Department of Commerce's Second-Year Efforts To Implement the Federal Managers' Financial Integrity Act

RCED-86-21: Published: Nov 5, 1985. Publicly Released: Nov 5, 1985.

Additional Materials:

Contact:

John M. Ols, Jr
(202) 512-7631
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO reviewed the Department of Commerce's second-year implementation of the Federal Managers' Financial Integrity Act and assessed: (1) Commerce's progress in implementing actions to correct internal control weaknesses and in improving its internal control evaluation process; (2) Commerce's progress in correcting accounting systems' areas of nonconformance with the Comptroller General's principles and standards and in improving its evaluation of accounting systems; and (3) the reasonableness of the Secretary's annual report on internal controls and accounting systems.

GAO found that, although Commerce is acting to correct internal control problems and its evaluation process for internal controls, it needs to strengthen its process for assessing vulnerabilities and testing. The Secretary's report identified material weaknesses in its economic development business loan program and property management system and outlined plans to correct them. Commerce made progress in establishing processes to evaluate its internal controls by: (1) issuing guidelines for evaluating and reporting on internal control systems; (2) conducting quality assurance reviews; and (3) establishing a tracking system for corrective actions. However, because the forms Commerce used to conduct vulnerability assessments were general and did not always include risks specific to the assessed activity, its vulnerability assessments did not fully identify and describe the significant risks. GAO also found that: (1) some reviews did not completely test accounting systems to determine whether they operated as intended; and (2) quality assurance evaluation reviews were conducted after testing was completed. GAO believes that Commerce is not in a sound position to accurately determine overall system conformance, since most of its systems were not adequately tested in operation.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Commerce's position is that its reviews provide reasonable assurance that the accounting systems, taken as a whole, meet GAO principles, standards, and related requirements. Commerce evaluated systems according to revised guidelines and believes that it has a sound basis for stating that its systems comply with CG principles and standards.

    Recommendation: The Secretary of Commerce should not report that the Department's accounting systems are in conformance with the Comptroller General's requirements until they have been adequately evaluated in operation.

    Agency Affected: Department of Commerce

  2. Status: Closed - Implemented

    Comments: In June 1985, Commerce revised guidelines on conducting ICR to require that ICR team leaders seek guidance from the Department at three stages of the review to ensure that the appropriate event cycle is identified and selected, all major risks, control objectives, and techniques are identified, and appropriate testing is planned and conducted.

    Recommendation: The Secretary of Commerce should direct the Assistant Secretary for Administration to ensure that her staff, or the Office of the Inspector General's staff or bureau internal control staffs, provide necessary assistance to ICR teams by evaluating their plans to test controls before the controls are actually tested.

    Agency Affected: Department of Commerce

  3. Status: Closed - Implemented

    Comments: In order to ensure compliance of Commerce's June 1985 revised guidelines chapter on conducting ICR, departmental internal control staff were directed to meet with all bureau coordinators to reiterate that ICR teams need to receive appropriate technical assistance. Commerce will monitor bureau progress on ICR to ensure that assistance is provided.

    Recommendation: The Secretary of Commerce should direct the Assistant Secretary for Administration to ensure that her staff, or the Office of the Inspector General's staff or bureau internal control staffs, provide necessary assistance to internal control review (ICR) teams by evaluating the completeness of the risks and controls identified by the teams.

    Agency Affected: Department of Commerce

  4. Status: Closed - Implemented

    Comments: Commerce has obtained a computerized system to conduct risk assessments of its ADP facility. Commerce annually conducts evaluations of ADP facilities.

    Recommendation: The Secretary of Commerce should direct the Assistant Secretary for Administration to provide criteria for evaluating ADP activities, data center operations, data origination, input, and processing.

    Agency Affected: Department of Commerce

  5. Status: Closed - Implemented

    Comments: The criteria Commerce issued in May 1987 included a vulnerability assessment form to help managers identify risk according to their importance to the assessed unit.

    Recommendation: The Secretary of Commerce should direct the Assistant Secretary for Administration to require that managers, in determining a numerical average for their vulnerability, weigh identified risks according to their importance to the assessed unit.

    Agency Affected: Department of Commerce

  6. Status: Closed - Implemented

    Comments: Revised Office of Management and Budget (OMB) Circular A-123 now permits either a vulnerability assessment or an alternative procedure which will identify potential risks in operations. Commerce opted to use the alternative procedure involving common review criteria within each bureau to come up with a numerical ranking. Criteria for managers to identify risks was issued by May 1987.

    Recommendation: The Secretary of Commerce should direct the Assistant Secretary for Administration to require managers to identify specific risks and controls associated with their activities on their vulnerability assessment forms.

    Agency Affected: Department of Commerce

  7. Status: Closed - Implemented

    Comments: Commerce drafted guidance which contained specific criteria for segmenting assessable units containing major ADP activities and reviewing Commerce's major ADP sites. Commerce issued this guidance in February 1987.

    Recommendation: The Secretary of Commerce should direct the Assistant Secretary for Administration to revise Commerce's segmentation guidelines to specify criteria for determining when automatic data processing (ADP) should be considered a separate assessable unit.

    Agency Affected: Department of Commerce

  8. Status: Closed - Implemented

    Comments: Commerce's Conference Review Handbook was revised in January 1986 to include, among other things, guidelines on testing systems as outlined in appendix H of OMB Guidelines for Evaluating Financial Management/Accounting Systems. OMB testing procedures will be a required part of the review process.

    Recommendation: The Secretary of Commerce should ensure that Commerce bureaus test their accounting systems to determine operational conformance with the Comptroller General's principles, standards, and related requirements. Specifically, testing should include determining whether valid transactions are processed in accordance with applicable requirements and whether the system reacts appropriately to invalid transactions.

    Agency Affected: Department of Commerce

 

Explore the full database of GAO's Open Recommendations »

Sep 20, 2016

Sep 6, 2016

Aug 19, 2016

Aug 12, 2016

Jul 29, 2016

Jul 28, 2016

Jul 13, 2016

Jul 11, 2016

Jun 13, 2016

Looking for more? Browse all our products here