Financial Management:

Department of Homeland Security Faces Significant Financial Management Challenges

GAO-04-774: Published: Jul 19, 2004. Publicly Released: Jul 29, 2004.

Additional Materials:

Contact:

Kay L. Daly
(202) 512-6906
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

When the Department of Homeland Security (DHS) began operations in March 2003, it faced the daunting task of bringing together 22 diverse agencies. This transformation poses significant management and leadership challenges, including integrating a myriad of redundant financial management systems and addressing the existing weaknesses in the inherited components, as well as newly identified weaknesses. This review was performed to (1) identify the financial management systems' weaknesses DHS inherited from the 22 component agencies, (2) assess DHS's progress in addressing those weaknesses, (3) identify plans DHS has to integrate its financial management systems, and (4) review whether the planned systems DHS is developing will meet the requirements of relevant financial management improvement laws.

DHS inherited 30 reportable internal control weaknesses identified in prior component financial audits with 18 so severe they were considered material weaknesses. These weaknesses include insufficient internal controls, system security deficiencies, and incomplete policies and procedures necessary to complete basic financial information. Of the four inherited component agencies that had previously been subject to stand-alone audits, all four agencies' systems were found not to be in substantial compliance with the requirements of the Federal Financial Management Improvement Act (FFMIA), an indicator of whether a federal entity can produce reliable data for management and reporting purposes. Component agencies took varied actions to resolve 9 of the 30 inherited internal control weaknesses. The remaining 21 weaknesses were combined and reported as material weaknesses or reportable conditions in DHS's first Performance and Accountability Report, or were reclassified by independent auditors as lower-level observations and recommendations. Combining or reclassifying weaknesses does not resolve the underlying internal control weakness, or mean that challenges to address them are less than they would have been prior to the establishment of DHS. DHS is in the early stages of acquiring a financial enterprise solution to consolidate and integrate its business functions. Initiated in August 2003, DHS expects the financial enterprise solution to be fully deployed and operational in 2006 at an estimated cost of $146 million. Other agencies have failed in attempts to develop financial management systems with fewer diverse operations. Success will depend on a number of variables, including having an effective strategic management framework, sustained management oversight, and user acceptance of the efforts. It is too early to tell whether DHS's planned financial enterprise solution will be able to meet the requirements of relevant financial management improvement laws. As of June 2004, DHS is not subject to the CFO Act and thus FFMIA, which is applicable only to agencies subject to the CFO Act. While DHS is currently not required to report on compliance with FFMIA, its auditors disclosed systems deficiencies that would have likely resulted in noncompliance issues.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Matter for Congressional Consideration

    Matter: In view of the size of DHS and the importance of the CFO Act and FFMIA in improving financial management and its applicability to all other cabinet departments, the Congress may wish to consider enacting legislation to designate DHS as a CFO Act agency.

    Status: Closed - Implemented

    Comments: In the aftermath of the terrorist attacks of September 11, 2001, the Congress passed and the President signed the Homeland Security Act of 2002 (HSA), which merged 22 federal agencies and organizations into a new Department of Homeland Security (DHS). DHS was formed in March 2003 and at that time had the third largest budget in the federal government, about $40 billion for fiscal year 2005. GAO has designated implementation and transformation of the new DHS as high risk based on several factors. When DHS was formed by the HSA, the department was not legislatively subjected to two key financial management improvement laws: The Chief Financial Officers Act of 1990 (CFO Act) and the Federal Financial Management Improvement Act of 1996 (FFMIA). The goals of the CFO Act and FFMIA are, among other things, to provide the Congress and agency management with reliable financial information for managing and making day-to-day decisions and to improve financial management systems and controls to properly safeguard the government's assets. Further, when DHS was formed, it inherited 30 reportable internal control conditions that had been identified in prior component agencies financial statement audits. In view of the size of DHS, the internal control conditions it inherited, and the importance of the CFO Act and FFMIA in improving financial management, GAO strongly supported legislatively requiring DHS to comply with these laws in testimony and in written products. On May 4, 2004, H.R. 4259, the Department of Homeland Security Financial Accountability Act, was introduced in the House of Representatives and was passed by the Congress and presented to the President for signature on October 5, 2004. This Act legislatively requires DHS to comply with the provisions of the CFO Act and FFMIA.

    Recommendations for Executive Action

    Recommendation: To improve financial management at the department, the Secretary of Homeland Security should direct the Under Secretary for Management to continue to maintain strong involvement of key stakeholders and top management throughout the acquisition and implementation of the eMerge2 initiative.

    Agency Affected: Department of Homeland Security: Directorate of Management

    Status: Closed - Implemented

    Comments: In December 2005, the Bearing Point contract for eMerge2 expired. Key stakeholders and DHS management concluded that further investment in eMerge2 was high risk. Instead, DHS management, in consultation with key stakeholders, at that time established plans to focus on reducing the number of internal financial management systems by utilizing OMB's "Centers of Excellence" initiative for the delivery of financial management services. DHS management (with the involvement of key stakeholders) has been working since that time to ameliorate against systems failure risks in utilizing the OMB initiatives. These sustained actions by DHS management, and its stakeholders, are consistent with the intent of our recommendation directed at ensuring strong management involvement throughout system implementation.

    Recommendation: To improve financial management at the department, the Secretary of Homeland Security should direct the Under Secretary for Management to assess the impact of further reduction in financial service providers on DHS staff and their ability to produce timely financial information.

    Agency Affected: Department of Homeland Security: Directorate of Management

    Status: Closed - Implemented

    Comments: In December 2005, the Bearing Point contract to implement eMerge2, which would have influenced the number of service providers, expired and the initiative to acquire and implement a new department-wide financial management system for the Department of Homeland Security (DHS) ended. DHS is currently considering various financial management systems options, including migrating to a shared service provider approach. DHS also reported performing an internal assessment, including consideration of resourcing leveraging opportunities through the use of financial service providers. These actions are consistent with the intent of our recommendation to assess the impact of using shared service providers on DHS resources.

    Recommendation: To improve financial management at the department, the Secretary of Homeland Security should direct the Under Secretary for Management to adhere to FFMIA requirements, including JFMIP requirements, even though the department is not statutorily required to do so.

    Agency Affected: Department of Homeland Security: Directorate of Management

    Status: Closed - Implemented

    Comments: For fiscal years 2003 and 2004, DHS was required to prepare audited financial statements under the Accountability of Tax Dollars Act of 2002 (Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002). However, because DHS was not a CFO Act agency, it was not subject to FFMIA requirements including JFMIP requirements. On October 16, 2004, the DHS Financial Accountability Act, Pub. L No. 108-330, 118 Stat. 1275 (Oct. 16, 2004), added DHS to the list of CFO Act agencies. Thus, DHS will now be required to adhere to FFMIA requirements, including JFMIP requirements and DHS's auditors will be required to test compliance with these requirements.

    Recommendation: To improve financial management at the department, the Secretary of Homeland Security should direct the Under Secretary for Management to have independent auditors report annually on compliance with FFMIA.

    Agency Affected: Department of Homeland Security: Directorate of Management

    Status: Closed - Implemented

    Comments: For fiscal years 2003 and 2004, DHS was required to prepare audited financial statements under the Accountability of Tax Dollars Act of 2002 (Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002). However because DHS was not a CFO Act agency, it was not subject to requirements including FFMIA requirements including JFMIP requirements. On October 16, 2004, the DHS Financial Accountability Act, Pub. L No. 108-330, 118 Stat. 1275 (Oct. 16, 2004), added DHS to the list of CFO Act agencies, increasing the number of CFO Act agencies to 24 for fiscal year 2005. Thus, DHS and its auditors will now be required to report annually on compliance with FFMIA.

    Recommendation: To improve financial management at the department, the Secretary of Homeland Security should direct the Under Secretary for Management to continue to give sustained attention to addressing previously reported material weaknesses, reportable conditions, and observations and recommendations.

    Agency Affected: Department of Homeland Security: Directorate of Management

    Status: Closed - Implemented

    Comments: DHS released its first Internal Controls Over Financial Reporting (ICOFR) Playbook in March 2007. DHS expects the ICOFR Playbook to guide the agency ahead for the next several years through fundamental financial management improvement across the spectrum of financial activities supporting DHS's mission. The ICOFR Playbook includes specific strategies to design and implement internal controls to correct identified significant financial reporting weaknesses. As a result, in its fiscal year 2007 reporting, DHS increased from four to seven the number of DHS components with no material weaknesses. While many financial management challenges and material weaknesses remain at DHS, the ICOFR Playbook establishes a vehicle to better ensure the department's sustained attention to addressing previously reported material weaknesses, reportable conditions, and observations and recommendations.

    Recommendation: To improve financial management at the department, the Secretary of Homeland Security should direct the Under Secretary for Management to complete development of corrective action plans for all material weaknesses, reportable conditions, and observations and recommendations.

    Agency Affected: Department of Homeland Security: Directorate of Management

    Status: Closed - Implemented

    Comments: DHS issued a Mission Action Plan guide for financial management for fiscal year 2008. In accordance with the guide, DHS and its components are to develop plans for corrective actions that are to be implemented for any new or existing internal control deficiencies over financial reporting (as identified by management or the external auditors). These actions are to be documented (including planned remediation actions, timeframes, key milestones, assignment of responsibilities) Actions planned for each control deficiency at the DHS component level) in the DHS Internal Control Over Financial Reporting (ICOFR) Playbook.

    Recommendation: To improve financial management at the department, the Secretary of Homeland Security should direct the Under Secretary for Management to ensure that internal control weaknesses are addressed at the component level if they were combined or reclassified at the departmentwide level.

    Agency Affected: Department of Homeland Security: Directorate of Management

    Status: Closed - Implemented

    Comments: In 2006, DHS issued Management Directive 1030, Corrective Action Plans. Further, in 2008, the Department issued a Mission Action Plan guide for financial management. In accordance with the guide, DHS components are to develop corrective action plans (including specific actions, timeframes, key milestones, assignment of responsibility, and the timing of corrective action validation) for any new or existing internal control deficiencies over financial reporting (whether identified by management or the external auditors), for input into the DHS Internal Control Over Financial Reporting (ICOFR) Playbook. If effectively implemented, the ICOFR Playbook should, consistent with our recommendation, document the remediation actions planned for each deficiency at the DHS component level.

    Recommendation: To improve financial management at the department, the Secretary of Homeland Security should direct the Under Secretary for Management to maintain a tracking system of all auditor-identified and management-identified control weaknesses.

    Agency Affected: Department of Homeland Security: Directorate of Management

    Status: Closed - Implemented

    Comments: In 2006, DHS developed the Electronic Program Management Office (ePMO) system, which enables the Department and components to track the corrective actions being undertaken at the component level to ensure a coordinated Department-wide response to auditor findings and recommendations. DHS requires staff to use this system to track the resolution of findings. If effectively implemented, DHS should be able to use this system to better track corrective actions being put in to place across the department.

    Jul 30, 2014

    Jul 9, 2014

    Jun 19, 2014

    May 30, 2014

    May 15, 2014

    May 13, 2014

    May 12, 2014

    May 2, 2014

    Mar 27, 2014

    Looking for more? Browse all our products here