This is the accessible text file for GAO report number GAO-05-881 entitled 'Financial Management: Achieving FFMIA Compliance Continues to Challenge Agencies' which was released on September 21, 2005. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Committees: September 2005: Financial Management: Achieving FFMIA Compliance Continues to Challenge Agencies: [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-881]: GAO Highlights: Highlights of GAO-05-881, a report to the Committee on Homeland Security and Governmental Affairs, U.S. Senate, and the Committee on Government Reform, House of Representatives: Why GAO Did This Study: The ability to produce the data needed to efficiently and effectively manage the day-to-day operations of the federal government and provide accountability to taxpayers continues to be a challenge for most federal agencies. To help address this challenge, the Federal Financial Management Improvement Act of 1996 (FFMIA) requires the Chief Financial Officers (CFO) Act agencies to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL). FFMIA also requires GAO to report annually on the implementation of the act. What GAO Found: While most CFO Act agencies have obtained clean or unqualified audit opinions on their financial statements, the underlying financial systems remain a serious problem. Agencies still lack the capacity to create the full range of information needed for effective day-to-day management. In fiscal year 2004, auditors for 16 of the 23 CFO Act agencies reported that agencies’ financial management systems failed to comply with FFMIA. As shown in the figure below, primarily six types of problems related to agencies systems were identified in the audit reports. These same types of problems have been consistently reported for agencies with noncompliant systems for a number of years. GAO views these problems with agency financial systems to be a significant challenge to improving the management of the federal government. Auditors for six agencies provided negative assurance on systems’ FFMIA compliance for fiscal year 2004. This means that nothing came to their attention to indicate that financial management systems did not meet FFMIA requirements. OMB’s current reporting guidance calls for negative assurance; however, GAO continues to believe that this type of reporting is not sufficient for reporting under the act. In addition, negative assurance may provide the false impression that the auditors are reporting that the agencies’ systems are compliant. In contrast, auditors for the Department of Labor (DOL) provided positive assurance by reporting that DOL’s financial management systems substantially complied with FFMIA requirements. In fiscal year 2005, DOL auditors plan to enhance their audit procedures to focus on the reliability and use of managerial cost information. GAO looks forward to other auditors adopting a similar reporting practice that adds more value. In addition, auditors have expressed concern about providing positive assurance because of the need to clarify the meaning of substantial compliance. OMB continues to move ahead on other initiatives to enhance financial management in the federal government. Moreover, the continuing leadership and support of Congress will be crucial in reforming financial management in the federal government. What GAO Recommends: GAO reaffirms its prior recommendations that OMB revise its guidance to require positive assurance regarding substantial compliance with the requirements of FFMIA, and clarify “substantial compliance” to promote consistent reporting. As in the past, OMB did not agree with GAO’s view on the need for auditors to provide positive assurance on FFMIA, but agreed to consider clarifying the definition of “substantial compliance” in future policy and guidance updates. We believe that positive assurance is a statutory requirement and will continue to work with OMB on this issue. www.gao.gov/cgi-bin/getrpt?GAO-05-881. To view the full product, including the scope and methodology, click on the link above. For more information, contact Sally Thompson at (202) 512-2600 or thompsons@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: Guidance for FFMIA Issued by OMB: Financial Audit Manual Section on FFMIA Developed by GAO and PCIE: Scope and Methodology: Systems Weaknesses Continue to Impede Financial Management Accountability: FFMIA Compliance Findings Mostly Based on Negative Assurance: Reasons for Noncompliance: Key Initiatives That Impact Federal Financial Management Systems: DOD Continues to Struggle to Enhance Financial Management: Continuing Congressional Interest Helps Provide Accountability: Conclusions: Agency Comments and Our Evaluation: Appendixes: Appendix I: Requirements and Standards Supporting Federal Financial Management: Appendix II: Publications in the Federal Financial Management Systems Requirements Series: Appendix III: Statements of Federal Financial Accounting Concepts, Standards, Interpretations, and Technical Bulletins: Appendix IV: AAPC Technical Releases: Appendix V: Checklists for Reviewing Systems under the Federal Financial Management Improvement Act: Appendix VI: Comments from the Office of Management and Budget: Appendix VII: Auditors' FFMIA Determinations for Fiscal Year 2004: Appendix VIII: GAO Contact and Staff Acknowledgments: Figures: Figure 1: Problems Reported by Auditors for Fiscal Years 2000 through 2004: Figure 2: Auditors' FFMIA Assessments for Fiscal Years 2000 through 2004: Figure 3: Problems Reported by Auditors for Fiscal Years 2000 through 2004: Figure 4: Agency Systems Architecture: Abbreviations: AAPC: Accounting and Auditing Policy Committee: AICPA: American Institute of Certified Public Accountants: AID: Agency for International Development: BPD: Bureau of the Public Debt: CFO: chief financial officer: COE: centers of excellence: COTS: commercial off-the-shelf: DFAS: Defense Finance and Accounting Service: DHS: Department of Homeland Security: DOD: Department of Defense: DOJ: Department of Justice: DOL: Department of Labor: DOT: Department of Transportation: EPA: Environmental Protection Agency: FAM: GAO/PCIE Financial Audit Manual: FASAB: Federal Accounting Standards Advisory Board: FBWT: Fund Balance with Treasury: FEA: Federal Enterprise Architecture: FEMA: Federal Emergency Management Agency: FFMIA: Federal Financial Management Improvement Act: FFMSR: Federal Financial Management System Requirements: FISMA: Federal Information Security Management Act: FMFIA: Federal Managers' Financial Integrity Act: FSIC: Financial Systems Integration Committee: GSA: General Services Administration: HHS: Department of Health and Human Services: IRS: Internal Revenue Service: JFMIP: Joint Financial Management Improvement Program: LOB: line of business: MACS: Mission Accounting and Control System: NASA: National Aeronautics and Space Administration: NBC: National Business Center: NRC: Nuclear Regulatory Commission: NSF: National Science Foundation: OFFM: Office of Federal Financial Management: OIG: office of inspector general: OMB: Office of Management and Budget: OPM: Office of Personnel Management: PCIE: President's Council on Integrity and Efficiency: PMO: Program Management Office: SFFAC: Statement of Federal Financial Accounting Concepts: SFFAS: Statement of Federal Financial Accounting Standards: SGL: U.S. Government Standard General Ledger: SSA: Social Security Administration: USDA: U.S. Department of Agriculture: VA: Department of Veterans Affairs: Letter September 20, 2005: The Honorable Susan M. Collins: Chairman: The Honorable Joseph I. Lieberman: Ranking Minority Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Tom Davis: Chairman: The Honorable Henry A. Waxman: Ranking Minority Member: Committee on Government Reform: House of Representatives: Most federal agencies continue to lack the financial data needed to efficiently and effectively manage day-to-day operations and to provide an acceptable level of accountability to taxpayers. In 1990, to address this long-standing weakness, Congress mandated financial management reform within the federal government by enacting the Chief Financial Officers (CFO) Act,[Footnote 1] which requires the modernization of financial management systems by agencies in order to attain the systematic measurement of performance; the development of cost information; and the integration of program, budget, and financial information for management reporting. The goal of the CFO Act is to improve accounting and financial management practices by providing management with the full range of information needed for day-to-day management. The Federal Financial Management Improvement Act of 1996[Footnote 2] (FFMIA) builds on the foundation laid by the CFO Act by emphasizing the need for agencies to have financial management systems that can generate reliable, useful, and timely information with which to make fully informed decisions and to ensure accountability on an ongoing basis. FFMIA requires the major departments and agencies covered by the CFO Act[Footnote 3] to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL) at the transaction level. The act also requires auditors to state in their audit reports whether the agencies' financial management systems substantially comply with the act's requirements. In addition, we are required to report annually on the implementation status of the act. This report, our ninth, discusses (1) the auditors' assessments of agency systems' compliance with FFMIA for fiscal year 2004 and the financial management systems problems that continue to affect systems' FFMIA compliance and (2) the initiatives underway to help move federal financial management toward FFMIA compliance. We conducted our work in the Washington, D.C. area from February 2005 through May 2005, in accordance with U.S. generally accepted government auditing standards. Results in Brief: While more CFO Act agencies have obtained clean or unqualified audit opinions on their financial statements, the underlying agency financial systems remain a serious problem. Agencies still generally lack the capacity to create the full range of information needed to effectively manage day-to-day operations. For fiscal year 2004, auditors for 16 of the 23 CFO Act agencies reported that their agencies' financial management systems did not comply substantially with one or more of the three FFMIA requirements. As a result of these deficiencies, the financial management systems of most agencies are still unable to routinely produce reliable, useful, and timely financial information. This weakness limits the federal government's capacity to manage with timely and objective data, and thereby hampers its ability to effectively manage and oversee its major programs. Auditors for the other seven CFO Act agencies did not report such problems but for the most part did not offer assurances that this was in fact the case. Auditors for six[Footnote 4] of the seven agencies reported that the results of their tests disclosed no instances in which the agencies' systems did not substantially comply with FFMIA. These auditors provided what is termed negative assurance of FFMIA compliance when they reported that nothing came to their attention during the course of their planned procedures to indicate that these agencies' financial management systems did not meet FFMIA requirements. While negative assurance is the level of assurance allowed by the Office of Management and Budget's (OMB) audit guidance, the auditors for one agency, the Department of Labor (DOL), instead provided positive assurance when they reported that in their opinion, DOL's financial management systems substantially complied with the requirements of FFMIA. Providing positive assurance, as required by the act, involves more testing than that performed by auditors to render an opinion on the financial statements. DOL's auditors told us that the extent of their audit procedures enabled them to conclude that DOL's systems were substantially compliant with the provisions of FFMIA. For fiscal year 2005, the DOL auditors plan to enhance their procedures to increase their focus on the reliability and use of managerial cost information, among other things. This is a very positive action by the DOL auditors, and we look forward to other agencies adopting a similar reporting practice. The Department of Homeland Security Financial Accountability Act[Footnote 5] added the Department of Homeland Security (DHS) to the list of CFO Act agencies effective for fiscal year 2005. With that designation, DHS will be subject to FFMIA for fiscal year 2005. Because DHS was not subject to FFMIA in fiscal year 2004, we have not included DHS in our summaries of compliance with FFMIA and problems reported by the auditors for fiscal year 2004. However, we have noted that the DHS auditors identified and reported deficiencies that relate to all three FFMIA requirements. We plan to include DHS in our analysis of the fiscal year 2005 FFMIA results. As shown in figure 1, agencies have not yet achieved the goals of FFMIA--as well as the CFO Act--to establish financial management systems that support controlling the cost of the federal government and improving the performance, productivity, and efficiency of federal financial management. Based on our review of the fiscal year 2004 audit reports for the 16 agencies reported to have noncompliant systems, the same six primary problems continue to affect FFMIA compliance. While more severe at some agencies than others, the nature and seriousness of the problems reported indicate that generally most agencies' financial management systems are not yet able to routinely produce reliable, useful, and timely financial information. We view the problems with agencies' financial management systems to be a significant challenge to improving the management of government. Figure 1: Problems Reported by Auditors for Fiscal Years 2000 through 2004: [See PDF for image] [End of figure] OMB continues to move forward on new initiatives to enhance financial management and provide results-oriented information in the federal government. Two notable developments in this area in fiscal year 2004 were the realignment of responsibilities formerly performed by the Joint Financial Management Improvement Program (JFMIP) and the development of financial management lines of business. While we are not making any new recommendations in this report, we reaffirm our prior recommendations[Footnote 6] aimed at enhancing OMB's audit guidance related to FFMIA assessments. Specifically, we recommended that OMB (1) require agency auditors to provide a statement of positive assurance when reporting an agency's systems to be in substantial compliance with the requirements of FFMIA and (2) further clarify the definition of "substantial compliance" to encourage consistent reporting. As we noted in our prior reports, auditors we interviewed had concerns about providing positive assurance in reporting on agency systems' FFMIA compliance because of a need for clarification regarding the meaning of substantial compliance. In commenting on a draft of this report, OMB agreed with our assessment that many federal agencies still need to make improvements to generate more accurate and timely financial information to optimize day-to-day operations. Moreover, OMB agreed with us that financial management success encompasses more than agencies receiving unqualified opinions on their financial statements. As in previous years, we and OMB have differing views on the level of audit assurance necessary for assessing compliance with FFMIA. While OMB commended DOL's auditors for performing the additional level of audit work needed to provide positive assurance of compliance with FFMIA and encouraged similar efforts at other agencies, it stated that requiring a statement of positive assurance for all agencies was not necessary. We continue to believe that a statement of positive assurance is a statutory requirement under the act and will continue to work with OMB on this issue. OMB did agree to consider clarifying the definition of "substantial compliance" in its future policy and guidance updates. Our detailed evaluation of OMB's comments can be found at the end of this letter. Background: FFMIA is part of a series of management reform legislation passed by Congress over the past two decades. This series of legislation started with the Federal Managers' Financial Integrity Act of 1982 (FMFIA),[Footnote 7] which Congress passed to strengthen internal controls and accounting systems throughout the federal government, among other purposes. Issued pursuant to FMFIA, the Comptroller General's Standards for Internal Control in the Federal Government[Footnote 8] provides the standards that are directed at helping agency managers implement effective internal control, an integral part of improving financial management systems. Internal control is a major part of managing an organization and comprises the plans, methods, and procedures used to meet missions, goals, and objectives. In summary, internal control, which under OMB's guidance for FMFIA is synonymous with management control, helps government program managers achieve desired results through effective stewardship of public resources. Effective internal control also helps in managing change to cope with shifting environments and evolving demands and priorities. As programs change and agencies strive to improve operational processes and implement new technological developments, management must continually assess and evaluate its internal control to ensure that the control activities being used are effective and updated when necessary. While agencies had achieved some success in identifying and correcting material internal control and accounting system weaknesses, their efforts to implement FMFIA had not produced the results intended by Congress. Therefore, in the 1990s, Congress passed additional management reform legislation to improve the general and financial management of the federal government. The combination of reforms ushered in by the (1) CFO Act of 1990, (2) Government Performance and Results Act of 1993,[Footnote 9] (3) Government Management Reform Act of 1994,[Footnote 10] (4) FFMIA, (5) Clinger-Cohen Act of 1996,[Footnote 11] (6) Accountability of Tax Dollars Act of 2002,[Footnote 12] and (7) Department of Homeland Security Financial Accountability Act of 2004,[Footnote 13] if successfully implemented, provides a solid foundation for improving the accountability of government programs and operations as well as for routinely producing valuable cost and operating performance information. These financial management reform acts emphasize the importance of improving financial management across the federal government. In particular, building on the foundation laid by the CFO Act, FFMIA emphasizes the need for agencies to have systems that are able to generate reliable, useful, and timely information for decision-making purposes and to ensure accountability on an ongoing basis. FFMIA requires the departments and agencies covered by the CFO Act to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards,[Footnote 14] and (3) the SGL[Footnote 15] at the transaction level. FFMIA also requires auditors to state in their CFO Act financial statement audit reports whether the agencies' financial management systems substantially comply with FFMIA's systems requirements. Appendixes I through IV include details on the various requirements and standards that support federal financial management. Guidance for FFMIA Issued by OMB: OMB establishes governmentwide financial management policies and requirements and has issued two sources of guidance related to FFMIA reporting. First, OMB Bulletin No. 01-02, Audit Requirements for Federal Financial Statements, dated October 16, 2000, prescribes specific language auditors should use when reporting on an agency system's substantial compliance with FFMIA. Specifically, this guidance calls for auditors to provide negative assurance when reporting on an agency system's FFMIA compliance. Second, in OMB Memorandum, Revised Implementation Guidance for the Federal Financial Management Improvement Act (Jan. 4, 2001), OMB provides guidance for agencies and auditors to use in assessing substantial compliance. The guidance describes the factors that should be considered in determining whether an agency's systems substantially comply with FFMIA's requirements. Further, the guidance provides examples of the types of indicators that should be used as a basis for assessing whether an agency's systems are in substantial compliance with each of the three FFMIA requirements. Finally, the guidance discusses the corrective action plans, to be developed by agency heads, for bringing their systems into compliance with FFMIA. Financial Audit Manual Section on FFMIA Developed by GAO and PCIE: We have worked in partnership with representatives from the President's Council on Integrity and Efficiency (PCIE) to develop and maintain the joint GAO/PCIE Financial Audit Manual (FAM). The FAM provides specific procedures auditors should perform when assessing FFMIA compliance.[Footnote 16] As detailed in appendix V, we have also issued a series of checklists to help assess whether agencies systems meet systems requirements. The FAM guidance on FFMIA assessments recognizes that while financial statement audits offer some assurance regarding FFMIA compliance, auditors should design and implement additional testing to satisfy FFMIA criteria. For example, in performing financial statement audits, auditors generally focus on the ability of the financial management systems to process and summarize financial information that flows into annual agency financial statements. In contrast, FFMIA requires auditors to assess whether an agency's financial management systems comply with system requirements, accounting standards, and the SGL. To do this, auditors need to consider whether agency systems provide reliable, useful, and timely information for managing day-to-day operations so that agency managers would have the necessary information to measure performance on an ongoing basis rather than just at year-end. Further, OMB's current audit guidance[Footnote 17] calls for financial statement auditors to review performance information for consistency with the financial statements, but does not require auditors to determine whether such information is available to managers for day-to-day decision making as called for by the FAM guidance for testing compliance with FFMIA. Scope and Methodology: We reviewed the fiscal year 2004 financial statement audit reports for the 23 CFO Act agencies to identify the auditors' assessments of agency financial systems' compliance and the problems that affect FFMIA compliance. We also reviewed the fiscal year 2004 financial statement audit report for DHS to identify any FFMIA-related issues. Prior experience with the auditors and our review of their reports provided the basis for determining the sufficiency and relevancy of evidence provided in these documents. Based on the audit reports, we identified problems reported by the auditors that affect agency systems' compliance with FFMIA. The problems identified in these reports are consistent with long-standing financial management weaknesses we have reported based on our work at a number of agencies. However, we caution that the occurrence of problems in a particular category may be even greater than auditors' reports of FFMIA noncompliance would suggest, because auditors may not have included all problems in their reports. Finally, we held discussions with OMB officials to obtain information about their current efforts to improve federal financial management and address our prior recommendations related to FFMIA. We conducted our work in the Washington, D.C. area from February 2005 through May 2005 in accordance with U.S. generally accepted government auditing standards. We requested comments on a draft of this report from the Director of OMB or his designee. We received written comments from the OMB Controller. OMB's comments are discussed in the Agency Comments and Our Evaluation section and reprinted in appendix VI. Systems Weaknesses Continue to Impede Financial Management Accountability: While agencies have made demonstrable progress in producing auditable financial statements and some progress in addressing their financial management systems weaknesses, the majority of agencies' systems are still not substantially compliant with FFMIA's requirements. Figure 2 summarizes auditors' assessments of FFMIA compliance for fiscal years 2000 through 2004 and suggests that the instances of noncompliance with FFMIA's three requirements have remained fairly constant. For fiscal year 2004, offices of inspectors general (OIG) and their contract auditors reported that the systems of 16 of the 23 CFO Act agencies did not substantially comply with at least one of FFMIA's three requirements--federal financial management systems requirements, applicable federal accounting standards, or the SGL at the transaction level.[Footnote 18] Figure 2: Auditors' FFMIA Assessments for Fiscal Years 2000 through 2004: [See PDF for image] Note: See appendix VII for details on agencies' compliance with FFMIA requirements. [End of figure] In fiscal year 2004, auditors for six agencies--the Department of Commerce (Commerce), the Department of Energy (Energy), the Environmental Protection Agency (EPA), the General Services Administration (GSA), the National Science Foundation (NSF), and the Social Security Administration (SSA)--provided negative assurance that the agencies' financial systems were in compliance with FFMIA. In addition, for the first time, auditors for one agency, DOL, provided positive assurance that its systems were in compliance with FFMIA. In contrast, in fiscal year 2003, the auditors for Commerce, Energy, EPA, the Nuclear Regulatory Commission (NRC), NSF, and SSA reported that the results of their tests disclosed no instance in which their financial management systems did not meet FFMIA requirements. At the NRC, the auditors determined that the financial management systems did not comply with the requirements of FFMIA in fiscal year 2004, although they had previously determined that the systems were in compliance in fiscal year 2003. The change was due to audit tests performed on NRC's fee billing system in fiscal year 2004. As a result of their tests, the auditors concluded that the billing system lacked sound internal controls and does not comply with existing requirements for revenue systems. At GSA, the auditors provided negative assurance that the financial management systems were FFMIA-compliant in fiscal year 2004, although they had previously determined that the systems were not in compliance for fiscal year 2003 due to significant reconciliation problems. For fiscal year 2004, the GSA auditors closed the material weakness regarding the significant reconciliation problems that had affected GSA the prior year. DHS will be subject to FFMIA for the first time in fiscal year 2005. The Department of Homeland Security Financial Accountability Act[Footnote 19] added DHS to the list of CFO Act agencies effective for fiscal year 2005. Because DHS was not subject to FFMIA in fiscal year 2004, we have not included DHS in our summaries of compliance with FFMIA and problems reported by the auditors for fiscal year 2004. However, we have noted that the DHS auditors identified and reported deficiencies that relate to all three FFMIA requirements. We plan to include DHS in our analysis of the fiscal year 2005 FFMIA results. While substantially more CFO Act agencies have obtained clean or unqualified audit opinions on their financial statements, as shown in figure 2, the underlying agency financial systems remain a serious problem. The number of unqualified opinions has increased over the past 8 years (from 11 in fiscal year 1997 to 18 for fiscal year 2004), and most agencies were able to issue their audited financial statements within the accelerated reporting time frame--22 of the 23 CFO Act agencies[Footnote 20] issued their audited financial statements by the November 15, 2004, deadline set by OMB, just 46 days after the close of the fiscal year. While the increase in unqualified and timely opinions is noteworthy, we are concerned over the growing number of CFO Act agencies that have restated certain of their financial statements for fiscal year 2003 to correct errors and have included a matter of emphasis paragraph in our report on the audit of the fiscal year 2004 consolidated financial statements given the seriousness of this problem. As we have previously testified,[Footnote 21] at least 11[Footnote 22] of the 23 CFO Act agencies restated their fiscal year 2003 financial statements, whereas 5[Footnote 23] CFO Act agencies restated their fiscal year 2002 financial statements. The restatements to CFO Act agencies' fiscal year 2003 financial statements ranged from correcting two line items on one agency's balance sheet to numerous line items on several of another agency's financial statements. The amounts of the agencies' restatements ranged from several million dollars to over $91 billion. Nine[Footnote 24] of those 11 agencies received unqualified opinions on their financial statements originally issued in fiscal year 2003. Seven of the 9 auditors issued unqualified opinions on the restated financial statements, which in substance replace the auditors' opinions on their respective agencies' original fiscal year 2003 financial statements. For 2[Footnote 25] of these 9 agencies, the auditors not only withdrew their unqualified opinions on the fiscal year 2003 financial statements but also issued other than unqualified opinions on their respective agencies' restated fiscal year 2003 financial statements because they could not determine whether there were any additional misstatements and the effect that these could have on the restated fiscal year 2003 financial statements. For two of the agencies with restated financial statements, auditors provided negative assurance that the agencies' systems were in compliance with FFMIA for fiscal year 2003. The restatements at these agencies reflected inaccurate recording of transactions, and in one case, the cause for the restatement could be traced back to the implementation of new software, among other factors. The necessity for these agencies to restate certain financial accounts in the subsequent fiscal year raises questions about whether the agencies systems substantially met FFMIA requirements and whether financial managers had access to reliable, useful, and timely information with which to make fully informed operational decisions in fiscal year 2003. The need for restatements and end-of-the-year adjustments to correct for errors undermines public trust and confidence in both the entity and all responsible parties and indicates a continuing lack of improvement in the underlying agency financial systems. Undue emphasis on receiving unqualified or clean audit opinions has led to an expectation gap since, as more agencies receive clean opinions, public expectations are raised that the government has sound financial management and can produce reliable, useful, and timely information on demand throughout the year, whereas the annual FFMIA assessments offer a different perspective. FFMIA Compliance Findings Mostly Based on Negative Assurance: In fiscal year 2004 auditors for seven agencies reported their systems to be in substantial compliance with the requirements of FFMIA. Auditors for six of these agencies (Commerce, Energy, EPA, NRC, NSF, and SSA) provided negative assurance that the agencies' systems were in compliance with FFMIA. Auditors provide negative assurance when they state that nothing came to their attention during the course of their planned procedures to indicate that these agencies' financial management systems did not meet FFMIA requirements. If readers are not familiar with the concept of negative assurance, which we believe is generally the case, they may incorrectly assume that these systems have been fully tested by the auditors and that the agencies have achieved compliance. OMB's current audit guidance[Footnote 26] only calls for auditors to provide negative assurance when reporting whether an agency's systems are in substantial compliance with FFMIA. To provide positive assurance of FFMIA compliance, auditors need to perform more comprehensive audit procedures than those necessary to render an opinion for a financial statement audit. In performing financial statement audits, auditors generally focus on the capability of the financial management systems to process and summarize financial information that flows into financial statements. In contrast, FFMIA is much broader and requires auditors to assess whether an agency's financial management systems substantially comply with systems requirements. To do this, auditors need to consider whether agency systems provide complete, accurate, and timely information for day-to- day decision making and management. In fiscal year 2004, auditors for DOL provided an opinion, or positive assurance, of DOL's financial management systems' compliance with FFMIA. At DOL, the Inspector General (IG) contracted with an independent public accounting firm to perform the FFMIA examination in accordance with American Institute of Certified Public Accountants attestation standards, which by reference are incorporated in Government Auditing Standards. To do so, the auditors used a combination of financial statement and FFMIA-specific audit procedures. Specifically, they performed extensive transaction testing and reconciliations combined with FFMIA-related audit procedures based on the GAO/PCIE FAM requirements. For example, they developed a good understanding of the financial systems capabilities, documented their assessments of DOL's financial systems' compliance with systems requirements, and considered the nature and extent of managerial cost information available for effective day-to-day management. According to the auditors, two developments at DOL in fiscal year 2004 were key to the ability of the auditors to conclude that DOL systems substantially complied with the three requirements of FFMIA for fiscal year 2004. First, during fiscal year 2004, DOL management assigned staff the responsibility of reconciling the Fund Balance with Treasury (FBWT)[Footnote 27] accounts on a daily basis. Due to this increased focus on FBWT, at the end of fiscal year 2004, the auditors found no material differences between DOL and Treasury's records. Second, DOL implemented a cost management system during fiscal year 2004 in order to provide current year cost data to managers that has not been available in prior years. The auditors also determined that none of the internal control deficiencies reported as part of the financial statement audit indicated substantial noncompliance with FFMIA requirements. For the fiscal year 2005 financial statement audit, the auditors plan to increase their focus on the types of reports being produced currently by the cost system and how managers are using that information for day-to-day operations. In addition, the fiscal year 2005 DOL audit plan requires the auditors to perform the FFMIA-related FAM audit procedures and complete the associated checklists. The efforts by the DOL auditors to perform the level of review necessary to provide positive assurance of FFMIA compliance in fiscal year 2004 is most noteworthy. We have discussed the importance of providing positive assurance on FFMIA as required by the act for a number of years. We look forward to other agencies adopting similar auditing and reporting practice. Providing positive assurance of an agency's financial management system can identify weaknesses and lead to improvements that enhance the performance, productivity, and efficiency of federal financial management systems. It also provides a clear "bottom line," whereas negative assurance does not do so. Therefore, as we have discussed in prior reports,[Footnote 28] we reaffirm our prior recommendation that OMB require agency auditors to provide a statement of positive assurance when reporting an agency's systems to be in substantial compliance with FFMIA. OMB continues to support the requirement for negative assurance of FFMIA compliance. While OMB agrees that testing should occur, and its guidance on FFMIA calls for it, OMB officials stated that different, more coordinated approaches toward assessing an agency's internal controls and FFMIA compliance might provide sufficient assurance on an agency's systems. For example, in preparing the President's Management Agenda (PMA) scorecard assessments, OMB officials meet with agencies to discuss a number of financial management issues and have systems demonstrations. Agencies are asked to identify key business questions and related cost drivers. Then, the agencies must develop systems that can produce the information needed on those cost drivers to help management at all levels focus on results. OMB officials stated that they believed the PMA scorecard framework offers an alternate route toward substantial compliance that is similar to that offered by positive assurance. In its written comments on a draft of this report (see app. VI), OMB stated that the processes used in evaluating agencies against the PMA standards can provide a corroborative mechanism in evaluating compliance with FFMIA. Our concern is that the information provided by this approach does not come under audit scrutiny, which is what the law requires, and may not be reliable. In December 2004, OMB revised Circular No. A-123, Management's Responsibility for Internal Control, to strengthen the requirements for conducting management's assessment of internal control over financial reporting. The revision incorporates the internal control requirements for publicly traded companies that are contained in the Sarbanes-Oxley Act of 2002.[Footnote 29] The circular emphasized management's responsibility for establishing, maintaining, and reporting on internal control to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with laws and regulations. In commenting on a draft of this report, OMB emphasized that through its revision to Circular No. A-123, agencies are required to implement more rigorous processes for conducting management's assessment of the effectiveness of internal controls over financial reporting. Given that PMA and Circular No. A-123 reviews help to ensure agencies' access to and use of timely and accurate financial data, OMB believes that requiring a statement of positive assurance would prove only marginally useful. From our perspective, auditor reporting on internal control is a critical component of monitoring the effectiveness of an organization's accountability, especially for large, complex, or challenged entities. Auditors can better serve their clients and other financial statement users and better protect the public interest by having a greater role in providing assurances of the effectiveness of internal control in deterring fraudulent financial reporting and protecting assets. Financial management systems are a critical element of an entity's internal control over financial reporting. Although enhanced internal control reporting would not necessarily address the full capability of the financial management systems in place, such reporting would include reportable internal control weaknesses caused by financial systems problems. However, the full value of independent auditors' assessments of FFMIA compliance will not be fully realized until auditors perform a sufficient level of audit work to be able to provide positive assurance that agencies are in compliance with FFMIA as called for in the act. When reporting an agency's financial management systems to be in substantial compliance, positive assurance from independent auditors will provide users with confidence that the agency systems provide the reliable, useful, and timely information envisioned by the act. In addition, we also reaffirm our previous recommendation that OMB explore clarifying the definition of "substantial compliance" to help ensure consistent application of the term. As we noted in our prior reports, auditors we interviewed had concerns about providing positive assurance in reporting on agency systems' FFMIA compliance because of a need for clarification regarding the meaning of substantial compliance. In its comments, OMB stated that its growing experience helping agencies implement the PMA enables it to refine the existing FFMIA indicators associated with substantial compliance. Accordingly, OMB said it would consider our recommendation in any future policy and guidance updates. Reasons for Noncompliance: Based on our review of the fiscal year 2004 audit reports for the 16 agencies reported to have systems not in substantial compliance with one or more of FFMIA's three requirements, we identified six primary reasons cited by the auditors for agency systems not being compliant. The weaknesses reported by the auditors ranged from serious, pervasive systems problems to less serious problems that may affect only one aspect of an agency's accounting operation: * nonintegrated financial management systems, * inadequate reconciliation procedures, * lack of accurate and timely recording of financial information, * noncompliance with the SGL, * lack of adherence to federal accounting standards, and: * weak security controls over information systems. Figure 3 shows the relative frequency of these problems at the 16 agencies reported to have noncompliant systems. The same six types of problems have been cited by auditors in their fiscal years 2000 through 2003 audit reports, although the auditors may not have reported these problems as specific reasons for their systems' lack of substantial compliance with FFMIA. In addition, we caution that the occurrence of problems in any particular category may be even greater than auditors' reports of FFMIA noncompliance would suggest because auditors may not have identified all problems in their reviews. Figure 3: Problems Reported by Auditors for Fiscal Years 2000 through 2004: [See PDF for image] [End of figure] Nonintegrated Financial Management Systems: The CFO Act calls for agencies to develop and maintain integrated accounting and financial management systems[Footnote 30] that comply with federal systems requirements and provide for (1) complete, reliable, consistent, and timely information that is responsive to the financial information needs of the agency and facilitates the systematic measurement of performance; (2) the development and reporting of cost management information; and (3) the integration of accounting, budgeting, and program information. OMB Circular No. A-127, Financial Management Systems, requires agencies to establish and maintain a single integrated financial management system that conforms to functional requirements published by JFMIP's Program Management Office (PMO). More details on the financial management systems requirements can be found in appendixes I and II. The lack of integrated financial management systems typically results in agencies expending major effort and resources, including in some cases hiring external consultants, to develop information that their systems should be able to provide on a daily or recurring basis. Agencies with nonintegrated financial systems are also more likely to devote more time and resources to collecting information than those with integrated systems. In addition, opportunities for errors are increased when agencies' systems are not integrated. Auditors frequently mentioned the lack of integrated financial management systems in their fiscal year 2004 audit reports. As shown in figure 3, auditors for 12 of the 16 agencies with noncompliant systems reported this to be a problem, compared with 11 of the 17 agencies reported with noncompliant systems in fiscal year 2003. For example, auditors for the Department of Justice reported that the financial management systems of the department's component agencies are not integrated or configured to support financial management and reporting. For instance, the U.S. Marshals Service's core financial system lacks integrated subsidiary ledgers for certain key account balances. Consequently, staff at this organization must perform time-consuming manual procedures to document adjustments and crosswalks between the general ledger and the financial statements. However, the limited amount of time available at the end of each financial reporting period increases the risk that errors existing in the financial statements were not detected and corrected prior to final issuance. The auditors also noted that the nonintegrated systems do not support management's need for timely and accurate information for day-to-day decision making. At the National Aeronautics and Space Administration (NASA), auditors reported numerous weaknesses in the core financial system, the integrated financial management system first implemented by NASA in fiscal year 2003. We have previously reported on problems NASA faced when implementing this system.[Footnote 31] Specifically, the auditors found that the core financial system lacked integration with certain key subsidiary systems, such as the property system, and does not facilitate the preparation of financial statements. Although the auditors recognized that management identified and resolved significant system problems in fiscal year 2004, the auditors identified serious continuing weaknesses in their review of property, plant, and equipment (PP&E)--specifically contractor-held PP&E. For example, due to a lack of integration with the property system, entries for contractor-held property, totaling $8.5 billion, had to be manually entered into the core financial system. The auditors concluded that the problems will not be fully addressed until NASA implements a single integrated system for reporting property and develops a methodology to identify costs that should be capitalized at the time that transactions are processed. The auditors further noted that certain transactions continue to be posted incorrectly due to improper configurations within the system. Consequently, they concluded that NASA lacks an integrated financial management system that provides effective and efficient interrelationships between software, hardware, personnel, procedures, controls, and data. Inadequate Reconciliation Procedures: A reconciliation process, whether manual or automated, is a necessary and valuable part of a sound financial management system. The less integrated the financial management system, the greater the need for adequate reconciliations because data are being accumulated from a number of different sources. Reconciliations are needed to ensure that data have been recorded properly between the various systems and manual records. The Comptroller General's Standards for Internal Control in the Federal Government highlights reconciliation as a key control activity. As shown in figure 3, auditors for 11 of the 16 agencies with noncompliant systems reported that the agencies had reconciliation problems, including difficulty in reconciling their FBWT accounts with Treasury's records, compared with 11 of the 17 agencies reported with noncompliant systems in fiscal year 2003. Treasury policy requires agencies to reconcile their accounting records with Treasury records on a monthly basis (comparable to individuals reconciling their personal checkbooks to their monthly bank statements). For example, in fiscal year 2003, auditors for the Department of Transportation (DOT) reported that the department had not implemented effective processes to reconcile transactions with other federal agencies. During fiscal year 2004, DOT did improve its reconciliation procedures using a new reporting tool within its financial management system. However, on September 30, 2004, DOT still had not identified agencies associated with $27 billion, or about half, of the $55 billion of transactions with other federal agencies that were processed and reported to Treasury in fiscal year 2004. The large amount associated with unknown trading partners demonstrates that DOT still lacks an effective process for reconciling transactions. Furthermore, DOT lacked an effective process for reconciling transactions among its own subsidiary agencies. In fiscal year 2004, DOT's subsidiary agencies reported a total of $17 million in accounts receivable, or amounts due from other departmental agencies. These same organizations, however, reported $582 million in accounts payable, or amounts owed to other departmental agencies. Because these amounts should reflect only transactions within DOT, at the consolidated agency level the amount due should match the amount owed. Due to this discrepancy, DOT management had to perform extensive research and make numerous manual adjustments to balance its records and prepare reliable financial statements. Until DOT is able to automatically track transactions with other federal agencies and between its own subsidiary agencies, it will not be able to make significant progress in reconciling its transaction balances internally and with those of other agencies. As a result of these problems at DOT and other federal agencies, the federal government's ability to determine the impact of these differences on the amounts reported in the consolidated financial statements is impaired, which we cite in our audit report on the U.S. government's consolidated financial statements as one of three major impediments to providing an opinion on those financial statements. Resolving the intragovernmental transactions problem remains a difficult challenge and will require a commitment by federal agencies and strong leadership and oversight by OMB. Lack of Accurate and Timely Recording of Financial Information: As shown in figure 3, auditors for all 16 of the agencies with noncompliant systems reported the lack of accurate and timely recording of financial information as a problem for fiscal year 2004, compared with 15 of the 17 agencies reported with noncompliant systems in fiscal year 2003. Accurate and timely recording of financial information is essential for successful financial management. Timely recording of transactions facilitates accurate reporting in agencies' financial reports and other management reports used to guide managerial decision making. In addition, having systems that record information in an accurate and timely manner is critical for key governmentwide initiatives, such as integrating budget and performance information. In contrast, untimely recording of transactions during the fiscal year can result in agencies making substantial efforts at fiscal year-end to perform extensive manual financial statement preparation efforts that are susceptible to error and increase the risk of misstatements. For example, auditors for the U.S. Department of Agriculture (USDA) reported that the department had to make about 1,800 closing adjustments, totaling billions of dollars, to the financial statements at year-end. The auditors noted that most of the adjustments they reviewed were necessary; however, having to make numerous adjustments at year-end diminished the utility of the financial data in assisting managers in administering USDA programs and operations throughout the year. In another case, the Department of Defense's (DOD) auditors reported that the Defense Finance and Accounting Service in Indianapolis made $204.8 billion (excluding adjustments for intragovernmental transactions) in unsupported accounting entries to prepare the fiscal year 2004 Army General Fund financial statements. Since these adjustments were unsupported, it was difficult for auditors to assess the accuracy of the transactions and account balances, and was one of a number of financial statement material weaknesses that led DOD auditors to disclaim an opinion on DOD's fiscal year 2004 financial statements. Noncompliance with the SGL: As shown in figure 3, auditors for 11 of the 16 agencies with noncompliant systems reported that the agencies' systems did not comply with SGL requirements for fiscal year 2004, compared with 10 of the 17 agencies reported with noncompliant systems in fiscal year 2003. FFMIA specifically requires federal agencies to implement the SGL at the transaction level. Using the SGL promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions and provides a basis for comparison at the agency and governmentwide levels. The defined accounts and pro forma transactions standardize the accumulation of agency financial information as well as enhance financial control and support financial statement preparation and other external reporting. By not implementing the SGL, agencies may experience difficulties in providing consistent financial information across their components and functions. For example, auditors for the Department of Health and Human Services (HHS) found that approximately 1,550 nonstandard accounting entries with an absolute value of almost $30 billion were recorded in HHS' Program Support Center's[Footnote 32] CORE accounting system to compensate for noncompliance with the SGL. These nonstandard accounting entries were recorded to correct for misstatements, to record reclassifications, and to correct reported balances. The auditors noted that these amounts were significantly less than those in fiscal year 2003, when approximately 2,300 nonstandard accounting entries were recorded with an absolute value of about $41 billion. In another instance, auditors for the U.S. Agency for International Development (USAID) found that the agency's overseas missions continue to use the Mission Accounting and Control System (MACS) as their primary financial system. MACS is a computer-based system that does not substantially comply with FFMIA's SGL requirement since it lacks the SGL chart of accounts. Instead, the system uses transaction codes to record entries; therefore, USAID cannot ensure that transactions are posted properly and consistently from mission to mission. Lack of Adherence to Federal Accounting Standards: One of FFMIA's requirements is that agencies' financial management systems account for transactions in accordance with federal accounting standards; however, agencies continue to face significant challenges in implementing these standards. As shown in figure 3, auditors for 11 of the 16 agencies with noncompliant systems reported that these agencies had problems complying with one or more federal accounting standards for fiscal year 2004, compared with 11 of the 17 agencies reported with noncompliant systems in fiscal year 2003. Appendixes III and IV list the federal financial accounting standards and other guidance issued by the Federal Accounting Standards Advisory Board and its Accounting and Auditing Policy Committee, respectively. Auditors expressly reported compliance problems with 11 specific accounting standards in fiscal year 2004. Of those standards, the 4 that were most troublesome for agencies are Statement of Federal Financial Accounting Standards (SFFAS) No. 1, Accounting for Selected Assets and Liabilities; SFFAS No. 4, Managerial Cost Accounting Concepts and Standards; SFFAS No. 6, Accounting for Property, Plant, and Equipment; and SFFAS No. 7, Accounting for Revenue and Other Financing Sources. In particular, SFFAS No. 4, which became effective in 1998, continues to be difficult for federal managers to fully implement. For example, as auditor for the Department of the Treasury's Internal Revenue Service (IRS),[Footnote 33] we reported that during fiscal year 2004 IRS continued to lack a cost accounting system capable of accurately and timely tracking and reporting the costs of its programs and projects. This condition also renders IRS unable to produce reliable cost-based performance information. IRS officials stated that they have the information necessary to determine the cost of various activities, such as conducting investigations; however, this information is widely distributed among a variety of information systems that are not integrated and therefore cannot share data. This makes the accumulation of cost information time consuming and labor intensive, and thus such information is not readily available for decision-making purposes. Accurate and timely cost management information is critical for federal managers to transform how government agencies manage the business of government and vital in developing meaningful links between budget, accounting, and performance. The requirement for managerial cost information has been in place since 1990 under the CFO Act and since October 1997 as a federal accounting standard. Similar system and process deficiencies also impede agency efforts to accurately and timely track and report the cost of their PP&E in accordance with SFFAS No. 6. For example, in its annual report on reliability, as required by section 1008 of the National Defense Authorization Act for Fiscal Year 2002,[Footnote 34] DOD acknowledged material deficiencies that impede its ability to reliably report the cost and depreciation of its general PP&E. Specifically, DOD disclosed a lack of (1) supporting documentation for general PP&E purchased many years ago, (2) integrated acquisition and financial systems, and (3) systems designed to capture the acquisition and modification costs and calculate depreciation. The consequences of not complying with this accounting standard are also similar: management lacks accurate and timely information to adequately safeguard, account for, and control these assets. Weak Security Controls over Information Systems: Information security weaknesses are a major concern for federal agencies and the general public and one of the frequently cited reasons for noncompliance with FFMIA. These control weaknesses place vast amounts of government assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure, and critical operations at risk of disruption. Accordingly, we have considered information security to be a governmentwide high-risk area since 1997.[Footnote 35] As shown in figure 3, auditors for 15 of the 16 agencies with noncompliant systems reported security weaknesses in information systems to be a problem, compared with all 17 of the agencies reported with noncompliant systems in fiscal year 2003. Consistent with section 1008 of the National Defense Authorization Act for Fiscal Year 2002, which requires DOD to minimize the use of resources to develop, compile, report, and audit unreliable financial statements, DOD auditors relied upon management's assertion regarding DOD's lack of compliance with federal financial management systems requirements. Accordingly, the DOD auditors limited their audit work and did not report information security weaknesses in their disclaimer report on DOD's fiscal year 2004 financial statements. However, DOD management reported that in addition to being unable to provide information that is reliable, timely, and accurate, the department's information systems are potentially vulnerable to an information warfare attack and reported this issue as a "significant deficiency" under the reporting requirements of the Federal Information Security Management: Act of 2002.[Footnote 36] The DOD auditors advised us that they agree with DOD management's acknowledgement of information security weaknesses. Therefore, we have included DOD in the summary of agencies with information security weaknesses. In addition, most of the agencies whose auditors provided negative assurance of substantial compliance with FFMIA still have computer security issues that need to be addressed by agency management. Unresolved information security weaknesses could adversely affect the ability of agencies to produce accurate data for decision making and financial reporting because such weaknesses could compromise the reliability and availability of data that are recorded in or transmitted by an agency's financial management system. As a case in point, in fiscal year 2004, auditors for the Department of Veterans Affairs reported that program and financial data continue to be at risk due to (1) the implementation and enforcement of controls and oversight over access to information systems, (2) the segregation of key duties and responsibilities of employees, and (3) contingency planning. They concluded that these weaknesses placed sensitive information, including financial data and sensitive veteran medical and benefit information, at risk of inadvertent or deliberate misuse, fraudulent use, improper disclosure, or destruction, possibly without detection. Key Initiatives That Impact Federal Financial Management Systems: As agencies move forward with initiatives to address FFMIA-related problems, it is important that consideration be given to the numerous governmentwide initiatives under way to address long-standing financial management weaknesses. OMB continues to move forward on new initiatives to enhance financial management and provide results-oriented information in the federal government. Two notable developments in this area in fiscal year 2004 were the realignment of responsibilities formerly performed by JFMIP and its PMO and the development of financial management lines of business. Furthermore, the continuing leadership and support of Congress will be crucial to sustaining momentum in the reformation of financial management in the federal government. Changes to Federal Financial Management due to JFMIP Realignment: In a December 2004 memorandum, OMB announced a realignment of JFMIP's responsibilities for financial management policy and oversight in the federal government. JFMIP was originally formed under the authority of the Budget and Accounting Procedures Act of 1950 and was a joint and cooperative undertaking of the General Accounting Office,[Footnote 37] the Department of the Treasury, OMB, and the Office of Personnel Management (OPM), working in cooperation with each other to improve financial management practices in the federal government. Leadership and program guidance was provided by the four principals of JFMIP--the Comptroller General of the United States, the Secretary of the Treasury, and the Directors of OMB and OPM. The PMO, managed by the Executive Director of JFMIP using funds provided by the CFO Council (CFOC), was established in 1999. The PMO was responsible for the testing and certification of commercial off-the-shelf (COTS) core financial systems for use by federal agencies and coordinating the development and publication of functional requirements for financial management systems.[Footnote 38] On December 1, 2004, in an effort to eliminate duplicative roles and streamline financial management improvement efforts, the four principals agreed to realign JFMIP's responsibilities for financial management policy and oversight. Specifically, under the announced realignment, the PMO will now report to the chair of a new CFOC committee--the Financial Systems Integration Committee (FSIC). Other JFMIP functions, such as issuing systems requirements, were assumed by OMB's Office of Federal Financial Management (OFFM) and the CFOC. While JFMIP ceased to exist as a separate organization, the Principals will continue to meet at their discretion consistent with the 1950 act. The newly established FSIC will be responsible for advising OFFM on systems requirements and overseeing the PMO, which will continue certifying core financial systems. The realignment recognizes that OMB and the agencies have responsibility for all facets of financial management systems and the work of the FSIC will be critical to the success of the realignment. Federal Financial Management Line of Business Initiative Continues to Evolve: In spring 2004, OMB launched task forces to conduct a governmentwide analysis of five lines of business supporting the President's Management Agenda (PMA) goal to expand electronic government. The goal of the Line of Business (LOB) initiative is to develop business-driven, common solutions for five specific lines of business that extend across the entire federal government. The five lines of business are financial management, human resources management, grants, federal health architecture, and case management.[Footnote 39] These lines of business share similar business requirements and processes. In the spring of 2005, OMB added the Information Technology Security LOB task force. OMB and designated agency LOB task forces plan to use enterprise architecture-based principles and best practices to identify common solutions for business processes, technology-based shared services, or both to be made available to government agencies. Driven from a business perspective rather than a technology focus, the solutions are expected to address distinct business improvements to enhance government's performance and services for citizens. The financial management LOB goals are to achieve or enhance process improvements and cost savings in the acquisition, development, implementation, and operation of financial management systems through shared services, joint procurements, consolidation, and other means; promote seamless data exchange between and among federal agencies; provide for the standardization of business processes and data elements; and strengthen internal controls through real-time integration of core financial and subsidiary systems. To achieve these goals, OMB and the associated agency task forces have focused on developing Centers of Excellence (COE). OMB officials stated that the purpose of developing COEs is to reduce the number of systems that each individual agency must support, promote standardization, and reduce the duplication of efforts. COEs can also create economies of scale by consolidating selected financial functions into a single agency or center. The economies of scale come from being able to use fewer staff to achieve the same results. For example, major software vendors often issue a software patch daily that must be tested and installed. A single COE would be able to test and update multiple agencies' systems rather than having multiple agencies each performing the same update. Officials at OMB stated that the financial management LOB continues to evolve with four agencies[Footnote 40] being selected to become COEs through the fiscal year 2006 budgetary process. In addition, OMB led the development of a due diligence checklist to assess an agency's capacity to be a COE. This checklist documents whether an agency can perform specific functions, has proper certification and accreditation, and uses a PMO-certified system. OMB has plans to develop additional tools and guidance to facilitate the COE concept. For example, OMB is considering a service level agreement template to provide agencies with standard contract clauses and will require agencies to document and justify the competition and selection process. OMB officials stated that the policies and procedures established through the financial management LOB will help keep federal financial management systems current; improve business processes; and with fewer systems in operation, facilitate vendor contracts. We have long supported and called for initiatives to standardize and streamline common financial systems, which may not only reduce costs but, if done correctly, can dramatically improve accountability. We have ongoing work to analyze the financial management LOB. DOD Continues to Struggle to Enhance Financial Management: As we have stated in our prior reports,[Footnote 41] DOD's financial management and related business operations continue to cause substantial waste and inefficiency, have an adverse impact on mission performance, and result in the lack of adequate transparency and appropriate accountability across all major business areas. Of the 25 areas on GAO's governmentwide high-risk list, 8 are DOD-specific program areas related to key business functions, and the department shares responsibility for 6 other high-risk areas that are governmentwide in scope.[Footnote 42] These problems preclude the department from producing reliable and timely data on its results of operations and accurately reporting on its trillions of dollars of assets and liabilities. Additionally, DOD's stovepiped, duplicative, and nonintegrated systems environment contributes to these operational problems and costs the American taxpayers billions of dollars each year. For fiscal year 2005, the department requested approximately $13 billion to operate, maintain, and modernize its reported 4,150 business systems.[Footnote 43] Overhauling the financial management and business operations of one of the largest and most complex organizations in the world represents a daunting challenge. In an effort to better manage DOD's resources, the Secretary of Defense has appropriately placed a high priority on transforming key business processes to improve their efficiency and effectiveness in supporting the department's military mission. The Business Management Modernization Program is the department's business transformation initiative; it encompasses defense policies, processes, people, and systems that guide, perform, or support all aspects of business management--including development and implementation of the business enterprise architecture or modernization blueprint. The Secretary of Defense has estimated that improving business operations of the department could save 5 percent of DOD's annual budget, which equates to a savings of over $20 billion a year. Transformation of DOD's business systems and operations is critical to the department having the ability to provide Congress and DOD management with accurate and timely information for use in the decision- making process. Although the Secretary of Defense and several key agency officials have shown commitment to transformation, little tangible evidence of significant broad-based and sustainable improvements has been seen in DOD's business operations. For DOD to successfully transform its business operations, it will need a comprehensive and integrated business transformation plan; people with the skills, responsibility, and authority to implement the plan; an effective process and related tools, such as a business enterprise architecture;[Footnote 44] and results-oriented performance measures that link institutional, unit, and individual personnel goals and expectations to promote accountability for results. Continuing Congressional Interest Helps Provide Accountability: The leadership and support demonstrated by Congress has been essential in the reformation of financial management in the federal government. As previously discussed, the legislative framework provided by the CFO Act and FFMIA, among others, established a solid foundation for stimulating change needed to achieve sound financial systems management. For example, in November 2002, Congress enacted the Accountability of Tax Dollars Act to extend the financial statements audit requirements of the CFO Act to additional federal agencies. Then, in October 2004, Congress added DHS to the list of CFO Act agencies and required DHS to obtain an audit opinion on its internal controls. In addition, DHS will be subject to FFMIA for fiscal year 2005 and its auditors will be required to report any FFMIA-related systems deficiencies or weaknesses identified. Sustained congressional interest in these issues has been demonstrated by the number of hearings on federal financial management and reform held over the past several years. It is critical that the various appropriations, budget, authorizing, and oversight committees hold agency top management accountable for resolving these problems and that the committees continue to support improvement efforts. The continued attention by Congress to these issues is crucial in sustaining momentum for financial management reform in the federal government. Toward this end, the Subcommittee on Government Management, Finance and Accountability, House Committee on Government Reform is currently examining the consolidation of existing federal financial management laws into legislation that would simplify, streamline, and enhance the laws governing agency financial management. These laws were primarily designed to increase financial accountability, enhance agency strategic focus, promote sound management through effective internal control, provide for effective information technology deployment, facilitate debt collection activities, and encourage better asset management. These are all interrelated management concepts, which the subcommittee intends to bring together under a single unified statute so that rules and regulations are clearly delineated for federal managers, which will enhance accountability for the federal government. Conclusions: Continuing problems with agencies' financial systems make it difficult for agencies to produce reliable, useful, and timely financial information on an ongoing basis for day-to-day management. While the number of agencies receiving unqualified or "clean" opinions on their financial statements has increased since fiscal year 1997, the continued widespread noncompliance with FFMIA shows that agencies have a long way to go before having systems, processes, and controls able to routinely generate reliable, useful, and timely information. As shown by the FFMIA-related problems reported in agency audit reports, federal financial management systems are not currently able to provide federal managers with the financial data needed for effective day-to-day management of their programs or for efficient external reporting. We continue to be concerned that the full nature and scope of the problems have not yet been identified because most auditors have only provided negative assurance in their FFMIA reports. We believe the law requires auditors to provide positive assurance on FFMIA compliance. Therefore, we reaffirm our recommendation made in prior reports that OMB revise its current FFMIA guidance to require agency auditors to provide a statement of positive assurance when reporting an agency's systems to be in substantial compliance. Such a determination will require auditors to perform a more thorough examination of their agencies' systems. We also reaffirm our other prior recommendation for OMB to explore further clarification of the definition of "substantial compliance" in its FFMIA guidance to encourage consistent reporting among agency auditors. As we have stated in prior reports,[Footnote 45] the auditors we have interviewed expressed concerns about providing positive assurance when reporting on agency systems' FFMIA compliance because of their belief that the meaning of substantial compliance needs to be clarified. The size and complexity of the federal government presents a formidable management challenge to modernize and improve its financial management systems that will require continued attention from the highest levels of government. We recognize that it will take time, investment, and sustained emphasis on correcting deficiencies to improve federal financial management systems to the level required by FFMIA. However, with concerted and coordinated effort, including attention from top agency management and the Congress, the federal government can make progress toward improving its financial management systems and thus achieve the goals of the CFO Act and provide accountability to the nation's taxpayers. Agency Comments and Our Evaluation: In written comments (reprinted in app. VI) on a draft of this report, OMB generally agreed with our assessment that while federal agencies continue to make progress in addressing financial management systems weaknesses, many agencies still need to make improvements to produce the information needed to efficiently and effectively manage day-to-day operations. As in previous years, OMB did not see the necessity of our recommendation for agency auditors to provide a statement of positive assurance when reporting agency systems to be in substantial compliance with the requirements of FFMIA. While OMB commends DOL's auditors for performing the additional level of audit work needed to provide positive assurance of compliance with FFMIA and encourages similar efforts at other agencies, OMB stated that requiring a statement of positive assurance for all agencies would prove only marginally useful. OMB stated that the framework of performance standards established under the PMA, as well as the ongoing efforts to update policy guidance, such as the internal control requirements in OMB Circular No. A-123, provide alternative mechanisms for evaluating FFMIA compliance. The PMA and Circular No. A-123 initiatives are two examples of current OMB efforts intended to complement FFMIA's goal of creating the full range of information needed for day-to-day management. From OMB's perspective, these efforts together with existing audit processes can provide an accurate assessment of substantial compliance, identify deficiencies, and suggest corrective actions. While we agree that the PMA and OMB Circular No. A-123 initiatives are helping to drive improvements, auditors need to consider other aspects of financial management systems when assessing FFMIA compliance that are not fully addressed through the current reporting structure. For example, in preparing the PMA scorecard assessments, OMB officials meet with agencies to discuss a number of financial management issues and have systems demonstrations. Our concern is that some of the information provided by this approach does not come under audit scrutiny and may not be reliable. Similarly, internal control assessments performed under Circular No. A-123 are based on management's judgment and are subject to review by independent auditors only in limited circumstances. From our perspective, an opinion by an independent auditor on FFMIA compliance would confirm that an agency's systems substantially met the requirements of FFMIA and provide additional confidence in the information provided as a result of the PMA and Circular No. A-123 initiatives. Finally, we continue to believe that a statement of positive assurance is a statutory requirement under the act. With regard to our prior recommendation, which we reaffirmed in this report, for revised guidance that clarifies the definition of substantial compliance, OMB said that the experience obtained from helping agencies implement the standards incorporated in the PMA will allow a further refinement of the FFMIA indicators associated with substantial compliance. Therefore, OMB agreed to consider clarifying the definition of "substantial compliance" in future policy and guidance updates. As we noted in our prior reports,[Footnote 46] auditors we interviewed expressed a need for clarification regarding the meaning of substantial compliance. OMB also provided additional oral comments, which we incorporated as appropriate. We are sending copies of this report to the Chairman and Ranking Minority Member, Subcommittee on Federal Financial Management, Government Information, and International Security, Senate Committee on Homeland Security and Governmental Affairs, and to the Chairman and Ranking Minority Member, Subcommittee on Government Management, Finance, and Accountability, House Committee on Government Reform. We are also sending copies to the Director of the Office of Management and Budget, the Secretary of Homeland Security, the heads of the 23 CFO Act agencies in our review, and agency CFOs and IGs. Copies will be made available to others upon request. In addition, this report will be available at no charge on the GAO Web site at [Hyperlink, http://www.gao.gov]. This report was prepared under the direction of Sally E. Thompson, Director, Financial Management and Assurance, who may be reached at (202) 512-2600 or by e-mail at [Hyperlink, thompsons@gao.gov] hompsons@gao.gov if you have any questions. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report are listed in appendix VIII. Signed by: David M. Walker: Comptroller General of the United States: [End of section] Appendixes: Appendix I: Requirements and Standards Supporting Federal Financial Management: Financial Management Systems Requirements: The policies and standards prescribed for executive agencies to follow in developing, operating, evaluating, and reporting on financial management systems are defined in Office of Management and Budget (OMB) Circular No. A-127, Financial Management Systems. The components of an integrated financial management system include the core financial system,[Footnote 47] managerial cost accounting system, administrative systems, and certain programmatic systems. Administrative systems are those that are common to all federal agency operations[Footnote 48] and programmatic systems are those needed to fulfill an agency's mission. Circular No. A-127 refers to the series of publications entitled Federal Financial Management Systems Requirements, initially issued by the Joint Financial Management Improvement Program's (JFMIP) Program Management Office (PMO)[Footnote 49] as the primary source of governmentwide requirements for financial management systems. Appendix II lists the federal financial management systems requirements published to date. Figure 4 is the current model that illustrates how these systems interrelate in an agency's overall systems architecture. Figure 4: Agency Systems Architecture: [See PDF for image] [End of figure] OMB Circular No. A-127 also requires agencies to purchase commercial off-the-shelf (COTS) software that has been tested and certified through the PMO software certification process when acquiring core financial systems. The PMO's certification process, however, does not eliminate or significantly reduce the need for agencies to develop and conduct comprehensive testing efforts to ensure that the COTS software meets their requirements. Moreover, according to the PMO, core financial systems certification does not mean that agencies that install these packages will have financial management systems that are compliant with FFMIA. Many other factors can affect the capability of the systems to comply with FFMIA, including modifications made to the PMO-certified core financial management systems software and the validity and completeness of data from feeder systems. Federal Accounting Standards: The Federal Accounting Standards Advisory Board (FASAB)[Footnote 50] promulgates federal accounting standards that agency Chief Financial Officers use in developing financial management systems and preparing financial statements. FASAB develops the appropriate accounting standards after considering the financial and budgetary information needs of Congress, executive agencies, and other users of federal financial information and comments from the public. FASAB forwards the standards to the three sponsors--the Comptroller General, the Secretary of the Treasury, and the Director of OMB--for a 90-day review. If there are no objections during the review period, the standards are considered final, and FASAB publishes them on its Web site and in print. The American Institute of Certified Public Accountants has recognized the federal accounting standards promulgated by FASAB as being generally accepted accounting principles for the federal government. This recognition enhances the acceptability of the standards, which form the foundation for preparing consistent and meaningful financial statements both for individual agencies and the government as a whole. Currently, there are 29 Statements of Federal Financial Accounting Standards (SFFAS) and 4 Statements of Federal Financial Accounting Concepts (SFFAC).[Footnote 51] The concepts and standards are the basis for OMB's guidance to agencies on the form and content of their financial statements and for the government's consolidated financial statements. Appendix III lists the concepts, standards, interpretations,[Footnote 52] and technical bulletins, along with their respective effective dates. FASAB's Accounting and Auditing Policy Committee (AAPC)[Footnote 53] assists in resolving issues related to the implementation of accounting standards. AAPC's efforts result in guidance for preparers and auditors of federal financial statements in connection with implementation of accounting standards and the reporting and auditing requirements contained in OMB's Bulletin No. 01-09, Form and Content of Agency's Financial Statements (Sept. 25, 2001), and Bulletin No. 01-02, Audit Requirements for Federal Financial Statements (Oct. 16, 2000). To date, AAPC has issued six technical releases, which are listed in appendix IV along with their release dates. U.S. Government Standard General Ledger: The SGL was established by an interagency task force under the direction of OMB and mandated for use by agencies in OMB and Treasury regulations in 1986. The SGL promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions used to standardize federal agencies' financial information accumulation and processing throughout the year; enhance financial control; and support budget and external reporting, including financial statement preparation. The SGL is intended to improve data stewardship throughout the federal government, enabling consistent reporting at all levels within the agencies and providing comparable data and financial analysis governmentwide.[Footnote 54] Internal Control Standards: Congress enacted legislation, 31 U.S.C. 3512(c),(d) (commonly referred to as the Federal Managers' Financial Integrity Act of 1982 (FIA)), to strengthen internal controls and accounting systems throughout the federal government, among other purposes. Issued pursuant to FIA, the Comptroller General's Standards for Internal Control in the Federal Government[Footnote 55] provides standards that are directed at helping agency managers implement effective internal control, an integral part of improving financial management systems. Internal control is a major part of managing an organization and comprises the plans, methods, and procedures used to meet missions, goals, and objectives. In summary, internal control, which under OMB's guidance for FIA is synonymous with management control, helps government program managers achieve desired results through effective stewardship of public resources. In December 2004, OMB revised Circular No. A-123, Management's Responsibility for Internal Control, to strengthen the requirements for conducting management's assessment of internal control over financial reporting. The circular emphasized management's responsibility for establishing and maintaining internal control to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with laws and regulations. Effective internal control also assists in managing the changes due to shifting environments and evolving demands and priorities. As programs change and agencies strive to improve operational processes and implement new technological developments, management must continually assess and evaluate its internal control to ensure that the control objectives are being achieved. [End of section] Appendix II: Publications in the Federal Financial Management Systems Requirements Series: FFMSR document: FFMSR-8 System Requirements for Managerial Cost Accounting; Issue date: February 1998. FFMSR document: JFMIP-SR-99-5 Human Resources & Payroll Systems Requirements; Issue date: April 1999. FFMSR document: JFMIP-SR-99-8 Direct Loan System Requirements; Issue date: June 1999. FFMSR document: JFMIP-SR-99-9 Travel System Requirements; Issue date: July 1999. FFMSR document: JFMIP-SR-99-14Seized Property and Forfeited Assets Systems Requirements; Issue date: December 1999. FFMSR document: JFMIP-SR-00-01Guaranteed Loan System Requirements; Issue date: March 2000. FFMSR document: JFMIP-SR-00-3 Grant Financial System Requirements; Issue date: June 2000. FFMSR document: JFMIP-SR-00-4 Property Management Systems Requirements; Issue date: October 2000. FFMSR document: JFMIP-SR-01-01 Benefit System Requirements; Issue date: September 2001. FFMSR document: JFMIP-SR-02-01 Core Financial System Requirements; Issue date: November 2001. FFMSR document: JFMIP-SR-02-02 Acquisition/Financial Systems Interface Requirements; Issue date: June 2002. FFMSR document: JFMIP-SR-03-01 Revenue System Requirements; Issue date: January 2003. FFMSR document: JFMIP-SR-03-02 Inventory, Supplies and Materials System Requirements; Issue date: August 2003. FFMSR document: JFMIP-SR-02-01 Addendum to Core Financial System Requirements; Issue date: March 2004. FFMSR document: JFMIP-SR-01-04 Framework for Federal Financial Management Systems; Issue date: April 2004. FFMSR document: OFFM-NO-0105 Core Financial System Requirements (Exposure Draft); Issue date: February 2005. FFMSR document: OFFM-NO-0206 Insurance System Requirements (Exposure Draft); Issue date: May 2005. Source: OMB's OFFM. Note: Effective December 1, 2004, all financial management system requirements documents and other guidance initially issued by JFMIP were transferred to OFFM and remain in effect until modified. [End of table] [End of section] Appendix III: Statements of Federal Financial Accounting Concepts, Standards, Interpretations, and Technical Bulletins: Concepts. SFFAC No. 1 Objectives of Federal Financial Reporting. SFFAC No. 2 Entity and Display. SFFAC No. 3 Management's Discussion and Analysis. SFFAC No. 4 Intended Audience and Qualitative Characteristics for the Consolidated Financial Report of the United States Government. Standards: SFFAS No. 1 Accounting for Selected Assets and Liabilities; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 2 Accounting for Direct Loans and Loan Guarantees; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 3 Accounting for Inventory and Related Property; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 4 Managerial Cost Accounting Concepts and Standards; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 5 Accounting for Liabilities of the Federal Government; Effective for fiscal year[A]: 1997. Standards: SFFAS No. 6 Accounting for Property, Plant, and Equipment; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 7 Accounting for Revenue and Other Financing Sources; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 8 Supplementary Stewardship Reporting; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 9 Deferral of the Effective Date of Managerial Cost Accounting Standards for the Federal Government in SFFAS No. 4; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 10 Accounting for Internal Use Software; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 11 Amendments to Accounting for Property, Plant, and Equipment--Definitional Changes; Effective for fiscal year[A]: 1999. Standards: SFFAS No. 12 Recognition of Contingent Liabilities Arising from Litigation: An Amendment of SFFAS No. 5, Accounting for Liabilities of the Federal Government; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 13 Deferral of Paragraph 65-2--Material Revenue- Related Transactions Disclosures; Effective for fiscal year[A]: 1999. Standards: SFFAS No. 14 Amendments to Deferred Maintenance Reporting; Effective for fiscal year[A]: 1999. Standards: SFFAS No. 15 Management's Discussion and Analysis; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 16 Amendments to Accounting for Property, Plant, and Equipment; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 17 Accounting for Social Insurance; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 18 Amendments to Accounting Standards for Direct Loans and Loan Guarantees in SFFAS No. 2; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 19 Technical Amendments to Accounting Standards for Direct Loans and Loan Guarantees in SFFAS No. 2; Effective for fiscal year[A]: 2003. Standards: SFFAS No. 20 Elimination of Certain Disclosures Related to Tax Revenue Transactions by the Internal Revenue Service, Customs, and Others; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 21 Reporting Corrections of Errors and Changes in Accounting Principles; Effective for fiscal year[A]: 2002. Standards: SFFAS No. 22 Change in Certain Requirements for Reconciling Obligations and Net Cost of Operations; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 23 Eliminating the Category National Defense Property, Plant, and Equipment; Effective for fiscal year[A]: 2003. Standards: SFFAS No. 24 Selected Standards for the Consolidated Financial Report of the United States Government; Effective for fiscal year[A]: 2002. Standards: SFFAS No. 25 Reclassification of Stewardship Responsibilities and Eliminating the Current Services Assessment (amended); Effective for fiscal year[A]: 2006. Standards: SFFAS No. 26 Presentation of Significant Assumptions for the Statement of Social Insurance: Amending SFFAS 25 (amended); Effective for fiscal year[A]: 2006. Standards: SFFAS No. 27 Identifying and Reporting Earmarked Funds; Effective for fiscal year[A]: 2006. Standards: SFFAS No. 28 Deferral of the Effective Date of Reclassification of the Statement of Social Insurance: Amending SFFAS 25 and 26; Effective for fiscal year[A]: 2006. Standards: SFFAS No. 29 Heritage Assets and Stewardship Land; Effective for fiscal year[A]: 2006. Interpretations: No. 1 Reporting on Indian Trust Funds. No. 2 Accounting for Treasury Judgment Fund Transactions. No. 3 Measurement Date for Pension and Retirement Health Care Liabilities. No. 4 Accounting for Pension Payments in Excess of Pension Expense. No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue. No. 6 Accounting for Imputed Intra-departmental Costs. Technical Bulletins: TB 2000-1 Purpose and Scope of FASAB Technical Bulletins and Procedures for Issuance. TB 2002-1 Assigning to Component Entities Costs and Liabilities That Result From Legal Claims Against the Federal Government. TB 2002-2 Disclosures Required by Paragraph 79(g) of SFFAS 7. TB 2003-1 Certain Questions and Answers Related to the Homeland Security Act of 2002. Source: FASAB. [A] Effective dates do not apply to Statements of Federal Financial Accounting Concepts, Interpretations, and Technical Bulletins. [End of table] [End of section] Appendix IV: AAPC Technical Releases: Technical release: TR-1 Audit Legal Representation Letter Guidance; AAPC release date: March 1, 1998. Technical release: TR-2 Determining Probable and Reasonably Estimable for Environmental Liabilities in the Federal Government; AAPC release date: March 15, 1998. Technical release: TR-3 Preparing and Auditing Direct Loan and Loan Guarantee Subsidies Under the Federal Credit Reform Act; AAPC release date: July 31, 1999. Technical release: TR-4 Reporting on Non-Valued Seized and Forfeited Property; AAPC release date: July 31, 1999. Technical release: TR-5 Implementation Guidance on SFFAS No. 10: Accounting for Internal Use Software; AAPC release date: May 14, 2001. Technical release: TR-6 Preparing Estimates for Direct Loan and Loan Guarantee Subsidies Under the Federal Credit Reform Act (Amendments to TR-3); AAPC release date: January 2004. Source: FASAB. [End of table] [End of section] Appendix V: Checklists for Reviewing Systems under the Federal Financial Management Improvement Act: Checklist: GAO/AIMD-00-21.2.3 Human Resources and Payroll Systems Requirements; Issue date: March 2000. Checklist: GAO-01-99G Seized Property and Forfeited Assets Systems Requirements; Issue date: October 2000. Checklist: GAO/AIMD-21-2.6 Direct Loan System Requirements; Issue date: April 2000. Checklist: GAO/AIMD-21.2.8 Travel System Requirements; Issue date: May 2000. Checklist: GAO/AIMD-99-21.2.9 System Requirements for Managerial Cost Accounting; Issue date: January 1999. Checklist: GAO-01-371G Guaranteed Loan System Requirements; Issue date: March 2001. Checklist: GAO-01-911G Grant Financial System Requirements; Issue date: September 2001. Checklist: GAO-02-171G Property Management Systems Requirements; Issue date: December 2001. Checklist: GAO-04-22G Benefit System Requirements; Issue date: October 2003. Checklist: GAO-04-650G Acquisition/Financial Systems Interface Requirements; Issue date: June 2004. Checklist: GAO-05-225G Core Financial System Requirements; Issue date: February 2005. Source: GAO. [End of table] [End of section] Appendix VI: Comments from the Office of Management and Budget: EXECUTIVE OFFICE OF THE PRESIDENT: OFFICE OF MANAGEMENT AND BUDGET: WASHINGTON, D.C. 20503: THE CONTROLLER: AUG 22 2005: Ms. Sally E. Thompson: Director, Financial Management and Assurance: United States Government Accountability Office: Washington, DC 20548: Dear Ms. Thompson: Thank you for allowing us to comment on the GAO draft report entitled "Financial Management: Achieving FFMIA Compliance Continues to Challenge Agencies." In general, OMB agrees with your assessment that many agencies still need to make improvements to generate more accurate and timely financial management information to optimize day-to-day operations. For instance, ongoing agency reviews under the President's Management Agenda (PMA) show that agencies must make fundamental changes to their financial management practices in order to collect and report accurate and timely financial information. As noted below, we are working aggressively to assist agencies in building a strong foundation of financial management practices through the PMA as well as through updating policy guidance such as the revised internal control requirements defined in Appendix A of OMB Circular A-123. The recent successes of agencies in obtaining unqualified opinions on their financial statements and in resolving long-standing material weakness point to significantly improved financial performance. However, our common goal goes far beyond attaining unqualified opinions on agency financial statements. We are both striving for the creation and use - for both government managers and the taxpayer - of reliable, useful and timely management information. The PMA and A-123 initiatives are examples of current efforts intended to complement the goal of the Federal Financial Management Improvement Act (FFMIA) to create the full range of information needed for day-to- day management. Underlying both of these efforts are formal evaluative and review practices to identify deficiencies and take corrective action. Under the PMA's Improving Financial Performance initiative, the "standards of success" provide a vigorous corroborative mechanism for assessing FFMIA compliance. The standards for achieving "yellow" status ensure that agencies establish a foundation of sound accounting processes and effective internal controls so that available financial data is both timely and accurate. Indicators include receiving an unqualified financial statement opinion and eliminating all material weaknesses and non-compliances. To achieve "green" status, agencies must demonstrate how they are using timely and accurate financial data to drive letter results and have a plan to expand the use of financial information in day-to-day management. Through OMB's revision to Circular A-123, agencies are required to implement more rigorous processes for conducting management's assessment of the effectiveness of internal controls over financial reporting. Appendix A of the revised A-123 directs Federal managers to take a proactive approach to assessing internals controls by: 1) documenting the reporting process end-to-end, 2) directly testing key controls to validate effectiveness, and 3) reporting on the results of the tests in a new management assurance statement. These new internal control requirements for Federal agencies, spurred by similar requirements for public companies directed by the Sarbanes-Oxley Act of 2002, greatly complement and buttress the standards set by the PMA. Many of the ongoing assessments required under the revised A-123 mirror the types of assessments that would occur in establishing a statement of positive assurance under FFMIA. With the review vehicles discussed above helping to ascertain systems' compliance with FFMIA and ensuring agency access and use to timely and accurate financial data, OMB believes that requiring a statement of positive assurance would prove only marginally useful. We commend the auditors at the Department of Labor (DOL), as you have, for taking the extra steps to provide positive assurance of compliance on DOL's financial management systems. Nevertheless, while encouraging similar efforts at other agencies, we believe that mandating positive assurance of systems' compliance with FFMIA for all agencies is not necessary. The draft report also recommends that OMB clarify the definition of "substantial compliance." We believe that our growing experience helping agencies implement the high standards incorporated in the PMA will enable us to further refine the existing FFMIA indicators associated with substantial compliance. As such, we will consider this recommendation, as appropriate, in any future policy and guidance updates. We appreciate the opportunity to comment on the draft report and look forward to continue working with GAO in improving Federal financial management systems. If you have any questions please feel free to contact David Alekson at 202.395.5642. Sincerely, Signed by: Linda M. Combs: Controller: [End of section] Appendix VII: Auditors' FFMIA Determinations for Fiscal Year 2004: Agency: Department of Agriculture; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: Department of Commerce; Auditor's assessment of compliance: Yes; Areas of reported systems lack of substantial compliance: [Empty]. Agency: Department of Defense; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: Department of Education; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements. Agency: Department of Energy; Auditor's assessment of compliance: Yes; Areas of reported systems lack of substantial compliance: [Empty]. Agency: Department of Health and Human Services; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; SGL. Agency: Department of Housing and Urban Development; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards. Agency: Department of the Interior; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: Department of Justice; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: Department of Labor; Auditor's assessment of compliance: Yes; Areas of reported systems lack of substantial compliance: [Empty]. Agency: Department of State; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards. Agency: Department of Transportation; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: Department of the Treasury; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: Department of Veterans Affairs; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements. Agency: Agency for International Development; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; SGL. Agency: Environmental Protection Agency; Auditor's assessment of compliance: Yes; Areas of reported systems lack of substantial compliance: [Empty]. Agency: General Services Administration; Auditor's assessment of compliance: Yes; Areas of reported systems lack of substantial compliance: [Empty]. Agency: National Aeronautics and Space Administration; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: National Science Foundation; Auditor's assessment of compliance: Yes; Areas of reported systems lack of substantial compliance: [Empty]. Agency: Nuclear Regulatory Commission; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements. Agency: Office of Personnel Management; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: Small Business Administration; Auditor's assessment of compliance: No; Areas of reported systems lack of substantial compliance: Systems requirements; Accounting standards; SGL. Agency: Social Security Administration; Auditor's assessment of compliance: Yes; Areas of reported systems lack of substantial compliance: [Empty]. Agency: Total; Auditor's assessment of compliance: Yes: 7; Auditor's assessment of compliance: No: 16; Areas of reported systems lack of substantial compliance: Systems requirements: 16; Areas of reported systems lack of substantial compliance: Accounting standards: 11; Areas of reported systems lack of substantial compliance: SGL: 11. Source: GAO prepared from analysis of fiscal year 2004 audit reports. [End of table] [End of section] Appendix VIII: GAO Contact and Staff Acknowledgments: GAO Contact: Sally E. Thompson, (202) 512-2600: Acknowledgments: In addition to the contact named above, Kay L. Daly, Assistant Director; W. Stephen Lowrey; and Chanetta R. Reed made key contributions to this report. (193056): FOOTNOTES [1] Pub. L. No. 101-576, 104 Stat. 2838 (1990). [2] Federal Financial Management Improvement Act of 1996, Pub. L. No. 104-208, div. A., § 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 30, 1996). [3] There were initially 24 CFO Act agencies. See Pub. L. No. 101-576, §205, 104 Stat. 2838, 2842-2843 (1990). The Federal Emergency Management Agency (FEMA), one of the 24 CFO Act agencies, was subsequently transferred to the Department of Homeland Security (DHS) effective March 1, 2003. With this transfer, FEMA is no longer required to prepare and have audited financial statements under the CFO Act, leaving 23 CFO Act agencies for fiscal year 2004. For fiscal years 2003 and 2004, DHS was required to prepare audited financial statements under the Accountability of Tax Dollars Act of 2002 (Pub. L. No. 107- 289, 116 Stat. 2049 (Nov. 7, 2002)). Because DHS was not a CFO Act agency, it was not subject to FFMIA for fiscal year 2004. The DHS Financial Accountability Act, Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004), added DHS to the list of CFO Act agencies and deleted FEMA, increasing the number of CFO Act agencies again to 24 for fiscal year 2005. [4] The Department of Commerce, the Department of Energy, the Environmental Protection Agency, the General Services Administration, the National Science Foundation, and the Social Security Administration. [5] Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004). [6] GAO, Financial Management: FFMIA Implementation Critical for Federal Accountability, GAO-02-29 (Washington, D.C.: Oct. 1, 2001); Financial Management: FFMIA Implementation Necessary to Achieve Accountability, GAO-03-31 (Washington, D.C.: Oct. 1, 2002); Financial Management: Sustained Efforts Needed to Achieve FFMIA Accountability, GAO-03-1062 (Washington, D.C.: Sept. 30, 2003); and Financial Management: Improved Financial Systems Are Key to FFMIA Compliance, GAO- 05-20 (Washington, D.C.: Oct. 1, 2004). [7] Pub. L. No. 97-255, 96 Stat. 814 (Sept. 8, 1982), now codified at 31 U.S.C. 3512 (c),(d). [8] GAO, Standards for Internal Control in the Federal Government, GAO/ AIMD-00-21.3.1 (Washington, D.C.: November 1999). [9] Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993). [10] Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994). [11] Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996). [12] The Accountability of Tax Dollars Act of 2002 extends the requirement to prepare and submit audited financial statements to most executive agencies not subject to the CFO Act unless they are exempted by OMB. However, these agencies are not required to have systems that are compliant with FFMIA. [13] Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004). [14] The American Institute of Certified Public Accountants recognizes the federal accounting standards promulgated by the Federal Accounting Standards Advisory Board as generally accepted accounting principles. For a further description of federal accounting standards, see app. I. [15] The SGL provides a standard chart of accounts and standardized transactions that agencies are to use in all their financial systems. [16] GAO-01-765G, sections 701, 701A, 701B, and 260.58-.60. [17] OMB Bulletin No. 01-02, Audit Requirements for Federal Financial Statements (Oct. 16, 2000). [18] Of these 16 agencies, auditors for 9 agencies reported that their agencies' systems were not in substantial compliance with all three FFMIA requirements. [19] Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004). [20] The Department of Health and Human Services' Fiscal Year 2004 Performance and Accountability Report was issued in December 2004. [21] GAO, Fiscal Year 2004 U.S. Government Financial Statements: Sustained Improvement in Federal Financial Management Is Crucial to Addressing Our Nation's Future Fiscal Challenges, GAO-05-284T (Washington, D.C.: Feb. 9, 2005). [22] Departments of Agriculture, Defense, Health and Human Services, Justice, State, and Transportation and GSA, NSF, NRC, the Office of Personnel Management, and the Small Business Administration. [23] Departments of Agriculture, Health and Human Services, the Interior, Transportation, and the Treasury. [24] GSA, NSF, NRC, Office of Personnel Management (OPM), and the Departments of Agriculture, Health and Human Services, Justice, State, and Transportation. [25] NRC and the Department of Justice. [26] OMB Bulletin No. 01-02, Audit Requirements for Federal Financial Statements (Oct. 16, 2000). [27] Agencies record their budget spending authorizations in their FBWT accounts. Agencies increase or decrease these accounts as they collect or disburse funds. [28] GAO-02-29, GAO-03-31, GAO-03-1062, and GAO-05-20. [29] A final rule issued by the Securities and Exchange Commission that took effect in August 2003 provides guidance for implementations of Sections 302, 404, and 906 of the Sarbanes-Oxley Act of 2002 (Pub. L. No. 107-204, §§302, 404, 906 116 Stat. 745, 777, 789, 806 (July 30, 2002)), which requires publicly traded companies to establish and maintain an adequate internal control structure and procedures for financial reporting and include in the annual report a statement of management's responsibility for and assessment of the effectiveness of those controls and procedures in accordance with standards adopted by the Securities and Exchange Commission. [30] Federal financial system requirements define an integrated financial system as one that coordinates a number of previously unconnected functions to improve overall efficiency and control. Characteristics of such a system include (1) standard data classifications for recording financial events; (2) common processes for processing similar transactions; (3) consistent control over data entry, transaction processing, and reporting; and (4) a system design that eliminates unnecessary duplication of transaction entry. [31] GAO, Business Modernization: Improvements Needed in Management of NASA's Integrated Financial Management Program, GAO-03-507 (Washington, D.C.: Apr. 30, 2003); Information Technology: Architecture Needed to Guide NASA's Financial Management Modernization, GAO-04-43 (Washington, D.C.: Nov. 21, 2003); Business Modernization: Disciplined Processes Needed to Better Manage NASA's Integrated Financial Management Program, GAO-04-118 (Washington, D.C.: Nov. 21, 2003); Business Modernization: NASA's Integrated Financial Management Program Does Not Fully Address Agency's External Reporting Issues, GAO-04-151 (Washington, D.C.: Nov. 21, 2003); Business Modernization: NASA's Challenges in Managing Its Integrated Financial Management Program, GAO-04-255 (Washington, D.C.: Nov. 21, 2003); and National Aeronautics and Space Administration: Significant Actions Needed to Address Long- standing Financial Management Problems, GAO-04-754T (Washington, D.C.: May 19, 2004). [32] The Program Support Center (PSC) is an administrative office, which provides program support services to 8 of HHS' 12 operating divisions. The CORE accounting system has been described as the "nucleus" of PSC's accounting operations. [33] GAO, Financial Audit: IRS's Fiscal Years 2004 and 2003 Financial Statements, GAO-05-103 (Washington, D.C.: Nov. 10, 2004). [34] Pub. L. No. 107-107, 115 Stat. 1012, 1204 (Dec. 28, 2001). [35] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January 2005). [36] Pub. L. No. 107-347, title III, 116 Stat. 2899, 2946 (Dec. 17, 2002). [37] Effective July 7, 2004, the General Accounting Office's legal name became the Government Accountability Office to better reflect its role as a modern professional services organization. [38] See app. II for the systems requirements documents issued to date. [39] Case management involves managing claims or investigations including creating, routing, tracing, assignment and closing of a case, as well as collaboration among case handlers. [40] GSA, the Department of the Interior's National Business Center, the Department of the Treasury's Bureau of the Public Debt, and DOT. [41] GAO, DOD Business Transformation: Sustained Leadership Needed to Address Long-standing Financial and Business Management Problems, GAO- 05-723T (Washington, D.C.: Jun. 8, 2005); GAO, DOD Business Systems Modernization: Billions Being Invested without Adequate Oversight, GAO- 05-381 (Washington, D.C.: Apr. 29, 2005); and Department of Defense: Further Actions Are Needed to Effectively Address Business Management Problems and Overcome Key Business Transformation Challenges, GAO-05- 140T (Washington, D.C.: Nov. 17, 2004). [42] See GAO-05-207. The eight specific DOD high-risk areas are (1) approach to business transformation, (2) business systems modernization, (3) contract management, (4) financial management, (5) personnel security clearance program, (6) supply chain management, (7) support infrastructure management, and (8) weapon systems acquisition. The six governmentwide high-risk areas that include DOD are (1) disability programs, (2) interagency contracting, (3) information systems and critical infrastructure, (4) information sharing for homeland security, (5) human capital, and (6) real property. [43] Business systems include financial and nonfinancial systems such as civilian personnel, finance, health, logistics, military personnel, procurement, and transportation, with the common element being the generation or use of financial data to support DOD's business operations. [44] A business enterprise architecture is a well-defined blueprint for operational and technological change. [45] GAO-02-29, GAO-03-31, and GAO-05-20. [46] GAO-02-29, GAO-03-31, and GAO-05-20. [47] Core financial systems, as defined by the JFMIP PMO, include managing general ledger, funding, payments, receivables, and certain basic cost functions. [48] Examples of administrative systems include budget, acquisition, travel, property, and human resources and payroll. [49] In December 2004, OMB announced a realignment of JFMIP's responsibilities. Specifically, under the announced realignment, the PMO will continue its software certification process, but now report to the chair of a new Chief Financial Officers Council (CFOC) committee-- the Financial Systems Integration Committee (FSIC). Also, systems requirements will be issued by OFFM. Therefore, JFMIP has ceased to exist as a separate organization, although the Principals will continue to meet at their discretion. [50] In October 1990, the Secretary of the Treasury, the Director of OMB, and the Comptroller General established FASAB to develop a set of generally accepted accounting standards for the federal government. Effective October 1, 2003, FASAB is comprised of six nonfederal or public members, one member from the Congressional Budget Office, and the three sponsors. [51] Accounting standards are authoritative statements of how particular types of transactions and other events should be reflected in financial statements. SFFACs explain the objectives and ideas upon which FASAB develops the standards. [52] An interpretation is a document of narrow scope that provides clarifications of original meaning, additional definitions, or other guidance pertaining to an existing federal accounting standard. [53] In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the CFOC, and the President's Council on Integrity and Efficiency, established AAPC to assist the federal government in improving financial reporting. [54] SGL guidance is published in the Treasury Financial Manual. Treasury's Financial Management Service is responsible for maintaining the SGL and answering agency inquiries. [55] GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3 (Washington, D.C.: November 1999). GAO's Mission: The Government Accountability Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: