DHS Financial Management:

Additional Efforts Needed to Resolve Deficiencies in Internal Controls and Financial Management Systems

GAO-13-561: Published: Sep 30, 2013. Publicly Released: Nov 14, 2013.

Additional Materials:

Contact:

Asif A. Khan
(202) 512-9869
khana@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Department of Homeland Security (DHS) has made considerable progress toward obtaining a clean opinion on its financial statements but limited progress in obtaining a clean opinion on its internal control over financial reporting. DHS continues to rely on compensating controls and complex manual work-arounds rather than sound internal control over financial reporting and effective financial management systems. DHS is working to resolve the deficiencies that caused its auditors to issue a qualified opinion on its fiscal year 2012 financial statements and has a goal of achieving a clean opinion in fiscal year 2013. In addition, DHS has plans to resolve the remaining five material internal control weaknesses, with a goal of achieving a clean opinion on internal control over financial reporting for fiscal year 2016. However, DHS's auditors stated that they may have identified additional material weaknesses in fiscal year 2012 had they been able to perform sufficient work to enable them to express an opinion on the effectiveness of DHS's internal control over financial reporting. DHS will continue to face challenges in obtaining and sustaining a clean opinion on its financial statements and attaining a clean opinion on its internal control over financial reporting until serious internal control and financial management systems deficiencies are resolved.

DHS's decentralized approach for modernizing its components' financial systems is consistent with relevant Office of Management and Budget (OMB) requirements, such as implementing projects in smaller, simpler segments, but not all relevant information technology (IT) best practices have been fully implemented. DHS plans to modernize the financial systems of components with the most critical need first and integrate the financial systems with asset management and acquisition systems, resulting in component-level integrated financial management systems. DHS has implemented certain IT recommended best practices that reflect key areas of effective program management, such as conducting an analysis of alternatives, establishing a governance structure, developing baseline business process requirements, and developing a description of its current financial management environment. However, DHS has not yet fully incorporated other IT best practices that help improve the effectiveness of such implementation. Specifically, DHS has not developed (1) a description of how its components' financial management systems will operate in the future (detailed target state), (2) a description of how components will transition to a new financial management environment (department-level transition plan), (3) procedures for validating the completion of and updating the milestone dates for activities reflected in its integrated master schedule, and (4) procedures for addressing key elements of a lessons learned process. DHS plans to develop a target state and transition plan after its components award their financial system modernization contracts. DHS officials stated that validating and updating activities in the master schedule were covered by broader procedures. The officials also stated that they had sufficient procedures for identifying, documenting, and sharing lessons learned. Without a detailed target state, department-level transition plan, and specific procedures, DHS has an increased risk of, among other things, investing in and implementing systems that do not provide the desired capabilities and inefficiently using resources during its financial management system modernization efforts.

Why GAO Did This Study

In 2003, GAO designated DHS's management functions--including financial management--as high risk. Since obtaining a clean opinion on its financial statements and improving the effectiveness of internal controls are key aspects of DHS's strategy for addressing its high-risk financial management issues, GAO was asked to review DHS's efforts to strengthen its financial reporting, including how it plans to modernize its current financial systems. This report examines (1) DHS's progress toward obtaining clean opinions on its financial statements and internal control over financial reporting and (2) the extent to which DHS's approach for modernizing its current financial systems was consistent with OMB requirements and whether DHS followed certain IT best practices while implementing its approach. GAO interviewed key DHS officials, reviewed relevant DHS guidance and documents, and determined whether DHS followed OMB requirements and certain industry best practices.

What GAO Recommends

To help DHS deploy component-level integrated financial management systems, GAO is making four recommendations to DHS regarding the need to follow best practices related to its target state, transition plan, integrated master schedule, and lessons learned. DHS generally agreed with GAO’s recommendations and described actions already taken to address them. GAO agrees that DHS has completed actions to address two recommendations, but further action is needed to address the others.

For more information, contact Asif A. Khan at (202) 512-9869 or khana@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: In its January 2014 statement of actions to address the recommendations in GAO-13-561, DHS reaffirmed its concurrence with our recommendation and reiterated that it had already developed a target state in various documents for its modernization efforts and requested that our recommendation be considered resolved and closed. In February 2014, DHS provided us its updated financial management target state. While DHS's target state describes aspects of its financial management environment in nontechnical business terms, it continues to lack technical details such as data required and produced by the future systems.

    Recommendation: To help DHS and its components improve their ability to achieve DHS's end goal of deploying component-level integrated financial management systems, the Acting Secretary of Homeland Security should direct the Under Secretary for Management to develop a detailed target state that describes both in technical and nontechnical terms how its various components' financial management systems will interact with each other and how information will flow among those systems.

    Agency Affected: Department of Homeland Security

  2. Status: Open

    Comments: In its January 2014 statement of actions to address the recommendations in GAO-13-561, DHS reaffirmed its concurrence with our recommendation and reiterated that it had already developed a target strategy for moving from its current financial management environment to the future financial management environment and requested that our recommendation be considered resolved and closed. Additionally, DHS stated that its components are required to develop transition planning information after they have selected their shared service provider solution. As we reported, DHS's transition strategy does not contain needed elements of a transition plan (e.g., the optimal sequencing of activities) which would help DHS effectively and efficiently allocate and use available resources. DHS plans to provide GAO updated documentation.

    Recommendation: To help DHS and its components improve their ability to achieve DHS's end goal of deploying component-level integrated financial management systems, the Acting Secretary of Homeland Security should direct the Under Secretary for Management to develop and implement a department-level transition plan for moving from DHS's current financial management environment to the future financial management environment.

    Agency Affected: Department of Homeland Security

  3. Status: Closed - Implemented

    Comments: On August 8, 2013, DHS revised and finalized its SOP related to the department-level integrated master schedule to include specific procedures to address our recommendation. Specifically, DHS established procedures for revising milestone dates and providing written confirmation of completed activities to the OCFO. We determined that DHS's actions address the intent of our recommendation and should assist the OCFO in effectively measuring the progress of each component's modernization project as well as identifying potential problems related to a project.

    Recommendation: To help DHS and its components improve their ability to achieve DHS's end goal of deploying component-level integrated financial management systems, the Acting Secretary of Homeland Security should direct the Under Secretary for Management to update the Standard Operating Procedures (SOP) related to the department-level integrated master schedule to include specific procedures for components to revise milestone dates and provide the Office of the Chief Financial Officer (OCFO) written confirmation of completed activities to maintain accurate and timely information within the master schedule.

    Agency Affected: Department of Homeland Security

  4. Status: Closed - Implemented

    Comments: On August 8, 2013, DHS revised and finalized its SOP related to its financial management system modernization lessons learned process. Specifically, DHS established procedures for performing key elements of a lessons learned process, including identifying lessons learned using both internal and external sources and documenting and sharing relevant lessons learned. We determined that DHS's actions address the intent of our recommendation and should reduce the risk of DHS overlooking beneficial lessons learned, which may increase the success of current and future financial management system modernization projects.

    Recommendation: To help DHS and its components improve their ability to achieve DHS's end goal of deploying component-level integrated financial management systems, the Acting Secretary of Homeland Security should direct the Under Secretary for Management to include in the SOP for financial management system modernization specific procedures for consistently and systematically performing key elements of a lessons learned process, including identifying lessons learned using both internal and external sources and documenting and sharing relevant lessons learned.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Nov 20, 2014

Nov 17, 2014

Nov 12, 2014

Nov 10, 2014

Nov 7, 2014

Nov 6, 2014

Sep 22, 2014

Looking for more? Browse all our products here