This is the accessible text file for GAO report number GAO-07-914 entitled 'Financial Management: Long-standing Financial Systems Weaknesses Present a Formidable Challenge' which was released on August 6, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Committee on Homeland Security and Governmental Affairs, U.S. Senate, and the Committee on Government Oversight and Reform, House of Representatives: United States Government Accountability Office: GAO: August 2007: Financial Management: Long-standing Financial Systems Weaknesses Present a Formidable Challenge: GAO-07-914: GAO Highlights: Highlights of GAO-07-914, a report to the Committee on Homeland Security and Governmental Affairs, U.S. Senate, and the Committee on Oversight and Government Reform, House of Representatives Why GAO Did This Study: The Federal Financial Management Improvement Act of 1996 (FFMIA) requires the 24 Chief Financial Officers (CFO) Act agencies to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL). FFMIA also requires GAO to report annually on the implementation of the act. This report, primarily based on GAO and inspectors general reports, discusses (1) the problems that continued to affect agencies systems’ FFMIA compliance in fiscal year 2006 and (2) the initiatives under way to help move federal financial management toward FFMIA compliance. What GAO Found: Federal agencies have continued to make progress in meeting the requirements of FFMIA since the passage of the law in 1996. Most agencies though, have not yet progressed to the stage that their systems are substantially compliant, and some agencies have made little progress. Accordingly, agencies continue to fall short in their attempts to establish the financial systems needed to create the full range of information needed for effective day-to-day management. In fiscal year 2006, auditors for 17 of the 24 CFO Act agencies reported that agencies’ financial management systems did not substantially comply with at least one of the three FFMIA requirements. As shown below, based on audit reports, GAO identified six types of problems primarily related to agencies’ systems. These problems with agency financial systems remain a significant obstacle to supporting effective management of the federal government. Figure: Number of Agencies with Reported FFMIA Compliance Problems for Fiscal Years 2002 through 2006: [See PDF for Image] Source: GAO analysis, based on independent auditors' financial statement audit reports. [End of figure] With regard to improvement initiatives, GAO noted continued progress in two key areas: (1) agencies’ required remediation plans and (2) the Office of Management and Budget’s (OMB) efforts to address system implementation problems. All 12 of the remediation plans GAO reviewed included corrective actions, but several were missing key elements. Moreover, agencies continue to struggle with efforts to modernize their financial management systems. This problem is particularly acute at the Department of Defense. Agency modernization efforts have been consistently hampered by failure to follow best practices in systems development and implementation, commonly referred to as disciplined processes. As a result, these efforts far too often do not meet cost, schedule, and performance goals. To help address these problems, OMB has demonstrated continued progress in the implementation of the financial management line of business initiative. However, additional steps forward are needed to provide a foundation for this initiative. What GAO Recommends: To further understand the key issues that affect FFMIA implementation and challenges in improving financial management systems, the Comptroller General is convening a forum later this year to bring together key officials and experts for a candid discussion of these issues. Accordingly, this report does not include any new recommendations. OMB was supportive of the forum, agreed with GAO's assessment, and stated it was working aggressively to assist agencies in building a strong foundation of financial management practices. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-914]. To view the full product, including the scope and methodology, click on the link above. For more information, contact McCoy Williams at (202) 512-9095 or williamsm1@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: Scope and Methodology: FFMIA Assessments Identify Marginal Improvements in Some Cases: Efforts Are Under Way to Address Federal Financial Management System Challenges: Conclusion: Agency Comments and Our Evaluation: Appendix I: Requirements and Standards Supporting Federal Financial Management: Financial Management Systems Requirements: Federal Accounting Standards: U.S. Government Standard General Ledger (SGL): Internal Control Standards: Appendix II: Publications in the Federal Financial Management Systems Requirements Series: Appendix III: Statements of Federal Financial Accounting Concepts, Standards, Interpretations, and Technical Bulletins: Appendix IV: Accounting and Auditing Policy Committee Technical Releases: Appendix V: Checklists for Reviewing Systems under the Federal Financial Management Improvement Act: Appendix VI: Comments from the Office of Management and Budget: Appendix VII: GAO Contact and Staff Acknowledgments: Figures: Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006: Figure 2: Number of Agencies with Reported FFMIA Compliance Problems for Fiscal Years 2002 through 2006: Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006: Figure 4: Number of Agencies with Reported FFMIA Compliance Problems for Fiscal Years 2002 through 2006: Figure 5: Number of CFO Act Agencies with Reported Nonintegrated Financial Management Systems Problems for Fiscal Years 2002 through 2006: Figure 6: Number of CFO Act Agencies with Reported Inadequate Reconciliation Procedures Problems for Fiscal Years 2002 through 2006: Figure 7: Number of CFO Act Agencies with Reported Lack of Accurate and Timely Recording Problems for Fiscal Years 2002 through 2006: Figure 8: Number of CFO Act Agencies with Reported Noncompliance with the SGL Problems for Fiscal Years 2002 through 2006: Figure 9: Number of CFO Act Agencies with Reported Lack of Adherence to Federal Accounting Standards Problems for Fiscal Years 2002 through 2006: Figure 10: Number of CFO Act Agencies with Reported Weak Security over Information Systems Problems for Fiscal Years 2002 through 2006: Figure 11: Summary of Analysis of Elements Included in 12 Agencies' Summarized Remediation Plans for Fiscal Year 2006: Figure 12: Agency Systems Architecture: United States Government Accountability Office: Washington, DC 20548: August 3, 2007: The Honorable Joseph I. Lieberman: Chairman: The Honorable Susan M. Collins: Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Henry A. Waxman: Chairman: The Honorable Tom Davis: Ranking Member: Committee on Oversight and Government Reform: House of Representatives: Having the reliable, useful, and timely financial data needed to efficiently and effectively manage their day-to-day operations is a long-standing challenge for federal agencies. To address this challenge, the Congress mandated financial management reform within the federal government by enacting the Chief Financial Officers (CFO) Act of 1990.[Footnote 1] The CFO Act laid the foundation for a comprehensive reform of federal financial management by establishing a leadership structure, requiring audited financial statements, and strengthening accountability reporting. This act also requires agencies to implement modern financial management systems in order to attain the systematic measurement of performance; the development of cost information; and the integration of program, budget, and financial information for management reporting. The end goal of the CFO Act is to greatly enhance the ability of federal managers to do their jobs by providing the full range of financial information needed for day-to-day management. Building on the foundation laid by the CFO Act, the Federal Financial Management Improvement Act of 1996[Footnote 2] (FFMIA) requires the major departments and agencies covered by the CFO Act to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL) at the transaction level. The act also requires the heads of agencies and auditors to determine whether the agencies' financial management systems comply with the act's requirements. In addition, we are required to report annually on the implementation of the act. This report discusses (1) the auditors' assessments of federal agency systems' compliance with FFMIA requirements for fiscal years 1997 through 2006 and the financial management systems problems that continued to affect systems' FFMIA compliance in fiscal year 2006 and (2) the initiatives under way to help move federal financial management toward the goals of the CFO Act and FFMIA compliance. This report incorporates historical information from our prior FFMIA reports, other reports issued by GAO, and reports issued by inspectors general (IG). We analyzed and summarized information from these reports that related to FFMIA issues and determined that the data in these reports were sufficiently reliable for the purposes of this report. We conducted our work from January through June 2007 in Washington, D.C., in accordance with generally accepted government auditing standards. We requested comments on a draft of this report from the Director of the Office of Management and Budget (OMB) or his designee. We received written comments from the OMB Controller. OMB's comments are discussed in the Agency Comments and Our Evaluation section and reprinted in appendix VI. Results in Brief: Since the passage of FFMIA, agencies have made progress in improving their financial management systems. We have seen incremental improvements throughout government, with some agencies making dramatic improvements. At the same time, much work remains to fulfill the underlying goals of FFMIA. As shown in figure 1, the number of agencies reported as having systems that were not in substantial compliance with at least one of the three FFMIA systems requirements improved from 20 in fiscal year 1997 to 17 in fiscal year 2006. In fiscal year 2006, as in the past, the majority of agencies' financial management systems were still not able to routinely produce reliable, useful, and timely financial information for day-to-day management. These shortcomings impede agency managers' access to adequate financial data to effectively manage and oversee their major programs. Figure 1: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 1997 through 2006. [End of figure] In fiscal year 2006, auditors for one CFO Act agency, the U.S. Agency for International Development (AID), provided positive assurance-- which is an opinion based on the nature and extent of audit work performed--that AID's financial management systems substantially complied with the requirements of FFMIA. Auditors for the remaining six[Footnote 3] CFO Act agencies provided negative assurance of FFMIA compliance. In essence, they reported that nothing came to their attention during the course of the audit to indicate that these agencies' financial management systems did not meet FFMIA requirements. Negative assurance is the level of assurance specified by OMB's audit guidance for reporting on FFMIA compliance. However, as we have previously reported, the extent of FFMIA compliance can be reliably determined through adequately testing systems to provide positive assurance. As shown in figure 2, agencies with systems reported not to be in substantial compliance with FFMIA requirements have made some progress in addressing the six problem areas that we have previously reported. For example, in fiscal year 2006 financial statement audit reports, auditors identified 7 instances of noncompliance with the SGL,[Footnote 4] compared with 11 reported in fiscal year 2005. As a case in point, auditors at AID identified various actions taken to improve the level of compliance, such as retiring legacy systems that were not SGL compliant and replacing them with new systems that comply with the SGL. Nevertheless, the nature and seriousness of the problems reported indicate that most agencies' financial management systems are frequently unable to routinely produce reliable, useful, and timely financial information to support day-to-day management. Addressing the problems with agencies' financial management systems remains a significant challenge to improved financial management in the federal government. This problem is particularly severe at the Department of Defense. Many agencies are still a long way from accomplishing the goals of the CFO Act of 1990 and FFMIA. Figure 2: Number of Agencies with Reported FFMIA Compliance Problems for Fiscal Years 2002 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 2002 through 2006. [End of figure] With regard to initiatives that are under way to help move federal agencies toward FFMIA compliance, we noted continued progress in two key areas: (1) agencies' summarized remediation plans in their performance and accountability reports (PARs) and (2) OMB's efforts to address system implementation problems. Heads of agencies that have systems not in substantial compliance are required to establish remediation plans to correct system deficiencies. FFMIA specifically requires that remedies, resources, and target dates be included in the remediation plans. OMB guidance requires agencies to summarize these plans in their PARs. A lack of the required data in the remediation plans can reduce the likelihood of successfully implementing corrective actions. Remediation plans provide a "road map" for management and staff to resolve financial management problems in a transparent manner, and also help hold managers accountable for needed improvements. For 5[Footnote 5]of the 17 agencies for which the auditors reported FFMIA noncompliance for fiscal year 2006, the agency heads disagreed with the auditors and considered their agencies' systems to be substantially compliant with FFMIA. Therefore, they did not prepare remediation plans. We reviewed the remaining 12 fiscal year 2006 PARs for the agencies' systems that were deemed noncompliant by their agency head and auditor to determine if a summarized remediation plan with the required information was included in the agency PAR. All of the agencies' PARs included summarized remediation plans along with proposed corrective actions. However, 4 of the 12 agencies did not include information on staffing resources required to complete the planned corrective actions. One agency omitted target dates for completion of the corrective actions to become substantially compliant with FFMIA. A discussion of the resource requirements needed to implement the corrective actions and the time frame for completion of corrective actions is essential in determining whether the corrective actions can realistically be accomplished. The significance of the issues facing federal agencies, now and in the future, necessitates remediation plans that clearly and fully describe the corrective actions necessary to resolve problems, as well as the resources and time frames required to successfully implement those actions. To help address systems implementation problems, OMB continues to move forward on initiatives that support the President's Management Agenda (PMA) to enhance financial management and provide results-oriented information in the federal government. A key initiative has been the further development of the financial management line of business to promote leveraging shared service solutions to enhance the government's performance and services. OMB has demonstrated continued progress toward implementation of the financial management line of business initiative by developing, for example, migration planning guidance and financial management service performance metrics. OMB's initial framework for the competitive migration to either a public shared service provider or a qualified private sector provider under the initiative is expected to help agencies maximize value by considering alternative solutions in a reasoned and structured manner. Continuing progress needs to be made to provide a sound foundation for this initiative. For example, as we reported in March 2006,[Footnote 6] the lack of a federal governmentwide concept of operations[Footnote 7] significantly impairs the potential success of this initiative. Moreover, shared service providers have been designated without common business rules and potential customer agencies continue to implement and operate individual stove-piped systems that may require additional work to adopt these processes. In addition, as of the completion of our audit work, none of the major CFO Act agencies had moved their financial management systems activities to an OMB-designated shared service provider,[Footnote 8] although actions are under way at several major agencies to do so. To further understand the underlying issues that affect the development of sound financial management systems and FFMIA implementation and to develop steps to overcome long-standing challenges, the Comptroller General plans to convene a forum later this year to bring together key subject matter experts and practitioners to discuss these issues. After the forum, we plan to issue a separate report summarizing the discussion and consider the key issues in our future FFMIA work. Accordingly, we are not making any new recommendations in this report. In commenting on a draft of this report, OMB agreed with our assessment that federal agencies have continued to make progress in financial management and that many agencies still need to improve their financial systems so that reliable, useful, and timely financial management information is available for day-to-day operations. OMB stated that it was working aggressively to assist agencies in building a strong foundation for financial management practices and also applauded our plans to convene a forum on these issues. As in previous years, we and OMB have differing views on the level of audit assurance necessary for assessing and reporting on compliance with FFMIA. OMB stated in its comments that requiring a statement of positive assurance would be costly and would not provide additional information that would be of benefit to the federal agency, OMB, or the taxpayer. We continue to believe that a statement of positive assurance is a statutory requirement under the act and there are a number of techniques that auditors can use to minimize the incremental cost of providing positive assurance.[Footnote 9] In our view, the confidence afforded by auditors providing positive assurance that agency financial management systems convey reliable, useful, and timely information to help government leaders invest resources, oversee programs, and reduce costs, would be of significant value to the agency, OMB, the Congress, and the taxpayer. We will continue to work with OMB on this issue. OMB did agree to take under advisement our prior recommendation to clarify the meaning of "substantial compliance" as it updates OMB Circular No. A- 127, Financial Management Systems. Our detailed discussion of OMB's comments can be found in the Agency Comments and Our Evaluation section. We have reprinted OMB's comments in appendix VI. Background: FFMIA is part of a series of management reform legislation passed by the Congress over the past two decades. This series of legislation started with the Federal Managers' Financial Integrity Act of 1982[Footnote 10] (FMFIA), which the Congress passed to strengthen internal controls and accounting systems throughout the federal government, among other purposes. Issued pursuant to FMFIA, the Comptroller General's Standards for Internal Control in the Federal Government[Footnote 11] provides the standards that are directed at helping agency managers implement effective internal control, an integral part of improving financial management systems. Internal control is a major part of managing an organization and comprises the plans, methods, and procedures used to meet missions, goals, and objectives. In summary, internal control helps government program managers achieve desired results through effective management of public resources. Effective internal control also helps in managing change to cope with shifting environments and evolving demands and priorities. As programs change and agencies strive to enhance operational processes and implement new technological developments, management must continually assess and evaluate its internal control to ensure that the control activities being used are effective and updated when necessary. While agencies had achieved some early success in identifying and correcting material internal control and accounting system weaknesses, their efforts to implement FMFIA had not produced the results intended by the Congress. Therefore, beginning in the 1990s, the Congress passed additional management reform legislation to improve the general and financial management of the federal government. This legislation includes the (1) CFO Act of 1990, (2) Government Performance and Results Act of 1993,[Footnote 12] (3) Government Management Reform Act of 1994,[Footnote 13] (4) FFMIA, (5) Clinger-Cohen Act of 1996,[Footnote 14] (6) Accountability of Tax Dollars Act of 2002,[Footnote 15] (7) Improper Payments Information Act of 2002,[Footnote 16] (8) The Federal Information Security Management Act of 2002,[Footnote 17] and (9) Department of Homeland Security (DHS) Financial Accountability Act of 2004.[Footnote 18] The combination of reforms ushered in by these laws, if successfully implemented, provides a solid foundation to improve the accountability of government programs and operations as well as to routinely produce valuable cost and operating performance information. These financial management reform acts emphasize the importance of improving financial management of the federal government. In particular, building on the foundation laid by the CFO Act, FFMIA emphasizes the need for CFO Act agencies to have systems that ensure ongoing accountability and generate reliable, useful, and timely information for decision-making purposes. FFMIA requires the departments and agencies covered by the CFO Act to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards,[Footnote 19] and (3) the SGL at the transaction level. FFMIA also requires auditors to state in their CFO Act financial statement audit reports whether the agencies' financial management systems substantially comply with these three FFMIA systems requirements. Appendixes I through IV include details on the various requirements and standards that support federal financial management. Guidance for FFMIA Issued by OMB: OMB establishes governmentwide financial management systems policies and requirements and has issued two sources of guidance related to FFMIA reporting. First, OMB Bulletin No. 06-03, Audit Requirements for Federal Financial Statements, dated August 23, 2006, prescribes audit requirements, including language auditors should use when reporting on an agency system's substantial compliance with the three FFMIA requirements. Specifically, this guidance calls for auditors to provide negative assurance when reporting on an agency system's FFMIA compliance. Second, in the OMB Memorandum, Revised Implementation Guidance for the Federal Financial Management Improvement Act (Jan. 4, 2001), OMB provides guidance for agencies and auditors to use in assessing substantial compliance.[Footnote 20] The guidance describes some of the factors that should be considered in determining whether an agency's systems substantially comply with FFMIA's three requirements and examples of indicators that should be used in assessing whether an agency's systems are in substantial compliance with each of the three FFMIA requirements. Finally, the guidance addresses the development of remediation plans to be developed by agency officials for bringing their systems into compliance with FFMIA. Financial Audit Manual Section on FFMIA Developed by GAO and the President's Council on Integrity and Efficiency: We have worked in partnership with the President's Council on Integrity and Efficiency[Footnote 21] (PCIE) to develop and maintain the joint GAO/PCIE Financial Audit Manual (FAM). The FAM includes sections that provide specific procedures auditors should perform when assessing FFMIA compliance.[Footnote 22] These sections include detailed audit steps for testing agency systems' substantial compliance with the requirements of FFMIA. As detailed in appendix V, we have also issued a series of checklists to help assess whether agencies' systems meet systems requirements. The FAM guidance on FFMIA assessments recognizes that while financial statement audits offer some assurance on FFMIA compliance, auditors should design and implement additional testing to satisfy FFMIA criteria. For example, in performing financial statement audits, auditors generally focus on the ability of the financial management systems to process and summarize financial information that flows into annual agency financial statements. In contrast, FFMIA requires auditors to assess whether an agency's financial management systems comply with system requirements, accounting standards, and the SGL. To do this, auditors need to consider whether agency systems provide reliable, useful, and timely information for managing day-to-day operations so that agency managers would have the necessary information to measure performance on an ongoing basis rather than just at year end. Further, OMB's current audit guidance[Footnote 23] calls for financial statement auditors to review performance information for consistency with the financial statements, but does not require auditors to determine whether this information is available to managers for day-to-day decision making as called for by the FAM guidance for testing compliance with FFMIA. In collaboration with the PCIE, we are currently in the process of updating the FAM and expect to issue an updated version later in 2007. Scope and Methodology: We reviewed the fiscal year 2006 financial statement audit reports for the 24 CFO Act agencies to identify the auditors' assessments of agency financial systems' compliance and the problems that affect FFMIA compliance. To determine whether the data were sufficiently reliable, we performed the following procedures. We gained an understanding of the quality control environments at the respective IGs; leveraged our understanding of the methodology used by the IGs and their contract auditors in past years to reach conclusions with respect to FFMIA compliance at the respective agencies; considered management responses to the auditor's findings and conclusions; and asked questions to improve our understanding of the procedures applied and/or conclusions drawn, where appropriate. We also reviewed the data for obvious inconsistencies or errors, completeness, and changes from the prior year. When we found data which were inconsistent or incomplete we brought them to the attention of the cognizant IG staff and worked with them to resolve any issues before using the data as a basis for this report. When we encountered data that varied from the prior year, we reviewed the PAR and/or IPA report to determine the reason for the change. Based on these actions, we determined that the data from these reports were sufficiently reliable for the purposes of our report. Using the auditors' reports for the 24 CFO Act agencies, we identified problems reported by the auditors that affect agency systems' compliance with FFMIA. The problems identified in these reports are consistent with long-standing financial management weaknesses we have reported based on our work at a number of agencies. However, we caution that the occurrence of problems in a particular category may be even greater than auditors' reports of FFMIA noncompliance would suggest, because auditors may not have identified all instances of noncompliance with systems requirements and included all problems in their reports. Further, we identified other GAO and IG reports that discussed financial management systems issues and summarized the reports. We also obtained data from agencies' annual PAR reports. We also met with OMB officials to discuss their current efforts to improve federal financial management and address our prior recommendations related to FFMIA. In addition, we reviewed documentation provided by OMB regarding its current initiatives. We conducted our work from January through June 2007, in accordance with U.S. generally accepted government auditing standards. We requested written comments on a draft of this report from the Director of OMB or his designee. We received written comments from the OMB Controller. OMB's comments are discussed in the Agency Comments and Our Evaluation section and reprinted in appendix VI. We also received technical comments from OMB, which we incorporated as appropriate. FFMIA Assessments Identify Marginal Improvements in Some Cases: Many agencies still do not have effective financial management systems in place that can produce reliable, useful, and timely financial information, including cost data, with which to make informed decisions and help ensure accountability on an ongoing basis. Agencies are making progress in addressing their financial management systems weaknesses-- some dramatically. Most agency systems, though, are not yet substantially in compliance with FFMIA's requirements. As shown in figure 3, IGs and their contract auditors reported for fiscal year 2006 that 17 of the 24 CFO Act agencies did not substantially comply with at least one of FFMIA's three requirements--federal financial management systems requirements, applicable federal accounting standards, or the SGL at the transaction level. Figure 3 also shows that the number of agencies' systems reported by auditors as noncompliant with FFMIA has decreased marginally (from 20 agencies to 17 agencies) since FFMIA was enacted. Figure 3: Auditors' FFMIA Assessments for Fiscal Years 1997 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 1997 through 2006. [End of figure] Of the seven remaining CFO Act agencies, one auditor provided positive assurance of FFMIA compliance, while the other six provided negative assurance in fiscal year 2006. However, it would be erroneous to assume that statements of negative assurance provided by auditors for the six agencies equate to compliance with FFMIA. Auditors' assessments for three agencies changed from fiscal year 2005 to 2006. For fiscal year 2006, auditors for GSA provided negative assurance that GSA's financial management systems, as a whole, were substantially compliant with FFMIA's three requirements. Auditors for AID provided positive assurance that AID's financial management systems complied with FFMIA in fiscal year 2006. In fiscal year 2005, both AID and GSA were deemed noncompliant with FFMIA by the independent auditors. According to management, AID was able to become compliant due to completion of outstanding remediation items and the worldwide deployment of its financial management system. Conversely, auditors for the Department of Labor (Labor) reported that Labor's financial management systems did not substantially comply with FFMIA requirements in fiscal year 2006, but had provided positive assurance of FFMIA compliance in fiscal year 2005. The change was primarily due to weaknesses Labor auditors identified concerning general computer access controls, application access controls, and related manual controls. FFMIA Guidance Issues: Auditors for six agencies (Commerce, EPA, GSA, NSF, OPM, and SSA) provided negative assurance that the agencies' systems were compliant with FFMIA requirements. Auditors provide negative assurance when they state that nothing came to their attention during the course of their planned procedures to indicate that the agency's financial management systems did not meet FFMIA requirements. Although OMB's current audit guidance[Footnote 24] instructs auditors to test for compliance with FFMIA, it does not provide guidance on the nature and extent of tests to be performed. It calls for auditors to provide negative assurance when reporting whether an agency's systems are in substantial compliance with the three FFMIA requirements. However, financial statement users not familiar with the concept of negative assurance may incorrectly assume that these six agencies' systems have been fully tested by the auditors and that the agencies have achieved FFMIA compliance. In addition, without adequately testing systems for FFMIA compliance in a manner that is sufficient to support an opinion, auditors may not identify all areas of noncompliance; therefore, the number of problems may be even greater than those currently disclosed in auditors' reports on FFMIA compliance based on negative assurance. As we have previously reported, from our perspective, FFMIA requires auditors to provide positive assurance, which is an opinion. Section 803 (b) (1) of FFMIA requires auditors to "report whether the agency financial management systems comply with the requirements of [the act]." Providing positive assurance on FFMIA compliance involves additional testing to determine whether an agency's financial management systems comply substantially with systems requirements, the SGL at the transaction level, and accounting standards. The procedures necessary to provide such assurance go beyond those needed for performing a financial statement audit. While financial statement audits in general will offer some assurance on FFMIA compliance, auditors should also design and implement additional testing to satisfy the criteria in FFMIA. For example, in fiscal year 2006, agency auditors for AID stated that they interviewed staff and contract personnel and reviewed documentation related to the capabilities of Phoenix, AID's core financial system. According to AID auditors, they examined documentation, including reports, system queries, system screen captures, testing documents generated during system implementation, and documents generated for certification and accreditation activity in order to determine if the implemented systems provide complete, accurate, and timely information for managing day-to- day operations necessary to achieve positive assurance. When reporting an agency's financial management systems to be in substantial compliance, positive assurance from independent auditors can provide users with confidence that the agency systems provide the reliable, useful, and timely information envisioned by the act. The fact that AID's auditors provided positive assurance on FFMIA compliance is a noteworthy achievement. In addition, performing audit procedures designed to provide positive assurance of an agency's financial management systems' substantial compliance with FFMIA requirements can identify weaknesses and lead to improvements that enhance the performance, productivity, and efficiency of federal financial management systems in support of day-to-day managerial decision making. It also provides a clear "bottom line," whereas negative assurance does not. Some auditors we interviewed in prior years indicated that a revision to OMB's guidance on FFMIA reporting would be necessary for them to provide an opinion of FFMIA compliance. Therefore, as we have discussed in prior reports covering fiscal years 2000 through 2005,[Footnote 25] we continue to believe that our prior recommendation for OMB to require agency auditors to thoroughly examine agencies' financial management systems and provide a statement of positive assurance when reporting an agency's systems to be in substantial compliance with the three FFMIA systems requirements is appropriate and required. Doing so will be key to achieving the act's goal of effective financial management systems across government. However, OMB has not concurred with our recommendation in its responses to our prior reports and in its comments on a draft of this report. For example, last year, in response to our report[Footnote 26] on fiscal year 2005 FFMIA results, OMB stated that the broad scope of the President's Management Agenda and the fundamental changes occurring under the Financial Management Line of Business initiative, combined with strengthened reporting requirements under Circular No. A-123, are helping agencies identify and correct FFMIA deficiencies. In that context, OMB reiterated its belief that requiring a statement of positive assurance would prove only marginally useful. Further, as we have previously reported, a number of auditors have expressed a need for clarification on the definition of "substantial compliance." They cited a need for additional guidance to assist them in assessing whether agency systems substantially comply with the three FFMIA requirements. The auditors reported a need for clearer guidance from OMB on assessing FFMIA compliance that is consistent with the GAO/ PCIE FAM. As a result, we continue to believe that implementation of our recommendation for OMB to explore clarifying the definition of "substantial compliance" would be useful. Other related concerns of agency auditors included a need for (1) more clearly defined and objective criteria to assist in their determination of FFMIA compliance, (2) more specific guidance on testing and sampling methodologies, and (3) additional guidance for assessing compliance with certain accounting standards, such as the Statement of Federal Financial Accounting Standards (SFFAS) No. 4, Managerial Cost Accounting Concepts and Standards for the Federal Government. In its comments on prior reports, OMB stated that its growing experience helping agencies implement the PMA enables it to refine the existing FFMIA indicators associated with substantial compliance. Accordingly, OMB said it would consider our recommendation in any future policy and guidance updates. In commenting on a draft of this report, OMB agreed to take this recommendation under advisement as it updates Circular No. A-127, Financial Management Systems. Problems Reported by Agency Auditors: Based on our review of the fiscal year 2006 audit reports for the 17 agencies reported to have systems not in substantial compliance with one or more of FFMIA's three requirements, we identified six primary reasons for agency systems not being compliant: * nonintegrated financial management systems, * inadequate reconciliation procedures, * lack of accurate and timely recording of financial information, * noncompliance with the SGL, * lack of adherence to federal accounting standards, and: * weak security controls over information systems. The weaknesses reported by the auditors ranged from serious, pervasive systems problems to less serious problems that may affect only one aspect of an agency's accounting operation. While at some agencies, the problems were so serious that they affected the auditor's opinion on the agency's financial statements, at other agencies, the auditors cited problems that represented significant deficiencies in the design or operation of internal control, but were not material to the financial statements as a whole. Figure 4 shows the relative frequency of these problems at the agencies reported to have noncompliant systems from fiscal years 2002 through 2006. The same six types of problems have been cited by auditors although the auditors may not have reported these problems as specific reasons for their systems' lack of substantial compliance with FFMIA's requirements. Some agencies have made little progress addressing these areas. In addition, as previously discussed, the occurrence of problems in any particular category may be even greater than auditors' reports of FFMIA noncompliance would suggest because auditors may not have identified all problems in their reviews conducted to provide negative assurance. Figure 4: Number of Agencies with Reported FFMIA Compliance Problems for Fiscal Years 2002 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 2002 through 2006. [End of figure] Nonintegrated Financial Management Systems: The CFO Act calls for agencies to develop and maintain integrated accounting and financial management systems[Footnote 27] that comply with federal systems requirements and provide for (1) complete, reliable, consistent, and timely information that is responsive to the financial information needs of the agency and facilitates the systematic measurement of performance; (2) the development and reporting of cost management information; and (3) the integration of accounting, budgeting, and program information. OMB Circular No. A-127, Financial Management Systems, requires agencies to establish and maintain a single integrated financial management system that conforms to functional requirements now issued by the Office of Federal Financial Management (OFFM).[Footnote 28] More details on the financial management systems requirements can be found in appendixes I and II. The lack of integrated financial management systems typically results in agencies expending major effort and resources, including in some cases hiring external consultants, to develop information that their systems should be able to provide on a daily or recurring basis. Agencies with nonintegrated financial systems are also more likely to devote more time and resources to collecting information than those with integrated systems. In addition, opportunities for errors are increased when agencies' systems are not integrated. Auditors frequently cited the lack of integrated financial management systems in their fiscal year 2006 audit reports. Although improvements have been made, as shown in figure 5, auditors for 12 of the 17 agencies with noncompliant systems in fiscal year 2006 reported nonintegrated systems as a problem, compared with 13 of the 18 agencies reporting such problems in fiscal year 2005. Figure 5: Number of CFO Act Agencies with Reported Nonintegrated Financial Management Systems Problems for Fiscal Years 2002 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 2002 through 2006. [End of figure] As a case in point, auditors for the Department of State (State) reported the lack of a modern, integrated financial management system in their fiscal year 2006 audit report. Since September 30, 2003, auditors have reported that State's financial and accounting systems are inadequate, thus preventing the department from routinely issuing timely financial statements and increasing the risk of materially misstating financial information. The principal areas of weakness included (1) certain elements of the financial statements, including, but not limited to, personal property, capital leases, and certain accounts payable, were developed from sources other than the general ledger; and (2) the department used several systems that were not integrated with the department's centralized financial management system for the management of grants and other types of financial assistance. Inadequate Reconciliation Procedures: A reconciliation process, whether manual or automated, is a necessary and valuable internal control in a sound financial management system. The less integrated the financial management system, the greater the need for adequate reconciliations because data are being accumulated from a number of different sources. Reconciliations are needed to ensure that data have been recorded properly between the various systems and manual records. As shown in figure 6, for fiscal year 2006, auditors for 14 of the 17 agencies with noncompliant systems reported that the agencies had reconciliation problems, as compared with 14 of the 18 agencies reporting such problems in fiscal year 2005. Figure 6: Number of CFO Act Agencies with Reported Inadequate Reconciliation Procedures Problems for Fiscal Years 2002 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 2002 through 2006. [End of figure] While reconciling balances with the Department of the Treasury (Treasury) remains a common problem, many other types of reconciliation problems were also cited during fiscal year 2006. For example, at the Department of Agriculture (Agriculture), the independent auditor reported that over 50 abnormal balances exceeding $360 million existed at year end. The abnormal balances stemmed from a variety of causes. In one case, the auditors reported that Agriculture did not perform timely research to ensure that account relationships were reconciled and corresponding corrections promptly made. The number and dollar value of abnormal account balances had been significantly reduced from last year at Agriculture; however, when abnormal balances exist, immediate research should be performed to identify the cause and correct the condition. Lack of Accurate and Timely Recording of Financial Information: As shown in figure 7, auditors for 15 of 17 agencies with noncompliant systems reported the lack of accurate and timely recording of financial information as a problem for fiscal year 2006, compared with 17 of 18 agencies reporting such problems in fiscal year 2005. Figure 7: Number of CFO Act Agencies with Reported Lack of Accurate and Timely Recording Problems for Fiscal Years 2002 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 2002 through 2006. [End of figure] Accurate and timely recording of financial information is essential for effective financial management. Timely recording of transactions facilitates accurate reporting in agencies' financial reports and other management reports used to guide managerial decision making. In addition, having systems that record information in an accurate and timely manner is critical for key governmentwide initiatives, such as integrating budget and performance information. In contrast, lack of timely recording of transactions during the fiscal year can result in agencies making substantial efforts at fiscal year end to perform extensive manual financial statement preparation efforts that are susceptible to error and increase the risk of misstatements. For example, auditors for the Department of Energy (Energy) noted that the department has not completed all of the corrective actions needed to reconcile obligation data converted from Energy's legacy systems to its new financial management system, the Standard Accounting and Reporting System (STARS), affecting the accuracy of undelivered order balances at every field office tested by the auditors. As of September 30, 2006, Energy reported undelivered orders of $11.3 billion. Errors in recording obligations, such as duplicating obligation entries or recording obligations in subsequent periods, resulted in misstatements of the undelivered orders balance. These problems precluded the department from providing assurance of accurate and complete undelivered orders balance in Energy's consolidated financial statements. Further, such problems typically result in funds not being available for use that otherwise would be, and in managers not having accurate financial information during the year for well-informed decisions. Noncompliance with the SGL: As shown in figure 8, auditors for 7 of the 17 agencies with noncompliant systems reported that the agencies' systems did not comply with SGL requirements for fiscal year 2006, compared with 11 of the 18 agencies reporting such problems in fiscal year 2005. Figure 8: Number of CFO Act Agencies with Reported Noncompliance with the SGL Problems for Fiscal Years 2002 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 2002 through 2006. [End of figure] FFMIA specifically requires federal agencies to implement the SGL at the transaction level. Using the SGL promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions and provides a basis for comparison at the agency and governmentwide levels. The defined accounts and pro forma transactions standardize the accumulation of agency financial information as well as enhance financial control and support internal and external reporting. According to auditors at Interior and AID, progress has been made in this area as a result of the agencies retiring legacy systems and implementing new systems that conform to the SGL. Nevertheless, failure to adhere to the SGL continues to impede the ability of some agencies to prepare accurate financial statements. For example, auditors for the Department of Health and Human Services (HHS) noted that its Division of Financial Operations (DFO) CORE accounting system, which supports net outlays of more than $93 billion, is a legacy accounting system and does not fully support the SGL. Specifically, the auditors found that HHS compiles its financial statements through a multistep process using a combination of manual and automated procedures. Further, agency auditors identified over 100 instances with an approximate value of over $3 billion of general ledger accounts and crosswalks that were not used consistently or in compliance with Treasury's guidance on the SGL. To address this issue, HHS is in the process of implementing a new financial management system. Lack of Adherence to Federal Accounting Standards: One of FFMIA's requirements is that agencies' financial management systems account for transactions in accordance with federal accounting standards. Appendixes III and IV list the federal financial accounting standards and other guidance issued by the Federal Accounting Standards Advisory Board and its Accounting and Auditing Committee, respectively. The purpose of these standards and other guidance is to ensure that federal agencies' financial reports provide users with understandable, relevant, and reliable information about the financial position, activities, and results of operations of the U.S. government and its components. Many agencies face continuing challenges in this area. As shown in figure 9, for fiscal year 2006, auditors for 10 of the 17 agencies with noncompliant systems reported that these agencies had problems complying with one or more federal accounting standards. Figure 9: Number of CFO Act Agencies with Reported Lack of Adherence to Federal Accounting Standards Problems for Fiscal Years 2002 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 2002 through 2006. [End of figure] Two agencies, the Department of the Interior (Interior) and Department of Transportation (DOT), reported weaknesses affecting compliance with the recently issued SFFAS 27, Identifying and Reporting Earmarked Funds, which became effective for fiscal year 2006. For example, at Interior, auditors noted that the Sport Fish Restoration and Boating Trust Fund was properly classified as an earmarked fund but that Interior had not fully established controls to ensure that its portion of the fund was accurately included in the financial statements. As a result, Interior analyzed and adjusted the financial statements. While newly issued standards may cause significant compliance problems, agencies also struggled to implement standards which have been in effect for some time. Auditors reported compliance problems with 11 specific accounting standards in fiscal year 2006. Of those standards, the 4 that were most troublesome for agencies were SFFAS No. 1, Accounting for Selected Assets and Liabilities; SFFAS No. 4, Managerial Cost Accounting Concepts and Standards; SFFAS No. 6, Accounting for Property, Plant, and Equipment; and SFFAS No. 7, Accounting for Revenue and Other Financing Sources. Weak Security Controls over Information Systems: Information security weaknesses are a major concern for federal agencies and the general public and one of the frequent problems auditors cited concerning noncompliance with FFMIA. As shown in figure 10, auditors for 15 of the 17 agencies with noncompliant systems reported security weaknesses in information systems to be a problem, compared with 16 of the 18 agencies reporting such problems in fiscal year 2005. Figure 10: Number of CFO Act Agencies with Reported Weak Security over Information Systems Problems for Fiscal Years 2002 through 2006: [See PDF for image] Source: GAO compiled from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal years 2002 through 2006. [End of figure] These control weaknesses place vast amounts of government assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure, and critical operations at risk of disruption. Since 1997, we have considered information security to be a high-risk area at a governmentwide level and continue to emphasize it on our most recent list issued in January 2007.[Footnote 29] For example, the Nuclear Regulatory Commission (NRC) auditors reported that only 1 out of 30 operational NRC information systems had a current certification and accreditation. Auditors also noted that in the past 4 years NRC has not performed a current certification and accreditation of its general support systems. As a result, all NRC information systems that depend on the security controls provided by these general support systems are subject to an unknown potential risk. Two of NRC's financial reporting systems, Federal Financial System (FFS) and the Federal Personnel and Payroll System (FPPS), were outsourced to the Department of Interior's National Business Center (DOI-NBC) but continue to rely on the NRC's general support system. According to the auditors, their reliance on the top tier of controls of the general support systems puts the FFS and the FPPS at risk despite the DOI-NBC assurance that the certification and accreditations for the two systems have been performed. The security breaches at Department of Veterans Affairs (VA), Treasury, and other agencies compromised the personal data of millions of U.S. citizens and highlighted the importance of adequate system security policies and programs. Robust federal security programs are critically important to properly protect personal and financial information and the privacy of individuals. When there is a lack of reasonable assurance that controls are correctly implemented, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the agency, the agencies' information and systems are left vulnerable to attack or compromise. Efforts Are Under Way to Address Federal Financial Management System Challenges: Agencies and OMB have a number of efforts under way to address their existing financial management systems problems. For example, noncompliant agencies are required by OMB to include in their annual PARs a summary of their detailed remediation plans including corrective actions as well as the resources and target dates for implementing the corrective actions. A number of those corrective actions involve implementing new financial management systems, which over time has proven to be very challenging. Efforts to modernize financial management systems have often exceeded budgeted costs, experienced delays in delivery dates, and not provided the anticipated system functionality and performance. This problem is particularly serious at the Department of Defense. To help provide a governmentwide solution, OMB has developed the financial management line of business (FMLOB) initiative. While progress has been made in defining standard business processes and issuing draft guidance to facilitate a smooth transition to shared service providers, the FMLOB initiative involves complex issues that have far-reaching implications for the government and private sector shared service providers. As we reported[Footnote 30] last year, the key for federal agencies to avoid the long-standing problems that have plagued financial management system improvement efforts is to address the foremost causes of those problems and adopt solutions that reduce the risks associated with these efforts to acceptable levels. Comprehensive Remediation Plans Are Critical to Agencies' Improvement Efforts: Correcting financial management system problems has proven to be particularly difficult for many agencies. To assist in this effort, FFMIA requires the heads of agencies with noncompliant systems to prepare detailed remediation plans to bring agencies' systems into substantial compliance with the law. Specifically, the law requires the head of the agency to establish a remediation plan that includes resources, remedies, and intermediate target dates necessary to bring the agency's financial management systems into substantial compliance. Further, OMB Circular A-11 requires agencies with noncompliant systems to include in their annual PARs a summary of their detailed remediation plans containing (1) corrective actions to be taken, (2) resources to be used for implementation of the corrective actions, and (3) target dates for implementation of the corrective actions. As previously discussed, auditors reported that 17 agency systems were substantially noncompliant with FFMIA in fiscal year 2006. The agency heads for 5 of these agencies[Footnote 31] disagreed with the auditor and considered their agencies' systems to be substantially compliant with FFMIA. The law does not require an agency to prepare a remediation plan if the agency head determines that the agency's systems are in substantial compliance with the law even if the agency's auditor determines the agency's systems are not substantially compliant. The remaining 12 agencies[Footnote 32] are required to include summarized remediation plans in their PARs. We reviewed the 12 PARs for those agencies to determine if their summarized remediation plans included the required information. Figure 11 presents the results of our analysis. Figure 11: Summary of Analysis of Elements Included in 12 Agencies' Summarized Remediation Plans for Fiscal Year 2006: [See PDF for image] Source: GAO analysis of agencies' PARs. [End of figure] As shown in figure 11, all of the agencies' summarized remediation plans included corrective actions. However, one third of the agencies' summarized remediation plans did not include a discussion of the staffing resources required to complete the planned corrective actions. Remediation plans provide a "road map" to resolve financial management problems in a transparent manner, and also help hold managers accountable for needed improvements. A discussion of the resources to be used when implementing the corrective actions is essential in determining whether the corrective actions can realistically be accomplished within the specified time frames. Assigning resources to a corrective action facilitates on-time implementation and helps avoid confusion over what funding sources will be used and the personnel responsible for the implementation. One agency did not include target dates for completing corrective actions to become substantially compliant with FFMIA. Setting specific target dates, including intermediate target dates, facilitates tracking the progress agencies are making in reaching their specified goals. If agencies do not include target dates in their remediation plans, it is difficult for the Congress and the American taxpayer to hold them accountable for correcting long-standing financial management system problems. Agencies Struggle with Financial Management Systems Modernization: Across the government, agencies have many efforts under way to implement new financial management systems or to upgrade existing systems that may help improve FFMIA compliance. However, these efforts far too often result in systems that do not meet their cost, schedule, and performance goals. While agencies anticipate that the new systems will provide reliable, useful, and timely data to support managerial decision making, our work and that of others has shown that has often not been the case. For example, many of DOD's over 2,000 business systems are nonintegrated, stove piped, and not capable of providing departmental management and the Congress accurate and reliable information on DOD's day-to-day operations. For decades, DOD has been challenged in modernizing its timeworn business systems. In 1995, we designated DOD's business systems modernization program as high-risk, and we continue to designate it as such in our most recent high-risk report.[Footnote 33] In another case, HHS has been plagued with systems implementation issues with its Unified Financial Management System (UFMS) from inception. In fiscal year 2006, HHS auditors reported that the agency continued to experience significant challenges in resolving issues with the system conversion and implementation and that sustained efforts will be necessary to overcome the continuing serious weaknesses. Furthermore, modernization efforts at DHS and DOJ have been hampered because these agencies did not follow best practices in systems development and implementation efforts (commonly referred to as disciplined processes[Footnote 34]). * Since its establishment, DHS has faced the daunting task of bringing together 22 diverse agencies and developing an integrated financial management system. DHS halted implementation of the Electronically Managing Enterprise Resources for Government Effectiveness and Efficiency (Emerge2) program in December 2005, which was expected to integrate financial management systems across the entire department and to address its financial management weaknesses. DHS officials have stated that approximately $52 million in total was spent on the Emerge2 project before it was halted. In fiscal year 2006, we testified[Footnote 35] and provided an assessment of the status of DHS's efforts to modernize its financial management systems. In early March 2007, DHS officials issued a high-level plan to address the existing internal control weaknesses. However, as we recently reported and testified,[Footnote 36] more detailed implementation strategies will be necessary to fully address the financial management system challenges. DHS has received permission from OMB to leverage its current investments by consolidating and migrating components to either the Transportation Security Administration (TSA) or Customs and Border Protection financial management systems models. Our concern is that these components have numerous financial management weaknesses. For example, auditors for TSA reported that they were unable to provide sufficient evidential matter or make knowledgeable representations to support fiscal year 2005 and 2006 transactions and account balances, particularly for budgetary accounting and undelivered orders, and property, plant, and equipment, among others. * The Department of Justice has developed plans for a Unified Financial Management System (UFMS) intended to correct many of its financial accounting and reporting issues. The UFMS is expected to standardize and integrate financial processes and systems to more efficiently support accounting operations, facilitate preparation of financial statements, and streamline audit processes. The department's efforts over the past few years to implement the UFMS to replace the seven major accounting systems currently used throughout the department have been challenging. For example, 2 years after the department selected a vendor for the unified system, problems with funding, staff turnover, and other competing priorities caused delays in implementation of the new system. As of September 2006, none of Justice's accounting systems were integrated with each other. The Drug Enforcement Administration (DEA) is scheduled to begin implementing the UFMS in fiscal year 2008, and current plans are for implementing the system in all department components by fiscal year 2012. Challenges of Implementing the Financial Management Line of Business: OMB's FMLOB initiative, launched in March 2004, promotes business- driven, common solutions to enhance the federal government's performance and services. This initiative is intended to address past financial management systems' weaknesses and implementation failures and support the PMA goal of expanding electronic government. The goals of OMB's Financial Management Line of Business initiative include: * providing timely and accurate data for decision making; * facilitating stronger internal controls that ensure integrity in accounting and other stewardship activities; * reducing costs by providing a competitive alternative for agencies to acquire, develop, implement, and operate financial management systems through shared service solutions; * standardizing systems, business processes, and data elements; and: * providing for seamless data exchange between and among federal agencies by implementing a common language and structure for financial information and system interfaces. OMB's initial framework for the competitive migration to either a public shared service provider or a qualified private sector provider under the initiative is expected to help agencies maximize value by considering alternative solutions in a reasoned and structured manner. We have long supported and called for initiatives to standardize and streamline common systems, which can reduce costs and, if done correctly, improve accountability. Likewise, OMB has correctly recognized that enhancing the government's ability to implement financial management systems that are capable of providing accurate, reliable, and timely information on the results of operations needs to be addressed as a governmentwide solution, rather than individual agency stove-piped efforts designed to meet a given entity's needs. The FMLOB is a work in progress, and OMB has not yet fully defined and implemented the processes necessary to successfully complete it. In our March 2006 report,[Footnote 37] we recommended that careful consideration of the following four concepts, each one building upon the former, would be integral to the success of OMB's FMLOB initiative and could help break the cycle of failure in implementing financial management systems. The four concepts were (1) developing a concept of operations, (2) defining standard business processes, (3) developing a strategy for ensuring that agencies migrate to a limited number of service providers in accordance with OMB's stated approach, and (4) defining and effectively implementing disciplined processes necessary to properly manage the specific projects. OMB has taken steps to develop the foundational guidance needed for the FMLOB, but many challenging tasks remain. As we reported last year, OMB has designated four federal agencies[Footnote 38] as shared service providers; released a competition framework in May 2006; issued migration planning guidance in September 2006; and encouraged private sector providers that can satisfy the shared services requirements to participate in the procurement process for these services. In November 2006, OMB released an exposure draft of a common governmentwide accounting classification structure that may address lack of standardization among agency accounts. A critical factor for this project will be the ability to develop an approach that captures all stakeholders' needs with minimal redundancy and complexity. In addition, OMB and the Financial Systems Integration Office[Footnote 39] (FSIO) have also developed and released an exposure draft for the funds control standard business process[Footnote 40] and the payment management standard business process.[Footnote 41] Further, in March 2007, the Financial Services Assessment Guide (SAG)[Footnote 42] was issued to establish a set of financial service metrics to facilitate an assessment of opportunities to improve performance and affordability of financial services provided by shared service providers and federal agencies. In order to promote consistency among agencies and service providers, starting June 15, 2007, and every month thereafter, OMB is requiring monthly reporting from all agencies on their performance data through a single system managed by FSIO, including data for each system listed as a core financial management system. Furthermore, FSIO released its core financial system product compliance test policy,[Footnote 43] documenting the specific core financial systems qualifications test policy and procedures starting in 2007. This new policy provided detailed information about each test, including schedule, scope, and requirements to be tested. This is a useful tool to promote consistency in core financial systems governmentwide, clarify the system requirements, and reduce the risk that agencies will acquire noncompliant or ineffective core financial system software. This, though, does not eliminate the need for agencies to conduct comprehensive testing efforts to ensure that financial system software meets their requirements, and the implementation of FSIO-tested software does not guarantee that the agencies will have financial systems that are compliant with FFMIA. While much has been accomplished by OMB, many important issues remain unresolved. For example, one of the recommendations in our March 2006 report[Footnote 44] called for a concept of operations to provide the foundation for the FMLOB. An effective concept of operations would describe, at a high level, (1) how all of the various elements of federal financial systems and mixed systems relate to each other and (2) how information flows from and through these systems. A concept of operations would provide a useful tool to explain how financial management systems at the agency and governmentwide levels can operate cohesively. It would be geared to a governmentwide solution rather than individual agency stove-piped efforts. Because the federal government does not have an overall concept of operations, there is no clear understanding of the interrelationships among federal financial systems and how the shared service provider concept fits into this framework. OMB officials recognize that standardization is important and are developing a standard set of business processes in four areas: funds control, accounts payable, accounts receivable, and financial reporting. In addition, as the FMLOB initiative moves forward, there are numerous additional areas where standardization is also important, such as inventory, supplies, and material management, as well as the loan management areas. Absent this standardization, shared service providers have been designated without common business rules and potential customer agencies continue to implement and operate individual stove-piped systems that may require additional work to adopt these processes. Further, as we reported in September 2006,[Footnote 45] there are a number of factors that affect FFMIA compliance, including the quality of transaction data in agency feeder systems; the success of converting data from legacy systems; and the interaction of people, process, and technology within an agency's environment. The shared service provider concept, if adopted, will still require that agencies address long- standing human capital problems and develop long-term strategies for acquiring, developing, and retaining an organization's total workforce to meet the needs of the future. To date, none of the major CFO Act agencies has moved to an OMB-designated shared service provider to handle their financial management system activities, although some agencies, such as DOT, GSA, and NRC were already using the shared service provider concept prior to OMB's financial management line of business initiative. In addition, other agencies such as Labor, use a commercial shared service provider to provide hosting and operations and maintenance services. There are some major CFO Act agencies, such as EPA, HUD, Agriculture, and OPM that are in the process of selecting a shared service provider for full financial management systems activities. OMB officials told us that a successful FMLOB outcome would be for agencies to solicit for government or commercial shared service providers, identify the best value, and move forward in the FMLOB process. Whether agencies move to a shared service provider or implement their own systems, they must have disciplined processes in place to achieve the intended results, within established resources, and on schedule. Comptroller General Convening Forum on FFMIA Issues: To address the challenges CFO agency managers and auditors face in implementing and maintaining financial management systems that meet the intent of the CFO Act and the requirements of FFMIA, we are convening a Comptroller General forum later this year in Washington, D.C. The forum is intended to build on 10 years of experience with FFMIA implementation and foster discussion with a select group of experts and knowledgeable officials on the financial management systems opportunities and challenges facing agencies across the federal government. The discussion will focus on options for addressing the impediments faced by federal managers in attempting to bring their respective agencies into compliance with the requirements of the law. More importantly, after 10 years, this forum provides an opportunity to "think outside the box" and foster innovative ideas on how the federal government can overcome long-standing challenges in improving financial management systems with the goal of providing meaningful data to support managerial decision making on a daily basis. Invitees to the forum will include representatives from the federal Chief Financial Officer and inspector general communities, key OMB officials and congressional staff, and selected other knowledgeable officials from the public and private sectors. After the forum, we plan to issue a separate report summarizing the discussion and to consider the key issues in our future FFMIA work. Accordingly, we are not making any new recommendations in this report. Conclusion: Over the 10 years since FFMIA's enactment, the federal government has continued to make incremental improvement in implementing financial management systems that substantially comply with the requirements of the act. Nonetheless, significant and long-standing obstacles remain for developing and implementing effective financial management systems that can provide essential financial data in support of day-to-day managerial decision making--the ultimate goal of FFMIA. Continued high- priority and sustained top-level commitment by OMB and leaders throughout the federal government will be required to fully and effectively achieve the goal of FFMIA. In addition, to help address the fundamental obstacles impeding FFMIA implementation, we are taking a proactive stance by convening a forum to help identify innovative approaches and corrective actions. Agency Comments and Our Evaluation: In written comments (reprinted in app. VI) on a draft of this report, OMB agreed with our assessment that while federal agencies have continued to make progress in financial management, many agencies still need to improve their financial systems so that reliable, useful, and timely financial management information is available for day-to-day operations. OMB stated that it was working aggressively to assist agencies in building a strong foundation for financial management practices and also applauded our plans to convene a forum on these issues. As in previous years, we and OMB have differing views on the necessity of agency auditors providing a statement of positive assurance when reporting agency systems to be in substantial compliance with the requirements of FFMIA. OMB stated that its three major initiatives, the PMA, FMLOB, and the revised Circular No. A-123, are helping agencies identify and correct FFMIA deficiencies. Further, OMB stated that many of the ongoing assessments required under the revised Circular No. A- 123 mirror the types of assessments that would occur in establishing a statement of positive assurance under FFMIA. As a result, OMB believed that requiring a statement of positive assurance would be costly and would not provide additional information that would be of benefit to the federal agency, OMB, or the taxpayer. While we agree that these initiatives are helping drive improvements, auditors need to consider other aspects of financial management systems when assessing FFMIA compliance that are not fully addressed through the current reporting structure. For example, in preparing the PMA scorecard assessments, OMB officials meet with agencies to discuss a number of financial management issues and have systems demonstrations. Our concern is that some of the information provided by this approach does not come under audit scrutiny and may not be reliable. Similarly, internal control assessments performed under Circular No. A-123 are management's judgments and are subject to an opinion-level review by independent auditors only in limited circumstances. An opinion by an independent auditor on FFMIA compliance would confirm whether an agency's systems substantially met the requirements of FFMIA and could also provide additional confidence in the information provided as a result of the PMA, FMLOB, and Circular No. A-123 initiatives. In our view, confidence that agency financial management systems provide reliable, useful, and timely information to help government leaders invest resources, oversee programs, and reduce costs, would be of significant value to the federal agency, OMB, the Congress, and the taxpayer. Moreover, to minimize the cost of providing an audit opinion, the GAO/PCIE Financial Audit Manual includes a number of techniques that auditors can use to reduce the incremental cost of providing positive assurance. Finally, we continue to believe that a statement of positive assurance is a statutory requirement under the act. With regard to our prior recommendation for revised guidance that clarifies the definition of substantial compliance, OMB stated that in its update to Circular No. A-127, Financial Management Systems, its goal will be to simplify FFMIA compliance requirements as well as to better balance the FFMIA objectives of generating audited financial statements and providing meaningful information for decision makers. Accordingly, OMB agreed to take this recommendation under advisement. As we noted in our prior reports,[Footnote 46] auditors we interviewed expressed a need for clarification regarding the meaning of substantial compliance. OMB also provided technical comments which we incorporated as appropriate. We are sending copies of this report to the Chairman and Ranking Member, Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Senate Committee on Homeland Security and Governmental Affairs, and to the Chairman and Ranking Member, Subcommittee on Government Management, Organization, and Procurement, House Committee on Oversight and Government Reform. We are also sending copies to the Director of the Office of Management and Budget, the heads of the 24 CFO Act agencies in our review, and agency CFOs and inspectors general. Copies will be made available to others upon request. In addition, this report will be available at no charge on the GAO Web site at http://www.gao.gov. This report was prepared under the direction of McCoy Williams, Director, Financial Management and Assurance, who may be reached at (202) 512-9095 or williamsm1@gao.gov if you have any questions. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff that made key contributions to this report are listed in appendix VII. Signed by: David M. Walker: Comptroller General of the United States: [End of section] Appendix I: Requirements and Standards Supporting Federal Financial Management: Financial Management Systems Requirements: The policies and standards prescribed for executive agencies to follow in developing, operating, evaluating, and reporting on financial management systems are defined in Office of Management and Budget (OMB) Circular No. A-127, Financial Management Systems. The components of an integrated financial management system include the core financial system,[Footnote 47] managerial cost accounting system, administrative systems, and certain programmatic systems. Administrative systems are those that are common to all federal agency operations,[Footnote 48] and programmatic systems are those needed to fulfill an agency's mission. Circular No. A-127 refers to the series of publications entitled Federal Financial Management Systems Requirements, initially issued by the Joint Financial Management Improvement Program's (JFMIP) Program Management Office (PMO) as the primary source of governmentwide requirements for financial management systems. However, as of December 2004, the Financial Systems Integration Office (FSIO) assumed responsibility for coordinating the work related to federal financial management systems requirements and OMB's Office of Federal Financial Management (OFFM) is responsible for issuing the new or revised regulations. In December 2004, the JFMIP Principals voted to modify the roles and responsibilities of JFMIP, resulting in the creation of FSIO. Appendix II lists the federal financial management systems requirements published to date. Figure 12 is the current model that illustrates how these systems interrelate in an agency's overall systems architecture. Figure 12: Agency Systems Architecture: [See PDF for image] Source: OMB, Core Financial Systems Requirements, OFFM-No-0106 (Washington, D>C.: January 2006). [End of figure] FFMIA Guidance: OMB establishes governmentwide financial management policies and requirements and has issued two sources of guidance related to FFMIA reporting. First, in OMB Memorandum, Revised Implementation Guidance for the Federal Financial Management Improvement Act (Jan. 4, 2001), OMB provides guidance for agencies and auditors to use in assessing substantial compliance. The guidance describes the factors that should be considered in determining whether an agency's systems substantially comply with FFMIA's three requirements. Further, the guidance provides examples of the types of indicators that should be used as a basis for assessing whether an agency's systems are in substantial compliance with each of the three FFMIA requirements. Finally, the guidance discusses the corrective action plans, to be developed by agency heads, for bringing their systems into compliance with FFMIA. Second, on August 23, 2006, OMB issued Bulletin No. 06-03, Audit Requirements for Federal Financial Statements, which superseded OMB Bulletin No. 01-02. This new bulletin did not substantially revise the FFMIA audit guidance included in Bulletin No. 01-02, which calls for auditors to provide negative assurance when reporting on an agency system's FFMIA compliance. We have worked in partnership with representatives from the President's Council on Integrity and Efficiency (PCIE) to develop and maintain the joint GAO/PCIE Financial Audit Manual (FAM). The FAM provides specific procedures auditors should perform when assessing FFMIA compliance.[Footnote 49] As detailed in appendix V, we have also issued a series of checklists to help assess whether agencies' systems meet systems requirements. The FAM guidance on FFMIA assessments recognizes that while financial statement audits offer some assurance regarding FFMIA compliance, auditors should design and implement additional testing to satisfy FFMIA criteria. OMB Circular No. A-127 also requires agencies to purchase commercial off-the-shelf (COTS) software that has been tested and certified through the PMO software certification process when acquiring core financial systems. However, in December 2004, OMB transferred the responsibility of certifying systems to FSIO as part of the realignment of JFMIP. In March 2007, FSIO updated the testing policy for COTS software. However, the certification process does not eliminate or significantly reduce the need for agencies to develop and conduct comprehensive testing efforts to ensure that the COTS software meets their requirements. Moreover, core financial systems certification does not mean that agencies that install these packages will have financial management systems that are compliant with FFMIA. Many other factors can affect the capability of the systems to comply with FFMIA, including modifications made to the FSIO-certified core financial management systems software and the validity and completeness of data from feeder systems. Federal Accounting Standards: The Federal Accounting Standards Advisory Board (FASAB)[Footnote 50] promulgates federal accounting standards and concepts that agency chief financial officers use in developing financial management systems and preparing financial statements. FASAB develops the appropriate accounting standards and concepts after considering the financial and budgetary information needs of the Congress, executive agencies, and other users of federal financial information and comments from the public. FASAB forwards the standards and concepts to the Comptroller General, the Director of OMB, the Secretary of the Treasury, and the Director of the Congressional Budget Office (CBO) for a 90-day review. If, within 90 days, neither the Comptroller General nor the Director of OMB objects to the standard or concept, then it is issued and becomes final. FASAB announces finalized concepts and standards in The Federal Register. The American Institute of Certified Public Accountants designated the federal accounting standards promulgated by FASAB as being generally accepted accounting principles for the federal government. This recognition enhances the acceptability of the standards, which form the foundation for preparing consistent and meaningful financial statements both for individual agencies and the government as a whole. Currently, there are 32 Statements of Federal Financial Accounting Standards (SFFAS) and 4 Statements of Federal Financial Accounting Concepts (SFFAC).[Footnote 51] The concepts and standards are the basis for OMB's guidance to agencies on the form and content of their financial statements and for the government's consolidated financial statements. Appendix III lists the concepts, standards, interpretations,[Footnote 52] and technical bulletins, along with their respective effective dates. FASAB's Accounting and Auditing Policy Committee (AAPC)[Footnote 53] assists in resolving issues related to the implementation of accounting standards. AAPC's efforts result in guidance for preparers and auditors of federal financial statements in connection with implementation of accounting standards. To date, AAPC has issued six technical releases, which are listed in appendix IV along with their release dates. U.S. Government Standard General Ledger (SGL): The SGL was established by an interagency task force under the direction of OMB and mandated for use by agencies in OMB and Treasury regulations in 1986. The SGL promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions used to standardize federal agencies' financial information accumulation and processing throughout the year, enhance financial control, and support budget and external reporting, including financial statement preparation. The SGL is intended to improve data stewardship throughout the federal government, enabling consistent reporting at all levels within the agencies and providing comparable data and financial analysis governmentwide.[Footnote 54] Internal Control Standards: The Congress enacted legislation, 31 U.S.C. § 3512(c), (d) (commonly referred to as the Federal Managers' Financial Integrity Act of 1982 (FMFIA)), to strengthen internal controls and accounting systems throughout the federal government, among other purposes. Issued pursuant to FMFIA, the Comptroller General's Standards for Internal Control in the Federal Government[Footnote 55] provides standards that are directed at helping agency managers implement effective internal control, an integral part of improving financial management systems. Internal control is a major part of managing an organization and comprises the plans, methods, and procedures used to meet missions, goals, and objectives. In summary, internal control, which under OMB's guidance for FMFIA is synonymous with management control, helps government program managers achieve desired results through effective stewardship of public resources. Effective fiscal year 2006, OMB strengthened the requirements for conducting management's assessment of internal control over financial reporting by revising OMB Circular No. A-123.[Footnote 56] Significant revisions contained in Appendix A of the circular include requiring Chief Financial Officers (CFO) Act agency management to annually assess the adequacy of internal control over financial reporting, provide a report on identified material weaknesses and corrective actions, and provide a separate assurance statement on the agency's internal control over financial reporting. In initiating the revisions, OMB cited the internal control requirements for publicly traded companies that are contained in section 404 of the Sarbanes-Oxley Act of 2002 (Sarbanes- Oxley).[Footnote 57] Sarbanes-Oxley was enacted in response to corporate accountability failures of several years prior to its enactment and contains a provision (section 404) calling for management's assessment of internal control over financial reporting similar to the long-standing requirements for executive branch agencies contained in FMFIA to issue annual statements of assurance over internal control in the agencies. Opinions on internal control over financial reporting as required by Sarbanes-Oxley for publicly traded companies are important to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws. [End of section] Appendix II Publications in the Federal Financial Management Systems Requirements Series: Table: FFMSR document: FFMSR-8; System Requirements for Managerial Cost Accounting; Issue date: February 1998. FFMSR document: JFMIP-SR-99-5; Human Resources & Payroll Systems Requirements; Issue date: April 1999. FFMSR document: JFMIP-SR-99-8; Direct Loan System Requirements; Issue date: June 1999. FFMSR document: JFMIP-SR-99-9; Travel System Requirements; Issue date: July 1999. FFMSR document: JFMIP-SR-99-14; Seized Property and Forfeited Assets Systems Requirements; Issue date: December 1999. FFMSR document: JFMIP-SR-00-01; Guaranteed Loan System Requirements; Issue date: March 2000. FFMSR document: JFMIP-SR-00-3; Grant Financial System Requirements; Issue date: June 2000. FFMSR document: JFMIP-SR-00-4; Property Management Systems Requirements; Issue date: October 2000. FFMSR document: JFMIP-SR-01-01; Benefit System Requirements; Issue date: September 2001. FFMSR document: JFMIP-SR-02-02; Acquisition/Financial Systems Interface Requirements; Issue date: June 2002. FFMSR document: JFMIP-SR-03-01; Revenue System Requirements; Issue date: January 2003. FFMSR document: JFMIP-SR-03-02; Inventory, Supplies and Materials System Requirements; Issue date: August 2003. FFMSR document: JFMIP-SR-02-01; Addendum to Core Financial System Requirements; Issue date: March 2004. FFMSR document: JFMIP-SR-01-04; Framework for Federal Financial Management Systems; Issue date: April 2004. FFMSR document: OFFM-NO-0106; Core Financial System Requirements; Issue date: January 2006. FFMSR document: OFFM-NO-0206; Insurance System Requirements; Issue date: June 2006. Source: OMB's Office of Federal Financial Management (OFFM). Note: Effective December 1, 2004, all financial management system requirements documents and other guidance initially issued by the JFMIP were transferred to OFFM and remain in effect until modified. [End of table] [End of section] Appendix III: Statements of Federal Financial Accounting Concepts, Standards, Interpretations, and Technical Bulletins: [See PDf for Image] Source: FASAB. [A] Effective dates do not apply to Statements of Federal Financial Accounting Concepts, Interpretations, and Technical Bulletins. [End of table] [End of section] Appendix IV: Accounting and Auditing Policy Committee Technical Releases: Table: Technical release: TR-1 Audit Legal Representation Letter Guidance; AAPC release date: March 1, 1998. Technical release: TR-2 Determining Probable and Reasonably Estimable for Environmental Liabilities in the Federal Government; AAPC release date: March 15, 1998. Technical release: TR-3 Preparing and Auditing Direct Loan and Loan Guarantee Subsidies Under the Federal Credit Reform Act; AAPC release date: July 31, 1999. Technical release: TR-4 Reporting on Non-Valued Seized and Forfeited Property; AAPC release date: July 31, 1999. Technical release: TR-5 Implementation Guidance on SFFAS No. 10: Accounting for Internal Use Software; AAPC release date: May 14, 2001. Technical release: TR-6 Preparing Estimates for Direct Loan and Loan Guarantee Subsidies Under the Federal Credit Reform Act (Amendments to TR-3); AAPC release date: January 2004. Source: FASAB. [End of table] [End of section] Appendix V: Checklists for Reviewing Systems under the Federal Financial Management Improvement Act: Table: Checklist: GAO/AIMD-00-21.2.3; Human Resources and Payroll Systems Requirements; Issue date: March 2000. Checklist: GAO-01-99G; Seized Property and Forfeited Assets Systems Requirements; Issue date: October 2000. Checklist: GAO/AIMD-21-2.6; Direct Loan System Requirements; Issue date: April 2000. Checklist: GAO/AIMD-21.2.8; Travel System Requirements; Issue date: May 2000. Checklist: GAO/AIMD-99-21.2.9; System Requirements for Managerial Cost Accounting; Issue date: January 1999. Checklist: GAO-01-371G; Guaranteed Loan System Requirements; Issue date: March 2001. Checklist: GAO-01-911G; Grant Financial System Requirements; Issue date: September 2001. Checklist: GAO-02-171G; Property Management Systems Requirements; Issue date: December 2001. Checklist: GAO-04-22G; Benefit System Requirements; Issue date: October 2003. Checklist: GAO-04-650G; Acquisition/Financial Systems Interface Requirements; Issue date: June 2004. Checklist: GAO-05-225G; Core Financial System Requirements; Issue date: February 2005. Source: GAO. [End of table] [End of section] Appendix VI: Comments from the Office of Management and Budget: Executive Office Of The President: Office Of Management And Budget: Washington, D.C. 20503: Jul 20 2007: Mr. McCoy Williams: Director, Financial Management and Assurance: United States Government Accountability Office: Washington, DC 20548: Dear Mr. Williams: Thank you for the opportunity to comment on the draft Government Accountability Office (GAO) draft report entitled "Financial Management: Long-standing Financial Systems Weaknesses Present a Formidable Challenge" (GAO-07-914). We appreciate GAO's careful review and agree with your assessment that federal agencies have continued to make progress in financial management, however many agencies still need to improve their financial systems so that reliable, useful, and timely financial management information is available for day-to-day operations. We are working aggressively to assist agencies in building a strong foundation of financial management practices through our three major initiatives: the President's Management Agenda (PMA), the Financial Management Line of Business (FMLoB), and the revised OMB Circular No. A- 123 (A-123), Management's Responsibility for Internal Control. The goals of each of these initiatives align with the goals of the Federal Financial Management Improvement Act (FFMIA) - creating the full range of information needed for day-to-day management. Over the past years, agencies have made progress in improving financial performance by obtaining unqualified opinions on their financial statements and in resolving long standing material weakness. However, as you highlight in this report, our common goal goes beyond attaining unqualified opinions on agency financial statements. We are both striving for the creation and use of reliable and timely management information. Through three major initiatives: The President's Management Agenda, the Financial Management Line of Business and the revised OMB Circular No. A-123, Management's Responsibility for Internal Control, agencies are working aggressively to create a full range of information needed for day-to-day management. Under the PMA's Improving Financial Performance initiative, the standards for achieving "green" status include receiving an unqualified financial statement opinion, eliminating all repeat material weaknesses and non-compliances, using financial data to make key management decisions, and being found in substantial compliance with FFMIA. A "green" status rating demonstrates that an agency has sound accounting processes and effective internal controls, which ensures timely and accurate financial data that drive better results. The past year has been especially productive for the FMLoB initiative. We finalized an initial set of performance measures, released exposure draft of the Common Government Accounting Classification (CGAC) Structure, and developed business process standards for Funds Control and Payment Management. Beyond these milestones, we are fully aware that in order for the new standards to be accepted, we must first establish a coherent implementation strategy. As a result, we are working to build a sound strategy that will enable a seamless transition to the new standard, e.g., CGAC. Appendix A of A-123 directs Federal managers to take a proactive approach to assessing internal controls by: 1) documenting the reporting processes end-to-end, 2) directly testing key controls to validate effectiveness, and 3) reporting on the results of the test in a new management assurance statement. These internal control requirements complement and support the standards set by the PMA and the FMLoB. Many of the ongoing assessment required under the revised A- 123 mirror the types of assessment that would occur in establishing a statement of positive assurance under FFMIA. While the draft report does not recommend any additional actions, it nonetheless reiterates a recommendation that OMB clarify the definition of "substantial compliance." In our update to Circular A-127, Financial Management Systems, our goal will be to simplify FFMIA compliance requirements as well as to better balance the FFMIA objectives of generating audited financial statements and providing meaningful information for decision makers. Accordingly, we will take your recommendation under advisement. In addition, the draft report reiterates a recommendation requiring a statement of positive assurance. The three initiatives outlined above are helping agencies identify and correct FFMIA deficiencies and, as a result, we believe that requiring a statement of positive assurance would be costly and would not provide additional information that would be of benefit to the Federal agency, OMB, or the taxpayer. Finally, we applaud GAO for planning a forum to address the challenges agencies face when trying to achieve and maintain compliance with FFMIA. We look forward to the outcome of the forum. Thank you again for the opportunity to review and provide comment on your draft report. Sincerely, Signed by: Linda Combs: Controller: [End of section] Appendix VII: GAO Contact and Staff Acknowledgments: GAO Contact: McCoy Williams, (202) 512-9095 or williamsm1@gao.gov: Acknowledgments: In addition to the contact named above, Kay L. Daly, Assistant Director; F. Abe Dymond, Assistant General Counsel; Debra Cottrell; Francine DelVecchio; Lauren Fassler; C. Robin Hodge; Jennifer Leone; Sheila D. Miller; and George Warnock made key contributions to this report. FOOTNOTES [1] Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990). [2] Federal Financial Management Improvement Act of 1996, Pub. L. No. 104-208, div. A., § 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 30, 1996). [3] Department of Commerce (Commerce), Environmental Protection Agency (EPA), General Services Administration (GSA), National Science Foundation (NSF), Office of Personnel Management (OPM), and Social Security Administration (SSA). [4] The SGL provides a standard chart of accounts and standardized transactions that agencies are to use in all their financial systems. [5] Departments of Education, Housing and Urban Development (HUD), Interior, Labor, and State. [6] GAO, Financial Management Systems: Additional Efforts Needed to Address Key Causes of Modernization Failures, GAO-06-184 (Washington, D.C.: Mar. 15, 2006). [7] A concept of operations defines how an organization's day-to-day operations are (or will be) carried out to meet mission needs. It includes high-level descriptions of information systems, their interrelationships, and information flows. It also describes the operations that must be performed, who must perform them, and where and how the operations will be carried out. [8] Some CFO Act agencies, such as the Department of Transportation, the General Services Administration, and the Nuclear Regulatory Commission were already using the shared service provider concept prior to OMB's financial management line of business initiative. [9] GAO has worked in partnership with the President's Council on Integrity and Efficiency (PCIE) to develop and maintain the joint Financial Audit Manual, which provides specific procedures auditors should perform when assessing FFMIA compliance. [10] Pub. L. No. 97-255, 96 Stat. 814 (Sept. 8, 1982) (codified at 31 U.S.C. § 3512 (c), (d)). [11] GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). [12] Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993). [13] Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994). [14] Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996). [15] Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002) (codified at 31 U.S.C. § 3515). The Accountability of Tax Dollars Act of 2002 extends the requirement to prepare and submit audited financial statements to most executive agencies not subject to the CFO Act unless they are exempted by OMB. However, these agencies are not required to have systems that are compliant with FFMIA requirements. [16] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). [17] Pub L. No. 107-347, title III 116 Stat. 2946 (Dec. 17, 2002). [18] Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004). [19] The American Institute of Certified Public Accountants recognizes the federal accounting standards promulgated by the Federal Accounting Standards Advisory Board as generally accepted accounting principles. For a further description of federal accounting standards, see app. I. [20] OMB has announced that this guidance is under review and will be revised in 2007. [21] The PCIE--which is governed by Executive Order No. 12805 of May 11, 1992--was established to (1) address integrity, economy, and effectiveness issues that transcend individual government agencies and (2) increase the professionalism and effectiveness of inspectors general personnel throughout the government. The PCIE is composed primarily of the presidentially appointed inspectors general. Officials from OMB, the Federal Bureau of Investigation, Office of Government Ethics, Office of Special Counsel, and OPM serve on the PCIE as well. [22] GAO-01-765G, section 260.58-.60 and GAO-03-466G, sections 701, 701A, and 701B. [23] OMB Bulletin No. 06-03, Audit Requirements for Federal Financial Statements (Aug. 23, 2006). [24] OMB Bulletin No. 06-03, Audit Requirements for Federal Financial Statements (Aug. 23, 2006). [25] GAO, Financial Management: FFMIA Implementation Critical for Federal Accountability, GAO-02-29 (Washington, D.C.: Oct. 1, 2001); Financial Management: FFMIA Implementation Necessary to Achieve Accountability, GAO-03-31 (Washington, D.C.: Oct. 1, 2002); Financial Management: Sustained Efforts Needed to Achieve FFMIA Accountability, GAO-03-1062 (Washington, D.C.: Sept. 30, 2003); Financial Management: Improved Financial Systems Are Key to FFMIA Compliance, GAO-05-20 (Washington, D.C.: Oct. 1, 2004); Financial Management: Achieving FFMIA Compliance Continues to Challenge Agencies, GAO-05-881 (Washington, D.C.: Sept. 20, 2005); and Financial Management: Improvements Under Way but Serious Financial Systems Problems Persist, GAO-06-970 (Washington, D.C.: Sept. 26, 2006). [26] GAO-06-970. [27] Federal financial system requirements define an integrated financial system as one that coordinates a number of previously unconnected functions to improve overall efficiency and control. Characteristics of such a system include (1) standard data classifications for recording financial events; (2) common processes for processing similar transactions; (3) consistent control over data entry, transaction processing, and reporting; and (4) a system design that eliminates unnecessary duplication of transaction entry. OMB Circular No. A-127, Financial Management Systems, paragraph 7(b) (Revised Dec. 1, 2004). [28] Effective December 1, 2004, all financial management system requirements documents and other guidance initially issued by the Joint Financial Management Improvement Program were transferred to OFFM and remain in effect until modified. [29] GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.: Jan. 31, 2007). [30] GAO-06-184. [31] Departments of Education, Housing and Urban Development (HUD), Interior, Labor, and State. [32] Agriculture, DOD, Energy, HHS, DHS, DOJ, DOT, Treasury, VA, NASA, NRC, and SBA. [33] GAO-07-310. [34] Disciplined processes have been shown to reduce the risks associated with software development and acquisition efforts to acceptable levels and are fundamental to successful system implementations. [35] GAO, Financial Management Systems: DHS Has an Opportunity to Incorporate Best Practices in Modernization Efforts, GAO-06-553T (Washington, D.C.: Mar. 29, 2006). [36] GAO, Homeland Security: Departmentwide Integrated Financial Management Systems Remain a Challenge, GAO-07-536 (Washington, D.C.: June 21, 2007); Homeland Security: Transforming Departmentwide Financial Management Systems Remains a Challenge, GAO-07-1041T (Washington, D.C.: June 28, 2007). [37] GAO-06-184. [38] The four agencies designated as shared service providers were the Department of the Interior (National Business Center), GSA (Federal Integrated Solutions Center), Department of the Treasury (Bureau of the Public Debt Administrative Resource Center), and Department of Transportation (Enterprise Services Center). [39] FSIO was formerly known as the Joint Financial Management Improvement Program (JFMIP) staff office. In December 2004, the JFMIP Principals voted to modify the roles and responsibilities of the JFMIP Program Office, now FSIO. The FSIO Executive reports to OMB's Office of Federal Financial Management Controller. See OMB, Update on the Financial Management Line of Business and the Financial Systems Integration Office Memorandum (Washington, D.C.: Dec. 16, 2005). [40] OMB, FMLOB Funds Control Standard Business Process, Exposure Draft (Washington, D.C.: March 2007). [41] OMB, FMLOB Payment Management Standard Business Process Exposure Draft (Washington, D.C.: May 2007). [42] OMB, Financial Services Assessment Guide Version 1 (Washington, D.C.: Mar. 30, 2007). [43] FSIO, Core Financial System Product Qualification Test Policy (Washington, D.C.: March 2007). [44] GAO-06-184. [45] GAO, Financial Management: Improvements Under Way but Serious Financial Systems Problems Persist, GAO-06-970 (Washington, D.C.: Sept. 26, 2006). [46] GAO-02-29, GAO-03-31, GAO-05-20, GAO-05-881, and GAO-06-970. [47] Core financial systems, as defined by the Office of Federal Financial Management (OFFM), include managing general ledger, funding, payments, receivables, and certain basic cost functions. [48] Examples of administrative systems include budget, acquisition, travel, property, and human resources and payroll. [49] GAO-01-765G, section 260.58-.60 and GAO-03-466G, sections 701, 701A, and 701B. [50] In October 1990, the Secretary of the Treasury, the Director of OMB, and the Comptroller General established FASAB to develop a set of generally accepted accounting standards and concepts for the federal government. Effective October 1, 2003, FASAB is comprised of six nonfederal or public members, one member from the Congressional Budget Office, and the three sponsors. [51] Accounting standards are authoritative statements of how particular types of transactions and other events should be reflected in financial statements. SFFACs explain the objectives and ideas upon which FASAB develops the standards. [52] An interpretation is a document of narrow scope that provides clarifications of original meaning, additional definitions, or other guidance pertaining to an existing federal accounting standard. [53] In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the Chief Financial Officers Council, and the President's Council on Integrity and Efficiency, established AAPC to assist the federal government in improving financial reporting. [54] SGL guidance is published in the Treasury Financial Manual. Treasury's Financial Management Service is responsible for maintaining the SGL and answering agency inquiries. [55] GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3 (Washington, D.C.: November 1999). [56] OMB Circular No. A-123, Management's Responsibility for Internal Control (revised Dec. 21, 2004). [57] Pub. L. No. 107-204, § 404, 116 Stat. 745, 789 (July 30, 2002). GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400: U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800: U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: