Skip to main content

DHS Financial Management: Additional Efforts Needed to Resolve Deficiencies in Internal Controls and Financial Management Systems

GAO-13-561 Published: Sep 30, 2013. Publicly Released: Nov 14, 2013.
Jump To:
Skip to Highlights

Highlights

What GAO Found

The Department of Homeland Security (DHS) has made considerable progress toward obtaining a clean opinion on its financial statements but limited progress in obtaining a clean opinion on its internal control over financial reporting. DHS continues to rely on compensating controls and complex manual work-arounds rather than sound internal control over financial reporting and effective financial management systems. DHS is working to resolve the deficiencies that caused its auditors to issue a qualified opinion on its fiscal year 2012 financial statements and has a goal of achieving a clean opinion in fiscal year 2013. In addition, DHS has plans to resolve the remaining five material internal control weaknesses, with a goal of achieving a clean opinion on internal control over financial reporting for fiscal year 2016. However, DHS's auditors stated that they may have identified additional material weaknesses in fiscal year 2012 had they been able to perform sufficient work to enable them to express an opinion on the effectiveness of DHS's internal control over financial reporting. DHS will continue to face challenges in obtaining and sustaining a clean opinion on its financial statements and attaining a clean opinion on its internal control over financial reporting until serious internal control and financial management systems deficiencies are resolved.

DHS's decentralized approach for modernizing its components' financial systems is consistent with relevant Office of Management and Budget (OMB) requirements, such as implementing projects in smaller, simpler segments, but not all relevant information technology (IT) best practices have been fully implemented. DHS plans to modernize the financial systems of components with the most critical need first and integrate the financial systems with asset management and acquisition systems, resulting in component-level integrated financial management systems. DHS has implemented certain IT recommended best practices that reflect key areas of effective program management, such as conducting an analysis of alternatives, establishing a governance structure, developing baseline business process requirements, and developing a description of its current financial management environment. However, DHS has not yet fully incorporated other IT best practices that help improve the effectiveness of such implementation. Specifically, DHS has not developed (1) a description of how its components' financial management systems will operate in the future (detailed target state), (2) a description of how components will transition to a new financial management environment (department-level transition plan), (3) procedures for validating the completion of and updating the milestone dates for activities reflected in its integrated master schedule, and (4) procedures for addressing key elements of a lessons learned process. DHS plans to develop a target state and transition plan after its components award their financial system modernization contracts. DHS officials stated that validating and updating activities in the master schedule were covered by broader procedures. The officials also stated that they had sufficient procedures for identifying, documenting, and sharing lessons learned. Without a detailed target state, department-level transition plan, and specific procedures, DHS has an increased risk of, among other things, investing in and implementing systems that do not provide the desired capabilities and inefficiently using resources during its financial management system modernization efforts.

Why GAO Did This Study

In 2003, GAO designated DHS's management functions--including financial management--as high risk. Since obtaining a clean opinion on its financial statements and improving the effectiveness of internal controls are key aspects of DHS's strategy for addressing its high-risk financial management issues, GAO was asked to review DHS's efforts to strengthen its financial reporting, including how it plans to modernize its current financial systems. This report examines (1) DHS's progress toward obtaining clean opinions on its financial statements and internal control over financial reporting and (2) the extent to which DHS's approach for modernizing its current financial systems was consistent with OMB requirements and whether DHS followed certain IT best practices while implementing its approach. GAO interviewed key DHS officials, reviewed relevant DHS guidance and documents, and determined whether DHS followed OMB requirements and certain industry best practices.

Recommendations

To help DHS deploy component-level integrated financial management systems, GAO is making four recommendations to DHS regarding the need to follow best practices related to its target state, transition plan, integrated master schedule, and lessons learned. DHS generally agreed with GAO’s recommendations and described actions already taken to address them. GAO agrees that DHS has completed actions to address two recommendations, but further action is needed to address the others.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security To help DHS and its components improve their ability to achieve DHS's end goal of deploying component-level integrated financial management systems, the Acting Secretary of Homeland Security should direct the Under Secretary for Management to develop a detailed target state that describes both in technical and nontechnical terms how its various components' financial management systems will interact with each other and how information will flow among those systems.
Closed – Implemented
DHS has taken sufficient steps to address the intent of our recommendation. With respect to developing a target state, DHS has developed a financial systems modernization transition plan and architecture roadmap that collectively describe a target architecture for DHS financial management segment in business terms (e.g., business functions, business processes) and technical terms (e.g., account classification standards data model, shared services, and federated solution approach). With respect to developing and implementing a department-level transition plan, the financial systems modernization transition plan includes a sequencing plan that includes a transition lifecycle and a transition timetable for the Components. In addition, it describes improvement opportunities including an implementation timeframe for each improvement opportunity.
Department of Homeland Security To help DHS and its components improve their ability to achieve DHS's end goal of deploying component-level integrated financial management systems, the Acting Secretary of Homeland Security should direct the Under Secretary for Management to develop and implement a department-level transition plan for moving from DHS's current financial management environment to the future financial management environment.
Closed – Implemented
DHS has taken sufficient steps to address the intent of our recommendation. DHS developed a department-level transition plan, and the financial systems modernization transition plan includes a sequencing plan that includes a transition lifecycle and a transition timetable for specific DHS components. In addition, it describes improvement opportunities including an implementation timeframe for each improvement opportunity.
Department of Homeland Security To help DHS and its components improve their ability to achieve DHS's end goal of deploying component-level integrated financial management systems, the Acting Secretary of Homeland Security should direct the Under Secretary for Management to update the Standard Operating Procedures (SOP) related to the department-level integrated master schedule to include specific procedures for components to revise milestone dates and provide the Office of the Chief Financial Officer (OCFO) written confirmation of completed activities to maintain accurate and timely information within the master schedule.
Closed – Implemented
On August 8, 2013, DHS revised and finalized its SOP related to the department-level integrated master schedule to include specific procedures to address our recommendation. Specifically, DHS established procedures for revising milestone dates and providing written confirmation of completed activities to the OCFO. We determined that DHS's actions address the intent of our recommendation and should assist the OCFO in effectively measuring the progress of each component's modernization project as well as identifying potential problems related to a project.
Department of Homeland Security To help DHS and its components improve their ability to achieve DHS's end goal of deploying component-level integrated financial management systems, the Acting Secretary of Homeland Security should direct the Under Secretary for Management to include in the SOP for financial management system modernization specific procedures for consistently and systematically performing key elements of a lessons learned process, including identifying lessons learned using both internal and external sources and documenting and sharing relevant lessons learned.
Closed – Implemented
On August 8, 2013, DHS revised and finalized its SOP related to its financial management system modernization lessons learned process. Specifically, DHS established procedures for performing key elements of a lessons learned process, including identifying lessons learned using both internal and external sources and documenting and sharing relevant lessons learned. We determined that DHS's actions address the intent of our recommendation and should reduce the risk of DHS overlooking beneficial lessons learned, which may increase the success of current and future financial management system modernization projects.

Full Report

GAO Contacts

Office of Public Affairs

Topics

AccountingAuditing standardsBest practicesFinancial managementFinancial management systemsFinancial statement auditsFinancial statementsHomeland securityInformation technologyInternal controlsLessons learnedReporting requirements