This is the accessible text file for GAO report number GAO-03-31 entitled 'Financial Management: FFMIA Implementation Necessary to Achieve Accountability' which was released on October 1, 2002. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. United States General Accounting Office: GAO: Report to Congressional Committees: October 2002: Financial Management: FFMIA Implementation Necessary to Achieve Accountability: GAO-03-31: GAO Highlights: Highlights of GAO-03-31 report to Congressional Committees. Why GAO Did This Study: The ability to produce the data needed to efficiently and effectively manage the day-to-day operations of the federal government and provide accountability to taxpayers has been a long-standing challenge at most federal agencies. To help address this challenge, the Federal Financial Management Improvement Act of 1996 (FFMIA) requires the 24 Chief Financial Officers Act agencies to implement and maintain financial management systems that comply substantially with (1) federal systems requirements, (2) federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL). FFMIA also requires GAO to report annually on the implementation of the act. What GAO Found: Since enactment of FFMIA in 1996, agencies have generally continued to make progress to achieve compliance with the act. At the same time, most agencies’ systems continue to have shortcomings. As shown in the chart below, audit reports highlight 6 recurring problems that were consistently reported at 20 agencies whose auditors concluded that systems were not in compliance with one or more FFMIA requirements. Figure : Problems Reported by Auditors for Fiscal Years 2000 and 2001: Nonintegrated financial management systems: Fiscal year 2000: 13 agencies; Fiscal year 2001: 14 agencies. Inadequate reconciliation procedures: Fiscal year 2000: 16 agencies; Fiscal year 2001: 13 agencies. Lack of accurate and timely reporting: Fiscal year 2000: 14 agencies; Fiscal year 2001: 12 agencies. Noncompliance with the SGL: Fiscal year 2000: 8 agencies; Fiscal year 2001: 8 agencies. Lack of adherence to federal accounting standards: Fiscal year 2000: 12 agencies; Fiscal year 2001: 14 agencies. Weak security over information systems: Fiscal year 2000: 19 agencies; Fiscal year 2001: 20 agencies. [End of table] Following OMB’s reporting guidance, auditors for the remaining four agencies provided negative assurance on compliance, meaning that nothing came to their attention indicating that these agencies’ financial management systems did not meet FFMIA requirements. GAO does not believe that this type of reporting is sufficient. FFMIA requires the auditor to state “whether” the agency systems are in substantial compliance, which in our view, requires the auditor to perform sufficient audit tests to be able to provide positive assurance. Agencies have recognized the seriousness of their financial system problems, and many initiatives are planned or underway to overhaul financial management systems, including efforts to develop cost management information which is key to measuring program performance. Increasing attention from the highest levels of the federal government is being targeted on improving financial management. The President’s Management Agenda Fiscal Year 2002 included improved financial performance as one of the five top governmentwide management goals. The administration is aggressively pursuing strategies to reform federal business practices, and has underscored the need for financial management systems modernization. What GAO Recommends: GAO reaffirms its prior recommendations that OMB revise its FFMIA audit testing and reporting guidance including recommendations to: (1) provide a statement of positive assurance when reporting an agency’s systems to be in substantial compliance with FFMIA, and; (2) emphasize the significance of agencies’ ability to provide cost management information for measuring the results of program performance. OMB agreed to reconsider revising its audit guidance once its overall federal financial management policy is finalized. The full report, including GAO's objectives, scope, methodology, and analysis is available at [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-03-31]. For additional information about the report, contact Sally Thompson (202-512-9450 or by e-mail at thompsons@gao.gov). [End of section] Contents: Letter: Results In Brief: Background: Scope and Methodology: Continued System Weaknesses Impair Financial Management Accountability: Crosscutting Reasons for Noncompliance Indicate Serious Problems Remain: Auditors Provided Negative Assurance as to Substantial Compliance: Remediation Plans Have Improved: Agency Efforts to Implement New Financial Systems: Managerial Cost Information Is Critical for Implementing the President’s Management Agenda: Increasing Emphasis On Improving Financial Management from the Highest Levels of Government: Conclusions: Agency Comments And Our Evaluation: Appendixes: Appendix I: Publications in the Federal Financial Management Systems Requirements Series: Appendix II: Statements of Federal Financial Accounting Concepts, Standards, and Interpretations: Appendix III: AAPC Technical Releases: Appendix IV: Checklists for Reviewing Systems Under the Federal Financial Management Improvement Act: Appendix V: Comments From the Office of Management and Budget: Appendix VI: GAO Contacts and Staff Acknowledgments: GAO Contacts: Acknowledgments: Figures: Figure 1: Problems Reported by Auditors for Fiscal Years 2000 and 2001: Figure 2: Framework for Providing Accountability and Good Management Information: Figure 3: Agency Systems Architecture: Figure 4: Auditors’ FFMIA Determinations for Fiscal Year 2001: Figure 5: Problems Reported by Auditors for Fiscal Years 2000 and 2001: Figure 6: Results of Review of Fiscal Year 2000 Remediation Plans: Abbreviations: AAPC: Accounting and Auditing Policy Committee: AID: Agency for International Development: ARB: Activity-Based Budgeting: ABC: Activity-Based Costing: BLM: Bureau of Land Management: CFO: Chief Financial Officer: CIO: Chief Information Officer: COTS: Commercial Off-the-Shelf: DOD: Department of Defense: DOT: Department of Transportation: EPA: Environmental Protection Agency: FAA: Federal Aviation Administration: FAM: Financial Audit Manual: FASAB: Federal Accounting Standards Advisory Board: FEMA: Federal Emergency Management Agency: FFMIA: Federal Financial Management Improvement Act: FFMSR: Federal Financial Management Systems Requirements: FHA: Federal Housing Administration: FIA: Federal Managers’ Financial Integrity Act: FMS: Financial Management Service: GAO: General Accounting Office: GISRA: Government Information Security Reform Act: GMRA: Government Management Reform Act: GPRA: Government Performance and Results Act: GSA: General Services Administration: HHS: Health and Human Services: HUD: Housing and Urban Development: HUDCAPS: Housing and Urban Development’s Central Accounting and Program System: IFMS: Integrated Financial Management System: IG: Inspector General: IRS: Internal Revenue Service: IT: Information Technology: JFMIP: Joint Financial Management Improvement Program: MIT: Management Improvement Team: NASA: National Aeronautics and Space Administration: NRC: National Regulatory Commission: NSF: National Science Foundation: OCFO: Office of the Chief Financial Officer: OMB: Office of Management and Budget: OPM: Office of Personnel Management: PCIE: President’s Council on Integrity and Efficiency: SBA: Small Business Administration: SFFAC: Statements of Federal Financial Accounting Concepts: SFFAS: Statements of Federal Financial Accounting Standards: SGL: Standard General Ledger: SSA: Social Security Administration: USDA: United States Department of Agriculture: [End of section] United States General Accounting Office: Washington, D.C. 20548: October 1, 2002: The Honorable Joseph I. Lieberman: Chairman: The Honorable Fred Thompson: Ranking Minority Member: Committee on Governmental Affairs: United States Senate: The Honorable Dan Burton: Chairman: The Honorable Henry A. Waxman: Ranking Minority Member: Committee on Government Reform: House of Representatives: The ability to produce the data needed to efficiently and effectively manage the day-to-day operations of the federal government and provide accountability to taxpayers and the Congress has been a long-standing challenge at most federal agencies. To address this challenge, the Chief Financial Officers (CFO) Act of 1990[Footnote 1] calls for the modernization of financial management systems, so that the systematic measurement of performance, the development of cost information, and the integration of program, budget, and financial information for management reporting can be achieved. The Federal Financial Management Improvement Act of 1996 (FFMIA) [Footnote 2] builds on the foundation laid by the CFO Act by emphasizing the need for agencies to have systems that can generate reliable, useful, and timely information with which to make fully informed decisions and to ensure accountability on an ongoing basis. FFMIA requires the 24 major departments and agencies covered by the CFO Act to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards,[Footnote 3] and (3) the U.S. Government Standard General Ledger (SGL)[Footnote 4] at the transaction level. FFMIA also requires auditors to report in their CFO Act financial statement audit reports whether the agencies’ financial management systems substantially comply with FFMIA’s systems requirements. We are required to report annually on the implementation of the act. This, our sixth annual report, discusses (1) auditors’ FFMIA determinations and widespread systems problems that affect agency systems’ compliance with FFMIA, (2) issues related to auditors providing negative assurance as to substantial compliance with the act, (3) agency plans to bring their systems into compliance, (4) agency efforts to implement new financial management systems and the increasing importance of managerial cost information, and (5) the impact of the President’s Management Agenda and the Joint Financial Management Improvement Program (JFMIP) Principals[Footnote 5] on improving federal financial management. Results in Brief: Federal agencies are making progress to address financial management systems weaknesses. At the same time, the results of the fiscal year 2001 FFMIA assessments performed by the 24 CFO Act agency inspectors general (IG) or their contract auditors show that most agencies’ financial management systems continue to have shortcomings. While much more severe at some agencies than others, the nature and seriousness of the problems indicate that, generally, agency management does not yet have the full range of information needed for accountability, performance reporting, and decision making. Auditors for 20 of the 24 CFO Act agencies reported that their agencies’ financial management systems did not comply substantially with certain FFMIA requirements. Auditors reported the same six types of problems in their fiscal year 2000 audit reports, as highlighted in figure 1. Figure 1: Problems Reported by Auditors for Fiscal Years 2000 and 2001: Nonintegrated financial management systems: Fiscal year 2000: 13 agencies; Fiscal year 2001: 14 agencies. Inadequate reconciliation procedures: Fiscal year 2000: 16 agencies; Fiscal year 2001: 13 agencies. Lack of accurate and timely reporting: Fiscal year 2000: 14 agencies; Fiscal year 2001: 12 agencies. Noncompliance with the SGL: Fiscal year 2000: 8 agencies; Fiscal year 2001: 8 agencies. Lack of adherence to federal accounting standards: Fiscal year 2000: 12 agencies; Fiscal year 2001: 14 agencies. Weak security over information systems: Fiscal year 2000: 19 agencies; Fiscal year 2001: 20 agencies. Source: GAO analysis of agency audit reports for fiscal years 2000 and 2001. We did not independently verify or test the data in the agency audit reports. [End of table] As a result of these problems, most agencies’ financial management systems are not yet able to routinely produce reliable, useful, and timely financial information. For example, agency financial management systems are required to produce information on the full cost of programs and projects. Currently, some agencies are only able to provide cost accounting information at the end of the year through periodic cost surveys. Agencies are experimenting with methods of accumulating and assigning costs to obtain the managerial cost information needed to enhance programs, improve processes, establish fees, develop budgets, prepare financial reports, and report on performance. Auditors for the remaining four agencies—the Departments of Energy and Labor, the General Services Administration (GSA), and the Social Security Administration (SSA)—provided negative assurance in reporting on FFMIA compliance for fiscal year 2001, meaning that while they do not opine as to FFMIA compliance, nothing came to their attention during the course of their planned procedures indicating that these agencies’ financial management systems did not meet FFMIA requirements. If readers do not understand the concept of negative assurance, which is the type of reporting specified in the Office of Management and Budget’s (OMB) auditing guidance, they may have gained an incorrect impression that these systems have been fully tested by the auditors and found to be substantially compliant. Because the act requires auditors to “report whether” agency systems are substantially compliant, the auditor needs to provide positive assurance, which would be a definitive statement as to whether agency financial management systems substantially comply with FFMIA. To provide positive assurance, more testing is necessary than that performed for the purposes of rendering an opinion on the financial statements. In this regard, OMB has not acted on our prior recommendations, but instead focused on new initiatives to promote improvements in agency financial management systems. To address identified problems, FFMIA requires agencies to prepare remediation plans describing the actions they took or plan to take to overcome financial management systems problems and bring them into FFMIA compliance. At the time of our review, the most current remediation plans covered problems reported in fiscal year 2000 audit reports. Of the 19 agencies[Footnote 6] whose systems were reported as not in substantial compliance during fiscal year 2000, 15 prepared remediation plans. Our review of these 15 remediation plans showed that, overall, the plans had improved somewhat over the fiscal year 1999 plans, although some plans still lacked fundamental elements such as staffing and funding resources required to complete the proposed corrective actions. A lack of substance in the plans, including associating resources to detailed corrective actions, can limit the likelihood of success in adequately implementing the corrective actions. To help address our prior recommendations related to inadequate remediation plans, OMB has implemented a multidisciplinary approach to provide additional expertise to the review and oversight to agencies’ plans. Across government, agencies have many efforts underway to implement or upgrade financial systems to alleviate long-standing problems in financial management. A number of these agencies are in the implementation phases of these projects, and other agencies are in the planning and design phases. Many of these new financial systems are commercial-off-the-shelf (COTS) packages sold by vendors whose software has been certified[Footnote 7] by the JFMIP. However, JFMIP’s certification that a vendor’s software meets many of the core financial management system requirements is just one of the conditions that must be met before substantial compliance with FFMIA can be achieved. Increasing attention from the highest levels of the federal government is being targeted on improving federal financial management. The President’s Management Agenda Fiscal Year 2002 included improved financial performance as one of the five top governmentwide management goals. The administration is using what it refers to as the Executive Branch Management Scorecard to highlight agency progress in achieving the management and performance improvements embodied in the President’s Management Agenda. The JFMIP Principals have also actively developed short- and long-term strategies and plans necessary to address many of the financial management problems across government. For example, the Principals have agreed to criteria for measuring financial management success, accelerating financial statement reporting, and restructuring the Federal Accounting Standards Advisory Board (FASAB). The attention of these top leaders along with OMB’s continued aggressive pursuit of strategies to reform current federal business practices have underscored the need for financial management systems modernization and are essential to achieving federal financial management reform. We reaffirm several prior recommendations aimed at enhancing audit guidance and improving remediation plans. In commenting on a draft of this report, OMB generally agreed with our overall observations and conclusions that while many agencies are continuing to make progress, some agencies still have shortcomings in their financial management systems. Regarding our recommendation for OMB to change its audit guidance to require a statement of positive assurance on compliance with FFMIA, OMB stated that it is currently updating its financial management policy guidance and that once the update is completed, new performance and results-based criteria will be used in future FFMIA assessments. OMB also stated that once its overall financial management policy is finalized, it will reconsider revising its audit guidance to address our recommendation. With regard to the lack of resource information in agency remediation plans, OMB agreed that stand-alone remediation plans do not necessarily contain resource information. However, OMB officials pointed out that remediation plan information, such as estimates of resources, is included in agency financial management plans, which are part of agency budget submissions. We did not have the agency budget submissions and therefore we could not determine whether the required resource information, not included in the stand-alone plans, was included in the budget submission information. Our detailed evaluation of OMB’s comments can be found at the end of this letter. Background: FFMIA and other financial management reform legislation have emphasized the importance of improving financial management across the federal government. The primary purpose of FFMIA is to ensure that agency financial management systems routinely generate timely, accurate, and useful information. With such information, government leaders will be better positioned to invest resources, reduce costs, oversee programs, and hold agency managers accountable for the way they run government programs. Financial management systems’ compliance with federal financial management systems requirements, applicable accounting standards, and the SGL are building blocks to help achieve these goals. Management Reform Legislation: FFMIA is part of a series of management reform legislation passed by the Congress over the past 2 decades. This series of legislation started with 31 U.S.C. 3512 (c),(d), (the Federal Managers’ Financial Integrity Act of 1982 (FIA)), which the Congress passed to strengthen internal controls and accounting systems throughout the federal government, among other purposes. Issued pursuant to FIA, the Comptroller General’s Standards for Internal Control in the Federal Government[Footnote 8] provides the standards that are directed at helping agency managers implement effective internal control, an integral part of improving financial management systems. Internal control is a major part of managing an organization and comprises the plans, methods, and procedures used to meet missions, goals, and objectives. In summary, internal control, which under OMB’s guidance for FIA is synonymous with management control, helps government program managers achieve desired results through effective stewardship of public resources. Effective internal control also helps in managing change to cope with shifting environments and evolving demands and priorities. As programs change and agencies strive to improve operational processes and implement new technological developments, management must continually assess and evaluate its internal control to ensure that the control activities being used are effective and updated when necessary. While agencies had achieved some success in identifying and correcting material internal control and accounting system weaknesses, their efforts to implement the FIA had not produced the results intended by the Congress. Therefore, in the 1990s, the Congress passed additional management reform legislation to improve the general and financial management of the federal government. As shown in figure 2, the combinations of reforms ushered in by the (1) CFO Act, (2) Government Management Reform Act (GMRA) of 1994, (3) FFMIA, (4) Government Performance and Results Act of 1993 (GPRA), and (5) Clinger-Cohen Act of 1996, if successfully implemented, provides a basis for improving accountability of government programs and operations as well as routinely producing valuable cost and operating performance information, thereby making it possible to better assess and improve the government’s effectiveness, financial condition, and operating performance. Figure 2: Framework for Providing Accountability and Good Management Information: [See PDF for image] This figure is an illustration of the framework for providing accountability and good management information. The following data is depicted: Management Reform Legislation: FAI; CFO Act; GMRA; FFMIA; GPRA; Clinger-Gohen. Management Reform Legislation: Provides impetus for accountability and good management information. Fully integrated financial management systems; reliable, timely financial statements; effective internal controls; together yield: Strong financial management that provides reliable, timely, and useful information for decision makers. Source: GAO. Financial Management Systems Requirements: The policies and standards prescribed for executive agencies to follow in developing, operating, evaluating, and reporting on financial management systems are defined in OMB Circular A-127, Financial Management Systems. Circular A-127 references the series of publications entitled Federal Financial Management Systems Requirements (FFMSR), issued by JFMIP as the primary source of governmentwide requirements for financial management systems. JFMIP systems requirements, among other things, provide a framework for establishing integrated financial management systems to support program and financial managers. JFMIP’s Framework for Federal Financial Systems, issued in 1995, identified multiple components of a financial management system. The components of an integrated financial management system include the core financial system, managerial cost accounting system, and numerous programmatic and administrative systems. Figure 3 is the JFMIP model that illustrates how these systems interrelate in an agency’s overall systems architecture. Figure 3: Agency Systems Architecture: [See PDF for image] This figure is an illustration of agency systems architecture, using a series of concentric circles. The following data is depicted: Core Financial System: Financial Reporting System and Managerial Cost Accounting; Next concentric circle: Includes the following: * Budge formation system; * Revenue system; * Acquisition system; * Property management system; * Inventory system; * Grant system; * Insurance claim system; * Benefit payment system; * Guaranteed loan system; * Direct loan system; * Seized, forfeited asset system; * Travel system; * Human resources and payroll system; * Non-financial systems. Next concentric circle: Departmental Executive Information System; Final concentric circle: Workstation Support Tools. Source: JFMIP. [End of figure] When FFMIA was enacted in 1996, JFMIP had issued requirement documents for the core financial system and six subsidiary systems. However, several of these documents needed updating to recognize recently enacted laws and regulatory revisions. Since 1998, JFMIP has been engaged in an intensive effort to update its system requirements documents. In November 2001, JFMIP updated its Core Financial System Requirements, previously issued in 1999. These requirements were clarified in some areas; new requirements were added to capture full cost and revenue to unique cost objects along with enhancing daily internal reports requirements. The updated requirements document is the basis of the redevelopment of the JFMIP core software qualification test. JFMIP is currently partnering with the CFO and Chief Information Officer (CIO) Councils to update its Framework for Federal Financial Management Systems. JFMIP also has a project underway to update the Inventory System Requirements document. Appendix I lists the current publications in the FFMSR series and their issue dates. JFMIP helps ensure that financial management system requirements and the vendor software remain aligned by testing vendor COTS packages for core financial systems and certifying that these packages meet certain core financial management system requirements. OMB policy requires that agencies acquiring core financial management systems use software that has been certified by JFMIP. Under the JFMIP testing process, software products are certified for 3 years and must then be retested by JFMIP. Other factors that affect FFMIA compliance include how the software package works in the agency’s environment, whether any customization is made to the software, the success of converting data from legacy systems to new systems, and the quality of transaction data in the feeder systems. Federal Accounting Standards: FASAB[Footnote 9] promulgates federal accounting standards that agency CFOs use in developing financial management systems and preparing financial statements. FASAB develops the appropriate accounting standards after considering the financial and budgetary information needs of the Congress, executive agencies, and other users of federal financial information and comments from the public. FASAB forwards the standards to the three Principals—the Comptroller General, the Secretary of the Treasury, and the Director of OMB—for a 90-day review. If there are no objections during the review period, the standards are considered final and FASAB publishes them on its Web site and in print. The American Institute of Certified Public Accountants has recognized the federal accounting standards promulgated by FASAB as being generally accepted accounting principles for the federal government. This recognition enhances the acceptability of the standards, which form the foundation for preparing consistent and meaningful financial statements both for individual agencies and the government as a whole. Currently, there are 22 statements of federal financial accounting standards (SFFAS) and 3 statements of federal financial accounting concepts (SFFAC).[Footnote 10] The concepts and standards are the basis for OMB’s guidance to agencies on the form and content of their financial statements and for the government’s consolidated financial statements. Appendix II lists the concepts, standards, and interpretations[Footnote 11] along with their respective effective dates. FASAB’s Accounting and Auditing Policy Committee (AAPC)[Footnote 12] assists in resolving issues related to the implementation of accounting standards. AAPC’s efforts result in guidance for preparers and auditors of federal financial statements in connection with implementation of accounting standards and the reporting and auditing requirements contained in OMB’s Form and Content of Agency’s Financial Statements Bulletin and Audit Requirements for Federal Financial Statements Bulletin. To date, AAPC has released five technical releases, which are listed in appendix III along with their release dates. Standard General Ledger: The SGL was established by an interagency task force under the direction of OMB and mandated for use by agencies in OMB and Treasury regulations in 1986. The SGL promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions used to standardize federal agencies’ financial information accumulation and processing throughout the year, enhance financial control, and support budget and external reporting, including financial statement preparation. The SGL is intended to improve data stewardship throughout the government, enabling consistent reporting at all levels within the agencies and providing comparable data and financial analysis at the governmentwide level.[Footnote 13] Remediation Plans: FFMIA requires an agency head to determine, based on a review of the auditor’s report on the agency’s financial statements and any other relevant information, whether the agency’s financial management systems substantially comply with the act. The agency head is required to make this determination no later than 120 days after (1) the receipt of the auditor’s report or (2) the last day of the fiscal year following the year covered by the audit, whichever comes first. If the agency head disagrees with the auditor’s determination that the systems do not substantially comply, the Director of OMB is to review the agency head’s determination and report to the appropriate committees of the Congress. If the agency head agrees that the systems do not substantially comply, FFMIA requires that the agency head, in consultation with the Director of OMB, establish a remediation plan to bring the systems into substantial compliance with FFMIA’s requirements. According to FFMIA, the remediation plans should include the corrective actions, intermediate target dates, and resources necessary to bring financial systems into substantial compliance with FFMIA’s requirements within 3 years of the date the agency head’s noncompliance determination is made.[Footnote 14] If, with concurrence of the Director of OMB, the agency head determines that substantial compliance cannot be attained within 3 years, the remediation plan must specify the most feasible date by which the agency’s systems will achieve compliance and designate an official responsible for effecting the necessary corrective actions. In accordance with the revisions to OMB guidance contained in Circular A-11, Preparation, Submission, and Execution of the Budget, issued June 27, 2002, agencies are required to include their remediation plans in their annual budget submissions due to OMB by September 9, 2002. The guidance requires that the plans include corrective actions, resources needed, and interim target dates to bring the financial management systems into substantial compliance within 3 years of the date of the agencies’ determination that their systems are not in substantial compliance. The plan must also list the officials responsible for bringing the systems into substantial compliance with FFMIA. Agency remediation plans are included in agency budget submissions and subject to change. OMB considers these budget submissions predecisional and therefore not public documents. OMB Guidance Related to FFMIA: OMB sets governmentwide financial management policies and requirements and currently has two sources of guidance related to FFMIA. First, OMB Bulletin No. 01-02, Audit Requirements for Federal Financial Statements, dated October 16, 2000, prescribes specific language auditors should use when reporting on an agency system’s substantial compliance with FFMIA. Specifically, this guidance calls for auditors to provide negative assurance when reporting on an agency system’s FFMIA compliance. Second, in a January 4, 2001, Memorandum, Revised Implementation Guidance for the Federal Financial Management Improvement Act, OMB provided guidance for agencies and auditors to use in assessing substantial compliance. The guidance describes the factors that should be considered in determining whether an agency’s systems are in compliance with FFMIA and provides guidance to agency heads to assist in developing corrective action plans for bringing their systems into compliance with FFMIA. There are examples included in the guidance on the types of indicators that should be used as a basis in assessing whether an agency’s systems are in substantial compliance with FFMIA. Scope and Methodology: We reviewed fiscal year 2001 financial statement audit reports for the 24 CFO Act agencies to determine (1) which agencies had systems that their auditors found to be noncompliant with FFMIA requirements, (2) the reasons why the systems were found to be noncompliant, and (3) the type of assurance the auditors provided. We did not independently verify or test the data in the agency audit reports. Using structured interviews, we interviewed auditors and agency management for 7 CFO Act agencies [Footnote 15] to obtain their perspectives on FFMIA implementation. These 7 agencies included 4 in which the auditors provided negative assurance in reporting on FFMIA compliance for fiscal year 2001. We also interviewed officials at 3 other agencies in which the auditors provided negative assurance for fiscal year 2000 but reported the agencies’ systems to be in noncompliance for fiscal year 2001. For these 7 agencies, we also reviewed the auditors’ FFMIA workpapers to assess the nature and extent of FFMIA testing. We also reviewed the auditors’ reports and contacted respective agencies, as needed, to identify agency management FFMIA determinations for the 24 CFO Act agencies. We reviewed the guidance for preparing remediation plans for fiscal year 2000 contained in the revisions to OMB Circular A-11, Preparation, Submission, and Execution of the Budget. We reviewed agencies’ fiscal year 2000 remediation plans[Footnote 16] to determine if they contained the required elements and if the proposed corrective actions addressed were adequately detailed if implemented satisfactorily, to resolve the reported instances of noncompliance with FFMIA. We compared the fiscal year 2000 plans to the remediation plans submitted for fiscal year 1999 to determine if any of the plans had improved. Because agency remediation plans are included in agency budget submissions, OMB considers the plans predecisional and therefore not public documents. We did not have the agencies’ complete budget submissions to determine whether they provided more details than were available in the stand- alone agency remediation plans. We conducted our work from January through August 2002 at the CFO Act agencies, OMB, and JFMIP in the Washington, D.C., area in accordance with generally accepted government auditing standards. We requested comments on a draft of this report from the Director of OMB or his designee. These comments are discussed in the “Agency Comments and Our Evaluation” section and reprinted in appendix V. We also requested oral comments from selected agency and IG officials whose financial management systems or audit procedures are specifically discussed in the report. We received oral comments from 4 agency and 3 IG officials of an editorial and technical nature. Specifically, we received oral comments from the Departments of Agriculture (Agriculture) and Commerce, Office of Personnel Management, and SSA agency officials, and from Agriculture, Department of the Interior (Interior), and Nuclear Regulatory Commission NRC) IG officials. These comments have been incorporated as appropriate. Continued System Weaknesses Impair Financial Management Accountability: Many agencies still do not have reliable, useful, and timely financial information, including cost data, with which to make informed decisions and help ensure accountability on an ongoing basis. While agencies are undeniably making progress in addressing their financial management systems weaknesses, most agency systems are still not substantially in compliance with FFMIA’s requirements. IGs and their contract auditors reported for fiscal year 2001 that the systems of 20 of the 24 CFO Act agencies did not substantially comply with at least one of FFMIA’s three requirements—federal financial management systems requirements, applicable federal accounting standards, or the SGL. For fiscal year 2001, 7 agencies were reported not to be in substantial compliance with all three FFMIA requirements. Figure 4 summarizes the auditors’ determinations regarding how many of the 24 CFO Act agencies were reported as not in substantial compliance with each of the three FFMIA requirements. Figure 4: Auditors’ FFMIA Determinations for Fiscal Year 2001: [See PDF for image] This figure is a bar graph that depicts the following data: System requirements: Agencies not in compliance: 19. Accounting standards: Agencies not in compliance: 14. SGL: Agencies not in compliance: 8. Note: Management for 22 of the 24 agencies agreed with their auditors' FFMIA determinations. Management for 2 agencies--the Environmental Protection Agency (EPA) and the National Science Foundation (NSF)--did not agree with their auditors' determinations. EPA management disagreed with the IG's determination that EPA was noncompliant with SFFAS No. 4 because EPA did not comply with the requirements to provide cost per output to management in a timely fashion. NSF management disagreed with its auditors that several weaknesses in its agency security over information systems rendered NSF noncompliant with OMB Circular A-130, and therefore FFMIA. Source: GAO analysis of agency audit reports. We did not independently verify or test the data in the agency audit reports. [End of figure] While more CFO Act agencies have obtained clean or unqualified audit opinions on their financial statements, there is little evidence of marked improvements in agencies’ capacities to create the full range of information needed to manage day-to-day operations. The number of unqualified opinions has been increasing over the past 5 years, from 11 in fiscal year 1997 to 18 for fiscal years 2000 and 2001. This increase in unqualified audit opinions generally results from monumental efforts in which agencies expend significant resources simply to prepare auditable financial statements. While the increase in unqualified opinions is noteworthy, the number of agencies for which auditors provided negative assurance of FFMIA compliance has remained relatively constant throughout this same period. When more agencies receive clean opinions, expectations are raised that the government has sound financial management and can produce reliable, useful, and timely information on demand throughout the year, whereas FFMIA assessments offer a different perspective. Crosscutting Reasons for Noncompliance Indicate Serious Problems Remain: Based on our review of the fiscal year 2001 audit reports for the 20 agencies reported to have systems not in substantial compliance with one or more of FFMIA’s three requirements, we identified six primary reasons related to FFMIA noncompliance. The weaknesses reported by the auditors, which are grouped into the following categories, ranged from serious, pervasive systems problems to less serious problems that may affect one aspect of an agency’s accounting operation: * nonintegrated financial management systems; * inadequate reconciliation procedures; * lack of accurate and timely recording of financial information; * noncompliance with the SGL; * lack of adherence to federal accounting standards, and; * weak security controls over information systems. Figure 5 shows the relative frequency of these problems at the 20 agencies reported to have noncompliant systems and the problems relevant to FFMIA that were reported by their auditors. The same six types of problems were cited by auditors in their fiscal year 2000 audit reports, as highlighted in figure 5. However, the auditors may not have reported these problems as specific reasons for lack of substantial compliance with FFMIA. We caution that the degree of noncompliance in a particular category may be even greater because auditors reporting FFMIA noncompliance may not have included all problems in their reports. As we discuss later, the FFMIA testing may not be comprehensive and other problems may exist that were not identified and reported. For some agencies, the problems are so serious and well known that the auditor can readily determine that the systems lack substantial compliance without examining every facet of FFMIA compliance. Figure 5: Problems Reported by Auditors for Fiscal Years 2000 and 2001: [See PDF for image] This figure is a vertical bar graph, depicting the problems reported by auditors for fiscal years 2000 and 2001 as follows: Nonintegrated financial management systems: Fiscal year 2000: 13 agencies; Fiscal year 2001: 14 agencies. Inadequate reconciliation procedures: Fiscal year 2000: 16 agencies; Fiscal year 2001: 13 agencies; Lack of accurate and timely reporting: Fiscal year 2000: 14 agencies; Fiscal year 2001: 12 agencies; Noncompliance with the SGL: Fiscal year 2000: 8 agencies; Fiscal year 2001: 8 agencies; Lack of adherence to federal accounting standards: Fiscal year 2000: 12 agencies; Fiscal year 2001: 14 agencies; Weak security over information systems: Fiscal year 2000: 19 agencies; Fiscal year 2001: 20 agencies; Source: GAO analysis of agency audit reports for fiscal year 2001. We did not independently verify or test the data in the agency audit reports. [End of figure] Nonintegrated financial management systems: The CFO Act calls for agencies to develop and maintain an integrated accounting and financial management system[Footnote 17] that complies with federal systems requirements and provides for (1) complete, reliable, consistent, and timely information that is responsive to the financial information needs of the agency and facilitates the systematic measurement of performance, (2) the development and reporting of cost information, and (3) the integration of accounting, budgeting, and program information. In this regard, OMB Circular A-127, Financial Management Systems, requires agencies to establish and maintain a single integrated financial management system that conforms with functional requirements published by JFMIP. An integrated financial system coordinates a number of functions to improve overall efficiency and control. For example, integrated financial management systems are designed to avoid unnecessary duplication of transaction entry and greatly lessen reconciliation issues. With integrated systems, transactions are entered only once and are available for multiple purposes or functions. Moreover, with an integrated financial management system, an agency is more likely to have reliable, useful, and timely financial information for day-to-day decision making as well as external reporting. Agencies that do not have integrated financial management systems typically must expend major effort and resources, including in some cases hiring external consultants, to develop information that their systems should be able to provide on a daily or recurring basis. In addition, opportunities for errors are increased when agencies’ systems are not integrated. Agencies with nonintegrated financial systems are more likely to be required to devote more resources to collecting information than those with integrated systems. OMB’s accelerated reporting dates for agency performance and accountability reports [Footnote 18] may make such efforts and devotion of resources unsustainable in the long term. As a result, many agencies must accelerate their efforts to improve underlying financial management systems and controls, which is consistent with reaching the financial management success measures envisioned by the President’s Management Agenda and the JFMIP Principals. Auditors frequently mentioned the lack of modern, integrated financial management systems in their fiscal year 2001 audit reports. As shown in figure 5, auditors for 14 of the 20 agencies with noncompliant systems reported this as a problem. For example, the Department of Education’s (Education) lack of a fully integrated financial management system seriously affected its ability to accumulate, analyze, and present reliable financial information. According to its auditors, Education compiled its fiscal year 2001 financial statements through a multistep process that includes both manual and automated procedures, which increases the risk of errors in the departmentwide financial statements. These manual processes can lead to errors that may affect current and prior fiscal years. For example, Education recorded numerous restatements and reclassifications of prior fiscal year financial statement balances based on its extensive analysis of certain general ledger balances in an effort to resolve errors that existed in past years. While the auditors noted that some of the entries to correct or reclassify amounts resulted from Education’s extensive analysis, the identification of these errors reinforces concerns about Education’s lack of an integrated financial management system. According to the auditors, Education processed and approved adjustments to correct or reclassify amounts that were later discovered to be erroneous. As a result, additional manual adjustments were needed to correct these new errors, which cast doubt on the sufficiency of the process for reviewing and approving adjustments. To focus attention on long-standing financial management issues, the Secretary of Education created a Management Improvement Team (MIT). The MIT’s goals include addressing outstanding recommendations related to the financial statement audits and ensuring an environment with effective internal controls. The Education IG noted that the MIT has identified corrective actions for improving the department’s programs and operations. Inadequate reconciliation procedures: A reconciliation process, even if performed manually, is a valuable part of a sound financial management system. In fact, the less integrated the financial management system, the greater the need for adequate reconciliations because data for the same transaction may be separately entered in multiple systems, causing the risk of errors to be greater. For example, according to its auditors, the Agency for International Development (AID) must place a greater reliance on processes like reconcilations because it lacks an integrated system. Reconciliation procedures are a control necessary to maintain and substantiate the accuracy of the data reported in an agency’s financial statements and reports. The Comptroller General’s Standards for Internal Control in the Federal Government highlights reconciliation as a key control activity. As shown in figure 5, auditors for 13 of the 20 agencies with noncompliant systems reported that the agencies had reconciliation problems, including difficulty reconciling their fund balance with Treasury accounts [Footnote 19] with Treasury’s records. Treasury policy requires agencies to reconcile their accounting records with Treasury records monthly, which is comparable to individuals reconciling their checkbooks to their monthly bank statements. However, such reconciliations were not being routinely performed. For example, during fiscal year 2001 some of the fund balances with Treasury for the Department of State (State) did not reconcile with Treasury’s fund balance amounts. State’s auditors reported that the absolute difference [Footnote 20] between State’s and Treasury’s balances as of September 30, 2001, was about $131 million. State’s auditors noted that while progress had been made in reducing the net difference between State’s and Treasury’s records, weaknesses in the reconciliation process still remained, particularly affecting older fund balances. The auditors recommended that State reexamine its reconciliation processes and also assess whether adjustments should be made to its records. Inadequate reconciliation procedures also complicate the identification and elimination of intragovernmental transactions, which is one of the principal reasons we continue to disclaim on the government’s consolidated financial statements. As we testified in April 2002, [Footnote 21] agencies have not reconciled intragovernmental balances with their trading partners [Footnote 22] and, as a result, information reported to Treasury is not reliable. For several years, OMB and Treasury have required the CFO Act agencies to reconcile selected intragovernmental activity and balances with their trading partners. However, numerous agencies did not fully perform these reconciliations for fiscal year 2000. Beginning with fiscal year 2001, OMB and Treasury required agency CFOs to report on the extent and results of intragovernmental activity reconciliation efforts. The IGs reviewed these reports and communicated the results to OMB, Treasury, and GAO. IGs reported that the required reconciliations for fiscal year 2001 were not fully performed, citing reasons such as (1) trading partners not providing needed data, (2) limitations and incompatibility of agency and trading partner systems, and (3) human resource issues. For fiscal years 2001 and 2000, amounts reported for certain intragovernmental accounts were significantly out of balance. OMB has proposed “business rules” for certain types of intragovernmental transactions. The continued involvement of OMB and the CFO Act agencies will be critical to resolving this issue. Lack of accurate and timely recording of financial information: Accurate and timely recording of financial information is key to successful financial management. Timely recording of transactions can facilitate accurate reporting in agencies’ financial reports and other management reports that are used to guide managerial decision making. The Comptroller General’s Standards for Internal Control in the Federal Government states that transactions should be promptly recorded to maintain their relevance and value to management in controlling operations and making decisions. As shown in figure 5, auditors for 12 of the 20 agencies with noncompliant systems found that agencies did not record transactions in the general ledger in an accurate and timely manner. The lack of timely transaction recording can also result in the use of inaccurate information for decision making. For example, auditors for six agencies reported that unliquidated obligations [Footnote 23] were not deobligated in a timely manner due to the lack of procedures for reviewing unliquidated obligations or the failure to follow prescribed procedures. Agency failure to deobligate funds in a timely manner may result in the loss of the use of those funds. For example, auditors for the Department of Transportation (DOT) identified about $293 million of obligations that were no longer needed and could be used for other valid purposes or returned to the U.S. Treasury. Untimely transaction recording during the fiscal year can also result in substantial efforts at fiscal year-end to perform extensive manual financial statement preparation efforts that are susceptible to error and increase the risk of misstatements. For example, auditors reported that Department of Justice (Justice) components did not perform their accrual-based financial transaction processing on an ongoing basis. Auditors for two components, the Drug Enforcement Administration and the Offices, Boards, and Divisions, stated that the financial statement preparation effort must be a componentwide effort, involving all program budget and administrative offices. Gathering financial data only at year-end does not provide adequate time to analyze transactions or account balances. Without time to perform these analyses, misstated or unsupported financial statement account balances can occur. Further, it impedes management’s ability throughout the year to have timely and useful information for decision making. Noncompliance with the SGL: Implementing the SGL at the transaction level is one of the specific requirements of FFMIA. However, as shown in figure 5, auditors for 8 of the 20 noncompliant agencies reported that the agencies’ systems did not comply with SGL requirements. The SGL promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions. It also provides a basis for comparison at the agency and governmentwide levels. These defined accounts and pro forma transactions are used to standardize the accumulation of agency financial information, as well as enhance financial control and support financial statement preparation and other external reporting. By not implementing the SGL, agencies are challenged to provide consistent financial information across their component agencies and functions. For example, auditors for AID reported that AID does not report on its mission activities [Footnote 24] using the SGL at the transaction level. These mission activities account for approximately 52 percent of AID’s total net cost of operations. AID recorded its mission activities in its Mission Accounting and Control System—an automated system that uses transaction codes that do not match to the SGL chart of accounts. AID used a monthly process to crosswalk these mission transactions to the SGL, but could not ensure that transactions were posted properly and consistently from mission to mission. OMB officials have stated that while this monthly process may be a good interim solution until AID has fully implemented its new core financial system, this process does not allow AID’s systems to be substantially compliant with the SGL at the transaction level. Until AID deploys its newly implemented core financial system worldwide, [Footnote 25] it will continue to use the Mission Accounting and Control System for its overseas missions. The Department of Housing and Urban Development’s (HUD) Federal Housing Administration (FHA) must use several manual processing steps to convert its commercial accounts to SGL accounts. FHA’s legacy core financial system, which includes its general ledger, is based on commercial rather than governmental accounting. FHA has 22 systems that feed transactions to its core financial system, 15 of which cannot process transactions in the SGL format. FHA’s manual processes include the use of personal computer-based software to convert its commercial accounts to the SGL. FHA then transfers the balances to HUD’s Central Accounting and Program System (HUDCAPS). HUD’s auditors noted that FHA’s current process does not meet federal financial management systems requirements that a core financial system “provide for the automated and year-end closing of SGL accounts and rollover of the SGL account balances.” FHA has completed the initial phases of its project to implement a COTS financial software system. FHA intends to complete implementation of the general ledger module of this COTS system by the beginning of fiscal year 2003, including the implementation of the SGL at the transaction level. Lack of adherence to federal accounting standards: One of FFMIA’s requirements is that agencies’ financial management systems account for transactions in accordance with federal accounting standards. Agencies face significant challenges implementing these standards. As shown in figure 5, auditors for 14 of the 20 agencies with noncompliant systems reported that these agencies had problems complying with one or more federal accounting standards. Auditors reported that agencies are having problems implementing standards that have been in effect for some time, as well as standards that have been promulgated in the last few years. Auditors for 3 agencies—HUD, Interior, and Justice—reported weaknesses affecting compliance with SFFAS No. 7, Revenue and Other Financing Sources, which became effective in fiscal year 1998. Auditors for several Justice components reported that improvements are needed in their accounting processes for earned and deferred revenue. For example, auditors for Justice’s Immigration and Naturalization Service (INS) reported that INS does not have a reliable system that can provide regular and timely data on the number and value of immigration applications and petitions received, completed, and pending. INS needs this data to support general ledger entries for recording the earned revenues when the applications are completed. Auditors for 5 agencies—the Department of Defense (DOD), AID, EPA, the Federal Emergency Management Agency (FEMA), and the NRC—reported trouble implementing SFFAS No. 10, Accounting for Internal Use Software, which became effective at the beginning of fiscal year 2001. For example, auditors reported that while NRC had developed policies to implement SFFAS No. 10, NRC had not satisfactorily implemented the management controls needed to ensure compliance with SFFAS No. 10 and did not have an adequate system to track the labor time spent on information technology projects. The requirement for managerial cost information has been in place since 1990 under the CFO Act and since 1998 as a federal accounting standard. Auditors for eight agencies [Footnote 26] reported problems implementing SFFAS No. 4, Managerial Cost Accounting Concepts and Standards. For example, auditors reported that FEMA does not have a managerial cost accounting system and its financial management system did not capture data at a detailed enough level. Having such a managerial cost capability would allow FEMA to give managers timely access to program costing reports and more effectively present performance measures. FEMA has developed a three-phase remediation plan to address issues related to compliance with FFMIA. In the third phase, FEMA plans to address the issues related to the need for cost management information to give managers timely access to program costing reports. Managerial cost information is critical for implementation of the President’s Management Agenda. SFFAS No. 4 uses the term “managerial cost accounting.” Some agencies have adopted the term “cost management” to emphasize that cost, budget, and performance data are needed to improve management decision making throughout the year, and are more comprehensive than the cost data required for external reporting. We later discuss further implications related to cost management and agencies that have made promising strides toward implementing this critical tool. Weak security controls over information systems: Information security weaknesses are one of the frequently cited reasons for noncompliance with FFMIA and are a major concern for federal agencies and the general public. These weaknesses are placing enormous amounts of government assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure, and critical operations at risk of disruption. Auditors for all 20 of the agencies reported as noncompliant with FFMIA identified weaknesses in security controls over information systems. In addition, auditors for the 4 agencies that provided negative assurance in reporting on compliance with FFMIA in their fiscal year 2001 audit reports identified computer security problems at those agencies, but did not consider those problems significant enough to be instances of a lack of substantial compliance with FFMIA. Unresolved information security weaknesses could adversely affect the ability of agencies to produce accurate data for decision making and financial reporting because such weaknesses could compromise the reliability and availability of data that are recorded in or transmitted by an agency’s financial management system. Since 1997, GAO has considered information security a governmentwide high-risk area. [Footnote 27] As shown by our work and work performed by the IGs, security program management continues to be a widespread problem. Concerned with reports of significant weaknesses in federal computer systems that make them vulnerable to attack, the Congress enacted Government Information Security Reform (GISRA) provisions [Footnote 28] to reduce these risks and provide more effective oversight of federal information security. GISRA requires agencies to implement an information security program that is founded on a continuing risk management cycle and largely incorporates existing security policies found in OMB Circular A-130, Management of Federal Information Resources, Appendix III. GISRA also added an important new requirement by calling for both annual management and independent evaluations of the information security program and practices of an agency. We testified in March 2002 [Footnote 29] that information security weaknesses were most often identified [Footnote 30] for (1) security program management, (2) access controls, and (3) service continuity controls. Security program management provides the framework for ensuring that risks are understood and that effective controls are selected and properly implemented. Access controls ensure that only authorized individuals can read, alter, or delete data. Service continuity controls ensure that when unexpected events occur, such as a natural disaster, critical operations will continue without undue interruption and that crucial, sensitive data are protected. As we testified in March 2002, [Footnote 31] OMB is using a combination of formal guidance, review and analysis of agency-reported material, agency discussion and feedback, and monitoring of corrective actions to oversee and coordinate agency compliance with the GISRA provisions. On January 16, 2001, OMB issued Guidance on Implementing the Government Information Security Reform Act that summarized OMB, agency, and IG responsibilities as well as provided answers to other specific implementation questions. On June 22, 2001, OMB followed up its implementation guidance with Reporting Instructions for the Government Information Security Reform Act that contained final reporting instructions that directed agencies to transmit copies of their annual agency program reviews and IG independent evaluations to OMB. Furthermore, on October 17, 2001, OMB also issued Guidance for Preparing and Submitting Security Plans of Action and Milestones, which included detailed guidance for preparing and submitting security plans of action and milestones (corrective action plans), which list information security weaknesses identified in agencies’ annual reviews and evaluations and describe how and when these weaknesses would be addressed. OMB is continuing to address information security and for fiscal year 2002 issued Reporting Instructions for the Government Information Security Reform Act and Updated Guidance on Security Plans of Action and Milestones, on July 2, 2002, which updated guidance for fiscal year 2002 GISRA reporting and preparation of corrective action plans. In addition to providing guidance, OMB also reviewed the results of the agencies’ program reviews and independent evaluations and consulted with officials in the agencies to clarify information and provide feedback. OMB sent letters to the agency heads that provided the results of its assessment of the agencies’ submissions for the reform provisions and either conditionally approved or disapproved their information security programs. Finally, OMB stated in its first annual GISRA report to the Congress dated February 2002 that to intensify oversight, it will, among other activities, discuss progress on information technology (IT) security corrective action plans with each agency and integrate IT security as an element contributing to the Executive Branch Management Scorecard. Auditors Provided Negative Assurance as to Substantial Compliance: Auditors for four agencies—the Departments of Energy and Labor, the GSA, and SSA—provided negative assurance in reporting on FFMIA compliance for fiscal year 2001. In their respective reports, they included language stating that while they did not opine as to compliance with FFMIA, nothing had come to their attention indicating that these agencies’ financial management systems did not meet FFMIA requirements. While this form of reporting has useful applications, it is not relevant or appropriate for this particular type of engagement given the requirements of FFMIA. Our fundamental concern is that this type of reporting may provide a false impression that the systems have been found to be substantially compliant by the auditors, which is not what the auditors are saying. In fact, the provisions of FFMIA require auditors to “...report whether the agency financial management systems comply with the requirements of [the act].” In providing guidance on reporting on substantial compliance with FFMIA, OMB Bulletin No. 01-02, Audit Requirements for Federal Financial Statements, states that auditors should report that “the results of our tests disclosed no instances in which the agency’s financial management systems did not substantially comply” [with FFMIA]. If testing disclosed that the agencies’ systems are not substantially compliant, auditors are required to report the instances of noncompliance identified. This is an important distinction because the term “disclosed no instances” carries a commonly accepted and well known interpretation across the audit community that providing negative assurance requires only limited testing because the auditor is not giving an opinion on whether the systems are substantially compliant. One important consideration is that the law does not specify when the FFMIA compliance testing must be done. Thus, auditors can perform FFMIA assessments at any time throughout the fiscal year, as long as the assessment is updated to the end of the reporting period. FFMIA assessments can be a separate review that could be staggered throughout the year when the auditors’ workloads are not as burdensome or to spread out the work. While work performed in auditing financial statements would naturally offer some perspective regarding FFMIA compliance, the work needed to assess substantial compliance of systems with FFMIA should be more comprehensive than that performed for purposes of rendering an opinion on the financial statements. In performing financial statement audits, auditors generally focus on the capability of the financial management systems to process and summarize financial information that flows into the financial statements. In contrast, FFMIA is much broader, and auditors need to consider many other aspects of the financial management system including whether an agency’s systems comply with systems requirements and provide reliable, useful, and timely financial-related information for managing day-to-day operations. FFMIA was designed to lead to system improvements that would result in agency managers being routinely provided with reliable, useful, and timely financial-related information to measure performance and increase accountability throughout the year, rather than just at year-end. Some of the auditors we interviewed told us that providing positive assurance would require more audit work and therefore would result in much higher audit fees. For example, auditors for the Department of Energy estimated that an additional 400 staff hours would be needed to provide positive assurance. Auditors for GSA estimated that it would cost an additional $110,000 to $120,000 to provide positive assurance. The auditors we interviewed also had concerns about providing positive assurance in reporting on agency systems’ FFMIA compliance because of a need for clarification regarding the meaning of substantial compliance and guidance regarding reporting. Today, for some agencies, the auditor may have sufficient knowledge to conclude that an agency is not in substantial compliance with FFMIA without performing additional testing beyond that needed for the financial statement audit opinion, because systems deficiencies are well known and well documented. Because not all areas were tested, additional weaknesses might exist that were not identified and reported. However, as agencies’ systems move toward substantial compliance with FFMIA, auditors will need to perform more comprehensive testing to assess agencies’ systems compliance with FFMIA. Some of the promising audit procedures noted during our review included detailed audit programs and an assessment of financial systems’ functionality. Moreover, although the compliance indicators in OMB’s January 4, 2001, FFMIA guidance were meant only as examples of compliance, auditors for several of the agencies we interviewed used the indicators as a checklist for determining an agency’s systems compliance. If a deficiency in a specific indicator was noted, noncompliance was reported. This was not the way the OMB indicators should have been used because just merely applying those indicators is too limiting and was not OMB’s intention. Auditors cannot follow a checklist approach when assessing the substantial compliance of agency systems with FFMIA. Instead, auditors need to consider the substance of these systems, particularly how they function. Without a comprehensive approach, key systems’ functionalities may not be assessed, and the extent of noncompliance will remain uncertain. Without testing the functionality of a financial management system, auditors cannot be assured that the agencies’ systems are operating as designed and that the systems substantially comply with FFMIA and provide reliable, useful, and timely information to managers and other decision makers. In short, the auditor’s work needs to be analytical and not viewed as a checklist procedure. If auditors are merely checking boxes, we question the value of their work and do not believe it meets the expectations of the Congress in requiring auditor reporting under FFMIA. Last year in reporting on FFMIA, [Footnote 32] we recommended that OMB revise its current FFMIA guidance to address a number of issues related to FFMIA assessments. We recommended that OMB: * require agency auditors to provide positive assurance when reporting an agency’s systems to be in substantial compliance; * clarify the definition of substantial compliance; * specify the type of procedures auditors should perform; * request auditors to pay special attention to the requirements of Managerial Cost Accounting Concepts and Standards; and; * reiterate that the indicators of compliance in the January 4, 2001, FFMIA implementation guidance are not meant to be all-inclusive. OMB officials told us that they had not taken any action to modify their FFMIA guidance to address our recommendations related to improving auditors’ FFMIA assessments. Instead, they were focusing on new initiatives such as the Executive Branch Management Scorecard to help stimulate improvements to agency financial management systems. Further, OMB said that they plan to combine a number of financial management bulletins and circulars, such as OMB Circular A-127 and OMB Bulletin 01- 02, into a comprehensive document that would provide agencies and auditors with more flexibility. We look forward to seeing this new OMB document which is now under development. To help close the gap in the current OMB guidance, we have worked with representatives from the President’s Council on Integrity and Efficiency (PCIE) to draft a section for the GAO/PCIE Financial Audit Manual (FAM) [Footnote 33] with detailed audit steps for testing agency systems’ substantial compliance with FFMIA. Appropriately implemented, these audit steps would provide a sufficient basis to conclude whether agencies’ systems substantially comply with FFMIA. We will continue to work with PCIE to finalize this new section of the GAO/PCIE FAM. Certain members of the PCIE indicated that auditors would be reluctant to perform these additional procedures and provide positive assurance unless OMB revises its guidance to require them to do so. Remediation Plans Have Improved: FFMIA requires agency management to prepare remediation plans, in consultation with OMB, that describe the corrective actions they plan to take to resolve their instances of noncompliance, target dates, and resources necessary to bring financial systems into substantial compliance with FFMIA requirements. Further, the President’s Management Agenda states that OMB will work with agencies to ensure that federal financial systems produce accurate and timely information to support operating, budget, and policy decisions. In the past, we have noted significant deficiencies in these remediation plans, which limit their usefulness as a tool for agency management and staff to use for resolving financial management problems. [Footnote 34] In reviewing these plans, we measured the completeness of agency remediation plans against the law’s criteria that these plans include the corrective actions, target dates, and resources necessary to bring their systems into substantial compliance. We noted improvement in the presentation and amount of detail in the fiscal year 2000 remediation plans for the Departments of Agriculture, Health and Human Services, and DOT. However, we noted that a number of plans submitted for fiscal year 2000 still did not have adequate descriptions of the resources needed for executing the corrective actions. Correcting systems problems is a difficult challenge for agencies primarily because of the age and deficiencies of their critical financial management systems and the need to be able to integrate a range of systems with the accounting systems that provide financial information such as personnel and acquisition systems. Some of the federal government’s automated systems were originally designed and developed years ago (in some cases, over 2 decades ago) and cannot provide reliable financial information for key governmentwide initiatives, such as integrating budget and performance information. It is important that agencies focus on the substance of the information in these FFMIA remediation plans, rather than on the format of the plans. A lack of substance in the plans, including associating resources to detailed corrective actions, can limit the likelihood of success in adequately implementing the corrective actions. Fifteen of the 19 agencies, whose systems were determined by their IGs or contract auditors not to be in substantial compliance for fiscal year 2000, prepared remediation plans. Two agencies—EPA and the SSA—did not prepare plans because management determined that the agencies’ systems substantially complied with FFMIA. According to NRC officials, NRC has not updated its remediation plan since the version dated May 31, 2001; however, NRC did send a condensed version of this plan to OMB last fall with its budget submission for fiscal year 2003. According to DOD officials, DOD is not going to issue an updated financial management improvement plan in light of its ongoing Financial Management Modernization Program. This program is expected to address the underlying problems of DOD’s financial management systems as well as to transform its overall business processes. As we discuss later, the development of a departmentwide financial management system enterprise architecture at DOD will be an important step in this transformation process. We reviewed the 15 available remediation plans to determine whether (1) they included all the instances of noncompliance identified in the fiscal year 1999 financial statement audits, (2) the planned corrective actions were accompanied by detailed steps, (3) the corrective actions, if successfully implemented, could potentially resolve the problems, (4) they included information about resources needed, and (5) they provided target dates for completing the corrective actions. We have not verified the agency actions taken to date. For our report on FFMIA compliance last year, [Footnote 35] we reviewed the remediation plans prepared by agencies to address problems identified in the fiscal year 1999 financial statement audits. For this year’s report, we reviewed the agencies’ fiscal year 2000 remediation plans. [Footnote 36] Remediation plans need to be sufficiently detailed to provide a “road map” for agency management and staff to resolve financial management problems identified as part of the FFMIA process. OMB requires agencies to include the remediation plan as part of a financial management plan that is provided with annual budget submissions. The financial management plan should address all aspects of financial management improvements. Figure 6 presents the results of our analysis. Figure 6: Results of Review of Fiscal Year 2000 Remediation Plans: [See PDF for image] This figure is a bar graph depicting the results of review of fiscal year 2000 remediation plans, as follows: Are corrective actions for all instances of noncompliance included? Yes: 14 plans; No: 1 plan. Are corrective actions detailed? Yes: 15 plans; No: 0 plans. Will corrective actions likely resolve the problems, if successfully implemented? Yes: 15 plans; No: 0 plans. Are resources included? Yes: 5 plans; No: 10 plans. Are time frames included? Yes: 14 plans; No: 1 plan. Source: GAO analysis of fiscal year 2000 remediation plans. [End of figure] As shown in figure 6, 14 of the agencies’ remediation plans included corrective actions that covered all of the reported instances of noncompliance identified in the fiscal year 2000 financial statement audits. The remediation plans for Treasury did not include corrective actions to cover all of the instances of FFMIA noncompliance reported by the auditors. For example, Treasury’s Financial Management Service’s (FMS) remediation plan for fiscal year 2000 did not address all of its information systems security weaknesses. However, FMS officials issued a revised remediation plan in June 2002 that they believe addresses its fiscal year 2001 instance of noncompliance related to all of the information systems security weaknesses. We will include this plan in our evaluation next year of the remediation plans submitted to address instances of noncompliance reported in the fiscal year 2001 financial statement audits. One of the areas of improvement in the remediation plans submitted by the 15 agencies is in the level of detail provided for the planned corrective actions as compared with previous plans. As shown in figure 6, all agencies were determined to have sufficient details describing how the various actions are to be accomplished. DOT showed significant improvement in the level of detail in its remediation plan. DOT is currently implementing a fully integrated COTS financial management system throughout the department. The fiscal year 2000 plan provides additional detail on the implementation process, a more detailed listing of intermediate tasks and target dates, the status of the various steps, and the responsible agency officials. In particular, the fiscal year 2000 plan has greatly expanded the information on actions to be taken at the Federal Aviation Administration (FAA) compared to the fiscal year 1999 plan. This is especially important since FAA financial management has been designated as a high-risk area since January 1999, because of serious and long-standing accounting and financial management weaknesses. [Footnote 37] OMB’s guidance and FFMIA state that remediation plans are to include resources and target dates necessary to achieve substantial compliance. As shown in figure 6, 10 of the 15 remediation plans we reviewed did not include a discussion of the staffing and funding resources required to complete the planned corrective actions. Such information is important for agency management and OMB to determine whether corrective actions can realistically be accomplished within the specified timeframes. Finally, as shown in figure 6, 14 of the 15 agencies included time frames for the corrective actions in their remediation plans. Setting specific target dates, including intermediate target dates, facilitates tracking the progress agencies are making in reaching their specified goals. The one exception was FEMA’s remediation plan, which stated that the planned corrective actions required a multiphased, multiyear approach due to budgetary constraints; therefore, no specific target dates were provided. FFMIA specifies that agencies have 3 years to bring their systems into compliance after a determination of noncompliance is made; however, some agencies have found that the 3- year time period is not sufficient to address the reported problems. FFMIA also provides for an extension of the time needed to complete the planned corrective actions with the concurrence of OMB. For example, in September 2001 HUD requested and received the concurrence of the Director of OMB in extending the statutory 3-year remediation time frame for the implementation of a new core financial system at FHA. HUD projected that full implementation of the system would be completed by December 2006. OMB’s leadership and close oversight of agencies’ remediation efforts will continue to be important to help ensure that these plans substantively address the problems. The advisory role FFMIA established for OMB with respect to agency remediation plans is important for addressing the types of problems we noted in remediation plans we reviewed. Therefore, in a prior report, [Footnote 38] we recommended that OMB work with the agencies to ensure that all remediation plans are prepared and submitted in a timely manner. We also recommended that OMB review agencies’ plans for (1) detailed corrective actions that fully address reported problems, (2) inclusion of resource requirements, and (3) specific time frames needed to implement and resolve problems. To fulfill their mandated role, OMB has developed a multidisciplinary approach for reviewing agency plans to correct FFMIA problems. According to OMB officials, OMB reviews the business cases submitted by agencies to support requests for funding of investments in information technology. These business cases are included in the agencies’ budget submissions. Agencies’ business cases for financial management systems are to address, among other things, any FIA, FFMIA, and internal control problems reported by auditors or agency management. OMB officials told us that agency business cases, which include FFMIA remedial actions, are reviewed by OMB’s resource management officers as well as representatives from OMB’s statutory offices—the Office of Federal Financial Management, Office of Federal Procurement Policy, and the Office of Information and Regulatory Affairs. OMB further stated that, generally, agency remediation plans are included in agency budget submissions and subject to change. OMB considers these budget submissions predecisional and therefore not public documents. Agency Efforts to Implement New Financial Systems: Across government, agencies have many efforts underway to implement or upgrade financial systems to alleviate long-standing weaknesses in financial management. While progress continues to be made to improve financial management systems, for some agencies there is a long way to go. At some agencies, most notably DOD, the problems are so severe that it will be years before the full range of systems weaknesses are resolved. To be successful, agencies need to overhaul existing business processes by identifying the root causes as to why systems have these continuing financial management weaknesses. Some agencies, including the Departments of Agriculture, Commerce, and DOT, GSA, NASA, the Office of Personnel Management (OPM), [Footnote 39] and SSA are in the implementation phases of new accounting systems. Other agencies are in the planning and design phases, such as the Departments of Defense, Interior, Energy, and Justice. FEMA is implementing a new version of its Integrated Financial Management Information System. Many of these new financial systems are COTS packages sold by vendors whose software has been certified by JFMIP. [Footnote 40] It is important in implementing COTS packages that agencies reengineer business practices to avoid customization of the COTS software and maximize the software’s utility instead of trying to automate ineffective current business practices. Agencies can help ensure that financial management systems investments deliver the intended results by (1) using Clinger-Cohen Act IT management requirements, (2) undertaking financial management systems modernization in a broad enterprise architecture context, and (3) redesigning business processes in conjunction with implementing new technology. To assist federal agencies in this process, we have developed the IT Investment Management Framework [Footnote 41] to provide a common structure for discussing and assessing IT capital planning and investment management practices. This framework includes steps toward achieving both a stable and mature IT investment management process. Once a project has been selected, good project management is a critical ingredient to successful implementation. For example, it is imperative that managers sufficiently plan their project and that the sponsors are involved in the implementation. Next, deadlines should be realistic and project managers should be capable of understanding the complexities of the job. Throughout the job, the implementation should be monitored to ensure the project is going as planned. While many agencies are in the process of implementing COTS systems to address long-standing financial management problems, implementing a new system will not resolve these problems without adequate accounting policies and internal controls in place. For example, about 98 percent of the Department of Agriculture has implemented a COTS package to serve as its financial management system. According to an Agriculture IG report [Footnote 42] dated June 2002, Agriculture’s new system could provide the department with a materially strengthened accounting system, strengthened financial controls, and better financial reporting. But the Office of the Chief Financial Officer (OCFO) delegated responsibility to the agencies to establish “agency specific” accounting policies and internal controls. The IG found that the accounting policies and procedures developed by the agencies were not consistent, adequate, or proper. Furthermore, the agencies were not following the guidance issued by OCFO. For example, the IG found that the agencies were not limiting access, sufficiently segregating duties, or monitoring appropriation balances. Therefore, although the Department of Agriculture has significantly completed implementing a COTS package, its long-standing financial management problems have not yet been solved. The Agriculture CFO advised us that they have taken a number of steps to strengthen financial management and to address issues identified by the IG. NASA is working toward implementing an integrated financial management system that it expects to be fully operational in 2006 at an estimated cost of $475 million. As we testified in March 2002, [Footnote 43] this is NASA’s third attempt to implement a new financial management system. The first two efforts were abandoned after 12 years and expenditures of $180 million. Given the high stakes involved, it is critical that NASA’s leadership provide the necessary direction, oversight, and sustained attention to ensure that this project is successful. According to SSA officials, SSA has successfully completed their “test drive” of a new COTS system. The purpose of the “test drive” was to ensure that the COTS system could meet the agency’s needs before beginning implementation. SSA decided to purchase the package and to begin implementation. Currently, SSA management is analyzing gaps and reviewing business processes to determine what business processes or software changes are necessary. Problems with DOD’s financial management operations go far beyond its accounting and finance systems and processes. DOD continues to rely on a far-flung, complex network of finance, logistics, personnel, acquisition, and other management information systems to gather the financial data needed to support day-to-day management decision making. This network was not designed to be, but rather has evolved into, the overly complex and error-prone operation that exists today, including (1) little standardization across DOD components, (2) multiple systems performing the same tasks, (3) the same data stored in multiple systems, (4) manual data entry into multiple systems, and (5) a large number of data translations and interfaces that combine to exacerbate problems with data integrity. Many of DOD’s business operations are mired in old, inefficient processes and legacy systems, some of which go back to the 1950s and 1960s. By a wide margin, DOD faces the greatest challenge of any agency in overhauling its financial management systems. Past efforts at reforming DOD’s business operations have been impeded in part by the (1) lack of sustained top-level leadership and (2) cultural resistance to change. DOD’s past experience has suggested that top management has not had a proactive, consistent, and continuing role in building capacity, integrating daily operations for achieving performance goals, and creating incentives. Sustaining top management commitment to performance goals is a particular challenge for DOD. In the past, the average 1.7-year tenure of the department’s top political appointees has served to hinder long-term planning and follow-through. Further, Secretary Rumsfeld has articulated that modernizing DOD’s business operations and systems is a departmentwide priority and will require leadership at every level. Cultural resistance to change and military service parochialism have also played a significant role in impeding previous attempts to implement broad-based management reforms at DOD. The department has acknowledged that it confronts decades-old problems deeply grounded in the bureaucratic history and operating practices of a complex, multifaceted organization, and that many of these practices were developed piecemeal and evolved to accommodate different organizations, each with its own policies and procedures. As discussed in our June 2002 testimony, [Footnote 44] DOD’s vast array of costly, nonintegrated, duplicative, and inefficient financial management systems has resulted in part because of the lack of an integrated approach to addressing its management challenges. In response to our May 2001 report, [Footnote 45] DOD has undertaken the development of an enterprise architecture to achieve the Secretary’s vision of having “reliable, accurate and timely financial management information upon which to make the most effective business decisions.” In fiscal year 2002, DOD received approximately $98 million and has requested another $96 million for fiscal year 2003 for this effort. Consistent with the recommendations contained in our January 1999 [Footnote 46] and May 2001 reports, DOD has an extensive effort underway to document the department’s current “as-is” financial management architecture by identifying systems currently relied upon to carry out financial management operations throughout the department. To date, DOD has identified over 1,500 systems that are involved in the processing of financial information. In developing the “as-is” environment DOD has recognized that financial management is broader than just accounting and finance systems. Rather, it includes the department’s budget formulation, acquisition, inventory management, logistics, personnel, and property management systems. In developing and implementing its enterprise architecture, DOD will need to ensure that the multitude of systems efforts currently underway are designed as an integral part of the future architecture. Managerial Cost Information Is Critical for Implementing the President’s Management Agenda: According to the President’s Management Agenda, the accomplishment of the other four governmentwide initiatives [Footnote 47] will matter little without the integration of agency budgets with performance. The lack of a consistent information and reporting framework for performance, budgeting, and accounting obscures how well government programs are performing as well as inhibits comparisons of performance and cost across programs. Timely, accurate, and useful financial and performance information can form the basis for reconsidering the relevance or “fit” of any federal program or activity in today’s world and for the future. However, even the most meaningful links between performance results and resources consumed are only as good as the underlying data. Therefore, agencies must address long-standing problems within their financial systems. As agencies implement and upgrade their financial management systems, opportunities exist for developing cost management information as an integral part of the system to provide important information that is timely, reliable, and useful. As we have previously discussed, laws, regulations, and standards emphasize that reliable information on the costs of federal programs and activities is crucial for effective management of government operations. In particular, the concepts and standards in SFFAS No. 4 require agencies to develop cost accounting processes that will enable them to provide timely and reliable information on the full cost of federal programs, their activities, and outputs. Further, good information on financial program performance is necessary for the full and effective implementation of GPRA. The success of GPRA is crucial to transitioning to a more results oriented federal government where agencies are held accountable for achieving specific program results. Cost information supports decision making in a variety of different business environments, such as: 1. financial accounting—to assist federal financial report users in evaluating service efforts, costs, and the accomplishment of the reporting entity; 2. budgeting—to plan and make resource allocation decisions; and; 3. managing—to manage resources in the accomplishments of broad program purposes, to manage the unit cost of output to ensure that units of output are produced as effectively and efficiently as possible, and to set fees. In each of these environments, management must know the cost of their activities in order to make good business decisions and to report financial and performance information to external parties such as the Congress and the public, who in turn will then be able to use this cost information to assess the budget integrity, program and operating performance, stewardship, systems, and controls of the federal government. Linking of agency budgets with performance is enhanced when agencies integrate managerial cost information into their program activities (or lines of business). For example, Treasury’s IG stated that one of the management and performance challenges [Footnote 48] that Treasury faced is the integration of cost accounting with its business activities. The IG reported that Treasury managers were unable to link resources to results and often reported their accomplishments based on anecdotal performance evidence and outdated financial information. Agency implementation of managerial cost accounting can be a complex and arduous task. For example, FAA has been developing a cost accounting system, as required by the Federal Aviation Reauthorization Act of 1996, [Footnote 49] for several years. DOT’s IG reported in January 2002 [Footnote 50] that notwithstanding the progress and successes realized so far, FAA still faces significant challenges to complete and operate a credible cost accounting system. The IG concluded that FAA still needed to (1) implement, on a timely basis, fully developed cost accounting and labor distribution systems, (2) establish cost and performance management practices, (3) account for overhead costs, (4) track assets, and (5) develop an adequate system of internal controls. Other agencies have adopted various methods of accumulating and assigning costs to obtain managerial cost information needed to enhance programs, improve processes, establish fees, develop budgets, prepare financial reports, and report on performance. A number of agencies have implemented activity-based costing (ABC), which creates a cost model of an organization by identifying the activities performed, the resources consumed, and the outputs (products and services) produced by that organization. ABC then uses accounting and workload data to assign costs to the activities and related outputs. For example, the Small Business Administration (SBA) uses ABC to support financial reporting, management decision making, performance reporting, budgeting, and cost reimbursements. SBA has used information from its cost management system to prepare the Statement of Net Costs, make resource allocation decisions, and provide information for outsourcing alternatives. SBA has also used managerial costing to provide a crosswalk between the costs of activities and programs and the agency’s strategic goals and objectives. SBA’s cost allocation model provides information about the full costs (direct and indirect) of its programs as well as unit costs for many program outputs. In fiscal year 2001, SBA began using activity-based budgeting (ABB) to analyze program office budgets. The purpose of ABB is to show the linkage between the resources the agency plans to consume and the outputs it plans to produce. ABC and ABB can provide SBA with the information needed for sound decision making. [Footnote 51] While some agencies have found this method to be useful, ABC is not a universal solution for all organizations. Other agencies have developed managerial costing approaches that build upon existing accounting systems. For example, the Department of the Interior’s Bureau of Land Management (BLM) has implemented an innovative cost model that aligns the costs of the bureau’s activities with its work processes and mission goals. This model was developed with extensive coordination with field personnel and has been used for management decision making and to develop budget requests. Increasing Emphasis On Improving Financial Management from the Highest Levels of Government: Increasing attention from the highest levels of the federal government is being targeted on improving federal financial management. Most importantly, The President’s Management Agenda Fiscal Year 2002 includes improved financial performance as one of the five top governmentwide management goals. Improvement in federal financial management systems is central to achieving improved financial performance. The administration is using the Executive Branch Management Scorecard to highlight agency progress in achieving the management and performance improvements embodied in the President’s Management Agenda. Moreover, the JFMIP [Footnote 52] Principals—the Secretary of the Treasury, the Director of OMB, the Director of OPM, and the Comptroller General—have been holding quarterly meetings that have resulted in unprecedented substantive deliberations and agreements focused on key reform issues such as better-defined measures for gauging financial management success and the establishment of financial management committees. President’s Management Agenda and the Executive Branch Management Scorecard: The administration, with its release of the President’s Management Agenda in August 2001, has set forth improved financial performance as one of its five governmentwide initiatives. OMB’s criteria for measuring improved financial performance include (1) ensuring that financial management systems substantially meet federal financial management system requirements and applicable federal accounting and transaction standards, (2) producing accurate and timely financial information, (3) integrating financial and performance management systems to support day- to-day agency operations, and (4) receiving unqualified and timely opinions on the annual financial statements and no material internal control weaknesses [Footnote 53] reported by the auditors. This is another area that the JFMIP Principals have addressed and on which they are in agreement. The administration is using the Executive Branch Management Scorecard, based on OMB’s criteria, to highlight agencies’ progress in achieving the improvements embodied in the President’s Management Agenda. This is a step in the right direction to improving management and performance. The value of the scorecards is not in the scoring, but in the degree to which the scores lead to sustained focus and demonstrable improvements over time. This will depend on continued efforts to assess progress and maintain accountability to ensure that agencies are able to, in fact, improve performance. It is important that there be continual rigor in the scoring process for the approach to be credible and effective. OMB provided its baseline scores judging agency financial management as of September 30, 2001, and an updated version of the scorecard was released as of June 30, 2002. The recent scores indicate that while there has been progress made in implementing the President’s Management Agenda in many agencies, it has not been uniform. The Scorecard had both current status scores and progress in implementation scores for financial management. The “status” is assessed against the standards for success communicated by OMB in its October 30, 2001, memo to executive departments and agencies. According to OMB, one agency, the Department of Labor, has been upgraded from red to yellow for its status score because it has demonstrated commitment to improving and has made good progress. OMB has identified four tasks to be done before Labor could be upgraded to a green status score: (1) integrate its financial and performance management systems, (2) complete remedial actions for Wage and Hour’s Back Wage and Civil Monetary Penalties Systems, (3) develop and implement a plan to reduce erroneous unemployment insurance payments, and (4) implement a cost accounting system. Two agencies, NASA and SBA, have been downgraded from yellow to red. NASA’s score was lowered because its auditors issued a disclaimer of opinion on NASA’s financial statements and determined that its systems were not in compliance with FFMIA. Similarly, SBA’s auditors determined that its systems were not in compliance with FFMIA and reported one material weakness and three reportable conditions relating to SBA being unable to provide timely, complete, and reliable financial statements. The administration assesses “progress” on a case-by-case basis against the deliverables and timelines established for the five initiatives that have been agreed upon with each agency. According to the progress scores on the Executive Branch Management Scorecard, the majority of the agencies are proceeding according to their plans, receiving a “green light,” while a few are slipping or require further adjustments in order to achieve their objectives timely, receiving a “yellow light.” The Department of Interior was the only agency that received a “red light” on “progress” because it has failed to make progress on its financial performance agenda. JFMIP Principals: Starting in August 2001, the JFMIP Principals have been meeting quarterly to deliberate and reach agreements focused on key financial management reform issues. This forum provides an opportunity to reach decisions on key issues and undertake strategic activities that reinforce the effectiveness of groups such as the CFO Council in making progress toward improving federal financial management. In these meetings, the Principals have focused on key issues such as the following. * Defining success measures for financial management performance that go far beyond an unqualified audit opinion on financial statements and include measures such as financial management systems that routinely provide timely, reliable, and useful financial information and no material internal control weaknesses or material noncompliance with laws and regulations and FFMIA requirements; * Restructuring FASAB’s composition to enhance the independence of the board; * Establishing financial management committees for the federal government and the CFO Act agencies; * Overseeing DOD’s business transformation efforts; * Consolidating and standardizing federal payroll systems to reduce the cost of routine operations; * Addressing the impediments to an audit opinion on the U.S. government’s consolidated financial statements, including intragovernmental transactions. The federal government’s current inability to properly account for these transactions hinders true cost transparency and impedes achievement of the goal of a clean opinion on the federal government’s consolidated financial statements. Therefore, OMB has been aggressively pursuing strategies regarding intragovernmental transactions to reform current practices in this area and Treasury has been working to change the process for compiling the consolidated financial statements; * Accelerating financial statement reporting dates. In deliberating on these issues, the Principals recognized that a clean audit opinion alone only provides credibility to an agency’s financial statements as of the date of the financial statements—the last day of the fiscal year. It provides no assurance about the effectiveness or efficiency of the financial systems used to prepare the statements, the quality of internal control, or whether the systems can produce reliable data for decision-making purposes on demand throughout the year. This recognition led to actions such as enhancing the criteria for measuring progress and achievement in the Executive Branch Management Scorecard as discussed above, and accelerating the dates for issuing the government’s financial statements. With these accelerated dates, the government’s financial statements will be issued in a more timely manner and will discourage costly efforts by agencies designed to obtain unqualified opinions on financial statements without addressing the underlying systems and data reliability challenges. After the Principals’ endorsement, OMB acted by requiring agencies to prepare financial statements closer to the end of the reporting period. Under the accelerated reporting requirements, agency performance and accountability reports for fiscal year 2002 are due to OMB by February 1, 2003. OMB is further accelerating the deadline so that by fiscal year 2004, agencies will be required to submit these reports by November 15, 2004. In addition, in fiscal year 2003, agencies will be required to prepare and submit quarterly financial statements no later than 45 days after the end of the reporting period. The JFMIP Principals have proven to be a collective driving force to communicate expectations, address impediments, and move the financial management agenda forward. Future meetings will enable the JFMIP Principals to reach agreements and monitor progress on strategies critical to the full and successful implementation of federal financial management reform. Conclusions: The ultimate objective of FFMIA is to ensure that agency financial management systems routinely provide reliable, useful, and timely financial information, not just at year-end or for financial statements, so that government leaders will be better positioned to invest resources, reduce costs, oversee programs, and hold agency managers accountable for the way they run programs. To achieve the financial management improvements envisioned by the CFO Act, FFMIA, and more recently, the President’s Management Agenda, agencies need to modernize their financial management systems to generate reliable, useful, and timely financial information throughout the year and at year-end. Meeting the requirements of FFMIA presents long-standing, significant challenges that will be attained only through time, investment, and sustained emphasis on correcting deficiencies in federal financial management systems. To assess compliance with FFMIA, auditors need to perform detailed audit procedures that are more comprehensive and independent of those performed for rendering an opinion in a financial statement audit. Such a comprehensive and independent assessment of an agency’s financial management system is essential to improving the performance, productivity, and efficiency of federal financial management and achieving the President’s Management Agenda. In consultation with PCIE, we have jointly developed guidance as a part of GAO/PCIE FAM to assist auditors to comprehensively test for FFMIA compliance. However, without action from OMB to revise its guidance on FFMIA compliance testing and reporting, the audit community will continue to face conflicting guidance. Therefore, we reaffirm the recommendations we made in our annual FFMIA report last year [Footnote 54] that OMB specify expected procedures for auditors to perform when assessing FFMIA compliance as called for in GAO/PCIE FAM. This additional guidance should be principle based and should clearly outline (1) the minimum scope of work and (2) the procedures for auditors to perform in determining whether management has reliable, timely, and useful financial information for managing day-today operations. We also reaffirm our prior recommendations that OMB require agency auditors to provide a statement of positive assurance when reporting an agency’s systems to be in substantial compliance with FFMIA. Further, we reaffirm our prior recommendation that OMB continue to work with the CFOs, IGs, and GAO to explore further clarification of the definition of “substantial compliance” and to explain the appropriate use of the compliance indicators. Finally, we reaffirm our prior recommendation that OMB emphasize to auditors the significance of agencies’ ability to meet the Managerial Cost Accounting Concepts and Standards, given the crucial need for cost management information for measuring the results of program performance. The size and complexity of many federal agencies and the discipline needed to overhaul or replace their financial management systems present a significant challenge for many agencies. The significance of these issues, now and in the future, emphasizes the need for detailed remediation plans. As envisioned by the act, these remediation plans would help agencies establish seamless systems and processes to routinely generate reliable, useful, and timely information that would improve agencies’ accountability. Again this year, our analysis showed that while the quality of some of the plans had improved, many agencies’ remediation plans continue to lack key elements that could preclude the achievement of FFMIA objectives. Therefore, we reaffirm our prior recommendation that OMB continue to work with agencies to ensure that the remediation plans include all required elements and are not making new recommendations at this time related to remediation plans. The widespread systems problems facing the federal government need sustained management commitment at the highest levels of government. Today, we are seeing a strong commitment from the President, the JFMIP Principals, and the secretaries of major departments, such as DOD, to ensuring that these needed modernizations come to fruition. This commitment is critical to the success of the efforts underway and those still in a formative stage to achieve the goals of the CFO Act and FFMIA. Agency Comments And Our Evaluation: In written comments (reprinted in app.V) on a draft of this report, OMB agreed with our assessment that while many federal agencies are continuing to make progress, some agencies continue to have shortcomings in their financial management systems. OMB noted that changing its audit guidance to require positive assurance when reporting on FFMIA compliance would not necessarily measure the availability or quality of financial information, integral to the intent of FFMIA. As we discussed in the report, OMB officials acknowledged that they are currently updating their financial management policy guidance, including guidance related to financial management systems. OMB officials stated that once the update of its financial management policy guidance has been completed, new performance and results-based criteria will be used in future FFMIA assessments. OMB further stated that it will reconsider revising its FFMIA audit guidance once its overall federal financial management policy has been finalized. OMB also commented on our affirmation of our prior recommendation that it continue to work with the agencies to ensure that remediation plans include all of the required elements. As we state in the report, most of the agencies did not include resource requirements for accomplishing corrective actions in their remediation plans, as required by FFMIA. OMB agrees that the stand-alone agency remediation plans do not necessarily include resource information, but noted that agencies have been instructed to include this information in their OMB Circular A-11 budget submissions. OMB officials added that a more comprehensive review and assessment of agency plans to correct FFMIA problems is conducted as a part of OMB’s annual budget process. While OMB’s multidisciplinary approach to reviewing agency remediation plans appears to have prompted improvements in the plans, we cannot determine whether the required resource information not found in the stand-alone remediation plans is included in the budget submission information required under OMB Circular A-11 because we did not have the agency budget submissions. These documents are subject to change, and OMB considers the budget submissions predecisional. Therefore, we based our review on the standalone remediation plans received from the agencies directly. In reviewing these plans, we found no references to other parts of the agency budget submissions that might include resource information. Unless we review agency budget submissions, we will only be able to report on the contents of the stand-alone remediation plans. OMB and several agencies also provided other technical comments that we incorporated as appropriate. We are sending copies of this report to the Chairman and Ranking Minority Member, Subcommittee on Oversight of Government Management, Restructuring, and the District of Columbia, Senate Committee on Governmental Affairs; and to the Chairman and Ranking Minority Member, Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations, House Committee on Government Reform. We are also sending copies to the Director of the Office of Management and Budget, the Secretary of the Treasury, the heads of the 24 CFO Act agencies, and agency CFOs and IGs. Copies will also be made available to others upon request. This report was prepared under the direction of Sally E. Thompson, Director, Financial Management and Assurance, who may be reached at (202) 512-9450 or by e-mail at thompsons@gao.gov if you have any questions. Staff contacts and other key contributors to this report are listed in appendix VI. Signed by: David M. Walker: Comptroller General Of the United States: [End of section] Appendix I: Publications in the Federal Financial Management Systems Requirements Series: FFMSR document: FFMSR-0 Framework for Federal Financial Management Systems; Issue date: January 1995. FFMSR document: FFMSR-7 Inventory System Requirements; Issue date: June 1995. FFMSR document: FFMSR-8 Managerial Cost Accounting System Requirements; Issue date: February 1998. FFMSR document: JFMIP-SR-01-02 Core Financial System Requirements; Issue date: November 2001. FFMSR document: JFMIP-SR-99-5 Human Resources & Payroll Systems Requirements; Issue date: April 1999. FFMSR document: JFMIP-SR-99-8 Direct Loan System Requirements; Issue date: June 1999. FFMSR document: JFMIP-SR-99-9 Travel System Requirements; Issue date: July 1999. FFMSR document: JFMIP-SR-99-14 Seized Property and Forfeited Asset Systems Requirements; Issue date: December 1999. FFMSR document: JFMIP-SR-00-01 Guaranteed Loan System Requirements; Issue date: March 2000. FFMSR document: JFMIP-SR-00-3 Grant Financial System Requirements; Issue date: June 2000. FFMSR document: JFMIP-SR-00-4 Property Management Systems Requirements; Issue date: October 2000. FFMSR document: JFMIP-SR-01-1 Benefit System Requirements; Issue date: September 2001. FFMSR document: JFMIP-SR-02-02 Acquisition/Financial Systems Interface Requirements; Issue date: June 2002. [End of table] [End of section] Appendix II: Statements of Federal Financial Accounting Concepts, Standards, and Interpretations: Concepts: SFFAC No. 1 Objectives of Federal Financial Reporting; SFFAC No. 2 Entity and Display; SFFAC No. 3 Management’s Discussion and Analysis; Standards: SFFAS No. 1 Accounting for Selected Assets and Liabilities; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 2 Accounting for Direct Loans and Loan Guarantees; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 3 Accounting for Inventory and Related Property; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 4 Managerial Cost Accounting Concepts and Standards; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 5 Accounting for Liabilities of the Federal Government; Effective for fiscal year[A]: 1997. Standards: SFFAS No. 6 Accounting for Property, Plant, and Equipment; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 7 Accounting for Revenue and Other Financing Sources; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 8 Supplementary Stewardship Reporting; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 9 Deferral of the Effective Date of Managerial Cost Accounting Standards for the Federal Government in SFFAS No. 4; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 10 Accounting for Internal Use Software; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 11 Amendments to Accounting for Property, Plant, and Equipment—Definitional Changes Effective for fiscal year[A]: 1999. Standards: SFFAS No. 12 Recognition of Contingent Liabilities Arising from Litigation: An Amendment of SFFAS No. 5, Accounting for Liabilities of the Federal Government; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 13 Deferral of Paragraph 65-2—Material Revenue- Related Transactions Disclosures; Effective for fiscal year[A]: 1999. Standards: SFFAS No. 14 Amendments to Deferred Maintenance Reporting; Effective for fiscal year[A]: 1999. Standards: SFFAS No. 15 Management’s Discussion and Analysis; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 16 Amendments to Accounting for Property, Plant, and Equipment; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 17 Accounting for Social Insurance; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 18 Amendments to Accounting Standards for Direct Loans and Loan Guarantees in SFFAS No. 2; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 19 Technical Amendments to Accounting Standards for Direct Loans and Loan Guarantees in SFFAS No.2; Effective for fiscal year[A]: 2003. Standards: SFFAS No. 20 Elimination of Certain Disclosures Related to Tax Revenue Transactions by the Internal Revenue Service, Customs, and Others; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 21 Reporting Corrections of Errors and Changes in Accounting Principles; Effective for fiscal year[A]: 2002. Standards: SFFAS No. 22 Change in Certain Requirements for Reconciling Obligations and Net Cost of Operations; Effective for fiscal year[A]: 2001. Interpretations: No. 1 Reporting on Indian Trust Funds; No. 2 Accounting for Treasury Judgment Fund Transactions; No. 3 Measurement Date for Pension and Retirement Health Care Liabilities; No. 4 Accounting for Pension Payments in Excess of Pension Expense; No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue. [A] Effective dates do not apply to Statements of Federal Financial Accounting Concepts and Interpretations. [End of table] [End of section] Appendix III: AAPC Technical Releases: Technical release: TR-1 Audit Legal Letter Guidance; AAPC release date: March 1, 1998. Technical release: TR-2 Environmental Liabilities Guidance; AAPC release date: March 15, 1998. Technical release: TR-3 Preparing and Auditing Direct Loan and Loan Guarantee Subsidies Under the Federal Credit Reform Act; AAPC release date: July 31, 1999. Technical release: TR-4 Reporting on Non-Valued Seized and Forfeited Property; AAPC release date: July 31, 1999. Technical release: TR-5 Implementation Guidance on SFFAS No. 10: Accounting for Internal Use Software; AAPC release date: May 14, 2001. [End of table] [End of section] Appendix IV: Checklists for Reviewing Systems Under the Federal Financial Management Improvement Act: Checklist: GAO/AIMD-98-21.2.1 Framework for Federal Financial Management System Checklist; Issue date: May 1998. Checklist: GAO/AIMD-00-21.2.2 Core Financial System Requirements Checklist; Issue date: February 2000. Checklist: GAO/AIMD-00-21.2.3 Human Resources and Payroll Systems Requirements Checklist; Issue date: March 2000. Checklist: GAO/AIMD-98-21.2.4 Inventory System Checklist; Issue date: May 1998. Checklist: GAO/01-99G Seized Property and Forfeited Assets Systems Requirements Checklist; Issue date: October 2000. Checklist: GAO/AIMD-21-2.6 Direct Loan System Requirements Checklist; Issue date: April 2000. Checklist: GAO/AIMD-21.2.8 Travel System Requirements Checklist; Issue date: May 2000. Checklist: GAO/AIMD-99-21.2.9 System Requirements for Managerial Cost Accounting Checklist; Issue date: January 1999. Checklist: GAO-01-371G Guaranteed Loan System Requirements Checklist; Issue date: March 2001. Checklist: GAO-01-911G Grant Financial System Requirements Checklist; Issue date: September 2001. Checklist: GAO-02-171G Property Management Systems Requirements Checklist; Issue date: December 2001. Checklist: GAO-02-762G Benefit System Requirements (Exposure Draft); Issue date: September 2002. [End of table] [End of section] Appendix V: Comments From the Office of Management and Budget: Executive Office of the President: Office of Management and Budget: Office of Federal Financial Management: Washington, DC 20503: September 27, 2002: Mt. Jeffrey C. Steinhoff: Managing Director, Financial Management and Assurance: United States General Accounting Office: Washington, DC 20548: Dear Mr. Steinhoff: Thank you for the opportunity to comment on the proposed report entitled "Financial Management: FFMIA Implementation Necessary to Achieve Accountability (GAO-03-31)." OMB agrees with your assessment that while many Federal agencies are continuing to make progress, some agencies continue to have shortcomings in their financial management systems. In regards to your recommendation for OMB to change its audit guidance to require a statement of positive assurance when reporting on FFMIA compliance, requiring positive assurance using the current financial system guidance as the basis would not necessarily measure the quality or availability of financial information which is the intent of the Act. OMB currently is updating its financial management policy guidance including financial management systems. Once this update is completed, new performance and results-based criteria will be used in future FFMIA assessments. With respect to your recommendation, we will consider revising our audit guidance once our overall Federal financial management policy is finalized. The report also reaffirms the prior recommendation that OMB continue to work with agencies to ensure that remediations plans include all required elements. Specifically cited as a problem in the proposed report is that the remediation plans do not include resource information needed to assess if the corrective actions can be accomplished within the specified timeframes. OMB agrees that stand- alone remediation plans do not necessarily contain resource information. However, OMB has instructed agencies in Circular A-11 that remediation plan information required by FFMIA should be included in the agency's annual financial management plans and budget justifications; stand-alone remediation plans are not required. More importantly, a more comprehensive review and assessment of agency plans to correct FFMIA problems is performed as part of OMB's annual budget process. This multidisciplinary approach includes reviewing financial management plans, budget justifications, and business cases for investments. During this review we examine resource requests, timelines, risk mitigation, expected results, and other areas to ensure improvement efforts will achieve their intended outcome. Since budget information is prepared by the agency and reviewed by OMB, the agency and OMB are aware of the resource requirements. OMB looks forward to continuing to work with GAO on improving management systems. Sincerely, Singed by: Joseph Kull: Deputy Controller: [End of section] Appendix VI: GAO Contacts and Staff Acknowledgments: GAO Contacts: Sally E. Thompson, (202) 512-9450: Kay L. Daly, (202) 512-9312: Acknowledgments: In addition to those named above, Rosa R. Harris, William S. Lowrey, Debra S. Rucker, Sandra S. Silzer, and Bridget A. Skjoldal made key contributions to this report. [End of section] Footnotes: [1] Pub. L. No. 101-576, 104 Stat. 2838 (1990). [2] Title VIII of Public Law 104-208 is entitled the Federal Financial Management Improvement Act of 1996. [3] The American Institute of Certified Public Accountants recognizes the federal accounting standards promulgated by the Federal Accounting Standards Advisory Board (FASAB) as generally accepted accounting principles (GAAP). [4] The SGL provides a standard chart of accounts and standardized transactions that agencies are to use in all their financial systems. [5] The JFMIP Principals are the Secretary of the Treasury, the Directors of OMB and the Office of Personnel Management (OPM), and the Comptroller General of the United States. [6] Agency management for two of the remaining four agencies did not prepare remediation plans because they determined that their systems did substantially comply with FFMIA. The other two agencies did not prepare remediation plans for fiscal year 2000 for other reasons. [7] Under the auspices of OMB Circular A-127, JFMIP tests vendor COTS packages and certifies that they meet certain financial management system requirements for core financial systems. [8] U.S. General Accounting Office, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3 (Washington, D.C.: November 1999). [9] In October 1990, the Secretary of the Treasury, the Director of OMB, and the Comptroller General established FASAB to develop a set of generally accepted accounting standards for the federal government. Effective July 1, 2002, FASAB is comprised of six nonfederal or public members and representatives of the three Principals. [10] Accounting standards are authoritative statements of how particular types of transactions and other events should be reflected in financial statements. SFFACs explain the objectives and ideas upon which FASAB develops the standards. [11] An interpretation is a document of narrow scope that provides clarifications of original meaning, additional definitions, or other guidance pertaining to an existing federal accounting standard. [12] In 1997, FASAB, in conjunction with OMB, Department of the Treasury (Treasury), GAO, the CFO Council, and the President’s Council on Integrity and Efficiency, established AAPC to assist the federal government in improving financial reporting. [13] SGL guidance is published in the Treasury Financial Manual. Treasury’s Financial Management Service is responsible for maintaining the SGL and answering agency inquiries. [14] Fiscal year 2000 remediation plans, addressing instances of noncompliance with FFMIA identified in financial statement audits reports covering fiscal year 2000, were due to OMB by September 10, 2001. Remediation plans addressing instances of noncompliance identified in the fiscal year 2001 financial statement audit reports were not due to OMB until September 9, 2002. Therefore, in reviewing remediation plans, we reviewed the fiscal year 2000 plans. [15] The seven agencies selected were the Departments of Energy and Labor, the General Services Administration (GSA), the National Aeronautics and Space Administration (NASA), the National Science Foundation (NSF), the Small Business Administration, and the Social Security Administration. [16] The fiscal year 2000 remediation plans were the most recently available documents since the plans for responding to issues identified for fiscal year 2001 were not due to OMB until September 9, 2002. [17] Federal financial system requirements define an integrated financial system as one that coordinates a number of previously unconnected functions to improve overall efficiency and control. Characteristics of such a system include (1) standard data classifications for recording financial events, (2) common processes for processing similar transactions, (3) consistent control over data entry, transaction processing, and reporting, and (4) a system design that eliminates unnecessary duplication of transaction entry. [18] Agency performance and accountability reports include the audit report and the audited financial statements. [19] Agencies record their budget spending authorizations in their fund balance with Treasury accounts. Agencies increase or decrease these accounts as they collect or disburse funds. [20] Absolute differences are computed with all numbers considered to be positive numbers. [21] U.S. General Accounting Office, U.S. Government Financial Statements: FY 2001 Results Highlight the Continuing Need to Accelerate Federal Financial Management Reform, GAO-02-599T (Washington, D.C.: Apr. 9, 2002). [22] Trading partners are U.S. government agencies, departments, or other components that do business with each other. [23] The value of goods and services ordered and obligated which have not been paid. [24] An AID mission is a representative in a cooperating country. AID has overseas missions and offices that manage projects associated with this foreign assistance. [25] AID has estimated that the worldwide deployment of the core financial system will not begin until fiscal year 2008. [26] These eight agencies are: Agriculture, DOD, DOT, AID, EPA, FEMA, National Aeronautics and Space Administration (NASA), and NRC. [27] U.S. General Accounting Office, High-Risk Series: An Update, GAO- 01-263 (Washington, D.C.: January 2001). [28] These provisions are part of the Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001. [29] U.S. General Accounting Office, Information Security: Additional Actions Needed to Fully Implement Reform Legislation, GAO-02-470T (Washington, D.C.: March 6, 2002). [30] We analyzed the results of IG and GAO audit reports published from July 2000 through September 2001, including the results of the IGs’ independent evaluations. [31] GAO-02-470T. [32] U.S. General Accounting Office, Financial Management: FFMIA Implementation Critical for Federal Accountability, GAO-02-29 (Washington, D.C.: Oct. 1, 2001). [33] The Financial Audit Manual, jointly issued by GAO and the President’s Council on Integrity and Efficiency, provides the methodology for performing financial statement audits of federal entities. [34] GAO-02-29. [35] GAO-02-29. [36] Remediation plans addressing issues identified in the fiscal year 2000 financial statements were due to OMB by September 10, 2001. [37] U.S. General Accounting Office, High-Risk Series: An Update, GAO- 01-263 (Washington, DC: January 2001). [38] U.S. General Accounting Office, Financial Management: Federal Financial Management Improvement Act Results for Fiscal Year 1998, GAO/AIMD-00-3 (Washington, DC: Oct. 1, 1999). [39] OPM implemented its new Government Financial Information System on October 1, 2001. According to an OPM official, the initial implementation included its general ledger, budget execution, project cost accounting, and accounts receivable modules. The second phase of the implementation included its accounts payable, automated disbursements, and procurement functionality. [40] JFMIP tests vendor COTS packages and certifies that they meet certain financial management system requirements for core financial systems. [41] U.S. General Accounting Office, Information Technology Investment Management: An Overview of GAO’s Assessment Framework (Exposure Draft), GAO/AIMD-00-155 (Washington, D.C.: May 2000). [42] U.S. Department of Agriculture, Office of the Inspector General, Audit of Selected Foundation Financial Information System Operations, Report Number 50401-42-FM (Washington, D.C.: June 2002). [43] U.S. General Accounting Office, National Aeronautics and Space Administration: Leadership and Systems Needed to Effect Financial Management Improvements, GAO-02-551T (Washington, D.C.: March 20, 2002). [44] U.S. General Accounting Office, DOD Financial Management: Important Steps Underway But Reform Will Require Long-term Commitment, GAO-02-784T (Washington, D.C.: June 2002). [45] U.S. General Accounting Office, Information Technology: Architecture Needed to Guide Modernization of DOD’s Financial Operations, GAO-01-525 (Washington, D.C.: May 2001). [46] U.S. General Accounting Office, Financial Management: Analysis of DOD’s First Biennial Financial Management Improvement Plan, GAO/AIMD-99- 44 (Washington, D.C.: Jan. 29, 1999). [47] The other four governmentwide initiatives are improved financial performance, strategic management of human capital, competitive sourcing, and expanded electronic government. [48] U.S. Department of the Treasury, Office of the Inspector General, Management and Performance Challenges Facing the Department of the Treasury (Washington, D.C.: Jan. 30, 2002). [49] This act required FAA to develop a cost accounting system that adequately and accurately reflects the investments, operating and overhead costs, revenues, and other financial measurement and reporting aspects of its operations. [50] U.S. Department of Transportation, Office of Inspector General, 2001 Status Assessment of Cost Accounting System and Practices, Federal Aviation Administration (Washington, D.C.: Jan. 10, 2002). [51] Using ABC and ABB allows agencies to manage by activity, otherwise known as activity-based management. [52] JFMIP is a joint and cooperative undertaking of OMB, the Department of the Treasury, OPM, and GAO working with executive agencies to improve financial management practices throughout the federal government. [53] A material weakness is a condition that precludes the entity’s internal control from providing reasonable assurance that misstatements, losses, or noncompliance material in relation to the financial statements would be prevented or detected on a timely basis. [54] GAO-02-29. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Jeff Nelligan, Managing Director, AndersonP1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: