounting Office, Financial Management: FFMIA 
Implementation Critical for Federal Accountability, GAO-02-29 
(Washington, D.C.: Oct. 1, 2001). 

[33] The Financial Audit Manual, jointly issued by GAO and the 
President’s Council on Integrity and Efficiency, provides the 
methodology for performing financial statement audits of federal 
entities. 

[34] GAO-02-29. 

[35] GAO-02-29. 

[36] Remediation plans addressing issues identified in the fiscal year 
2000 financial statements were due to OMB by September 10, 2001. 

[37] U.S. General Accounting Office, High-Risk Series: An Update, GAO-
01-263 (Washington, DC: January 2001). 

[38] U.S. General Accounting Office, Financial Management: Federal 
Financial Management Improvement Act Results for Fiscal Year 1998, 
GAO/AIMD-00-3 (Washington, DC: Oct. 1, 1999). 

[39] OPM implemented its new Government Financial Information System on 
October 1, 2001. According to an OPM official, the initial 
implementation included its general ledger, budget execution, project 
cost accounting, and accounts receivable modules. The second phase of
the implementation included its accounts payable, automated 
disbursements, and procurement functionality. 

[40] JFMIP tests vendor COTS packages and certifies that they meet 
certain financial management system requirements for core financial 
systems. 

[41] U.S. General Accounting Office, Information Technology Investment 
Management: An Overview of GAO’s Assessment Framework (Exposure Draft), 
GAO/AIMD-00-155 (Washington, D.C.: May 2000). 

[42] U.S. Department of Agriculture, Office of the Inspector General, 
Audit of Selected Foundation Financial Information System Operations, 
Report Number 50401-42-FM (Washington, D.C.: June 2002). 

[43] U.S. General Accounting Office, National Aeronautics and Space 
Administration: Leadership and Systems Needed to Effect Financial 
Management Improvements, GAO-02-551T (Washington, D.C.: March 20, 
2002). 

[44] U.S. General Accounting Office, DOD Financial Management: 
Important Steps Underway But Reform Will Require Long-term Commitment, 
GAO-02-784T (Washington, D.C.: June 2002). 

[45] U.S. General Accounting Office, Information Technology: 
Architecture Needed to Guide Modernization of DOD’s Financial 
Operations, GAO-01-525 (Washington, D.C.: May 2001). 

[46] U.S. General Accounting Office, Financial Management: Analysis of 
DOD’s First Biennial Financial Management Improvement Plan, GAO/AIMD-99-
44 (Washington, D.C.: Jan. 29, 1999). 

[47] The other four governmentwide initiatives are improved financial 
performance, strategic management of human capital, competitive 
sourcing, and expanded electronic government. 

[48] U.S. Department of the Treasury, Office of the Inspector General, 
Management and Performance Challenges Facing the Department of the 
Treasury (Washington, D.C.: Jan. 30, 2002). 

[49] This act required FAA to develop a cost accounting system that 
adequately and accurately reflects the investments, operating and 
overhead costs, revenues, and other financial measurement and reporting 
aspects of its operations. 

[50] U.S. Department of Transportation, Office of Inspector General, 
2001 Status Assessment of Cost Accounting System and Practices, Federal 
Aviation Administration (Washington, D.C.: Jan. 10, 2002). 

[51] Using ABC and ABB allows agencies to manage by activity, otherwise 
known as activity-based management. 

[52] JFMIP is a joint and cooperative undertaking of OMB, the 
Department of the Treasury, OPM, and GAO working with executive 
agencies to improve financial management practices throughout the 
federal government. 

[53] A material weakness is a condition that precludes the entity’s 
internal control from providing reasonable assurance that 
misstatements, losses, or noncompliance material in relation to the 
financial statements would be prevented or detected on a timely basis. 

[54] GAO-02-29. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Jeff Nelligan, Managing Director, AndersonP1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: