Financial Integrity Act: Actions Needed to Correct ADP Internal Control Weaknesses
IMTEC-89-11
Published: May 09, 1989. Publicly Released: May 09, 1989.
Skip to Highlights
Highlights
GAO assessed federal agencies' implementation of the Financial Integrity Act (FMFIA) in annual management reports that accompany the President's budget, focusing on: (1) whether agencies reported automatic data processing (ADP) internal control weaknesses and how significant those weaknesses were to totals reported under FMFIA; (2) the types of ADP internal control weaknesses reported; (3) whether agencies continued to report weaknesses in evaluating ADP controls and security; and (4) the extent of and rationale for any delays in correcting the weaknesses.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Office of Management and Budget | The Office of Management and Budget (OMB) should take a leadership role to focus attention on progress to identify and correct the underlying ADP management control problems that affect successful implementation of FMFIA, and to provide Congress with useful, reliable information on overall progress. |
Closed – Implemented
In October 1989, OMB sent letters to the 16 major federal agencies, which addressed specific agency high-risk areas; areas in need of improvement in agencies' FMFIA programs; and key elements that each agency FMFIA program should embody. In addition, OMB established a semiannual reporting requirement for agencies to provide information on actions to correct items on the high risk list.
|
| Office of Management and Budget | The Director, OMB, should annually summarize for Congress agencies' ADP internal control weaknesses and the status of actions to correct: (1) ADP organization and management controls; and (2) agency evaluation methodologies needed to identify and correct ADP weaknesses. |
Closed – Implemented
The October 1989 OMB letters included ADP management issues, as well as the need to conduct ADP security reviews at some agencies. The semiannual reporting requirement will provide information on actions to correct ADP items on an agency's high risk list.
|
| Office of Management and Budget | The Director, OMB, should include in its annual summary a discussion of corrective actions that have been delayed for 1 year or more past their estimated completion dates, the reasons for delays, and the timetables for corrective actions. |
Closed – Implemented
The October 1989 OMB letters stated that weaknesses need to be tracked until corrected; and agencies should have a reporting system to highlight and explain delays and provide focus on longstanding uncorrected problems. OMB September 1989 guidance to agencies required that they specify original and current targeted correction dates, and reasons for date changes.
|
| Office of Management and Budget | To ensure that the summary information is most useful to Congress in carrying out its oversight role, OMB should link the information to the agencies' budget submissions, and describe the resulting budgetary implications. |
Closed – Implemented
The October 1989 OMB letters identify this issue as a key element in an agency's internal control and audit follow-up program. Specifically, the letters stated that correction of weaknesses should be linked to program planning and budgeting, which will help in setting priorities and obtaining resources for correction. OMB Circular A-11 will require information to correct high risk areas.
|
| Office of Management and Budget | To provide a sound basis for OMB use in summarizing the results, OMB should ensure itself that the heads of federal agencies fully report the schedules for correcting internal control weaknesses and the reasons for any delays when they occur. |
Closed – Implemented
The October 1989 OMB letters stated that weaknesses need to be tracked until corrected; and agencies should have a reporting system to highlight and explain delays and provide focus on longstanding uncorrected problems. OMB September 1989 guidance required agencies to report original and current targeted correction dates, and reasons for date changes.
|
Full Report
Office of Public Affairs
Topics
Agency missionsAgency reportsComputer securityElectronic data processingFederal agenciesInformation systemsInternal controlsReporting requirementsSystems evaluationFederal agency accounting systems