This is the accessible text file for GAO report number GAO-02-791T entitled 'Financial Management: Effective Implementation of FFMIA Is Key to Providing Reliable, Useful, and Timely Data' which was released on June 6, 2002. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States General Accounting Office: GAO: Testimony Before the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, Committee on Government Reform, House of Representatives: For Release on Delivery: Expected at 10 a.m. EDT: Thursday, June 6, 2002: Financial Management: Effective Implementation of FFMIA Is Key to Providing Reliable, Useful, and Timely Data: Statement of Sally E. Thompson: Director, Financial Management and Assurance GAO-02-791T: Mr. Chairman and Members of the Subcommittee: I am pleased to be here to discuss the challenges most of the federal departments and agencies still face in meeting the basic expectations outlined in the Federal Financial Management Improvement Act (FFMIA). As you requested, our testimony today addresses the status of agencies’ efforts to implement and maintain systems that substantially comply with FFMIA. FFMIA builds on the foundation laid by the Chief Financial Officers (CFO) Act of 1990 by emphasizing the need for agencies to have financial management systems that can generate timely, accurate, and useful information with which to make informed decisions and to ensure accountability on an ongoing basis. FFMIA requires the 24 CFO Act agencies to implement and maintain financial management systems that comply substantially with the (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) U.S. Standard General Ledger (SGL) at the transaction level. Further, FFMIA requires auditors to report in their CFO Act financial statement audit reports whether the agencies’ financial management systems comply with FFMIA’s requirements. We are also required to report annually on the implementation of the act. We plan to issue our sixth annual report on agency compliance with FFMIA by October 1 of this year. The results of the fiscal year 2001 FFMIA assessments performed by agency inspectors general (IG) or their contract auditors again show that the same types of problems still plague the financial management systems used by the 24 CFO Act agencies. While much more severe at some agencies than others, the nature and severity of the problems indicate that, overall, agency management lacks the full range of information needed for accountability, performance reporting, and decision making. While the CFO Act agencies have obtained more clean or unqualified audit opinions on their financial statements, often through extraordinary, labor-intensive measures, there is little evidence of marked improvements in agencies’ capacities to create the full range of information needed to manage day-today operations. As we have previously testified[Footnote 1] before this subcommittee, if agencies continue year after year to rely on significant costly and time-intensive manual efforts to achieve or maintain unqualified opinions without improving underlying financial management systems, it can mislead the public about the true status of the agencies’ financial management capabilities. An unqualified opinion achieved on this basis will become an accomplishment without much substance. Increasing attention from the highest levels of the federal government is being targeted on improving federal financial management. Most importantly, The President’s Management Agenda Fiscal Year 2002 includes improved financial performance as one of the five top governmentwide management goals. Improvement in federal financial management systems is central to achieving improved financial performance. The administration plans to use the Executive Branch Management Scorecard to highlight agency progress in achieving the management and performance improvements embodied in the President’s Management Agenda. Moreover, the Joint Financial Management Improvement Program (JFMIP) principals[Footnote 2] have been holding a series of periodic meetings that have resulted in unprecedented substantive deliberations and agreements focused on key reform issues such as better-defined measures for gauging financial management success and the establishment of audit committees. In addition, the JFMIP principals have agreed to significantly accelerate financial statement reporting so that the government’s financial statements are more timely and to discourage costly efforts designed to obtain unqualified opinions without addressing underlying systems challenges. For fiscal year 2004, agency audited financial statements are to be issued no later than November 15. These top management efforts underscore the critical need for the modernization of financial management systems as called for by the CFO Act, including the systematic measurement of performance; development of cost information; and integration of program, budget, and financial information. Today I will discuss (1) auditors’ determinations of FFMIA compliance for fiscal year 2001, (2) problems that affect agency systems’ compliance with FFMIA, (3) current actions leading to renewed emphasis on timely, accurate, and useful information from federal financial management systems, (4) the increasing importance of managerial cost information to fulfill the objectives of the President’s Management Agenda, and (5) agency efforts to implement new financial management systems. To develop this testimony, we analyzed the audit reports issued for the 24 CFO Act agencies for fiscal year 2001 and summarized previously issued GAO reports. We also included information from our ongoing work on cost management in the federal government. We conducted our work in accordance with generally accepted government auditing standards. Auditors’ Determinations of FFMIA Compliance for Fiscal Year 2001: Most agencies do not yet have timely, accurate, and useful financial information, including cost data, with which to make informed decisions and ensure accountability on an ongoing basis. IGs and their contract auditors reported that the systems of 20 of the 24 CFO Act agencies did not substantially comply with at least one of FFMIA’s three requirements for fiscal year 2001. As shown in figure 1, the long-standing weaknesses in agency financial management systems, including internal control issues, can be seen by the steady number of agencies with systems that did not substantially comply with FFMIA over the past several years. In contrast, as also shown in figure 1, the number of qualified or disclaimers of opinions on agency financial statements have steadily decreased over the past 5 years from 13 for fiscal year 1997 to 6 for fiscal years 2000 and 2001. This decrease in qualified and disclaimers of opinions results from monumental efforts in which agencies expend significant resources simply to prepare financial statements. For agencies equipped with modern, fully integrated financial management systems, preparation of financial statements would be more routine and much less costly. Auditors for four agencies—the Departments of Energy and Labor, the General Services Administration (GSA), and the Social Security Administration provided negative assurance in reporting on FFMIA compliance for fiscal year 2001, meaning that nothing came to their attention indicating these agencies’ financial management systems do not meet FFMIA requirements. If readers do not understand the concept of negative assurance, they may have gained an incorrect impression that these systems have been reported by the auditors to be substantially compliant. It is our opinion that because the act requires auditors to “report whether” agency systems are compliant, the auditor needs to provide positive assurance, which would be a definitive statement as to whether agency financial management systems comply with FFMIA. We provide positive assurance on FFMIA compliance for those federal entities for which we conduct financial audits. For example, we reported that the Internal Revenue Service’s financial management systems did not substantially comply with FFMIA. Later in my statement, I will discuss other implications related to FFMIA compliance testing and reporting. Figure 1: Agency Systems’ Compliance with FFMIA 1997 through 2001: [Refer to PDF for image: multiple line graph] Graph contains line depicting number of agencies in compliance with qualified/disclaimer opinions and noncompliant systems for the years 1997-2001. Source: Agency audit reports for fiscal years 1997 through 2001. [End of figure] Widespread Systems Problems Affect FFMIA Compliance: The continuing trend of noncompliance with FFMIA indicates the overall long-standing poor condition of agency financial systems. Correcting the systems problems is a difficult challenge for agencies because of the age and poor condition of their critical financial systems. Some of the federal government’s computer systems were originally designed and developed years ago (in some cases, over a decade ago) and do not meet current systems requirements. These legacy systems cannot provide reliable financial information for key governmentwide initiatives, such as integrating budget and performance information. Based on our review of the fiscal year 2001 audit reports for the 20 agencies reported to have systems not in substantial compliance with one or more of FFMIA’s three requirements, we identified six primary reasons. The weaknesses reported by the auditors ranged from serious, pervasive systems problems to less serious problems that may affect one aspect of an agency’s accounting operation: * nonintegrated financial management systems, * inadequate reconciliation procedures, * lack of accurate and timely recording of financial information, * noncompliance with the SGL, * lack of adherence to federal accounting standards and/or OMB requirements, and, * weak security controls over information systems. Figure 2 shows the relative frequency that these problems were cited by the auditors at the 20 agencies. However, the auditors may not have reported these problems as specific reasons for lack of substantial compliance with FFMIA. We caution that the degree of noncompliance in a particular category may be even greater since auditors may not have included all problems affecting FFMIA compliance in their reports. For some agencies, the problems are so serious and well known that the auditor can readily determine that the systems lack substantial compliance without examining every facet of FFMIA compliance. Therefore, the reported problems may not be all-inclusive. Figure 2: Problems Reported by the Auditors for Fiscal Year 2001: [Refer to PDF for image: vertical bar graph] Problem: Nonintegrated systems; Number of agencies: 14. Problem: Inadequate reconciliations; Number of agencies: 13. Problem: Untimely entries; Number of agencies: 12. Problem: SGL noncompliance; Number of agencies: 8. Problem: Lack of adherence to accounting standards; Number of agencies: 14. Problem: Weak information security; Number of agencies: 20. Source: GAO analysis of agency audit reports for fiscal year 2001. We did not independently verify or test the data in the agency audit reports. [End of figure] Nonintegrated Financial Management Systems: According to the CFO Act, each of the 24 agencies is to develop and maintain an integrated accounting and financial management system[Footnote 3] that complies with federal systems requirements and provides for (1) complete, reliable, consistent, and timely information that is responsive to the financial information needs of the agency and facilitates the systematic measurement of performance, (2) the development and reporting of cost information, and (3) the integration of accounting, budgeting, and program information. In this regard, OMB Circular A-127, Financial Management Systems, requires agencies to establish and maintain an integrated financial management system that conforms with JFMIP’s functional requirements. An integrated financial system coordinates a number of functions to improve overall efficiency and control. For example, integrated financial management systems are designed to avoid unnecessary duplication of transaction entry and greatly lessen reconciliation issues because transactions are entered only once. Moreover, with an integrated financial management system, an agency is more likely to have reliable, useful, and timely financial information for day-to-day decision making as well as external reporting. Agencies that do not have integrated financial management systems typically must expend major effort and resources, including in some cases hiring external consultants, to develop information that their systems should be able to provide on a daily or recurring basis. In addition, opportunities for errors are significantly increased when agencies’ systems are not integrated. Agencies with nonintegrated financial systems are more likely to be required to devote more resources to collecting information than those with integrated systems. OMB’s accelerated reporting dates for agency performance and accountability reports[Footnote 4] make these major efforts and devotion of resources unsustainable in the long term. In fiscal year 2001, agency performance and accountability reports were due February 27, 2002. In contrast, under OMB’s current reporting requirements, agency performance and accountability reports for fiscal year 2002 are due to OMB by February 1, 2003. OMB is further accelerating the deadline so that by fiscal year 2004, agencies will submit these reports by November 15, 2004. With these new accelerated reporting dates, it will be difficult for agencies to continue to rely on significant, costly, and time-intensive manual efforts to achieve or maintain unqualified opinions until automated, integrated processes and systems are implemented that readily produce the necessary information. As a result, many agencies must accelerate their efforts to improve underlying financial management systems and controls, which is consistent with reaching the financial management success measures envisioned by the President’s Management Agenda and the JFMIP principals. Auditors frequently mentioned the lack of modern, integrated financial management systems in their fiscal year 2001 audit reports. As shown in figure 2, auditors for 14 of the 20 agencies with noncompliant systems reported this as a problem. For example, the Department of Education’s lack of a fully integrated financial management system seriously affects its ability to accumulate, analyze, and present reliable financial information. According to its auditors, Education compiles its financial statements through a multistep process that includes both manual and automated procedures, which increase the risk of errors in the departmentwide financial statements. These manual processes can lead to errors that may affect current and prior fiscal years. For example, Education recorded numerous restatements and reclassifications of prior fiscal year financial statement balances based on its extensive analysis of certain general ledger balances in an effort to resolve errors that existed in past years. While the auditors noted that some of the entries to correct or reclassify amounts resulted from Education’s extensive analysis, the identification of these errors reinforces concerns about Education’s lack of an integrated financial management system. According to the auditors, Education processed and approved adjustments to correct or reclassify amounts that were later discovered to be erroneous. These new errors resulted in the need for additional manual adjustments to correct these new errors, which cast doubt on the sufficiency of the process for reviewing and approving adjustments. To focus attention on long-standing financial management issues, the Secretary of Education created a Management Improvement Team (MIT). The MIT’s goals include addressing outstanding recommendations related to the financial statement audits and ensuring an environment with effective internal controls. The Education IG noted that the MIT has identified corrective actions for improving the department’s programs and operations. The Department of Defense’s (DOD) lack of integration between its financial management systems and its other business systems is a critical issue to be addressed in its transformation of business practices. DOD has reported that an estimated 80 percent of the data needed for sound financial management comes from other business operations, such as its acquisition and logistics communities. As we testified in March,[Footnote 5] DOD’s vast array of costly, nonintegrated, duplicative, and inefficient financial management systems reflects the lack of an enterprisewide, integrated approach to addressing its management challenges. DOD’s Under Secretary of Defense (Comptroller) has stated that the development of a financial management enterprise architecture[Footnote 6] is a major step toward achieving the Secretary’s goal of transforming DOD’s outdated support structure, including decades old financial systems that are not well interconnected. Most recently, DOD selected International Business Machines (IBM) to develop its departmentwide financial management enterprise architecture and set aside nearly $100 million for this effort. According to DOD officials, this reform effort will integrate the department’s systems and business processes in the fields of logistics, health care, accounting, finance, personnel and other areas and reduce the more than 1100 stand-alone systems currently generating financial information. Inadequate Reconciliation Procedures: A reconciliation process, even if performed manually, is a valuable part of a sound financial management system. In fact, the less integrated the financial management system, the greater the need for adequate reconciliations because data for the same transaction may be separately entered in multiple systems, causing the risk of errors to be greater. For example, according to its auditors, the Agency for International Development (AID) places a greater reliance on processes like reconcilations because it lacks an integrated system. Reconciliation of records from the multiple systems would ensure transaction data were entered correctly in each one. Reconciliation procedures are a control necessary to maintain and substantiate the accuracy of the data reported in an agency’s financial statements and reports. The Comptroller General’s Standards for Internal Control in the Federal Government[Footnote 7] highlights reconciliation as a key control activity. As shown in figure 2, auditors for 13 of the 20 agencies with noncompliant systems reported that the agencies had reconciliation problems, including difficulty reconciling their Fund Balance with Treasury accounts[Footnote 8] with the Department of the Treasury’s records. Treasury policy requires agencies to reconcile their accounting records with Treasury records monthly, which is comparable to individuals reconciling their checkbooks to their monthly bank statements. However, such reconciliations are not being routinely performed. For example, some of the fund balances with Treasury for the Department of State did not reconcile with Treasury’s fund balance amounts. State’s auditors reported that the absolute difference [Footnote 9] between State’s and Treasury’s balances as of September 30, 2001, was about $131 million. State’s auditors noted that while progress had been made in reducing the net difference between State’s and Treasury’s records, weaknesses in the reconciliation process still remain, particularly affecting older fund balances. The auditors recommended that State reexamine its reconciliation processes and also assess whether adjustments should be made to its records. Inadequate reconciliation procedures also complicate the identification and elimination of intragovernmental transactions. As we testified in April,[Footnote 10] agencies have not reconciled intragovernmental balances with their trading partners[Footnote 11] and, as a result, information reported to Treasury is not reliable. For several years, OMB and Treasury have required the CFO Act agencies to reconcile selected intragovernmental activity and balances with their trading partners. However, numerous agencies did not fully perform these reconciliations for fiscal year 2000. Beginning with fiscal year 2001, OMB and Treasury required agency CFOs to report on the extent and results of intragovernmental activity reconciliation efforts. The IGs reviewed these reports and communicated the results to OMB, Treasury, and GAO. IGs reported that the required reconciliations for fiscal year 2001 were not fully performed, citing reasons such as (1) trading partners’ not providing needed data, (2) limitations and incompatibility of agency and trading partner systems, and (3) human resource issues. For fiscal years 2001 and 2000, amounts reported for agency trading partners for certain intragovernmental accounts were significantly out of balance. The continued involvement of the CFO Act agencies, the JFMIP principals and OMB will be critical to resolving this issue. Lack of Accurate and Timely Recording of Financial Information: Accurate and timely recording of financial information is key to successful financial management. Recording transactions timely can facilitate accurate reporting in agencies’ financial reports and other management reports that are used to guide managerial decision making. The Comptroller General’s Standards for Internal Control in the Federal Government states that transactions should be promptly recorded to maintain their relevance and value to management in controlling operations and making decisions. As shown in figure 2, auditors for 12 of the 20 agencies with noncompliant systems found that agencies did not accurately and timely record transactions in the general ledger. The lack of timely transaction recording can also result in the use of inaccurate information for decision making. For example, auditors for six agencies reported that unliquidated obligations[Footnote 12] were not deobligated timely due to the lack of procedures for reviewing unliquidated obligations or the failure to follow these procedures. Agency failure to deobligate funds timely may result in the loss of the use of those funds. For example, auditors for the Department of Transportation (DOT) identified about $293 million of obligations that were no longer needed and could be used for other valid purposes or returned to the U.S. Treasury. Untimely transaction recording during the fiscal year can also result in substantial efforts at fiscal year-end to perform extensive manual financial statement preparation efforts that are susceptible to error and increase the risk of misstatements. For example, auditors reported that Department of Justice components did not perform their accrual- based financial transaction processing on an ongoing basis. Auditors for two components, the Drug Enforcement Administration and the Offices, Boards, and Divisions, stated that the financial statement preparation effort must be a componentwide effort, involving all program budget and administrative offices. Gathering financial data only at year-end does not provide adequate time to analyze transactions or account balances. Without time to perform these analyses, misstated or unsupported financial statement account balances can occur. Further, it impedes management’s ability to have timely and useful information for decision making. Noncompliance with the SGL: Implementing the SGL at the transaction level is one of the specific requirements of FFMIA. However, as shown in figure 2, auditors for 8 of the 20 noncompliant agencies reported that the agencies’ systems did not comply with SGL requirements. The SGL, mandated for use by OMB and Treasury in 1986, promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions. These defined accounts and pro forma transactions are used to standardize the accumulation of agency financial information, as well as enhance financial control and support financial statement preparation and other external reporting. By not implementing the SGL, agencies are challenged to provide consistent financial information across their component agencies and functions. For example, auditors for AID reported that AID does not report on its mission activities[Footnote 13] using the SGL at the transaction level. These mission activities account for approximately 52 percent of AID’s total net cost of operations. AID records its mission activities in its Mission Accounting and Control System—an automated system that uses transaction codes that do not match to the SGL chart of accounts. AID uses a monthly process to crosswalk these mission transactions to the SGL, but cannot ensure that transactions are posted properly and consistently from mission to mission. OMB officials have stated that while this monthly process may be a good interim solution until AID has fully implemented its new core financial system, this process does not allow AID’s systems to be substantially compliant with the SGL at the transaction level. Until AID deploys its newly implemented core financial system worldwide, it will continue to use the Mission Accounting and Control System for its overseas missions.[Footnote 14] The Department of Housing and Urban Development’s (HUD) Federal Housing Administration (FHA) must use several manual processing steps to convert its commercial accounts to SGL accounts. FHA’s legacy core financial system, which includes its general ledger, is based on commercial rather than governmental accounting. FHA has 22 systems that feed transactions to its core financial system, 15 of which cannot process transactions in the SGL format. FHA’s manual processes include the use of personal computer-based software to convert its commercial accounts to the SGL. FHA then transfers the balances to HUD’ s Central Accounting and Program System (HUDCAPS). HUD’s auditors noted that FHA’s current process does not meet federal financial management systems requirements that a core financial system “provide for the automated and year-end closing of SGL accounts and rollover of the SGL account balances.” FHA has completed the initial phases of its project to implement a commercial off-the-shelf (COTS) financial software system. FHA intends to complete implementation of the general ledger module of this COTS system by the beginning of fiscal year 2003, including the implementation of the SGL at the transaction level. Lack of Adherence to Federal Accounting Standards: FFMIA requires that agencies’ financial management systems comply with applicable federal accounting standards, which are developed by the Federal Accounting Standards Advisory Board (FASAB). Agency CFOs are required to use these standards in developing financial management systems and in preparing financial statements. Currently, there are 22 statements of federal financial accounting standards (SFFAS) and 3 statements of federal financial accounting concepts. FASAB continues to deliberate on new and emerging issues that could result in the promulgation of additional standards; therefore, agencies’ systems must be able to accommodate any new standards issued in the future. As shown in figure 2, auditors for 14 of the 20 agencies with noncompliant systems reported that these agencies had problems complying with one or more federal accounting standards. Auditors reported that agencies are having problems implementing standards that have been in effect for some time, as well as standards that have been promulgated in the last few years. Auditors for 3 agencies reported weaknesses affecting compliance with SFFAS No. 7, Revenue and Other Financing Sources, which became effective in fiscal year 1998. For example, FHA, a major component of HUD, was reported by the HUD IG to be in violation of the Anti-Deficiency Act due to a lack of systems and processes capable of fully monitoring and controlling budgetary resources. Auditors for 5 agencies reported trouble implementing SFFAS No. 10, Accounting for Internal Use Software, which became effective at the beginning of fiscal year 2001. Auditors for 7 agencies reported problems implementing SFFAS No. 4, Managerial Cost Accounting Concepts and Standards. The requirement for managerial cost information has been in place since 1990 under the CFO Act and since 1998 as a federal accounting standard. For example, auditors for the Department of Agriculture stated that the department’s systems have not been designed to enable them to provide sufficient and relevant data to comply with SFFAS No. 4. Specifically, the auditors’ review of the accounting for user fees at two agencies disclosed that both agencies were not including the full costs of their user fee programs when determining fees. As a result, Agriculture is unable to provide reliable and timely cost information. Later in my statement today, I will discuss further the impact of managerial cost information on implementation of the President’s Management Agenda. While SFFAS No. 4 uses the term “managerial cost accounting,” some agencies have adopted the term “cost management” instead to emphasize that cost and performance data are needed to improve management decision making and goes beyond the cost data required for external reporting. Weak Security Controls over Information Systems: Information security weaknesses are one of the frequently cited reasons for noncompliance with FFMIA and are a major concern for federal agencies and the general public. These weaknesses are placing enormous amounts of government assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure, and critical operations at risk of disruption. Auditors for 20 of the 24 CFO Act agencies identified weaknesses in security controls over information systems. Auditors for the 4 agencies that provided negative assurance in reporting on compliance with FFMIA, in their fiscal year 2001 audit reports did not consider the computer security problems identified significant enough to be instances of a lack of substantial compliance with FFMIA. Unresolved information security weaknesses could adversely affect the ability of agencies to produce accurate data for decision making and financial reporting because such weaknesses could compromise the reliability and availability of data that are recorded in or transmitted by an agency’s financial management system. Concerned with reports of significant weaknesses in federal computer systems that make them vulnerable to attack, the Congress enacted Government Information Security Reform (GISR) provisions[Footnote 15] to reduce these risks and provide more effective oversight of federal information security. GISR requires agencies to implement an information security program that is founded on a continuing risk management cycle and largely incorporates existing security policies found in OMB Circular A-130, Management of Federal Information Resources, Appendix III. GISR also added an important new requirement by calling for both annual management and independent evaluations of the information security program and practices of an agency. We recently testified[Footnote 16] that information security weaknesses were most often identified[Footnote 17] for (1) security program management, (2) access controls, and (3) service continuity controls. Security program management provides the framework for ensuring that risks are understood and that effective controls are selected and properly implemented. Access controls ensure that only authorized individuals can read, alter, or delete data. Service continuity controls ensure that when unexpected events occur, such as the terrorist attacks on September 11, 2001, critical operations will continue without undue interruption and that crucial, sensitive data are protected. All 24 agencies were reported to have weaknesses in security program management and access controls. Nineteen of the 24 agencies were reported to have weaknesses in their service continuity controls. Information security weaknesses were cited by auditors for the National Science Foundation (NSF) as an instance in which NSF’s systems did not substantially comply with FFMIA’s federal financial management systems requirements.[Footnote 18] Auditors reported that NSF had several weaknesses in its agencywide information security that result in vulnerabilities in logical and physical access controls and has certain vulnerabilities in the design, administration, and monitoring of its controls. Specifically, the auditors noted weaknesses in several areas including (1) application security design, (2) database security, (3) intrusion detection, (4) physical access, and (5) administration of access privileges. These weaknesses increase NSF’s vulnerability to unauthorized viewing, modification, and deletion of financial and other sensitive data, accidentally or deliberately, by internal and external parties. While NSF has been responsive to initiating corrective actions to address these vulnerabilities, limited resources and competing management priorities have affected its ability to fully address these weaknesses. As we recently reported,[Footnote 19] the overriding reason that Treasury’s Financial Management Service (FMS) continues to have problems related to its computer controls is that FMS does not have an effective entitywide computer security program. Consequently, billions of dollars[Footnote 20] of payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions. For fiscal year 2001, the Treasury IG continued to report computer controls as a material weakness at FMS. Work Performed by Auditors to Determine FFMIA Compliance: While the FFMIA requires auditors to report on the compliance of agency systems with the act in the financial statement audit reports, the assessment of compliance can be performed as a separate review. Moreover, this separate review could be conducted during another period of the year or staggered throughout the year when the auditors’ workloads are not as burdensome. While financial statement audits offer some assurances regarding FFMIA compliance, the work needed to assess the compliance of systems with FFMIA is more comprehensive than the testing normally performed as part of a financial statement audit. In performing financial statement audits, auditors generally focus on the capability of the financial management systems to process and summarize financial information that flows into the financial statements. In contrast, FFMIA requires auditors to assess whether an agency’s financial management systems comply with systems requirements and provide complete, accurate, and timely information for managing day-to-day operations. FFMIA was designed to lead to system improvements that provide agency managers with useful information to measure performance and increase accountability on an ongoing basis, rather than just at year-end. In our most recent report on FFMIA,[Footnote 21] we recommended that OMB develop additional guidance, in accordance with the Financial Audit Manual (FAM),[Footnote 22] to specify expected procedures for auditors to perform when assessing FFMIA compliance. This additional guidance should clearly outline (1) the minimum scope of work and (2) the procedures for auditors to perform in determining whether management has reliable, timely, and useful financial information for managing day-to-day operations. Working jointly with representatives from the President’s Council on Integrity and Efficiency (PCIE), we have drafted a section for the FAM with detailed audit steps for testing agencies’ systems’ compliance with FFMIA. If appropriately implemented, these detailed work steps should provide a sufficient basis to conclude as to whether agencies’ systems comply with FFMIA. We will continue to work with PCIE to finalize this new section of the FAM. Remediation Plans Improved but Continue to Lack Important Details: FFMIA requires agency management to prepare remediation plans, in consultation with OMB, that describe the corrective actions they plan to take to resolve their instances of noncompliance, as well as the target dates and resources necessary to bring financial systems into substantial compliance with FFMIA requirements. Although the plans have improved over the years, in the past, we have consistently found that many of these plans lack sufficient detail and descriptions of the resources needed for executing the corrective actions. We are reviewing the remediation plans agencies prepared to address the instances of lack of substantial compliance with FFMIA reported for fiscal year 2000 and will report the results of our analysis in our report to be issued by October 2002. Increasing Emphasis on Improving Financial Management from the Highest Levels of Government: President’s Management Agenda and the Executive Branch Management Scorecard: The administration, with its release of the President’s Management Agenda in August 2001, has set forth improved financial performance as one of its five governmentwide initiatives. OMB’s criteria for measuring improved financial performance include not just getting clean opinions on agency financial statements, but also (1) ensuring that financial management systems meet federal requirements, (2) integrating financial and performance management systems to support day-to-day agency operations, and (3) resolving repeated material weaknesses.[Footnote 23] This is another area that the JFMIP principals have addressed and on which they are in agreement. The administration plans to use the Executive Branch Management Scorecard, based on OMB’s criteria, to highlight agencies’ progress in achieving the improvements embodied in the President’s Management Agenda. This is a step in the right direction to improving management and performance, but the value of the scorecards will be the degree to which the scores lead to sustained focus and demonstrable improvements. It is important that there be continual rigor in the scoring process for the approach to be credible and effective. OMB has provided its baseline scores judging agency financial management as of September 30, 2001, and an updated version of the scorecard will be released during the summer. JFMIP Principals: In August 2001, the JFMIP principals began a series of periodic meetings that have resulted in unprecedented substantive deliberations and agreements focused on key financial management reform issues, such as better defining measures for financial management success. As mentioned previously, the principals agreed to significantly accelerate financial statement reporting so that the government’s financial statements are issued more timely and to discourage costly efforts designed to obtain unqualified opinions on financial statements without addressing the underlying systems challenges. In these meetings, the principals have focused on key issues, some of which I have already highlighted, such as: * defining success measures for financial management performance that go far beyond an unqualified audit opinion on financial statements and include measures such as financial management systems that routinely provide timely, reliable, and useful financial information and no material internal control weaknesses or material noncompliance with laws and regulations and FFMIA requirements; * restructuring the FASAB’s composition to enhance the independence of the board and increasing public involvement in setting standards for federal financial accounting and reporting; * establishing audit committees for the major federal agencies; * overseeing DOD’s business transformation efforts; * monitoring actions to modernize and reduce the cost of routine operations of federal payroll systems; and; * addressing the impediments to an audit opinion on the U.S. government’s consolidated financial statements, including intragovernmental transactions. Future meetings will enable the JFMIP principals to reach agreements and monitor progress on strategies critical to the full and successful implementation of federal financial management reform. Managerial Cost Information Is Critical for Implementing the President’s Management Agenda: According to the President’s Management Agenda, the accomplishment of the other four governmentwide initiatives[Footnote 24] will matter little without the integration of agency budgets with performance. The lack of a consistent information and reporting framework for performance, budgeting, and accounting obscures how well government programs are performing as well as comparisons of performance and cost across programs. Timely, accurate, and useful financial and performance information can form the basis for reconsidering the relevance or “fit” of any federal program or activity in today’s world and for the future. However, even the most meaningful links between performance results and resources consumed are only as good as the underlying data. Therefore, agencies must first address long-standing problems within their financial systems. Linking of agency budgets with performance is enhanced when agencies integrate managerial cost information into their program activities (or lines of business). For example, Treasury’s IG stated that one of the management and performance challenges[Footnote 25] that Treasury faces is the integration of cost accounting with its business activities. Currently, Treasury managers are unable to link resources to results and often report their accomplishments based on anecdotal performance evidence and outdated financial information. Agency implementation of managerial cost accounting can be a complex and arduous task. For example, the Federal Aviation Administration (FAA) has been developing a cost accounting system, as required by the Federal Aviation Reauthorization Act of 1996,[Footnote 26] for several years. DOT’s IG recently reported[Footnote 27] that notwithstanding the progress and successes realized so far, FAA still faces significant challenges to complete and operate a credible cost accounting system. FAA still needs to (1) implement, on a timely basis, fully developed cost accounting and labor distribution systems, (2) establish cost and performance management practices, (3) account for overhead costs, (4) track assets, and (5) develop an adequate system of internal controls. Other agencies have adopted various methods of accumulating and assigning costs to obtain managerial cost information needed to enhance programs, improve processes, establish fees, develop budgets, prepare financial reports, and report on performance. A number of agencies have implemented activity-based costing (ABC), which creates a cost model of an organization by identifying the activities performed, the resources consumed, and the outputs (products and services) produced by that organization. ABC then uses accounting and workload data to assign costs to the activities and related outputs. For example, the Small Business Administration (SBA) uses ABC to support financial reporting, management decision making, performance reporting, budgeting, and cost reimbursements. For example, SBA has used information from its cost management system to prepare the Statement of Net Costs, make resource allocation decisions, and provide information for outsourcing alternatives. SBA has also used managerial costing to provide a crosswalk between the costs of activities and programs and the agency’s strategic goals and objectives. SBA’s cost allocation model provides information about the full costs (direct and indirect) of its programs as well as unit costs for many program outputs. In fiscal year 2001, SBA began using activity-based budgeting (ABB) to analyze program office budgets. The purpose of ABB is to show the linkage between the resources the agency plans to consume and the outputs it plans to produce. ABC and ABB can provide SBA’s management with the information needed for sound decision making. While some agencies have found this method to be useful, ABC is not a universal solution for all organizations. Other agencies have developed managerial costing approaches that build upon existing accounting systems. For example, the Department of the Interior’s Bureau of Land Management (BLM) has implemented an innovative cost model that aligns the costs of the bureau’s activities with its work processes and mission goals. This model was developed with extensive coordination with field personnel and has been used for management decision making and to develop budget requests. For instance, BLM analyzed information on the costs of various activities associated with its Wild Horse and Burro Program. Based on this analysis, bureau officials formulated a proposal for managing horse and burro populations to achieve appropriate management levels by 2005. They presented their analysis to the House and Senate Appropriations Subcommittees and were provided an additional $9 million for the implementation of the proposal. Agency Efforts to Implement New Financial Systems: Across government, agencies have many efforts under way to implement or upgrade financial systems to alleviate some of the long-standing weaknesses in financial management. Some of these agencies, including the Departments of Agriculture, Commerce, and Transportation; GSA; and the National Aeronautics and Space Administration (NASA), are in the implementation phases of these projects. Other agencies are in the planning and design phases, such as the Departments of Defense, Energy, and Justice. Many of these new financial systems are COTS packages sold by vendors whose software has been certified by JFMIP. [Footnote 28] GSA’s IG recently reported[Footnote 29] that GSA faces significant challenges in implementing its new integrated financial management system solution, Pegasys. GSA had planned to replace its aging and costly-to-maintain current system, the National Electronic Accounting and Reporting (NEAR) system with Pegasys, a COTS product. However, since the project to replace NEAR with Pegasys began, significant modifications have been made to the COTS product to meet specific GSA requirements. The IG reported that the magnitude and complexity involved in modifying a COTS product to meet GSA’s needs have been underestimated, necessitating a reassessment of the ability of the COTS product to perform necessary key functions. While the Office of the Chief Financial Officer has rescoped the Pegasys project, numerous technical challenges remain, including completing an enterprise financial management system architecture and adding some critical financial functionality needed before GSA can fully transition to Pegasys. NASA is working toward implementing an integrated financial management system that it expects to be fully operational in 2006 at an estimated cost of $475 million. As we testified in March,[Footnote 30] this is NASA’s third attempt to implement a new financial management system. The first two efforts were abandoned after 12 years and spending $180 million. Given the high stakes involved, it is critical that NASA’s leadership provide the necessary direction, oversight, and sustained attention to ensure that this project is successful. As mentioned earlier, DOD has taken a significant step in transforming its business processes by awarding a contract to IBM to develop a departmentwide financial management enterprise architecture. DOD officials have stated that the enterprise architecture will propose new ways of conducting DOD financial activities and offer solutions for modernizing the department’s financial practices. DOD faces financial management problems that are pervasive, complex, long- standing, and deeply rooted in virtually all business operations throughout the department. At DOD, overhauling financial management represents a major management challenge that goes far beyond simply installing new software to the very fiber of the department’s business operations and management culture. Cultural resistance to change and military service parochialism have played a significant role in impeding previous attempts to implement broad-based management reforms at DOD. The Secretary of Defense has made the fundamental transformation of business practices throughout the department a top priority and has estimated that his envisioned transformation will take 8 or more years to complete. In addition to utilizing sound information technology management practices, DOD needs to address the underlying causes of its inability to resolve long-standing financial management problems, such as providing for sustained leadership; controlling resources; establishing clear lines of authority, responsibility, and accountability; incorporating results-oriented performance measures; providing incentives for action; and ensuring effective oversight and monitoring. Agencies can help ensure that financial management systems investments deliver the intended results by (1) using Clinger-Cohen Act information technology (IT) management requirements, (2) undertaking financial management systems modernization in a broad enterprise architecture context, and (3) redesigning business processes in conjunction with implementing new technology. To assist federal agencies in this process, we have developed the IT Investment Management Framework[Footnote 31] to provide a common structure for discussing and assessing IT capital planning and investment management practices. This framework has five maturity stages, which represent steps toward achieving both a stable and mature IT investment management process. Other key factors for successful implementation include having top management commitment, adequate funding, and staff with the right skill mix. Once a project has been selected, good project management is a critical ingredient to successful implementation. For example, it is imperative that managers sufficiently plan their project and that the sponsors are involved in the implementation. Next, deadlines should be realistic and project managers should be capable of understanding the complexities of the job. Throughout the job, the implementation should be monitored to ensure the project is going as planned. Closing Comments: The primary purpose of FFMIA is to ensure that agency financial management systems routinely provide reliable, useful, and timely financial information so that government leaders will be better positioned to invest resources, reduce costs, oversee programs, and hold agency managers accountable for the way they run programs. While many agencies are receiving unqualified opinions on their financial statements, auditor determinations of FFMIA compliance are lagging behind. To achieve the financial management improvements envisioned by the CFO Act, FFMIA, and more recently, the President’s Management Agenda, agencies need to modernize their financial systems to generate reliable, useful, and timely financial information throughout the year and at year-end. Today, we are seeing a strong commitment from the President, the JFMIP principals, and the Secretaries of major departments, such as DOD, to ensuring that these needed modernizations come to fruition. This commitment is critical to the success of the efforts under way and those still in a formative stage and must be sustained. Finally, Mr. Chairman, the leadership demonstrated by you and the members of this subcommittee has been an important catalyst to reforming financial management in the federal government. Continued attention to these issues will be critical to sustaining momentum on financial management reform efforts. Mr. Chairman, this concludes my statement. I would be pleased to answer any questions you or other members of the subcommittee may have at this time. Contacts and Acknowledgments: For further information about this statement, please contact Kay L. Daly at (202) 512-9312. Other key contributors to this testimony include William S. Lowrey, Debra S. Rucker, Sandra S. Silzer, and Bridget A. Skjoldal. [End of section] Footnotes: [1] U.S. General Accounting Office, U.S. Government Financial Statements: FY 2001 Results Highlight the Continuing Need to Accelerate Federal Financial Management Reform, [hyperlink, http://www.gao.gov/products/GAO-02-599T] (Washington, D.C.: April 9, 2002) and Financial Management: Agencies Face Many Challenges in Meeting the Goals of the Federal Financial Management Improvement Act, [hyperlink, http://www.gao.gov/products/GAO/T-AIMD-00-178] (Washington, D.C.: June 6, 2000). [2] The JFMIP principals are the Secretary of the Treasury, the Directors of the Office of Management and Budget (OMB) and the Office of Personnel Management (OPM), and the Comptroller General of the United States. JFMIP is a joint and cooperative undertaking of OMB, the Department of the Treasury, OPM, and GAO working with executive agencies to improve financial management practices throughout the government. [3] Federal financial system requirements define an integrated financial system as one that coordinates a number of previously unconnected functions to improve overall efficiency and control. Characteristics of such a system include (1) standard data classifications for recording financial events, (2) common processes for processing similar transactions, (3) consistent control over data entry, transaction processing, and reporting, and (4) a system design that eliminates unnecessary duplication of transaction entry. [4] Agency performance and accountability reports include the audit report and the audited financial statements. [5] U.S. General Accounting Office, DOD Financial Management: Integrated Approach, Accountability, Transparency, and Incentives Are Keys to Effective Reform, [hyperlink, http://www.gao.gov/products/GAO-02-497T] (Washington, D.C.: March 6, 2002). [6] An enterprise architecture establishes an agency’s roadmap to achieve its mission through the optimal performance of its core business practices within an efficient Information Technology environment. Enterprise architectures are “blueprints” used for defining an agency’s current (baseline) and desired (target) environments along with a capital investment roadmap for transitioning from the current to the target environment. [7] U.S. General Accounting Office, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [8] Agencies record their budget spending authorizations in their Fund Balance with Treasury accounts. Agencies increase or decrease these accounts as they collect or disburse funds. [9] Absolute differences are computed with all numbers considered to be positive numbers. [10] U.S. General Accounting Office, U.S. Government Financial Statements: FY 2001 Results Highlight the Continuing Need to Accelerate Federal Financial Management Reform, [hyperlink, http://www.gao.gov/products/GAO-02-599T] (Washington, D.C.: April 9, 2002). [11] Trading partners are U.S. government agencies, departments, or other components that do business with each other. [12] The value of goods and services ordered and obligated which have not been paid. [13] An AID mission is a representative in a cooperating country. AID has overseas missions and offices that manage projects associated with this foreign assistance. [14] AID has estimated that the worldwide deployment of the core financial system will not begin until fiscal year 2008. [15] These provisions are part of the Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001. [16] Information Security: Additional Actions Needed to Fully Implement Reform Legislation, [hyperlink, http://www.gao.gov/products/GAO-02-470T] (Washington, D.C.: March 6, 2002). [17] We analyzed the results of IG and GAO audit reports published from July 2000 through September 2001, including the results of the IGs’ independent evaluations. [18] NSF’s systems had been reported to be compliant for fiscal years 1997 through 2000. [19] U.S. General Accounting Office, Financial Management Service: Significant Weaknesses in Computer Controls Continue, [hyperlink, http://www.gao.gov/products/GAO-02-317] (Washington, D.C.: January 2002). We assessed general computer controls over key financial systems as of September 30, 2000. [20] FMS is the government’s financial manager, central disburser, collections agency, as well as its accountant and reporter of financial information. [21] U.S. General Accounting Office, Financial Management: FFMIA Critical for Federal Accountability, [hyperlink, http://www.gao.gov/products/GAO-02-29] (Washington, D.C.: October 1, 2001). [22] The Financial Audit Manual, jointly issued by GAO and the President’s Council on Integrity and Efficiency, provides the methodology for performing financial statement audits of federal entities. [23] A material weakness is a condition that precludes the entity’s internal control from providing reasonable assurance that misstatements, losses, or noncompliance material in relation to the financial statements would be prevented or detected on a timely basis. [24] The other four governmentwide initiatives are improved financial performance, strategic management of human capital, competitive sourcing, and expanded electronic government. [25] U.S. Department of the Treasury, Office of the Inspector General, Management and Performance Challenges Facing the Department of the Treasury (Washington, D.C.: January 30, 2002). [26] This act required FAA to develop a cost accounting system that adequately and accurately reflects the investments, operating and overhead costs, revenues, and other financial measurement and reporting aspects of its operations. [27] U.S. Department of Transportation, Office of Inspector General, 2001 Status Assessment of Cost Accounting System and Practices, Federal Aviation Administration (Washington, D.C.: January 10, 2002). [28] JFMIP tests vendor COTS packages and certifies that they meet current financial management system requirements for core financial systems. [29] General Services Administration, Office of Inspector General, GSA Faces Significant Challenges in Deploying a Fully Integrated Pegasys Financial Management System Solution, Report Number A010023/B/T/F02205 (Washington, D.C.: January 17, 2002). [30] U.S. General Accounting Office, National Aeronautics and Space Administration: Leadership and Systems Needed to Effect Financial Management Improvements, [hyperlink, http://www.gao.gov/products/GAO-02551T] (Washington, D.C.: March 20, 2002). [31] U.S. General Accounting Office, Information Technology Investment Management: An Overview of GAO’s Assessment Framework (Exposure Draft), [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-155] (Washington, D.C.: May 2000). [End of document]