This is the accessible text file for GAO report number GAO-07-914 
entitled 'Financial Management: Long-standing Financial Systems 
Weaknesses Present a Formidable Challenge' which was released on August 
6, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to the Committee on Homeland Security and Governmental Affairs, 
U.S. Senate, and the Committee on Government Oversight and Reform, 
House of Representatives: 

United States Government Accountability Office: 

GAO: 

August 2007: 

Financial Management: 

Long-standing Financial Systems Weaknesses Present a Formidable 
Challenge: 

GAO-07-914: 

GAO Highlights: 

Highlights of GAO-07-914, a report to the Committee on Homeland 
Security and Governmental Affairs, U.S. Senate, and the Committee on 
Oversight and Government Reform, House of Representatives 

Why GAO Did This Study: 

The Federal Financial Management Improvement Act of 1996 (FFMIA) 
requires the 24 Chief Financial Officers (CFO) Act agencies to 
implement and maintain financial management systems that comply 
substantially with (1) federal financial management systems 
requirements, (2) federal accounting standards, and (3) the U.S. 
Government Standard General Ledger (SGL). FFMIA also requires GAO to 
report annually on the implementation of the act. 

This report, primarily based on GAO and inspectors general reports, 
discusses (1) the problems that continued to affect agencies systems’ 
FFMIA compliance in fiscal year 2006 and (2) the initiatives under way 
to help move federal financial management toward FFMIA compliance. 

What GAO Found: 

Federal agencies have continued to make progress in meeting the 
requirements of FFMIA since the passage of the law in 1996. Most 
agencies though, have not yet progressed to the stage that their 
systems are substantially compliant, and some agencies have made little 
progress. Accordingly, agencies continue to fall short in their 
attempts to establish the financial systems needed to create the full 
range of information needed for effective day-to-day management. In 
fiscal year 2006, auditors for 17 of the 24 CFO Act agencies reported 
that agencies’ financial management systems did not substantially 
comply with at least one of the three FFMIA requirements. As shown 
below, based on audit reports, GAO identified six types of problems 
primarily related to agencies’ systems. These problems with agency 
financial systems remain a significant obstacle to supporting effective 
management of the federal government. 

Figure: Number of Agencies with Reported FFMIA Compliance Problems for 
Fiscal Years 2002 through 2006: 

[See PDF for Image] 

Source: GAO analysis, based on independent auditors' financial 
statement audit reports. 

[End of figure] 

With regard to improvement initiatives, GAO noted continued progress in 
two key areas: (1) agencies’ required remediation plans and (2) the 
Office of Management and Budget’s (OMB) efforts to address system 
implementation problems. All 12 of the remediation plans GAO reviewed 
included corrective actions, but several were missing key elements. 
Moreover, agencies continue to struggle with efforts to modernize their 
financial management systems. This problem is particularly acute at the 
Department of Defense. Agency modernization efforts have been 
consistently hampered by failure to follow best practices in systems 
development and implementation, commonly referred to as disciplined 
processes. As a result, these efforts far too often do not meet cost, 
schedule, and performance goals. To help address these problems, OMB 
has demonstrated continued progress in the implementation of the 
financial management line of business initiative. However, additional 
steps forward are needed to provide a foundation for this initiative. 

What GAO Recommends: 

To further understand the key issues that affect FFMIA implementation 
and challenges in improving financial management systems, the 
Comptroller General is convening a forum later this year to bring 
together key officials and experts for a candid discussion of these 
issues. Accordingly, this report does not include any new 
recommendations. OMB was supportive of the forum, agreed with GAO's 
assessment, and stated it was working aggressively to assist agencies 
in building a strong foundation of financial management practices. 

[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-914]. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact McCoy Williams at (202) 
512-9095 or williamsm1@gao.gov. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

Scope and Methodology: 

FFMIA Assessments Identify Marginal Improvements in Some Cases: 

Efforts Are Under Way to Address Federal Financial Management System 
Challenges: 

Conclusion: 

Agency Comments and Our Evaluation: 

Appendix I: Requirements and Standards Supporting Federal Financial 
Management: 

Financial Management Systems Requirements: 

Federal Accounting Standards: 

U.S. Government Standard General Ledger (SGL): 

Internal Control Standards: 

Appendix II: Publications in the Federal Financial Management Systems 
Requirements Series: 

Appendix III: Statements of Federal Financial Accounting Concepts, 
Standards, Interpretations, and Technical Bulletins: 

Appendix IV: Accounting and Auditing Policy Committee Technical 
Releases: 

Appendix V: Checklists for Reviewing Systems under the Federal 
Financial Management Improvement Act: 

Appendix VI: Comments from the Office of Management and Budget: 

Appendix VII: GAO Contact and Staff Acknowledgments: 

Figures: 

Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 
2006: 

Figure 2: Number of Agencies with Reported FFMIA Compliance Problems 
for Fiscal Years 2002 through 2006: 

Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 
2006: 

Figure 4: Number of Agencies with Reported FFMIA Compliance Problems 
for Fiscal Years 2002 through 2006: 

Figure 5: Number of CFO Act Agencies with Reported Nonintegrated 
Financial Management Systems Problems for Fiscal Years 2002 through 
2006: 

Figure 6: Number of CFO Act Agencies with Reported Inadequate 
Reconciliation Procedures Problems for Fiscal Years 2002 through 2006: 

Figure 7: Number of CFO Act Agencies with Reported Lack of Accurate and 
Timely Recording Problems for Fiscal Years 2002 through 2006: 

Figure 8: Number of CFO Act Agencies with Reported Noncompliance with 
the SGL Problems for Fiscal Years 2002 through 2006: 

Figure 9: Number of CFO Act Agencies with Reported Lack of Adherence to 
Federal Accounting Standards Problems for Fiscal Years 2002 through 
2006: 

Figure 10: Number of CFO Act Agencies with Reported Weak Security over 
Information Systems Problems for Fiscal Years 2002 through 2006: 

Figure 11: Summary of Analysis of Elements Included in 12 Agencies' 
Summarized Remediation Plans for Fiscal Year 2006: 

Figure 12: Agency Systems Architecture: 

United States Government Accountability Office: 
Washington, DC 20548: 

August 3, 2007: 

The Honorable Joseph I. Lieberman: 
Chairman: 
The Honorable Susan M. Collins: 
Ranking Member: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

The Honorable Henry A. Waxman: 
Chairman: 
The Honorable Tom Davis: 
Ranking Member: 
Committee on Oversight and Government Reform: 
House of Representatives: 

Having the reliable, useful, and timely financial data needed to 
efficiently and effectively manage their day-to-day operations is a 
long-standing challenge for federal agencies. To address this 
challenge, the Congress mandated financial management reform within the 
federal government by enacting the Chief Financial Officers (CFO) Act 
of 1990.[Footnote 1] The CFO Act laid the foundation for a 
comprehensive reform of federal financial management by establishing a 
leadership structure, requiring audited financial statements, and 
strengthening accountability reporting. This act also requires agencies 
to implement modern financial management systems in order to attain the 
systematic measurement of performance; the development of cost 
information; and the integration of program, budget, and financial 
information for management reporting. The end goal of the CFO Act is to 
greatly enhance the ability of federal managers to do their jobs by 
providing the full range of financial information needed for day-to-day 
management. 

Building on the foundation laid by the CFO Act, the Federal Financial 
Management Improvement Act of 1996[Footnote 2] (FFMIA) requires the 
major departments and agencies covered by the CFO Act to implement and 
maintain financial management systems that comply substantially with 
(1) federal financial management systems requirements, (2) applicable 
federal accounting standards, and (3) the U.S. Government Standard 
General Ledger (SGL) at the transaction level. The act also requires 
the heads of agencies and auditors to determine whether the agencies' 
financial management systems comply with the act's requirements. In 
addition, we are required to report annually on the implementation of 
the act. 

This report discusses (1) the auditors' assessments of federal agency 
systems' compliance with FFMIA requirements for fiscal years 1997 
through 2006 and the financial management systems problems that 
continued to affect systems' FFMIA compliance in fiscal year 2006 and 
(2) the initiatives under way to help move federal financial management 
toward the goals of the CFO Act and FFMIA compliance. This report 
incorporates historical information from our prior FFMIA reports, other 
reports issued by GAO, and reports issued by inspectors general (IG). 
We analyzed and summarized information from these reports that related 
to FFMIA issues and determined that the data in these reports were 
sufficiently reliable for the purposes of this report. We conducted our 
work from January through June 2007 in Washington, D.C., in accordance 
with generally accepted government auditing standards. We requested 
comments on a draft of this report from the Director of the Office of 
Management and Budget (OMB) or his designee. We received written 
comments from the OMB Controller. OMB's comments are discussed in the 
Agency Comments and Our Evaluation section and reprinted in appendix 
VI. 

Results in Brief: 

Since the passage of FFMIA, agencies have made progress in improving 
their financial management systems. We have seen incremental 
improvements throughout government, with some agencies making dramatic 
improvements. At the same time, much work remains to fulfill the 
underlying goals of FFMIA. As shown in figure 1, the number of agencies 
reported as having systems that were not in substantial compliance with 
at least one of the three FFMIA systems requirements improved from 20 
in fiscal year 1997 to 17 in fiscal year 2006. In fiscal year 2006, as 
in the past, the majority of agencies' financial management systems 
were still not able to routinely produce reliable, useful, and timely 
financial information for day-to-day management. These shortcomings 
impede agency managers' access to adequate financial data to 
effectively manage and oversee their major programs. 

Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 
2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 1997 through 2006. 

[End of figure] 

In fiscal year 2006, auditors for one CFO Act agency, the U.S. Agency 
for International Development (AID), provided positive assurance-- 
which is an opinion based on the nature and extent of audit work 
performed--that AID's financial management systems substantially 
complied with the requirements of FFMIA. Auditors for the remaining 
six[Footnote 3] CFO Act agencies provided negative assurance of FFMIA 
compliance. In essence, they reported that nothing came to their 
attention during the course of the audit to indicate that these 
agencies' financial management systems did not meet FFMIA requirements. 
Negative assurance is the level of assurance specified by OMB's audit 
guidance for reporting on FFMIA compliance. However, as we have 
previously reported, the extent of FFMIA compliance can be reliably 
determined through adequately testing systems to provide positive 
assurance. 

As shown in figure 2, agencies with systems reported not to be in 
substantial compliance with FFMIA requirements have made some progress 
in addressing the six problem areas that we have previously reported. 
For example, in fiscal year 2006 financial statement audit reports, 
auditors identified 7 instances of noncompliance with the SGL,[Footnote 
4] compared with 11 reported in fiscal year 2005. As a case in point, 
auditors at AID identified various actions taken to improve the level 
of compliance, such as retiring legacy systems that were not SGL 
compliant and replacing them with new systems that comply with the SGL. 
Nevertheless, the nature and seriousness of the problems reported 
indicate that most agencies' financial management systems are 
frequently unable to routinely produce reliable, useful, and timely 
financial information to support day-to-day management. Addressing the 
problems with agencies' financial management systems remains a 
significant challenge to improved financial management in the federal 
government. This problem is particularly severe at the Department of 
Defense. Many agencies are still a long way from accomplishing the 
goals of the CFO Act of 1990 and FFMIA. 

Figure 2: Number of Agencies with Reported FFMIA Compliance Problems 
for Fiscal Years 2002 through 2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 2002 through 2006. 

[End of figure] 

With regard to initiatives that are under way to help move federal 
agencies toward FFMIA compliance, we noted continued progress in two 
key areas: (1) agencies' summarized remediation plans in their 
performance and accountability reports (PARs) and (2) OMB's efforts to 
address system implementation problems. Heads of agencies that have 
systems not in substantial compliance are required to establish 
remediation plans to correct system deficiencies. FFMIA specifically 
requires that remedies, resources, and target dates be included in the 
remediation plans. OMB guidance requires agencies to summarize these 
plans in their PARs. A lack of the required data in the remediation 
plans can reduce the likelihood of successfully implementing corrective 
actions. Remediation plans provide a "road map" for management and 
staff to resolve financial management problems in a transparent manner, 
and also help hold managers accountable for needed improvements. For 
5[Footnote 5]of the 17 agencies for which the auditors reported FFMIA 
noncompliance for fiscal year 2006, the agency heads disagreed with the 
auditors and considered their agencies' systems to be substantially 
compliant with FFMIA. Therefore, they did not prepare remediation 
plans. We reviewed the remaining 12 fiscal year 2006 PARs for the 
agencies' systems that were deemed noncompliant by their agency head 
and auditor to determine if a summarized remediation plan with the 
required information was included in the agency PAR. All of the 
agencies' PARs included summarized remediation plans along with 
proposed corrective actions. However, 4 of the 12 agencies did not 
include information on staffing resources required to complete the 
planned corrective actions. One agency omitted target dates for 
completion of the corrective actions to become substantially compliant 
with FFMIA. A discussion of the resource requirements needed to 
implement the corrective actions and the time frame for completion of 
corrective actions is essential in determining whether the corrective 
actions can realistically be accomplished. The significance of the 
issues facing federal agencies, now and in the future, necessitates 
remediation plans that clearly and fully describe the corrective 
actions necessary to resolve problems, as well as the resources and 
time frames required to successfully implement those actions. 

To help address systems implementation problems, OMB continues to move 
forward on initiatives that support the President's Management Agenda 
(PMA) to enhance financial management and provide results-oriented 
information in the federal government. A key initiative has been the 
further development of the financial management line of business to 
promote leveraging shared service solutions to enhance the government's 
performance and services. OMB has demonstrated continued progress 
toward implementation of the financial management line of business 
initiative by developing, for example, migration planning guidance and 
financial management service performance metrics. OMB's initial 
framework for the competitive migration to either a public shared 
service provider or a qualified private sector provider under the 
initiative is expected to help agencies maximize value by considering 
alternative solutions in a reasoned and structured manner. 

Continuing progress needs to be made to provide a sound foundation for 
this initiative. For example, as we reported in March 2006,[Footnote 6] 
the lack of a federal governmentwide concept of operations[Footnote 7] 
significantly impairs the potential success of this initiative. 
Moreover, shared service providers have been designated without common 
business rules and potential customer agencies continue to implement 
and operate individual stove-piped systems that may require additional 
work to adopt these processes. In addition, as of the completion of our 
audit work, none of the major CFO Act agencies had moved their 
financial management systems activities to an OMB-designated shared 
service provider,[Footnote 8] although actions are under way at several 
major agencies to do so. 

To further understand the underlying issues that affect the development 
of sound financial management systems and FFMIA implementation and to 
develop steps to overcome long-standing challenges, the Comptroller 
General plans to convene a forum later this year to bring together key 
subject matter experts and practitioners to discuss these issues. After 
the forum, we plan to issue a separate report summarizing the 
discussion and consider the key issues in our future FFMIA work. 
Accordingly, we are not making any new recommendations in this report. 

In commenting on a draft of this report, OMB agreed with our assessment 
that federal agencies have continued to make progress in financial 
management and that many agencies still need to improve their financial 
systems so that reliable, useful, and timely financial management 
information is available for day-to-day operations. OMB stated that it 
was working aggressively to assist agencies in building a strong 
foundation for financial management practices and also applauded our 
plans to convene a forum on these issues. As in previous years, we and 
OMB have differing views on the level of audit assurance necessary for 
assessing and reporting on compliance with FFMIA. OMB stated in its 
comments that requiring a statement of positive assurance would be 
costly and would not provide additional information that would be of 
benefit to the federal agency, OMB, or the taxpayer. We continue to 
believe that a statement of positive assurance is a statutory 
requirement under the act and there are a number of techniques that 
auditors can use to minimize the incremental cost of providing positive 
assurance.[Footnote 9] In our view, the confidence afforded by auditors 
providing positive assurance that agency financial management systems 
convey reliable, useful, and timely information to help government 
leaders invest resources, oversee programs, and reduce costs, would be 
of significant value to the agency, OMB, the Congress, and the 
taxpayer. We will continue to work with OMB on this issue. OMB did 
agree to take under advisement our prior recommendation to clarify the 
meaning of "substantial compliance" as it updates OMB Circular No. A- 
127, Financial Management Systems. Our detailed discussion of OMB's 
comments can be found in the Agency Comments and Our Evaluation 
section. We have reprinted OMB's comments in appendix VI. 

Background: 

FFMIA is part of a series of management reform legislation passed by 
the Congress over the past two decades. This series of legislation 
started with the Federal Managers' Financial Integrity Act of 
1982[Footnote 10] (FMFIA), which the Congress passed to strengthen 
internal controls and accounting systems throughout the federal 
government, among other purposes. Issued pursuant to FMFIA, the 
Comptroller General's Standards for Internal Control in the Federal 
Government[Footnote 11] provides the standards that are directed at 
helping agency managers implement effective internal control, an 
integral part of improving financial management systems. Internal 
control is a major part of managing an organization and comprises the 
plans, methods, and procedures used to meet missions, goals, and 
objectives. In summary, internal control helps government program 
managers achieve desired results through effective management of public 
resources. 

Effective internal control also helps in managing change to cope with 
shifting environments and evolving demands and priorities. As programs 
change and agencies strive to enhance operational processes and 
implement new technological developments, management must continually 
assess and evaluate its internal control to ensure that the control 
activities being used are effective and updated when necessary. While 
agencies had achieved some early success in identifying and correcting 
material internal control and accounting system weaknesses, their 
efforts to implement FMFIA had not produced the results intended by the 
Congress. 

Therefore, beginning in the 1990s, the Congress passed additional 
management reform legislation to improve the general and financial 
management of the federal government. This legislation includes the (1) 
CFO Act of 1990, (2) Government Performance and Results Act of 
1993,[Footnote 12] (3) Government Management Reform Act of 
1994,[Footnote 13] (4) FFMIA, (5) Clinger-Cohen Act of 1996,[Footnote 
14] (6) Accountability of Tax Dollars Act of 2002,[Footnote 15] (7) 
Improper Payments Information Act of 2002,[Footnote 16] (8) The Federal 
Information Security Management Act of 2002,[Footnote 17] and (9) 
Department of Homeland Security (DHS) Financial Accountability Act of 
2004.[Footnote 18] The combination of reforms ushered in by these laws, 
if successfully implemented, provides a solid foundation to improve the 
accountability of government programs and operations as well as to 
routinely produce valuable cost and operating performance information. 
These financial management reform acts emphasize the importance of 
improving financial management of the federal government. 

In particular, building on the foundation laid by the CFO Act, FFMIA 
emphasizes the need for CFO Act agencies to have systems that ensure 
ongoing accountability and generate reliable, useful, and timely 
information for decision-making purposes. FFMIA requires the 
departments and agencies covered by the CFO Act to implement and 
maintain financial management systems that comply substantially with 
(1) federal financial management systems requirements, (2) applicable 
federal accounting standards,[Footnote 19] and (3) the SGL at the 
transaction level. FFMIA also requires auditors to state in their CFO 
Act financial statement audit reports whether the agencies' financial 
management systems substantially comply with these three FFMIA systems 
requirements. Appendixes I through IV include details on the various 
requirements and standards that support federal financial management. 

Guidance for FFMIA Issued by OMB: 

OMB establishes governmentwide financial management systems policies 
and requirements and has issued two sources of guidance related to 
FFMIA reporting. First, OMB Bulletin No. 06-03, Audit Requirements for 
Federal Financial Statements, dated August 23, 2006, prescribes audit 
requirements, including language auditors should use when reporting on 
an agency system's substantial compliance with the three FFMIA 
requirements. Specifically, this guidance calls for auditors to provide 
negative assurance when reporting on an agency system's FFMIA 
compliance. Second, in the OMB Memorandum, Revised Implementation 
Guidance for the Federal Financial Management Improvement Act (Jan. 4, 
2001), OMB provides guidance for agencies and auditors to use in 
assessing substantial compliance.[Footnote 20] The guidance describes 
some of the factors that should be considered in determining whether an 
agency's systems substantially comply with FFMIA's three requirements 
and examples of indicators that should be used in assessing whether an 
agency's systems are in substantial compliance with each of the three 
FFMIA requirements. Finally, the guidance addresses the development of 
remediation plans to be developed by agency officials for bringing 
their systems into compliance with FFMIA. 

Financial Audit Manual Section on FFMIA Developed by GAO and the 
President's Council on Integrity and Efficiency: 

We have worked in partnership with the President's Council on Integrity 
and Efficiency[Footnote 21] (PCIE) to develop and maintain the joint 
GAO/PCIE Financial Audit Manual (FAM). The FAM includes sections that 
provide specific procedures auditors should perform when assessing 
FFMIA compliance.[Footnote 22] These sections include detailed audit 
steps for testing agency systems' substantial compliance with the 
requirements of FFMIA. 

As detailed in appendix V, we have also issued a series of checklists 
to help assess whether agencies' systems meet systems requirements. The 
FAM guidance on FFMIA assessments recognizes that while financial 
statement audits offer some assurance on FFMIA compliance, auditors 
should design and implement additional testing to satisfy FFMIA 
criteria. For example, in performing financial statement audits, 
auditors generally focus on the ability of the financial management 
systems to process and summarize financial information that flows into 
annual agency financial statements. In contrast, FFMIA requires 
auditors to assess whether an agency's financial management systems 
comply with system requirements, accounting standards, and the SGL. To 
do this, auditors need to consider whether agency systems provide 
reliable, useful, and timely information for managing day-to-day 
operations so that agency managers would have the necessary information 
to measure performance on an ongoing basis rather than just at year 
end. Further, OMB's current audit guidance[Footnote 23] calls for 
financial statement auditors to review performance information for 
consistency with the financial statements, but does not require 
auditors to determine whether this information is available to managers 
for day-to-day decision making as called for by the FAM guidance for 
testing compliance with FFMIA. In collaboration with the PCIE, we are 
currently in the process of updating the FAM and expect to issue an 
updated version later in 2007. 

Scope and Methodology: 

We reviewed the fiscal year 2006 financial statement audit reports for 
the 24 CFO Act agencies to identify the auditors' assessments of agency 
financial systems' compliance and the problems that affect FFMIA 
compliance. To determine whether the data were sufficiently reliable, 
we performed the following procedures. We gained an understanding of 
the quality control environments at the respective IGs; leveraged our 
understanding of the methodology used by the IGs and their contract 
auditors in past years to reach conclusions with respect to FFMIA 
compliance at the respective agencies; considered management responses 
to the auditor's findings and conclusions; and asked questions to 
improve our understanding of the procedures applied and/or conclusions 
drawn, where appropriate. We also reviewed the data for obvious 
inconsistencies or errors, completeness, and changes from the prior 
year. When we found data which were inconsistent or incomplete we 
brought them to the attention of the cognizant IG staff and worked with 
them to resolve any issues before using the data as a basis for this 
report. When we encountered data that varied from the prior year, we 
reviewed the PAR and/or IPA report to determine the reason for the 
change. Based on these actions, we determined that the data from these 
reports were sufficiently reliable for the purposes of our report. 

Using the auditors' reports for the 24 CFO Act agencies, we identified 
problems reported by the auditors that affect agency systems' 
compliance with FFMIA. The problems identified in these reports are 
consistent with long-standing financial management weaknesses we have 
reported based on our work at a number of agencies. However, we caution 
that the occurrence of problems in a particular category may be even 
greater than auditors' reports of FFMIA noncompliance would suggest, 
because auditors may not have identified all instances of noncompliance 
with systems requirements and included all problems in their reports. 
Further, we identified other GAO and IG reports that discussed 
financial management systems issues and summarized the reports. We also 
obtained data from agencies' annual PAR reports. We also met with OMB 
officials to discuss their current efforts to improve federal financial 
management and address our prior recommendations related to FFMIA. In 
addition, we reviewed documentation provided by OMB regarding its 
current initiatives. 

We conducted our work from January through June 2007, in accordance 
with U.S. generally accepted government auditing standards. We 
requested written comments on a draft of this report from the Director 
of OMB or his designee. We received written comments from the OMB 
Controller. OMB's comments are discussed in the Agency Comments and Our 
Evaluation section and reprinted in appendix VI. We also received 
technical comments from OMB, which we incorporated as appropriate. 

FFMIA Assessments Identify Marginal Improvements in Some Cases: 

Many agencies still do not have effective financial management systems 
in place that can produce reliable, useful, and timely financial 
information, including cost data, with which to make informed decisions 
and help ensure accountability on an ongoing basis. Agencies are making 
progress in addressing their financial management systems weaknesses-- 
some dramatically. Most agency systems, though, are not yet 
substantially in compliance with FFMIA's requirements. As shown in 
figure 3, IGs and their contract auditors reported for fiscal year 2006 
that 17 of the 24 CFO Act agencies did not substantially comply with at 
least one of FFMIA's three requirements--federal financial management 
systems requirements, applicable federal accounting standards, or the 
SGL at the transaction level. Figure 3 also shows that the number of 
agencies' systems reported by auditors as noncompliant with FFMIA has 
decreased marginally (from 20 agencies to 17 agencies) since FFMIA was 
enacted. 

Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 
2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 1997 through 2006. 

[End of figure] 

Of the seven remaining CFO Act agencies, one auditor provided positive 
assurance of FFMIA compliance, while the other six provided negative 
assurance in fiscal year 2006. However, it would be erroneous to assume 
that statements of negative assurance provided by auditors for the six 
agencies equate to compliance with FFMIA. Auditors' assessments for 
three agencies changed from fiscal year 2005 to 2006. For fiscal year 
2006, auditors for GSA provided negative assurance that GSA's financial 
management systems, as a whole, were substantially compliant with 
FFMIA's three requirements. Auditors for AID provided positive 
assurance that AID's financial management systems complied with FFMIA 
in fiscal year 2006. In fiscal year 2005, both AID and GSA were deemed 
noncompliant with FFMIA by the independent auditors. According to 
management, AID was able to become compliant due to completion of 
outstanding remediation items and the worldwide deployment of its 
financial management system. Conversely, auditors for the Department of 
Labor (Labor) reported that Labor's financial management systems did 
not substantially comply with FFMIA requirements in fiscal year 2006, 
but had provided positive assurance of FFMIA compliance in fiscal year 
2005. The change was primarily due to weaknesses Labor auditors 
identified concerning general computer access controls, application 
access controls, and related manual controls. 

FFMIA Guidance Issues: 

Auditors for six agencies (Commerce, EPA, GSA, NSF, OPM, and SSA) 
provided negative assurance that the agencies' systems were compliant 
with FFMIA requirements. Auditors provide negative assurance when they 
state that nothing came to their attention during the course of their 
planned procedures to indicate that the agency's financial management 
systems did not meet FFMIA requirements. Although OMB's current audit 
guidance[Footnote 24] instructs auditors to test for compliance with 
FFMIA, it does not provide guidance on the nature and extent of tests 
to be performed. It calls for auditors to provide negative assurance 
when reporting whether an agency's systems are in substantial 
compliance with the three FFMIA requirements. However, financial 
statement users not familiar with the concept of negative assurance may 
incorrectly assume that these six agencies' systems have been fully 
tested by the auditors and that the agencies have achieved FFMIA 
compliance. In addition, without adequately testing systems for FFMIA 
compliance in a manner that is sufficient to support an opinion, 
auditors may not identify all areas of noncompliance; therefore, the 
number of problems may be even greater than those currently disclosed 
in auditors' reports on FFMIA compliance based on negative assurance. 

As we have previously reported, from our perspective, FFMIA requires 
auditors to provide positive assurance, which is an opinion. Section 
803 (b) (1) of FFMIA requires auditors to "report whether the agency 
financial management systems comply with the requirements of [the 
act]." Providing positive assurance on FFMIA compliance involves 
additional testing to determine whether an agency's financial 
management systems comply substantially with systems requirements, the 
SGL at the transaction level, and accounting standards. The procedures 
necessary to provide such assurance go beyond those needed for 
performing a financial statement audit. While financial statement 
audits in general will offer some assurance on FFMIA compliance, 
auditors should also design and implement additional testing to satisfy 
the criteria in FFMIA. For example, in fiscal year 2006, agency 
auditors for AID stated that they interviewed staff and contract 
personnel and reviewed documentation related to the capabilities of 
Phoenix, AID's core financial system. According to AID auditors, they 
examined documentation, including reports, system queries, system 
screen captures, testing documents generated during system 
implementation, and documents generated for certification and 
accreditation activity in order to determine if the implemented systems 
provide complete, accurate, and timely information for managing day-to- 
day operations necessary to achieve positive assurance. When reporting 
an agency's financial management systems to be in substantial 
compliance, positive assurance from independent auditors can provide 
users with confidence that the agency systems provide the reliable, 
useful, and timely information envisioned by the act. The fact that 
AID's auditors provided positive assurance on FFMIA compliance is a 
noteworthy achievement. 

In addition, performing audit procedures designed to provide positive 
assurance of an agency's financial management systems' substantial 
compliance with FFMIA requirements can identify weaknesses and lead to 
improvements that enhance the performance, productivity, and efficiency 
of federal financial management systems in support of day-to-day 
managerial decision making. It also provides a clear "bottom line," 
whereas negative assurance does not. Some auditors we interviewed in 
prior years indicated that a revision to OMB's guidance on FFMIA 
reporting would be necessary for them to provide an opinion of FFMIA 
compliance. Therefore, as we have discussed in prior reports covering 
fiscal years 2000 through 2005,[Footnote 25] we continue to believe 
that our prior recommendation for OMB to require agency auditors to 
thoroughly examine agencies' financial management systems and provide a 
statement of positive assurance when reporting an agency's systems to 
be in substantial compliance with the three FFMIA systems requirements 
is appropriate and required. Doing so will be key to achieving the 
act's goal of effective financial management systems across government. 

However, OMB has not concurred with our recommendation in its responses 
to our prior reports and in its comments on a draft of this report. For 
example, last year, in response to our report[Footnote 26] on fiscal 
year 2005 FFMIA results, OMB stated that the broad scope of the 
President's Management Agenda and the fundamental changes occurring 
under the Financial Management Line of Business initiative, combined 
with strengthened reporting requirements under Circular No. A-123, are 
helping agencies identify and correct FFMIA deficiencies. In that 
context, OMB reiterated its belief that requiring a statement of 
positive assurance would prove only marginally useful. 

Further, as we have previously reported, a number of auditors have 
expressed a need for clarification on the definition of "substantial 
compliance." They cited a need for additional guidance to assist them 
in assessing whether agency systems substantially comply with the three 
FFMIA requirements. The auditors reported a need for clearer guidance 
from OMB on assessing FFMIA compliance that is consistent with the GAO/ 
PCIE FAM. As a result, we continue to believe that implementation of 
our recommendation for OMB to explore clarifying the definition of 
"substantial compliance" would be useful. Other related concerns of 
agency auditors included a need for (1) more clearly defined and 
objective criteria to assist in their determination of FFMIA 
compliance, (2) more specific guidance on testing and sampling 
methodologies, and (3) additional guidance for assessing compliance 
with certain accounting standards, such as the Statement of Federal 
Financial Accounting Standards (SFFAS) No. 4, Managerial Cost 
Accounting Concepts and Standards for the Federal Government. In its 
comments on prior reports, OMB stated that its growing experience 
helping agencies implement the PMA enables it to refine the existing 
FFMIA indicators associated with substantial compliance. Accordingly, 
OMB said it would consider our recommendation in any future policy and 
guidance updates. In commenting on a draft of this report, OMB agreed 
to take this recommendation under advisement as it updates Circular No. 
A-127, Financial Management Systems. 

Problems Reported by Agency Auditors: 

Based on our review of the fiscal year 2006 audit reports for the 17 
agencies reported to have systems not in substantial compliance with 
one or more of FFMIA's three requirements, we identified six primary 
reasons for agency systems not being compliant: 

* nonintegrated financial management systems, 

* inadequate reconciliation procedures, 

* lack of accurate and timely recording of financial information, 

* noncompliance with the SGL, 

* lack of adherence to federal accounting standards, and: 

* weak security controls over information systems. 

The weaknesses reported by the auditors ranged from serious, pervasive 
systems problems to less serious problems that may affect only one 
aspect of an agency's accounting operation. While at some agencies, the 
problems were so serious that they affected the auditor's opinion on 
the agency's financial statements, at other agencies, the auditors 
cited problems that represented significant deficiencies in the design 
or operation of internal control, but were not material to the 
financial statements as a whole. 

Figure 4 shows the relative frequency of these problems at the agencies 
reported to have noncompliant systems from fiscal years 2002 through 
2006. The same six types of problems have been cited by auditors 
although the auditors may not have reported these problems as specific 
reasons for their systems' lack of substantial compliance with FFMIA's 
requirements. Some agencies have made little progress addressing these 
areas. In addition, as previously discussed, the occurrence of problems 
in any particular category may be even greater than auditors' reports 
of FFMIA noncompliance would suggest because auditors may not have 
identified all problems in their reviews conducted to provide negative 
assurance. 

Figure 4: Number of Agencies with Reported FFMIA Compliance Problems 
for Fiscal Years 2002 through 2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 2002 through 2006. 

[End of figure] 

Nonintegrated Financial Management Systems: 

The CFO Act calls for agencies to develop and maintain integrated 
accounting and financial management systems[Footnote 27] that comply 
with federal systems requirements and provide for (1) complete, 
reliable, consistent, and timely information that is responsive to the 
financial information needs of the agency and facilitates the 
systematic measurement of performance; (2) the development and 
reporting of cost management information; and (3) the integration of 
accounting, budgeting, and program information. OMB Circular No. A-127, 
Financial Management Systems, requires agencies to establish and 
maintain a single integrated financial management system that conforms 
to functional requirements now issued by the Office of Federal 
Financial Management (OFFM).[Footnote 28] More details on the financial 
management systems requirements can be found in appendixes I and II. 

The lack of integrated financial management systems typically results 
in agencies expending major effort and resources, including in some 
cases hiring external consultants, to develop information that their 
systems should be able to provide on a daily or recurring basis. 
Agencies with nonintegrated financial systems are also more likely to 
devote more time and resources to collecting information than those 
with integrated systems. In addition, opportunities for errors are 
increased when agencies' systems are not integrated. 

Auditors frequently cited the lack of integrated financial management 
systems in their fiscal year 2006 audit reports. Although improvements 
have been made, as shown in figure 5, auditors for 12 of the 17 
agencies with noncompliant systems in fiscal year 2006 reported 
nonintegrated systems as a problem, compared with 13 of the 18 agencies 
reporting such problems in fiscal year 2005. 

Figure 5: Number of CFO Act Agencies with Reported Nonintegrated 
Financial Management Systems Problems for Fiscal Years 2002 through 
2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 2002 through 2006. 

[End of figure] 

As a case in point, auditors for the Department of State (State) 
reported the lack of a modern, integrated financial management system 
in their fiscal year 2006 audit report. Since September 30, 2003, 
auditors have reported that State's financial and accounting systems 
are inadequate, thus preventing the department from routinely issuing 
timely financial statements and increasing the risk of materially 
misstating financial information. The principal areas of weakness 
included (1) certain elements of the financial statements, including, 
but not limited to, personal property, capital leases, and certain 
accounts payable, were developed from sources other than the general 
ledger; and (2) the department used several systems that were not 
integrated with the department's centralized financial management 
system for the management of grants and other types of financial 
assistance. 

Inadequate Reconciliation Procedures: 

A reconciliation process, whether manual or automated, is a necessary 
and valuable internal control in a sound financial management system. 
The less integrated the financial management system, the greater the 
need for adequate reconciliations because data are being accumulated 
from a number of different sources. Reconciliations are needed to 
ensure that data have been recorded properly between the various 
systems and manual records. As shown in figure 6, for fiscal year 2006, 
auditors for 14 of the 17 agencies with noncompliant systems reported 
that the agencies had reconciliation problems, as compared with 14 of 
the 18 agencies reporting such problems in fiscal year 2005. 

Figure 6: Number of CFO Act Agencies with Reported Inadequate 
Reconciliation Procedures Problems for Fiscal Years 2002 through 2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 2002 through 2006. 

[End of figure] 

While reconciling balances with the Department of the Treasury 
(Treasury) remains a common problem, many other types of reconciliation 
problems were also cited during fiscal year 2006. For example, at the 
Department of Agriculture (Agriculture), the independent auditor 
reported that over 50 abnormal balances exceeding $360 million existed 
at year end. The abnormal balances stemmed from a variety of causes. In 
one case, the auditors reported that Agriculture did not perform timely 
research to ensure that account relationships were reconciled and 
corresponding corrections promptly made. The number and dollar value of 
abnormal account balances had been significantly reduced from last year 
at Agriculture; however, when abnormal balances exist, immediate 
research should be performed to identify the cause and correct the 
condition. 

Lack of Accurate and Timely Recording of Financial Information: 

As shown in figure 7, auditors for 15 of 17 agencies with noncompliant 
systems reported the lack of accurate and timely recording of financial 
information as a problem for fiscal year 2006, compared with 17 of 18 
agencies reporting such problems in fiscal year 2005. 

Figure 7: Number of CFO Act Agencies with Reported Lack of Accurate and 
Timely Recording Problems for Fiscal Years 2002 through 2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 2002 through 2006. 

[End of figure] 

Accurate and timely recording of financial information is essential for 
effective financial management. Timely recording of transactions 
facilitates accurate reporting in agencies' financial reports and other 
management reports used to guide managerial decision making. In 
addition, having systems that record information in an accurate and 
timely manner is critical for key governmentwide initiatives, such as 
integrating budget and performance information. 

In contrast, lack of timely recording of transactions during the fiscal 
year can result in agencies making substantial efforts at fiscal year 
end to perform extensive manual financial statement preparation efforts 
that are susceptible to error and increase the risk of misstatements. 
For example, auditors for the Department of Energy (Energy) noted that 
the department has not completed all of the corrective actions needed 
to reconcile obligation data converted from Energy's legacy systems to 
its new financial management system, the Standard Accounting and 
Reporting System (STARS), affecting the accuracy of undelivered order 
balances at every field office tested by the auditors. As of September 
30, 2006, Energy reported undelivered orders of $11.3 billion. Errors 
in recording obligations, such as duplicating obligation entries or 
recording obligations in subsequent periods, resulted in misstatements 
of the undelivered orders balance. These problems precluded the 
department from providing assurance of accurate and complete 
undelivered orders balance in Energy's consolidated financial 
statements. Further, such problems typically result in funds not being 
available for use that otherwise would be, and in managers not having 
accurate financial information during the year for well-informed 
decisions. 

Noncompliance with the SGL: 

As shown in figure 8, auditors for 7 of the 17 agencies with 
noncompliant systems reported that the agencies' systems did not comply 
with SGL requirements for fiscal year 2006, compared with 11 of the 18 
agencies reporting such problems in fiscal year 2005. 

Figure 8: Number of CFO Act Agencies with Reported Noncompliance with 
the SGL Problems for Fiscal Years 2002 through 2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 2002 through 2006. 

[End of figure] 

FFMIA specifically requires federal agencies to implement the SGL at 
the transaction level. Using the SGL promotes consistency in financial 
transaction processing and reporting by providing a uniform chart of 
accounts and pro forma transactions and provides a basis for comparison 
at the agency and governmentwide levels. The defined accounts and pro 
forma transactions standardize the accumulation of agency financial 
information as well as enhance financial control and support internal 
and external reporting. 

According to auditors at Interior and AID, progress has been made in 
this area as a result of the agencies retiring legacy systems and 
implementing new systems that conform to the SGL. Nevertheless, failure 
to adhere to the SGL continues to impede the ability of some agencies 
to prepare accurate financial statements. For example, auditors for the 
Department of Health and Human Services (HHS) noted that its Division 
of Financial Operations (DFO) CORE accounting system, which supports 
net outlays of more than $93 billion, is a legacy accounting system and 
does not fully support the SGL. Specifically, the auditors found that 
HHS compiles its financial statements through a multistep process using 
a combination of manual and automated procedures. Further, agency 
auditors identified over 100 instances with an approximate value of 
over $3 billion of general ledger accounts and crosswalks that were not 
used consistently or in compliance with Treasury's guidance on the SGL. 
To address this issue, HHS is in the process of implementing a new 
financial management system. 

Lack of Adherence to Federal Accounting Standards: 

One of FFMIA's requirements is that agencies' financial management 
systems account for transactions in accordance with federal accounting 
standards. Appendixes III and IV list the federal financial accounting 
standards and other guidance issued by the Federal Accounting Standards 
Advisory Board and its Accounting and Auditing Committee, respectively. 
The purpose of these standards and other guidance is to ensure that 
federal agencies' financial reports provide users with understandable, 
relevant, and reliable information about the financial position, 
activities, and results of operations of the U.S. government and its 
components. Many agencies face continuing challenges in this area. As 
shown in figure 9, for fiscal year 2006, auditors for 10 of the 17 
agencies with noncompliant systems reported that these agencies had 
problems complying with one or more federal accounting standards. 

Figure 9: Number of CFO Act Agencies with Reported Lack of Adherence to 
Federal Accounting Standards Problems for Fiscal Years 2002 through 
2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 2002 through 2006. 

[End of figure] 

Two agencies, the Department of the Interior (Interior) and Department 
of Transportation (DOT), reported weaknesses affecting compliance with 
the recently issued SFFAS 27, Identifying and Reporting Earmarked 
Funds, which became effective for fiscal year 2006. For example, at 
Interior, auditors noted that the Sport Fish Restoration and Boating 
Trust Fund was properly classified as an earmarked fund but that 
Interior had not fully established controls to ensure that its portion 
of the fund was accurately included in the financial statements. As a 
result, Interior analyzed and adjusted the financial statements. While 
newly issued standards may cause significant compliance problems, 
agencies also struggled to implement standards which have been in 
effect for some time. 

Auditors reported compliance problems with 11 specific accounting 
standards in fiscal year 2006. Of those standards, the 4 that were most 
troublesome for agencies were SFFAS No. 1, Accounting for Selected 
Assets and Liabilities; SFFAS No. 4, Managerial Cost Accounting 
Concepts and Standards; SFFAS No. 6, Accounting for Property, Plant, 
and Equipment; and SFFAS No. 7, Accounting for Revenue and Other 
Financing Sources. 

Weak Security Controls over Information Systems: 

Information security weaknesses are a major concern for federal 
agencies and the general public and one of the frequent problems 
auditors cited concerning noncompliance with FFMIA. As shown in figure 
10, auditors for 15 of the 17 agencies with noncompliant systems 
reported security weaknesses in information systems to be a problem, 
compared with 16 of the 18 agencies reporting such problems in fiscal 
year 2005. 

Figure 10: Number of CFO Act Agencies with Reported Weak Security over 
Information Systems Problems for Fiscal Years 2002 through 2006: 

[See PDF for image] 

Source: GAO compiled from independent auditors' financial statement 
audit reports prepared by agency inspectors general and contract 
auditors for fiscal years 2002 through 2006. 

[End of figure] 

These control weaknesses place vast amounts of government assets at 
risk of inadvertent or deliberate misuse, financial information at risk 
of unauthorized modification or destruction, sensitive information at 
risk of inappropriate disclosure, and critical operations at risk of 
disruption. Since 1997, we have considered information security to be a 
high-risk area at a governmentwide level and continue to emphasize it 
on our most recent list issued in January 2007.[Footnote 29] 

For example, the Nuclear Regulatory Commission (NRC) auditors reported 
that only 1 out of 30 operational NRC information systems had a current 
certification and accreditation. Auditors also noted that in the past 4 
years NRC has not performed a current certification and accreditation 
of its general support systems. As a result, all NRC information 
systems that depend on the security controls provided by these general 
support systems are subject to an unknown potential risk. Two of NRC's 
financial reporting systems, Federal Financial System (FFS) and the 
Federal Personnel and Payroll System (FPPS), were outsourced to the 
Department of Interior's National Business Center (DOI-NBC) but 
continue to rely on the NRC's general support system. According to the 
auditors, their reliance on the top tier of controls of the general 
support systems puts the FFS and the FPPS at risk despite the DOI-NBC 
assurance that the certification and accreditations for the two systems 
have been performed. 

The security breaches at Department of Veterans Affairs (VA), Treasury, 
and other agencies compromised the personal data of millions of U.S. 
citizens and highlighted the importance of adequate system security 
policies and programs. Robust federal security programs are critically 
important to properly protect personal and financial information and 
the privacy of individuals. When there is a lack of reasonable 
assurance that controls are correctly implemented, operating as 
intended, and producing the desired outcome with respect to meeting the 
security requirements of the agency, the agencies' information and 
systems are left vulnerable to attack or compromise. 

Efforts Are Under Way to Address Federal Financial Management System 
Challenges: 

Agencies and OMB have a number of efforts under way to address their 
existing financial management systems problems. For example, 
noncompliant agencies are required by OMB to include in their annual 
PARs a summary of their detailed remediation plans including corrective 
actions as well as the resources and target dates for implementing the 
corrective actions. A number of those corrective actions involve 
implementing new financial management systems, which over time has 
proven to be very challenging. Efforts to modernize financial 
management systems have often exceeded budgeted costs, experienced 
delays in delivery dates, and not provided the anticipated system 
functionality and performance. This problem is particularly serious at 
the Department of Defense. To help provide a governmentwide solution, 
OMB has developed the financial management line of business (FMLOB) 
initiative. While progress has been made in defining standard business 
processes and issuing draft guidance to facilitate a smooth transition 
to shared service providers, the FMLOB initiative involves complex 
issues that have far-reaching implications for the government and 
private sector shared service providers. As we reported[Footnote 30] 
last year, the key for federal agencies to avoid the long-standing 
problems that have plagued financial management system improvement 
efforts is to address the foremost causes of those problems and adopt 
solutions that reduce the risks associated with these efforts to 
acceptable levels. 

Comprehensive Remediation Plans Are Critical to Agencies' Improvement 
Efforts: 

Correcting financial management system problems has proven to be 
particularly difficult for many agencies. To assist in this effort, 
FFMIA requires the heads of agencies with noncompliant systems to 
prepare detailed remediation plans to bring agencies' systems into 
substantial compliance with the law. Specifically, the law requires the 
head of the agency to establish a remediation plan that includes 
resources, remedies, and intermediate target dates necessary to bring 
the agency's financial management systems into substantial compliance. 
Further, OMB Circular A-11 requires agencies with noncompliant systems 
to include in their annual PARs a summary of their detailed remediation 
plans containing (1) corrective actions to be taken, (2) resources to 
be used for implementation of the corrective actions, and (3) target 
dates for implementation of the corrective actions. 

As previously discussed, auditors reported that 17 agency systems were 
substantially noncompliant with FFMIA in fiscal year 2006. The agency 
heads for 5 of these agencies[Footnote 31] disagreed with the auditor 
and considered their agencies' systems to be substantially compliant 
with FFMIA. The law does not require an agency to prepare a remediation 
plan if the agency head determines that the agency's systems are in 
substantial compliance with the law even if the agency's auditor 
determines the agency's systems are not substantially compliant. The 
remaining 12 agencies[Footnote 32] are required to include summarized 
remediation plans in their PARs. We reviewed the 12 PARs for those 
agencies to determine if their summarized remediation plans included 
the required information. Figure 11 presents the results of our 
analysis. 

Figure 11: Summary of Analysis of Elements Included in 12 Agencies' 
Summarized Remediation Plans for Fiscal Year 2006: 

[See PDF for image] 

Source: GAO analysis of agencies' PARs. 

[End of figure] 

As shown in figure 11, all of the agencies' summarized remediation 
plans included corrective actions. However, one third of the agencies' 
summarized remediation plans did not include a discussion of the 
staffing resources required to complete the planned corrective actions. 
Remediation plans provide a "road map" to resolve financial management 
problems in a transparent manner, and also help hold managers 
accountable for needed improvements. A discussion of the resources to 
be used when implementing the corrective actions is essential in 
determining whether the corrective actions can realistically be 
accomplished within the specified time frames. Assigning resources to a 
corrective action facilitates on-time implementation and helps avoid 
confusion over what funding sources will be used and the personnel 
responsible for the implementation. 

One agency did not include target dates for completing corrective 
actions to become substantially compliant with FFMIA. Setting specific 
target dates, including intermediate target dates, facilitates tracking 
the progress agencies are making in reaching their specified goals. If 
agencies do not include target dates in their remediation plans, it is 
difficult for the Congress and the American taxpayer to hold them 
accountable for correcting long-standing financial management system 
problems. 

Agencies Struggle with Financial Management Systems Modernization: 

Across the government, agencies have many efforts under way to 
implement new financial management systems or to upgrade existing 
systems that may help improve FFMIA compliance. However, these efforts 
far too often result in systems that do not meet their cost, schedule, 
and performance goals. While agencies anticipate that the new systems 
will provide reliable, useful, and timely data to support managerial 
decision making, our work and that of others has shown that has often 
not been the case. For example, many of DOD's over 2,000 business 
systems are nonintegrated, stove piped, and not capable of providing 
departmental management and the Congress accurate and reliable 
information on DOD's day-to-day operations. For decades, DOD has been 
challenged in modernizing its timeworn business systems. In 1995, we 
designated DOD's business systems modernization program as high-risk, 
and we continue to designate it as such in our most recent high-risk 
report.[Footnote 33] In another case, HHS has been plagued with systems 
implementation issues with its Unified Financial Management System 
(UFMS) from inception. In fiscal year 2006, HHS auditors reported that 
the agency continued to experience significant challenges in resolving 
issues with the system conversion and implementation and that sustained 
efforts will be necessary to overcome the continuing serious 
weaknesses. 

Furthermore, modernization efforts at DHS and DOJ have been hampered 
because these agencies did not follow best practices in systems 
development and implementation efforts (commonly referred to as 
disciplined processes[Footnote 34]). 

* Since its establishment, DHS has faced the daunting task of bringing 
together 22 diverse agencies and developing an integrated financial 
management system. DHS halted implementation of the Electronically 
Managing Enterprise Resources for Government Effectiveness and 
Efficiency (Emerge2) program in December 2005, which was expected to 
integrate financial management systems across the entire department and 
to address its financial management weaknesses. DHS officials have 
stated that approximately $52 million in total was spent on the Emerge2 
project before it was halted. In fiscal year 2006, we 
testified[Footnote 35] and provided an assessment of the status of 
DHS's efforts to modernize its financial management systems. In early 
March 2007, DHS officials issued a high-level plan to address the 
existing internal control weaknesses. However, as we recently reported 
and testified,[Footnote 36] more detailed implementation strategies 
will be necessary to fully address the financial management system 
challenges. DHS has received permission from OMB to leverage its 
current investments by consolidating and migrating components to either 
the Transportation Security Administration (TSA) or Customs and Border 
Protection financial management systems models. Our concern is that 
these components have numerous financial management weaknesses. For 
example, auditors for TSA reported that they were unable to provide 
sufficient evidential matter or make knowledgeable representations to 
support fiscal year 2005 and 2006 transactions and account balances, 
particularly for budgetary accounting and undelivered orders, and 
property, plant, and equipment, among others. 

* The Department of Justice has developed plans for a Unified Financial 
Management System (UFMS) intended to correct many of its financial 
accounting and reporting issues. The UFMS is expected to standardize 
and integrate financial processes and systems to more efficiently 
support accounting operations, facilitate preparation of financial 
statements, and streamline audit processes. The department's efforts 
over the past few years to implement the UFMS to replace the seven 
major accounting systems currently used throughout the department have 
been challenging. For example, 2 years after the department selected a 
vendor for the unified system, problems with funding, staff turnover, 
and other competing priorities caused delays in implementation of the 
new system. As of September 2006, none of Justice's accounting systems 
were integrated with each other. The Drug Enforcement Administration 
(DEA) is scheduled to begin implementing the UFMS in fiscal year 2008, 
and current plans are for implementing the system in all department 
components by fiscal year 2012. 

Challenges of Implementing the Financial Management Line of Business: 

OMB's FMLOB initiative, launched in March 2004, promotes business- 
driven, common solutions to enhance the federal government's 
performance and services. This initiative is intended to address past 
financial management systems' weaknesses and implementation failures 
and support the PMA goal of expanding electronic government. 

The goals of OMB's Financial Management Line of Business initiative 
include: 

* providing timely and accurate data for decision making; 

* facilitating stronger internal controls that ensure integrity in 
accounting and other stewardship activities; 

* reducing costs by providing a competitive alternative for agencies to 
acquire, develop, implement, and operate financial management systems 
through shared service solutions; 

* standardizing systems, business processes, and data elements; and: 

* providing for seamless data exchange between and among federal 
agencies by implementing a common language and structure for financial 
information and system interfaces. 

OMB's initial framework for the competitive migration to either a 
public shared service provider or a qualified private sector provider 
under the initiative is expected to help agencies maximize value by 
considering alternative solutions in a reasoned and structured manner. 
We have long supported and called for initiatives to standardize and 
streamline common systems, which can reduce costs and, if done 
correctly, improve accountability. Likewise, OMB has correctly 
recognized that enhancing the government's ability to implement 
financial management systems that are capable of providing accurate, 
reliable, and timely information on the results of operations needs to 
be addressed as a governmentwide solution, rather than individual 
agency stove-piped efforts designed to meet a given entity's needs. The 
FMLOB is a work in progress, and OMB has not yet fully defined and 
implemented the processes necessary to successfully complete it. In our 
March 2006 report,[Footnote 37] we recommended that careful 
consideration of the following four concepts, each one building upon 
the former, would be integral to the success of OMB's FMLOB initiative 
and could help break the cycle of failure in implementing financial 
management systems. The four concepts were (1) developing a concept of 
operations, (2) defining standard business processes, (3) developing a 
strategy for ensuring that agencies migrate to a limited number of 
service providers in accordance with OMB's stated approach, and (4) 
defining and effectively implementing disciplined processes necessary 
to properly manage the specific projects. 

OMB has taken steps to develop the foundational guidance needed for the 
FMLOB, but many challenging tasks remain. As we reported last year, OMB 
has designated four federal agencies[Footnote 38] as shared service 
providers; released a competition framework in May 2006; issued 
migration planning guidance in September 2006; and encouraged private 
sector providers that can satisfy the shared services requirements to 
participate in the procurement process for these services. In November 
2006, OMB released an exposure draft of a common governmentwide 
accounting classification structure that may address lack of 
standardization among agency accounts. A critical factor for this 
project will be the ability to develop an approach that captures all 
stakeholders' needs with minimal redundancy and complexity. 

In addition, OMB and the Financial Systems Integration Office[Footnote 
39] (FSIO) have also developed and released an exposure draft for the 
funds control standard business process[Footnote 40] and the payment 
management standard business process.[Footnote 41] Further, in March 
2007, the Financial Services Assessment Guide (SAG)[Footnote 42] was 
issued to establish a set of financial service metrics to facilitate an 
assessment of opportunities to improve performance and affordability of 
financial services provided by shared service providers and federal 
agencies. In order to promote consistency among agencies and service 
providers, starting June 15, 2007, and every month thereafter, OMB is 
requiring monthly reporting from all agencies on their performance data 
through a single system managed by FSIO, including data for each system 
listed as a core financial management system. 

Furthermore, FSIO released its core financial system product compliance 
test policy,[Footnote 43] documenting the specific core financial 
systems qualifications test policy and procedures starting in 2007. 
This new policy provided detailed information about each test, 
including schedule, scope, and requirements to be tested. This is a 
useful tool to promote consistency in core financial systems 
governmentwide, clarify the system requirements, and reduce the risk 
that agencies will acquire noncompliant or ineffective core financial 
system software. This, though, does not eliminate the need for agencies 
to conduct comprehensive testing efforts to ensure that financial 
system software meets their requirements, and the implementation of 
FSIO-tested software does not guarantee that the agencies will have 
financial systems that are compliant with FFMIA. 

While much has been accomplished by OMB, many important issues remain 
unresolved. For example, one of the recommendations in our March 2006 
report[Footnote 44] called for a concept of operations to provide the 
foundation for the FMLOB. An effective concept of operations would 
describe, at a high level, (1) how all of the various elements of 
federal financial systems and mixed systems relate to each other and 
(2) how information flows from and through these systems. A concept of 
operations would provide a useful tool to explain how financial 
management systems at the agency and governmentwide levels can operate 
cohesively. It would be geared to a governmentwide solution rather than 
individual agency stove-piped efforts. Because the federal government 
does not have an overall concept of operations, there is no clear 
understanding of the interrelationships among federal financial systems 
and how the shared service provider concept fits into this framework. 
OMB officials recognize that standardization is important and are 
developing a standard set of business processes in four areas: funds 
control, accounts payable, accounts receivable, and financial 
reporting. In addition, as the FMLOB initiative moves forward, there 
are numerous additional areas where standardization is also important, 
such as inventory, supplies, and material management, as well as the 
loan management areas. Absent this standardization, shared service 
providers have been designated without common business rules and 
potential customer agencies continue to implement and operate 
individual stove-piped systems that may require additional work to 
adopt these processes. 

Further, as we reported in September 2006,[Footnote 45] there are a 
number of factors that affect FFMIA compliance, including the quality 
of transaction data in agency feeder systems; the success of converting 
data from legacy systems; and the interaction of people, process, and 
technology within an agency's environment. The shared service provider 
concept, if adopted, will still require that agencies address long- 
standing human capital problems and develop long-term strategies for 
acquiring, developing, and retaining an organization's total workforce 
to meet the needs of the future. To date, none of the major CFO Act 
agencies has moved to an OMB-designated shared service provider to 
handle their financial management system activities, although some 
agencies, such as DOT, GSA, and NRC were already using the shared 
service provider concept prior to OMB's financial management line of 
business initiative. In addition, other agencies such as Labor, use a 
commercial shared service provider to provide hosting and operations 
and maintenance services. There are some major CFO Act agencies, such 
as EPA, HUD, Agriculture, and OPM that are in the process of selecting 
a shared service provider for full financial management systems 
activities. OMB officials told us that a successful FMLOB outcome would 
be for agencies to solicit for government or commercial shared service 
providers, identify the best value, and move forward in the FMLOB 
process. Whether agencies move to a shared service provider or 
implement their own systems, they must have disciplined processes in 
place to achieve the intended results, within established resources, 
and on schedule. 

Comptroller General Convening Forum on FFMIA Issues: 

To address the challenges CFO agency managers and auditors face in 
implementing and maintaining financial management systems that meet the 
intent of the CFO Act and the requirements of FFMIA, we are convening a 
Comptroller General forum later this year in Washington, D.C. The forum 
is intended to build on 10 years of experience with FFMIA 
implementation and foster discussion with a select group of experts and 
knowledgeable officials on the financial management systems 
opportunities and challenges facing agencies across the federal 
government. The discussion will focus on options for addressing the 
impediments faced by federal managers in attempting to bring their 
respective agencies into compliance with the requirements of the law. 
More importantly, after 10 years, this forum provides an opportunity to 
"think outside the box" and foster innovative ideas on how the federal 
government can overcome long-standing challenges in improving financial 
management systems with the goal of providing meaningful data to 
support managerial decision making on a daily basis. 

Invitees to the forum will include representatives from the federal 
Chief Financial Officer and inspector general communities, key OMB 
officials and congressional staff, and selected other knowledgeable 
officials from the public and private sectors. After the forum, we plan 
to issue a separate report summarizing the discussion and to consider 
the key issues in our future FFMIA work. Accordingly, we are not making 
any new recommendations in this report. 

Conclusion: 

Over the 10 years since FFMIA's enactment, the federal government has 
continued to make incremental improvement in implementing financial 
management systems that substantially comply with the requirements of 
the act. Nonetheless, significant and long-standing obstacles remain 
for developing and implementing effective financial management systems 
that can provide essential financial data in support of day-to-day 
managerial decision making--the ultimate goal of FFMIA. Continued high- 
priority and sustained top-level commitment by OMB and leaders 
throughout the federal government will be required to fully and 
effectively achieve the goal of FFMIA. In addition, to help address the 
fundamental obstacles impeding FFMIA implementation, we are taking a 
proactive stance by convening a forum to help identify innovative 
approaches and corrective actions. 

Agency Comments and Our Evaluation: 

In written comments (reprinted in app. VI) on a draft of this report, 
OMB agreed with our assessment that while federal agencies have 
continued to make progress in financial management, many agencies still 
need to improve their financial systems so that reliable, useful, and 
timely financial management information is available for day-to-day 
operations. OMB stated that it was working aggressively to assist 
agencies in building a strong foundation for financial management 
practices and also applauded our plans to convene a forum on these 
issues. 

As in previous years, we and OMB have differing views on the necessity 
of agency auditors providing a statement of positive assurance when 
reporting agency systems to be in substantial compliance with the 
requirements of FFMIA. OMB stated that its three major initiatives, the 
PMA, FMLOB, and the revised Circular No. A-123, are helping agencies 
identify and correct FFMIA deficiencies. Further, OMB stated that many 
of the ongoing assessments required under the revised Circular No. A- 
123 mirror the types of assessments that would occur in establishing a 
statement of positive assurance under FFMIA. As a result, OMB believed 
that requiring a statement of positive assurance would be costly and 
would not provide additional information that would be of benefit to 
the federal agency, OMB, or the taxpayer. 

While we agree that these initiatives are helping drive improvements, 
auditors need to consider other aspects of financial management systems 
when assessing FFMIA compliance that are not fully addressed through 
the current reporting structure. For example, in preparing the PMA 
scorecard assessments, OMB officials meet with agencies to discuss a 
number of financial management issues and have systems demonstrations. 
Our concern is that some of the information provided by this approach 
does not come under audit scrutiny and may not be reliable. Similarly, 
internal control assessments performed under Circular No. A-123 are 
management's judgments and are subject to an opinion-level review by 
independent auditors only in limited circumstances. An opinion by an 
independent auditor on FFMIA compliance would confirm whether an 
agency's systems substantially met the requirements of FFMIA and could 
also provide additional confidence in the information provided as a 
result of the PMA, FMLOB, and Circular No. A-123 initiatives. In our 
view, confidence that agency financial management systems provide 
reliable, useful, and timely information to help government leaders 
invest resources, oversee programs, and reduce costs, would be of 
significant value to the federal agency, OMB, the Congress, and the 
taxpayer. Moreover, to minimize the cost of providing an audit opinion, 
the GAO/PCIE Financial Audit Manual includes a number of techniques 
that auditors can use to reduce the incremental cost of providing 
positive assurance. Finally, we continue to believe that a statement of 
positive assurance is a statutory requirement under the act. 

With regard to our prior recommendation for revised guidance that 
clarifies the definition of substantial compliance, OMB stated that in 
its update to Circular No. A-127, Financial Management Systems, its 
goal will be to simplify FFMIA compliance requirements as well as to 
better balance the FFMIA objectives of generating audited financial 
statements and providing meaningful information for decision makers. 
Accordingly, OMB agreed to take this recommendation under advisement. 
As we noted in our prior reports,[Footnote 46] auditors we interviewed 
expressed a need for clarification regarding the meaning of substantial 
compliance. 

OMB also provided technical comments which we incorporated as 
appropriate. 

We are sending copies of this report to the Chairman and Ranking 
Member, Subcommittee on Federal Financial Management, Government 
Information, Federal Services, and International Security, Senate 
Committee on Homeland Security and Governmental Affairs, and to the 
Chairman and Ranking Member, Subcommittee on Government Management, 
Organization, and Procurement, House Committee on Oversight and 
Government Reform. We are also sending copies to the Director of the 
Office of Management and Budget, the heads of the 24 CFO Act agencies 
in our review, and agency CFOs and inspectors general. Copies will be 
made available to others upon request. In addition, this report will be 
available at no charge on the GAO Web site at http://www.gao.gov. 

This report was prepared under the direction of McCoy Williams, 
Director, Financial Management and Assurance, who may be reached at 
(202) 512-9095 or williamsm1@gao.gov if you have any questions. Contact 
points for our Offices of Congressional Relations and Public Affairs 
may be found on the last page of this report. GAO staff that made key 
contributions to this report are listed in appendix VII. 

Signed by: 

David M. Walker: 
Comptroller General of the United States: 

[End of section] 

Appendix I: Requirements and Standards Supporting Federal Financial 
Management: 

Financial Management Systems Requirements: 

The policies and standards prescribed for executive agencies to follow 
in developing, operating, evaluating, and reporting on financial 
management systems are defined in Office of Management and Budget (OMB) 
Circular No. A-127, Financial Management Systems. The components of an 
integrated financial management system include the core financial 
system,[Footnote 47] managerial cost accounting system, administrative 
systems, and certain programmatic systems. Administrative systems are 
those that are common to all federal agency operations,[Footnote 48] 
and programmatic systems are those needed to fulfill an agency's 
mission. Circular No. A-127 refers to the series of publications 
entitled Federal Financial Management Systems Requirements, initially 
issued by the Joint Financial Management Improvement Program's (JFMIP) 
Program Management Office (PMO) as the primary source of governmentwide 
requirements for financial management systems. However, as of December 
2004, the Financial Systems Integration Office (FSIO) assumed 
responsibility for coordinating the work related to federal financial 
management systems requirements and OMB's Office of Federal Financial 
Management (OFFM) is responsible for issuing the new or revised 
regulations. In December 2004, the JFMIP Principals voted to modify the 
roles and responsibilities of JFMIP, resulting in the creation of FSIO. 
Appendix II lists the federal financial management systems requirements 
published to date. Figure 12 is the current model that illustrates how 
these systems interrelate in an agency's overall systems architecture. 

Figure 12: Agency Systems Architecture: 

[See PDF for image] 

Source: OMB, Core Financial Systems Requirements, OFFM-No-0106 
(Washington, D>C.: January 2006). 

[End of figure] 

FFMIA Guidance: 

OMB establishes governmentwide financial management policies and 
requirements and has issued two sources of guidance related to FFMIA 
reporting. First, in OMB Memorandum, Revised Implementation Guidance 
for the Federal Financial Management Improvement Act (Jan. 4, 2001), 
OMB provides guidance for agencies and auditors to use in assessing 
substantial compliance. The guidance describes the factors that should 
be considered in determining whether an agency's systems substantially 
comply with FFMIA's three requirements. Further, the guidance provides 
examples of the types of indicators that should be used as a basis for 
assessing whether an agency's systems are in substantial compliance 
with each of the three FFMIA requirements. Finally, the guidance 
discusses the corrective action plans, to be developed by agency heads, 
for bringing their systems into compliance with FFMIA. Second, on 
August 23, 2006, OMB issued Bulletin No. 06-03, Audit Requirements for 
Federal Financial Statements, which superseded OMB Bulletin No. 01-02. 
This new bulletin did not substantially revise the FFMIA audit guidance 
included in Bulletin No. 01-02, which calls for auditors to provide 
negative assurance when reporting on an agency system's FFMIA 
compliance. 

We have worked in partnership with representatives from the President's 
Council on Integrity and Efficiency (PCIE) to develop and maintain the 
joint GAO/PCIE Financial Audit Manual (FAM). The FAM provides specific 
procedures auditors should perform when assessing FFMIA 
compliance.[Footnote 49] As detailed in appendix V, we have also issued 
a series of checklists to help assess whether agencies' systems meet 
systems requirements. The FAM guidance on FFMIA assessments recognizes 
that while financial statement audits offer some assurance regarding 
FFMIA compliance, auditors should design and implement additional 
testing to satisfy FFMIA criteria. 

OMB Circular No. A-127 also requires agencies to purchase commercial 
off-the-shelf (COTS) software that has been tested and certified 
through the PMO software certification process when acquiring core 
financial systems. However, in December 2004, OMB transferred the 
responsibility of certifying systems to FSIO as part of the realignment 
of JFMIP. In March 2007, FSIO updated the testing policy for COTS 
software. However, the certification process does not eliminate or 
significantly reduce the need for agencies to develop and conduct 
comprehensive testing efforts to ensure that the COTS software meets 
their requirements. Moreover, core financial systems certification does 
not mean that agencies that install these packages will have financial 
management systems that are compliant with FFMIA. Many other factors 
can affect the capability of the systems to comply with FFMIA, 
including modifications made to the FSIO-certified core financial 
management systems software and the validity and completeness of data 
from feeder systems. 

Federal Accounting Standards: 

The Federal Accounting Standards Advisory Board (FASAB)[Footnote 50] 
promulgates federal accounting standards and concepts that agency chief 
financial officers use in developing financial management systems and 
preparing financial statements. FASAB develops the appropriate 
accounting standards and concepts after considering the financial and 
budgetary information needs of the Congress, executive agencies, and 
other users of federal financial information and comments from the 
public. FASAB forwards the standards and concepts to the Comptroller 
General, the Director of OMB, the Secretary of the Treasury, and the 
Director of the Congressional Budget Office (CBO) for a 90-day review. 
If, within 90 days, neither the Comptroller General nor the Director of 
OMB objects to the standard or concept, then it is issued and becomes 
final. FASAB announces finalized concepts and standards in The Federal 
Register. 

The American Institute of Certified Public Accountants designated the 
federal accounting standards promulgated by FASAB as being generally 
accepted accounting principles for the federal government. This 
recognition enhances the acceptability of the standards, which form the 
foundation for preparing consistent and meaningful financial statements 
both for individual agencies and the government as a whole. Currently, 
there are 32 Statements of Federal Financial Accounting Standards 
(SFFAS) and 4 Statements of Federal Financial Accounting Concepts 
(SFFAC).[Footnote 51] The concepts and standards are the basis for 
OMB's guidance to agencies on the form and content of their financial 
statements and for the government's consolidated financial statements. 
Appendix III lists the concepts, standards, interpretations,[Footnote 
52] and technical bulletins, along with their respective effective 
dates. 

FASAB's Accounting and Auditing Policy Committee (AAPC)[Footnote 53] 
assists in resolving issues related to the implementation of accounting 
standards. AAPC's efforts result in guidance for preparers and auditors 
of federal financial statements in connection with implementation of 
accounting standards. To date, AAPC has issued six technical releases, 
which are listed in appendix IV along with their release dates. 

U.S. Government Standard General Ledger (SGL): 

The SGL was established by an interagency task force under the 
direction of OMB and mandated for use by agencies in OMB and Treasury 
regulations in 1986. The SGL promotes consistency in financial 
transaction processing and reporting by providing a uniform chart of 
accounts and pro forma transactions used to standardize federal 
agencies' financial information accumulation and processing throughout 
the year, enhance financial control, and support budget and external 
reporting, including financial statement preparation. The SGL is 
intended to improve data stewardship throughout the federal government, 
enabling consistent reporting at all levels within the agencies and 
providing comparable data and financial analysis 
governmentwide.[Footnote 54] 

Internal Control Standards: 

The Congress enacted legislation, 31 U.S.C. § 3512(c), (d) (commonly 
referred to as the Federal Managers' Financial Integrity Act of 1982 
(FMFIA)), to strengthen internal controls and accounting systems 
throughout the federal government, among other purposes. Issued 
pursuant to FMFIA, the Comptroller General's Standards for Internal 
Control in the Federal Government[Footnote 55] provides standards that 
are directed at helping agency managers implement effective internal 
control, an integral part of improving financial management systems. 
Internal control is a major part of managing an organization and 
comprises the plans, methods, and procedures used to meet missions, 
goals, and objectives. In summary, internal control, which under OMB's 
guidance for FMFIA is synonymous with management control, helps 
government program managers achieve desired results through effective 
stewardship of public resources. 

Effective fiscal year 2006, OMB strengthened the requirements for 
conducting management's assessment of internal control over financial 
reporting by revising OMB Circular No. A-123.[Footnote 56] Significant 
revisions contained in Appendix A of the circular include requiring 
Chief Financial Officers (CFO) Act agency management to annually assess 
the adequacy of internal control over financial reporting, provide a 
report on identified material weaknesses and corrective actions, and 
provide a separate assurance statement on the agency's internal control 
over financial reporting. In initiating the revisions, OMB cited the 
internal control requirements for publicly traded companies that are 
contained in section 404 of the Sarbanes-Oxley Act of 2002 (Sarbanes- 
Oxley).[Footnote 57] Sarbanes-Oxley was enacted in response to 
corporate accountability failures of several years prior to its 
enactment and contains a provision (section 404) calling for 
management's assessment of internal control over financial reporting 
similar to the long-standing requirements for executive branch agencies 
contained in FMFIA to issue annual statements of assurance over 
internal control in the agencies. Opinions on internal control over 
financial reporting as required by Sarbanes-Oxley for publicly traded 
companies are important to protect investors by improving the accuracy 
and reliability of corporate disclosures made pursuant to the 
securities laws. 

[End of section] 

Appendix II Publications in the Federal Financial Management Systems 
Requirements Series: 

Table: 

FFMSR document: FFMSR-8; 
System Requirements for Managerial Cost Accounting; 
Issue date: February 1998. 

FFMSR document: JFMIP-SR-99-5;
Human Resources & Payroll Systems Requirements; 
Issue date: April 1999. 

FFMSR document: JFMIP-SR-99-8; 
Direct Loan System Requirements; 
Issue date: June 1999. 

FFMSR document: JFMIP-SR-99-9; 
Travel System Requirements; 
Issue date: July 1999. 

FFMSR document: JFMIP-SR-99-14; 
Seized Property and Forfeited Assets Systems Requirements; 
Issue date: December 1999. 

FFMSR document: JFMIP-SR-00-01; 
Guaranteed Loan System Requirements; 
Issue date: March 2000. 

FFMSR document: JFMIP-SR-00-3; 
Grant Financial System Requirements; 
Issue date: June 2000. 

FFMSR document: JFMIP-SR-00-4; 
Property Management Systems Requirements; 
Issue date: October 2000. 

FFMSR document: JFMIP-SR-01-01; 
Benefit System Requirements; 
Issue date: September 2001. 

FFMSR document: JFMIP-SR-02-02; 
Acquisition/Financial Systems Interface Requirements;
Issue date: June 2002. 

FFMSR document: JFMIP-SR-03-01; 
Revenue System Requirements; 
Issue date: January 2003. 

FFMSR document: JFMIP-SR-03-02; 
Inventory, Supplies and Materials System Requirements; 
Issue date: August 2003. 

FFMSR document: JFMIP-SR-02-01; 
Addendum to Core Financial System Requirements; 
Issue date: March 2004. 

FFMSR document: JFMIP-SR-01-04; 
Framework for Federal Financial Management Systems; 
Issue date: April 2004. 

FFMSR document: OFFM-NO-0106; 
Core Financial System Requirements; 
Issue date: January 2006. 

FFMSR document: OFFM-NO-0206; 
Insurance System Requirements; 
Issue date: June 2006. 

Source: OMB's Office of Federal Financial Management (OFFM). 

Note: Effective December 1, 2004, all financial management system 
requirements documents and other guidance initially issued by the JFMIP 
were transferred to OFFM and remain in effect until modified. 

[End of table] 

[End of section] 

Appendix III: Statements of Federal Financial Accounting Concepts, 
Standards, Interpretations, and Technical Bulletins: 

[See PDf for Image] 

Source: FASAB. 

[A] Effective dates do not apply to Statements of Federal Financial 
Accounting Concepts, Interpretations, and Technical Bulletins. 

[End of table] 

[End of section] 

Appendix IV: Accounting and Auditing Policy Committee Technical 
Releases: 

Table: 

Technical release: TR-1 Audit Legal Representation Letter Guidance; 
AAPC release date: March 1, 1998. 

Technical release: TR-2 Determining Probable and Reasonably Estimable 
for Environmental Liabilities in the Federal Government; 
AAPC release date: March 15, 1998. 

Technical release: TR-3 Preparing and Auditing Direct Loan and Loan 
Guarantee Subsidies Under the Federal Credit Reform Act; 
AAPC release date: July 31, 1999. 

Technical release: TR-4 Reporting on Non-Valued Seized and Forfeited 
Property; 
AAPC release date: July 31, 1999. 

Technical release: TR-5 Implementation Guidance on SFFAS No. 10: 
Accounting for Internal Use Software; 
AAPC release date: May 14, 2001. 

Technical release: TR-6 Preparing Estimates for Direct Loan and Loan 
Guarantee Subsidies Under the Federal Credit Reform Act (Amendments to 
TR-3); 
AAPC release date: January 2004. 

Source: FASAB. 

[End of table] 

[End of section] 

Appendix V: Checklists for Reviewing Systems under the Federal 
Financial Management Improvement Act: 

Table: 

Checklist: GAO/AIMD-00-21.2.3; Human Resources and Payroll Systems 
Requirements; 
Issue date: March 2000. 

Checklist: GAO-01-99G; Seized Property and Forfeited Assets Systems 
Requirements; 
Issue date: October 2000. 

Checklist: GAO/AIMD-21-2.6; Direct Loan System Requirements; 
Issue date: April 2000. 

Checklist: GAO/AIMD-21.2.8; Travel System Requirements; 
Issue date: May 2000. 

Checklist: GAO/AIMD-99-21.2.9; System Requirements for Managerial Cost 
Accounting; 
Issue date: January 1999. 

Checklist: GAO-01-371G; Guaranteed Loan System Requirements; 
Issue date: March 2001. 

Checklist: GAO-01-911G; Grant Financial System Requirements; 
Issue date: September 2001. 

Checklist: GAO-02-171G; Property Management Systems Requirements; 
Issue date: December 2001. 

Checklist: GAO-04-22G; Benefit System Requirements; 
Issue date: October 2003. 

Checklist: GAO-04-650G; Acquisition/Financial Systems Interface 
Requirements; 
Issue date: June 2004. 

Checklist: GAO-05-225G; Core Financial System Requirements; 
Issue date: February 2005. 

Source: GAO. 

[End of table] 

[End of section] 

Appendix VI: Comments from the Office of Management and Budget: 

Executive Office Of The President: 
Office Of Management And Budget: 
Washington, D.C. 20503: 

Jul 20 2007: 

Mr. McCoy Williams: 
Director, Financial Management and Assurance: 
United States Government Accountability Office: 
Washington, DC 20548: 

Dear Mr. Williams: 

Thank you for the opportunity to comment on the draft Government 
Accountability Office (GAO) draft report entitled "Financial 
Management: Long-standing Financial Systems Weaknesses Present a 
Formidable Challenge" (GAO-07-914). We appreciate GAO's careful review 
and agree with your assessment that federal agencies have continued to 
make progress in financial management, however many agencies still need 
to improve their financial systems so that reliable, useful, and timely 
financial management information is available for day-to-day 
operations. 

We are working aggressively to assist agencies in building a strong 
foundation of financial management practices through our three major 
initiatives: the President's Management Agenda (PMA), the Financial 
Management Line of Business (FMLoB), and the revised OMB Circular No. A-
123 (A-123), Management's Responsibility for Internal Control. The 
goals of each of these initiatives align with the goals of the Federal 
Financial Management Improvement Act (FFMIA) - creating the full range 
of information needed for day-to-day management. 

Over the past years, agencies have made progress in improving financial 
performance by obtaining unqualified opinions on their financial 
statements and in resolving long standing material weakness. However, 
as you highlight in this report, our common goal goes beyond attaining 
unqualified opinions on agency financial statements. We are both 
striving for the creation and use of reliable and timely management 
information. Through three major initiatives: The President's 
Management Agenda, the Financial Management Line of Business and the 
revised OMB Circular No. A-123, Management's Responsibility for 
Internal Control, agencies are working aggressively to create a full 
range of information needed for day-to-day management. 

Under the PMA's Improving Financial Performance initiative, the 
standards for achieving "green" status include receiving an unqualified 
financial statement opinion, eliminating all repeat material weaknesses 
and non-compliances, using financial data to make key management 
decisions, and being found in substantial compliance with FFMIA. A 
"green" status rating demonstrates that an agency has sound accounting 
processes and effective internal controls, which ensures timely and 
accurate financial data that drive better results. 

The past year has been especially productive for the FMLoB initiative. 
We finalized an initial set of performance measures, released exposure 
draft of the Common Government Accounting Classification (CGAC) 
Structure, and developed business process standards for Funds Control 
and Payment Management. Beyond these milestones, we are fully aware 
that in order for the new standards to be accepted, we must first 
establish a coherent implementation strategy. As a result, we are 
working to build a sound strategy that will enable a seamless 
transition to the new standard, e.g., CGAC. 

Appendix A of A-123 directs Federal managers to take a proactive 
approach to assessing internal controls by: 1) documenting the 
reporting processes end-to-end, 2) directly testing key controls to 
validate effectiveness, and 3) reporting on the results of the test in 
a new management assurance statement. These internal control 
requirements complement and support the standards set by the PMA and 
the FMLoB. Many of the ongoing assessment required under the revised A-
123 mirror the types of assessment that would occur in establishing a 
statement of positive assurance under FFMIA. 

While the draft report does not recommend any additional actions, it 
nonetheless reiterates a recommendation that OMB clarify the definition 
of "substantial compliance." In our update to Circular A-127, Financial 
Management Systems, our goal will be to simplify FFMIA compliance 
requirements as well as to better balance the FFMIA objectives of 
generating audited financial statements and providing meaningful 
information for decision makers. Accordingly, we will take your 
recommendation under advisement. In addition, the draft report 
reiterates a recommendation requiring a statement of positive 
assurance. The three initiatives outlined above are helping agencies 
identify and correct FFMIA deficiencies and, as a result, we believe 
that requiring a statement of positive assurance would be costly and 
would not provide additional information that would be of benefit to 
the Federal agency, OMB, or the taxpayer. 

Finally, we applaud GAO for planning a forum to address the challenges 
agencies face when trying to achieve and maintain compliance with 
FFMIA. We look forward to the outcome of the forum. 

Thank you again for the opportunity to review and provide comment on 
your draft report. 

Sincerely, 

Signed by: 

Linda Combs: 
Controller: 

[End of section] 

Appendix VII: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

McCoy Williams, (202) 512-9095 or williamsm1@gao.gov: 

Acknowledgments: 

In addition to the contact named above, Kay L. Daly, Assistant 
Director; F. Abe Dymond, Assistant General Counsel; Debra Cottrell; 
Francine DelVecchio; Lauren Fassler; C. Robin Hodge; Jennifer Leone; 
Sheila D. Miller; and George Warnock made key contributions to this 
report. 

FOOTNOTES 

[1] Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990). 

[2] Federal Financial Management Improvement Act of 1996, Pub. L. No. 
104-208, div. A., § 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 
30, 1996). 

[3] Department of Commerce (Commerce), Environmental Protection Agency 
(EPA), General Services Administration (GSA), National Science 
Foundation (NSF), Office of Personnel Management (OPM), and Social 
Security Administration (SSA). 

[4] The SGL provides a standard chart of accounts and standardized 
transactions that agencies are to use in all their financial systems. 

[5] Departments of Education, Housing and Urban Development (HUD), 
Interior, Labor, and State. 

[6] GAO, Financial Management Systems: Additional Efforts Needed to 
Address Key Causes of Modernization Failures, GAO-06-184 (Washington, 
D.C.: Mar. 15, 2006). 

[7] A concept of operations defines how an organization's day-to-day 
operations are (or will be) carried out to meet mission needs. It 
includes high-level descriptions of information systems, their 
interrelationships, and information flows. It also describes the 
operations that must be performed, who must perform them, and where and 
how the operations will be carried out. 

[8] Some CFO Act agencies, such as the Department of Transportation, 
the General Services Administration, and the Nuclear Regulatory 
Commission were already using the shared service provider concept prior 
to OMB's financial management line of business initiative. 

[9] GAO has worked in partnership with the President's Council on 
Integrity and Efficiency (PCIE) to develop and maintain the joint 
Financial Audit Manual, which provides specific procedures auditors 
should perform when assessing FFMIA compliance. 

[10] Pub. L. No. 97-255, 96 Stat. 814 (Sept. 8, 1982) (codified at 31 
U.S.C. § 3512 (c), (d)). 

[11] GAO, Standards for Internal Control in the Federal Government, 
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). 

[12] Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993). 

[13] Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994). 

[14] Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996). 

[15] Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002) (codified at 31 
U.S.C. § 3515). The Accountability of Tax Dollars Act of 2002 extends 
the requirement to prepare and submit audited financial statements to 
most executive agencies not subject to the CFO Act unless they are 
exempted by OMB. However, these agencies are not required to have 
systems that are compliant with FFMIA requirements. 

[16] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). 

[17] Pub L. No. 107-347, title III 116 Stat. 2946 (Dec. 17, 2002). 

[18] Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004). 

[19] The American Institute of Certified Public Accountants recognizes 
the federal accounting standards promulgated by the Federal Accounting 
Standards Advisory Board as generally accepted accounting principles. 
For a further description of federal accounting standards, see app. I. 

[20] OMB has announced that this guidance is under review and will be 
revised in 2007. 

[21] The PCIE--which is governed by Executive Order No. 12805 of May 
11, 1992--was established to (1) address integrity, economy, and 
effectiveness issues that transcend individual government agencies and 
(2) increase the professionalism and effectiveness of inspectors 
general personnel throughout the government. The PCIE is composed 
primarily of the presidentially appointed inspectors general. Officials 
from OMB, the Federal Bureau of Investigation, Office of Government 
Ethics, Office of Special Counsel, and OPM serve on the PCIE as well. 

[22] GAO-01-765G, section 260.58-.60 and GAO-03-466G, sections 701, 
701A, and 701B. 

[23] OMB Bulletin No. 06-03, Audit Requirements for Federal Financial 
Statements (Aug. 23, 2006). 

[24] OMB Bulletin No. 06-03, Audit Requirements for Federal Financial 
Statements (Aug. 23, 2006). 

[25] GAO, Financial Management: FFMIA Implementation Critical for 
Federal Accountability, GAO-02-29 (Washington, D.C.: Oct. 1, 2001); 
Financial Management: FFMIA Implementation Necessary to Achieve 
Accountability, GAO-03-31 (Washington, D.C.: Oct. 1, 2002); Financial 
Management: Sustained Efforts Needed to Achieve FFMIA Accountability, 
GAO-03-1062 (Washington, D.C.: Sept. 30, 2003); Financial Management: 
Improved Financial Systems Are Key to FFMIA Compliance, GAO-05-20 
(Washington, D.C.: Oct. 1, 2004); Financial Management: Achieving FFMIA 
Compliance Continues to Challenge Agencies, GAO-05-881 (Washington, 
D.C.: Sept. 20, 2005); and Financial Management: Improvements Under Way 
but Serious Financial Systems Problems Persist, GAO-06-970 (Washington, 
D.C.: Sept. 26, 2006). 

[26] GAO-06-970. 

[27] Federal financial system requirements define an integrated 
financial system as one that coordinates a number of previously 
unconnected functions to improve overall efficiency and control. 
Characteristics of such a system include (1) standard data 
classifications for recording financial events; (2) common processes 
for processing similar transactions; (3) consistent control over data 
entry, transaction processing, and reporting; and (4) a system design 
that eliminates unnecessary duplication of transaction entry. OMB 
Circular No. A-127, Financial Management Systems, paragraph 7(b) 
(Revised Dec. 1, 2004). 

[28] Effective December 1, 2004, all financial management system 
requirements documents and other guidance initially issued by the Joint 
Financial Management Improvement Program were transferred to OFFM and 
remain in effect until modified. 

[29] GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.: 
Jan. 31, 2007). 

[30] GAO-06-184. 

[31] Departments of Education, Housing and Urban Development (HUD), 
Interior, Labor, and State. 

[32] Agriculture, DOD, Energy, HHS, DHS, DOJ, DOT, Treasury, VA, NASA, 
NRC, and SBA. 

[33] GAO-07-310. 

[34] Disciplined processes have been shown to reduce the risks 
associated with software development and acquisition efforts to 
acceptable levels and are fundamental to successful system 
implementations. 

[35] GAO, Financial Management Systems: DHS Has an Opportunity to 
Incorporate Best Practices in Modernization Efforts, GAO-06-553T 
(Washington, D.C.: Mar. 29, 2006). 

[36] GAO, Homeland Security: Departmentwide Integrated Financial 
Management Systems Remain a Challenge, GAO-07-536 (Washington, D.C.: 
June 21, 2007); Homeland Security: Transforming Departmentwide 
Financial Management Systems Remains a Challenge, GAO-07-1041T 
(Washington, D.C.: June 28, 2007). 

[37] GAO-06-184. 

[38] The four agencies designated as shared service providers were the 
Department of the Interior (National Business Center), GSA (Federal 
Integrated Solutions Center), Department of the Treasury (Bureau of the 
Public Debt Administrative Resource Center), and Department of 
Transportation (Enterprise Services Center). 

[39] FSIO was formerly known as the Joint Financial Management 
Improvement Program (JFMIP) staff office. In December 2004, the JFMIP 
Principals voted to modify the roles and responsibilities of the JFMIP 
Program Office, now FSIO. The FSIO Executive reports to OMB's Office of 
Federal Financial Management Controller. See OMB, Update on the 
Financial Management Line of Business and the Financial Systems 
Integration Office Memorandum (Washington, D.C.: Dec. 16, 2005). 

[40] OMB, FMLOB Funds Control Standard Business Process, Exposure Draft 
(Washington, D.C.: March 2007). 

[41] OMB, FMLOB Payment Management Standard Business Process Exposure 
Draft (Washington, D.C.: May 2007). 

[42] OMB, Financial Services Assessment Guide Version 1 (Washington, 
D.C.: Mar. 30, 2007). 

[43] FSIO, Core Financial System Product Qualification Test Policy 
(Washington, D.C.: March 2007). 

[44] GAO-06-184. 

[45] GAO, Financial Management: Improvements Under Way but Serious 
Financial Systems Problems Persist, GAO-06-970 (Washington, D.C.: Sept. 
26, 2006). 

[46] GAO-02-29, GAO-03-31, GAO-05-20, GAO-05-881, and GAO-06-970. 

[47] Core financial systems, as defined by the Office of Federal 
Financial Management (OFFM), include managing general ledger, funding, 
payments, receivables, and certain basic cost functions. 

[48] Examples of administrative systems include budget, acquisition, 
travel, property, and human resources and payroll. 

[49] GAO-01-765G, section 260.58-.60 and GAO-03-466G, sections 701, 
701A, and 701B. 

[50] In October 1990, the Secretary of the Treasury, the Director of 
OMB, and the Comptroller General established FASAB to develop a set of 
generally accepted accounting standards and concepts for the federal 
government. Effective October 1, 2003, FASAB is comprised of six 
nonfederal or public members, one member from the Congressional Budget 
Office, and the three sponsors. 

[51] Accounting standards are authoritative statements of how 
particular types of transactions and other events should be reflected 
in financial statements. SFFACs explain the objectives and ideas upon 
which FASAB develops the standards. 

[52] An interpretation is a document of narrow scope that provides 
clarifications of original meaning, additional definitions, or other 
guidance pertaining to an existing federal accounting standard. 

[53] In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the Chief 
Financial Officers Council, and the President's Council on Integrity 
and Efficiency, established AAPC to assist the federal government in 
improving financial reporting. 

[54] SGL guidance is published in the Treasury Financial Manual. 
Treasury's Financial Management Service is responsible for maintaining 
the SGL and answering agency inquiries. 

[55] GAO, Standards for Internal Control in the Federal Government, 
GAO/AIMD-00-21.3 (Washington, D.C.: November 1999). 

[56] OMB Circular No. A-123, Management's Responsibility for Internal 
Control (revised Dec. 21, 2004). 

[57] Pub. L. No. 107-204, § 404, 116 Stat. 745, 789 (July 30, 2002). 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to www.gao.gov and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 
512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm: 

E-mail: fraudnet@gao.gov: 

Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400: 

U.S. Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800: 

U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: