GAO-04-945T, Department of Homeland Security: Financial Management Challenges


This is the accessible text file for GAO report number GAO-04-945T 
entitled 'Department of Homeland Security: Financial Management 
Challenges' which was released on July 08, 2004.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

GAO:

Testimony:

Before the Subcommittee on Financial Management, the Budget, and 
International Security, Committee on Governmental Affairs, U.S. Senate:

For Release on Delivery:

Expected at 10:30 a.m. EST Thursday, July 8, 2004:

DEPARTMENT OF HOMELAND SECURITY:

Financial Management Challenges:

Statement of McCoy Williams, Director:

Financial Management and Assurance:

GAO-04-945T: 

GAO Highlights:

Highlights of GAO-04-945T, a testimony before the Subcommittee on 
Financial Management, the Budget, and International Security, 
Committee on Governmental Affairs, U.S. Senate 

Why GAO Did This Study:

The Homeland Security Act of 2002 brought together 22 agencies to 
create a new cabinet-level department focusing on reducing U.S. 
vulnerability to terrorist attacks, and minimizing damages and 
assisting in recovery from attacks that do occur. GAO has previously 
reported on the Department of Homeland Security’s (DHS) financial 
management challenges and key elements necessary for reform. 

DHS continues to be faced with significant financial management 
challenges, including addressing existing internal control weaknesses 
and integrating redundant inherited financial management systems. 
Additionally, DHS is the largest entity in the federal government that 
is not subject to the Chief Financial Officers (CFO) Act of 1990 or the 
Federal Financial Management Improvement Act (FFMIA) of 1996.

In light of these conditions, the Subcommittee asked GAO to testify on 
the financial management challenges facing DHS.

What GAO Found:

One of the challenges DHS faces is obtaining an unqualified financial 
statement audit opinion and fixing the previously identified internal 
control weaknesses that the department inherited from component 
agencies, as well as newly identified weaknesses. Component agencies 
took action to resolve 9 of the 30 internal control weaknesses DHS 
inherited, while 9 of the inherited weaknesses were combined and 
reported as material weaknesses in DHS’s first Performance and 
Accountability Report and 5 were reported as reportable conditions. 
The remaining 7 inherited weaknesses were classified as observations 
and recommendations to management. In addition, improper payments, a 
significant and widespread challenge facing the federal government, can 
typically be traced to a lack of or breakdown in internal control. DHS 
would be remiss to not pay adequate attention to developing a strong 
internal control environment at the department. 

According to DHS officials, the department is in the early stages of 
acquiring a financial enterprise solution to consolidate and integrate 
its financial accounting and reporting systems. Similar projects have 
proven challenging and costly for other federal agencies. For example, 
efforts at the National Aeronautics and Space Administration failed to 
meet the needs of users and key stakeholders. To avoid similar 
problems, DHS must ensure commitment and extensive involvement from 
top management and users in the financial system development and 
integration.

Currently, DHS is the only cabinet-level department in the federal 
government that is not subject to the CFO Act. As such, this 
department, with a fiscal year 2004 budget of nearly $40 billion and 
more than 180,000 employees, does not have a presidentially appointed 
CFO subject to Senate confirmation and is not required to comply with 
the requirements of FFMIA. DHS should not be the only cabinet-level 
department not covered by what is the cornerstone for pursuing and 
achieving the requisite financial management systems and capabilities 
in the federal government. S. 1567 would, among other things, amend 
the CFO Act to (1) add DHS as a CFO Act agency, and (2) require DHS to 
obtain an audit opinion on its internal controls. Enactment of this 
legislation will increase the likelihood that the financial management 
challenges at DHS will be overcome.

www.gao.gov/cgi-bin/getrpt?GAO-04-945T.

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact McCoy Williams at (202) 
512-6906 or williamsm1@gao.gov.

[End of section]

Mr. Chairman and Members of the Subcommittee:

I am pleased to be here today to discuss financial management 
challenges facing the Department of Homeland Security (DHS). When DHS 
began operations in March 2003, it faced the daunting task of bringing 
together 22 diverse agencies. Not since the creation of the Department 
of Defense in the 1940s had the federal government undertaken a 
transformation of this magnitude. Because of the challenges and risks 
associated with the transformation and implementation of DHS, the sheer 
size of the undertaking, and the prospect of serious consequences for 
the nation should DHS fail to adequately address its management 
challenges and risks, GAO designated the transformation and 
implementation of DHS high-risk in January 2003.[Footnote 1] Our high-
risk program, established in 1990, has helped the executive branch and 
the Congress to galvanize efforts to seek lasting solutions to high-
risk problems and challenges.

As we previously reported,[Footnote 2] DHS faces significant financial 
management challenges, including (1) addressing the existing and newly 
identified internal control weaknesses in the inherited components, and 
(2) integrating a myriad of redundant financial management systems. 
Enactment of the Department of Homeland Security Financial 
Accountability Act (S. 1567) will enhance DHS's chances for overcoming 
these challenges.

DHS, like other federal agencies, has a stewardship obligation to 
prevent fraud, waste, and abuse; to use tax dollars appropriately; and 
to ensure financial accountability to the President, the Congress, and 
the American people. Management must establish effective internal 
controls to safeguard assets, protect revenue, and make authorized 
payments. Unfortunately, improper payments are a widespread and 
significant problem receiving increased attention in the federal 
government. Improper payments occur for many reasons including 
insufficient oversight or monitoring, inadequate benefits eligibility 
controls, and automated system deficiencies. However, based on our 
previous work, one point is clear, the basic or root causes of improper 
payments can typically be traced to a lack of or breakdown in internal 
control. While DHS was not required to report improper payments for 
fiscal year 2003, several of its inherited weaknesses clearly suggest 
risk for improper payments and loss of revenue. DHS, as it addresses 
inherited material weaknesses and integrates its business functions, 
should pay close attention to implementing strong internal controls.

For the most part, DHS's component entities are using legacy financial 
management systems that have a myriad of problems, such as disparate, 
nonintegrated, outdated, and inefficient systems and processes. DHS 
will need to focus on building future systems as part of its enterprise 
architecture approach to ensure an overarching framework for the 
agency's integrated financial management processes. Plans and standard 
accounting policies and procedures must be developed and implemented to 
integrate the various financial management environments under which 
inherited agencies operate so that DHS can produce useful and timely 
financial information.

Currently, DHS is the only cabinet-level department in the federal 
government that is not subject to the Chief Financial Officers (CFO) 
Act of 1990.[Footnote 3] As such, this department, with a fiscal year 
2004 budget of nearly $40 billion and more than 180,000 employees, does 
not have a presidentially appointed CFO subject to Senate confirmation 
and is not required to comply with the requirements of the Federal 
Financial Management Improvement Act of 1996 (FFMIA).[Footnote 4] The 
goals of the CFO Act and related financial reform legislation, such as 
FFMIA, are to provide the Congress and agency management with reliable 
financial information for managing and making day-to-day decisions and 
to improve financial management systems and controls to properly 
safeguard the government's assets.

S. 1567, as passed by the Senate on November 21, 2003, would, among 
other things, amend the CFO Act to (1) add DHS as a CFO Act agency, and 
(2) require DHS to obtain an audit opinion on its internal controls. 
While DHS's CFO has testified that the department complies with the 
audit provisions of the CFO Act and will continue to do so, we believe 
DHS should not be the only cabinet-level department not covered by what 
is the cornerstone for pursuing and achieving the requisite financial 
management systems and capabilities in the federal government. While 
this administration has voluntarily complied with some provisions of 
the CFO Act, making DHS subject to the CFO Act through enactment of S. 
1567 would assist the department in facing and overcoming the financial 
management challenges it faces and legislate future compliance with the 
important provisions of the CFO Act and related legislation.

The perspectives we offer in this testimony are derived from work 
completed by us, inspectors general, independent auditors, as well as 
from executive guidance and testimony related to financial management 
and DHS.

Addressing Internal Control Weaknesses:

DHS faces the challenge of correcting the previously identified 
material weaknesses that the agencies brought with them to DHS, as well 
as addressing newly identified weaknesses from DHS's first financial 
statement audit and obtaining an unqualified or "clean" audit opinion. 
I will first highlight the results of DHS's first financial statement 
audit and then I will discuss some of DHS's internal control 
weaknesses. Finally, as you requested, I will include in my statement 
today a brief discussion of the growing governmentwide problem of 
improper payments.

On its first financial statement audit, for the 7-month period from 
March 1, 2003, to September 30, 2003, DHS received a qualified opinion 
from its independent auditors on its consolidated balance sheet as of 
September 30, 2003, due in part to the auditors' inability to determine 
if certain asset balances reported by the U.S. Coast Guard were fairly 
presented. In addition, auditors were unable to opine on the 
consolidated statements of net costs and changes in net position, 
combined statement of budgetary resources, and consolidated statement 
of financing. The disclaimer on these statements was due to the 
auditor's inability to observe certain inventory counts at Coast Guard, 
among other things. In addition, the auditors reported numerous 
internal control weaknesses, which I would now like to discuss.

Collectively, internal controls are an integral component of an 
organization's management that provides reasonable assurance that the 
organization achieves its objectives of (1) effective and efficient 
operations, (2) reliable financial reporting, and (3) compliance with 
laws and regulations. Internal controls are not one event, but a series 
of actions and activities that occur throughout an entity's operations 
and on an ongoing basis. When DHS was formed from 22 component 
agencies, there were 30 identified internal control weaknesses that DHS 
inherited. Component agencies took action to resolve 9 of these 30 
weaknesses. These actions included reinstating procedures to accurately 
estimate financial data, performing risk assessments of major systems, 
and instituting processes to ensure accounts receivable and fixed 
assets are properly recorded. Of the remaining 21 weaknesses,

* 9 were combined and reported as material weaknesses,[Footnote 5]

* 5 were combined and reported as reportable conditions,[Footnote 6] 
and:

* 7 weaknesses were classified by the department's independent auditors 
as observations and recommendations.[Footnote 7]

DHS's independent auditors reported 6 new internal control weaknesses 
as of September 30, 2003, bringing the total number of DHS reportable 
conditions to 14--7 of which are considered to be material weaknesses. 
These weaknesses included the lack of procedures at DHS to verify the 
accuracy and completeness of balances transferred on March 1, 2003, and 
significant weaknesses with the number of qualified financial 
management personnel employed by the department.

While DHS has taken steps to resolve some of the internal control 
weaknesses it inherited from component agencies, continued focus on 
resolving weaknesses and developing strong internal controls cannot be 
understated. For example, increased attention has recently been paid to 
the prevalence of improper payments in the federal government. Improper 
payments occur for many reasons including insufficient oversight or 
monitoring, inadequate eligibility controls, and automated system 
deficiencies. However, based on our previous work, the basic or root 
causes of improper payments can typically be traced to a lack of or 
breakdown in internal control.

Improper payments include inadvertent errors, such as duplicate 
payments and miscalculations; payments for unsupported or inadequately 
supported claims; payments for services not rendered; payments to 
ineligible beneficiaries; and payments resulting from outright fraud 
and abuse by program participants and/or federal employees. In 2003, 
the first year certain agencies were required by the Office of 
Management and Budget to publicly report their improper payments, 15 
agencies reported estimates of improper payments exceeding $35 billion. 
We have included in appendix I, a summary of improper payment estimates 
agencies reported in fiscal year 2003.

Additionally, I would like to highlight a few specific examples of 
financial management challenges DHS faces.

Federal Emergency Management Agency (FEMA):

We recently performed a review of FEMA's property management. One of 
our objectives was to determine whether controls were in place to 
ensure that property acquired during the 5 months prior to FEMA 
transferring its functions to DHS was properly accounted for in the 
property management system.[Footnote 8] We found that FEMA continued to 
lack the controls and key information necessary to ensure that personal 
property is properly accounted for. For example, its property 
management systems do not share common data identifiers such as serial 
numbers or purchase order numbers. Without these data, we were unable 
to perform certain tests to conclude whether or not FEMA properly 
accounted for property it acquired prior to transferring to DHS. 
Considering that FEMA reported approximately $355 million in property, 
of which approximately 67 percent is considered sensitive and thus more 
susceptible to theft or pilferage, strong internal controls over its 
property systems are needed. Absent integrated or adequately interfaced 
financial management systems with the key information necessary to 
track and account for property, FEMA's property is vulnerable to loss 
or misappropriation and there is an increased risk that property could 
have been purchased and not recorded in FEMA's personal property 
systems.

Customs:

Despite the former U.S. Customs Service's progress in implementing 
recommendations we have made regarding the development of Customs' 
planned import system, the Automated Commercial Environment 
(ACE),[Footnote 9] numerous weaknesses remain. ACE is intended to 
replace the current system used for collecting import-related data and 
ensuring, among other things, that trade-related revenue is properly 
collected and allocated. To ensure proper implementation of these 
initiatives, DHS's management must continue to provide a sustained 
level of commitment to its successful implementation. Until this system 
is fully implemented, billions of dollars annually in trade-related 
revenue will continue to be tracked by systems with inadequate 
controls, leaving it increasingly susceptible to inaccurate reporting.

Coast Guard:

Concerns have been reported regarding the Coast Guard's Deepwater 
Procurement Project (Deepwater), which began in 2002 and currently has 
an estimated cost of $17 billion over 20 years--the largest in Coast 
Guard's history.[Footnote 10] It is intended to replace or modernize by 
2022 all assets used in missions that generally occur offshore. 
However, it is already difficult to determine the degree to which the 
Deepwater project is on track with regard to its original acquisition 
schedule because the Coast Guard has not maintained and updated its 
acquisition schedule. The absence of an up-to-date acquisition schedule 
is a concern because it raises some question as to whether the 
acquisition is being adequately managed and whether the government's 
interests are being properly safeguarded. Further, a recent disclosure 
that, just a few years into the acquisition, costs have risen by $2.2 
billion indicates the need for a clear understanding of what assets are 
being acquired, when they are being acquired, and at what cost. The 
high cost and long-term needs of the Coast Guard coupled with the 
absence of an up-to-date acquisition schedule early in the project 
should make financial management of the Deepwater project a key 
priority of DHS in order to prevent the project from greatly exceeding 
cost estimates and ensure program goals are met.

Integrating Financial Systems:

Another significant challenge for DHS is developing a financial 
management architecture with integrated systems and business processes. 
According to DHS officials, the department is in the early stages of 
acquiring a financial enterprise solution to consolidate and integrate 
the department's financial accounting and reporting systems, including 
budget, accounting and reporting, cost management, asset management, 
and acquisition and grants functions. The project, which DHS has termed 
"electronically Managing enterprise resources for government 
effectiveness and efficiency" (eMerge2) was initiated in August 2003, 
and DHS expects it to be completed in 2006 at a cost of approximately 
$146 million.

While DHS is early in the process of acquiring an integrated financial 
enterprise solution, similar projects have proven challenging and 
costly for other federal agencies, such as the testimony on the 
Department of Defense provided today by my colleague.[Footnote 11] 
Additionally, we have reported on the efforts of National Aeronautics 
and Space Administration[Footnote 12] (NASA) to acquire new information 
systems. NASA is on its third attempt in 12 years to modernize its 
financial management process and systems, and has spent about $180 
million on its two prior failed efforts. One of the key impediments to 
the success of integration efforts at NASA was the failure to involve 
key stakeholders in the implementation or evaluation of system 
improvements. As a result, new systems failed to meet the needs of key 
stakeholders. To avoid similar problems, DHS must ensure commitment and 
extensive involvement from top management and users in the financial 
system development and integration.

Additionally, over the past year, DHS has reported that it has reduced 
the number of its financial management service providers from the 19 at 
the time DHS was formed to the 10 it currently uses. DHS has plans to 
further consolidate to 7 providers. A DHS official estimated 
approximately $5 million in savings through the reduction of the number 
of financial management service centers.

Homeland Security Financial Accountability Act--S. 1567:

I would now like to talk about why we support the Homeland Security 
Financial Accountability Act (S. 1567).[Footnote 13] S. 1567 as 
introduced by you on August 1, 2003 and passed by the Senate on 
November 21, 2003, would, among other things, amend the CFO Act to (1) 
add DHS as a CFO Act agency and (2) require DHS to obtain an audit 
opinion on its internal controls. Enactment of this legislation will 
increase the likelihood that the challenges discussed earlier in my 
testimony will be overcome.

Inclusion of DHS as a CFO Act Agency:

We strongly supported passage of the CFO Act in 1990 and continue to 
strongly support its objectives of (1) giving the Congress and agency 
decision makers reliable financial, cost, and performance information 
both annually and, most important, as needed throughout the year to 
assist in managing programs and making difficult spending decisions; 
(2) dramatically improving financial management systems, controls, and 
operations to eliminate fraud, waste, abuse, and mismanagement and 
properly safeguard and manage the government's assets; and (3) 
establishing effective financial organizational structures to provide 
strong leadership. Achieving these goals is critical for establishing 
effective management of any enterprise. We have seen unprecedented 
progress in improving federal financial management that has resulted 
since passage of the CFO Act and we strongly support amending the CFO 
Act to include DHS.

The CFO Act requires the agency's CFO to develop and maintain an 
integrated accounting and financial management system that provides for 
complete, reliable, and timely financial information that facilitates 
the systematic measurement of performance at the agency, the 
development and reporting of cost information, and the integration of 
accounting and budget information. The CFO is also responsible for all 
financial management personnel and all financial management systems and 
operations, which in the case of DHS would include the component CFOs 
and their staff. The CFO is responsible for asset management as well. 
The act also requires that the agency's CFO be qualified, appointed by 
the President, approved by the Senate, and report to the head of the 
agency. With the size and complexity of DHS and the many significant 
financial management challenges it faces, it is important that DHS's 
CFO is qualified for the position, displays leadership characteristics, 
and is regarded as top management. Appointment of the CFO by the 
President, subject to Senate confirmation, is one way to ensure that 
the intent of the law is met. Currently, the CFO at DHS reports to the 
Under Secretary for Management while directorate CFOs report to the 
head of their respective directorates, not to DHS's CFO. Making DHS 
subject to the CFO Act would assist the department in facing and 
overcoming the financial management challenges inherent in its 
formation and others that have come to light since its formation.

Under the Accountability of Tax Dollars Act of 2002,[Footnote 14] DHS, 
as an executive branch agency with budget authority greater than $25 
million, is required to obtain annual financial statement audits; 
however, its auditors are not required to report on compliance with 
FFMIA. FFMIA requires that CFO Act agencies implement and maintain 
financial management systems that substantially comply with (1) federal 
financial management systems requirements, (2) applicable federal 
accounting standards, and (3) the U.S. Government Standard General 
Ledger at the transaction level. The ability to produce the data 
needed to efficiently and effectively manage the day-to-day operations 
of the federal government and provide accountability to taxpayers has 
been a long-standing challenge at most federal agencies.

Opinion on Internal Controls:

31 U.S.C. 3512(c), (d) (commonly known as the Federal Managers' 
Financial Integrity Act of 1982 (FMFIA)) requires agencies to establish 
internal controls that provide reasonable assurances that:

* obligations and costs are in compliance with applicable law,

* funds, property, and other assets are safeguarded against waste, 
loss, unauthorized use, or misappropriation, and:

* revenues and expenditures applicable to agency operations are 
properly recorded and accounted for to permit the preparation of 
accounts and reliable financial and statistical reports and to maintain 
accountability over the assets.

FMFIA requires the head of each agency to sign a statement as to 
whether the agency's internal controls fully comply with the above 
requirements or that they do not fully comply and the reasons why they 
do not. In effect, this reporting is management assertion as to whether 
the agency's internal controls are effective.

Current OMB guidance for audits of government agencies and 
programs[Footnote 15] requires auditor reporting on internal control, 
but not at the level of providing an opinion on internal control 
effectiveness. We have long believed and the Comptroller General has 
gone on record in congressional testimony[Footnote 16] that auditors 
have an important role in providing an opinion on the effectiveness of 
internal control over financial reporting and compliance with laws and 
regulations in connection with major federal departments and agencies. 
For a number of years, we have provided opinions on internal control 
effectiveness for the federal entities that we audit because of the 
importance of internal control in protecting the public's interest. 
Specifically, we provide opinions on internal controls and compliance 
with laws and regulations for our audits of the U.S. government's 
consolidated financial statements, the financial statements of the 
Internal Revenue Service and Federal Deposit Insurance Corporation, the 
Schedules of Federal Debt managed by the Bureau of the Public Debt, and 
numerous small entities' operations and funds. Our reports and related 
efforts have engendered major improvements in internal control.

As part of the annual audit of GAO's own financial statements, we 
practice what we recommend to others and contract with an independent 
public accounting firm for both an opinion on our financial statements 
and an opinion on the effectiveness of our internal control over 
financial reporting and on compliance with laws and regulations. Our 
goal is to lead the way in establishing the appropriate level of 
auditor reporting on internal control for federal agencies, programs, 
and entities receiving significant amounts of federal funding. 
Additionally, three other agencies, the Social Security Administration 
(SSA), General Services Administration (GSA), and the Nuclear 
Regulatory Commission (NRC) voluntarily obtain separate opinions on 
internal control effectiveness from their auditors, which is 
commendable.

Also, publicly traded corporations recently were subjected to a 
requirement to disclose management attestations on corporations' 
internal controls and to obtain an audit opinion on those attestations. 
A final rule issued by the Securities and Exchange Commission that took 
effect in August 2003 and provides guidance for implementation of 
Sections 302, 404, and 906 of the Sarbanes-Oxley Act of 2002,[Footnote 
17] which requires publicly traded companies to establish and maintain 
an adequate internal control structure and procedures for financial 
reporting and include in the annual report a statement of management's 
responsibility for and assessment of the effectiveness of those 
controls and procedures in accordance with standards adopted by the 
Securities and Exchange Commission.[Footnote 18] The final rule defines 
this requirement and requires applicable companies to obtain a report 
in which a registered public accounting firm issues an attestation on 
management's assessment of the effectiveness of internal controls over 
financial reporting.

Auditor reporting on internal control is a critical component of 
monitoring the effectiveness of an organization's accountability. GAO 
strongly believes that this is especially important for large, complex, 
or challenged entities that use taxpayer dollars. By giving assurance 
about internal control, auditors can better serve their clients and 
other financial statement users and better protect the public interest 
by having a greater role in providing assurances of the effectiveness 
of internal control in deterring fraudulent financial reporting, 
protecting assets, and providing an early warning of internal control 
weaknesses. We believe auditor reporting on internal control is 
appropriate and necessary for publicly traded companies and major 
public entities alike. We also believe that such reporting is 
appropriate in other cases where management assessment and auditor 
examination and reporting on the effectiveness of internal control add 
value and mitigate risk in a cost-beneficial manner.

We fully support having DHS, as well as all CFO Act agencies, obtain an 
opinion on its internal control. If DHS is truly committed to becoming 
a model federal agency, it should begin obtaining opinions on internal 
control as soon as practical and set an example for other agencies to 
follow and in keeping with the actions already taken by SSA, GSA, NRC, 
and GAO.

In closing, the American people have increasingly demanded 
accountability from government and the private sector. The Congress has 
recognized, through legislation such as the CFO Act, that the federal 
government must be held to the highest standards. We already know that 
many of the larger agencies transferred to DHS have a history of poor 
financial management systems and significant internal control 
weaknesses. These known weaknesses provide further evidence that DHS's 
systems and financial controls should be subject to the CFO Act and 
thus FFMIA. We also strongly encourage DHS to become a model agency 
and, as soon as practical, obtain an opinion on its internal controls 
and report performance information in its accountability reports.

Mr. Chairman, this concludes my statement. I would be happy to answer 
any questions you or other Members of the Subcommittee may have at this 
time.

Contacts and Acknowledgments:

For information about this statement, please contact McCoy Williams, 
Director, Financial Management and Assurance, at (202) 512-6906, or 
Casey Keplinger, Assistant Director, at (202) 512-9323. You may also 
reach them by e-mail at williamsm1@gao.gov or keplingerc@gao.gov. 
Individuals who made key contributions to this testimony include Cary 
Chappell, Heather Dunahoo, Saurav Prasad, and Scott Wrightson.

[End of section]

Appendix I: Table 1: Improper Payment Estimates Reported in Agency 
Fiscal Year 2003 Performance and Accountability Reports.

Agency: 1. Department of Agriculture; 
Program: 1. Food Stamps; 
Reported amount of improper payments: $1,507,000,000.

Agency: 1. Department of Agriculture; 
Program: 2. Commodity Loan Programs; 
Reported amount of improper payments: $153,000,000.

Agency: 1. Department of Agriculture; 
Program: 3. National School Lunch and Breakfast; 
Reported amount of improper payments: $0.

Agency: 1. Department of Agriculture; 
Program: 4. Women, Infants, and Children; 
Reported amount of improper payments: $0.

Agency: 2. Department of Defense; 
Program: 5. Military Retirement Fund; 
Reported amount of improper payments: $33,087,000.

Agency: 2. Department of Defense; 
Program: 6. Military Health Benefits; 
Reported amount of improper payments: $53,484,000.

Agency: 3. Department of Education; 
Program: 7. Student Financial Assistance--Pell Grants; 
Reported amount of improper payments: $377,500,000; 
Student Financial Assistance--non-program specific; 
Reported amount of improper payments: $105,000,000.

Agency: 3. Department of Education; 
Program: 8. Title I; 
Reported amount of improper payments: $0.

Agency: 4. Department of Health and Human Services; 
Program: 9. Medicaid; 
Reported amount of improper payments: $0.

Agency: 4. Department of Health and Human Services; 
Program: 10. Medicare; 
Reported amount of improper payments: $11,600,000,000.

Agency: 4. Department of Health and Human Services; 
Program: 11. Head Start; 
Reported amount of improper payments: $0.

Agency: 4. Department of Health and Human Services; 
Program: 12. Temporary Assistance for Needy Families; 
Reported amount of improper payments: $0.

Agency: 4. Department of Health and Human Services; 
Program: 13. Foster Care--Title IV-E; 
Reported amount of improper payments: $0.

Agency: 4. Department of Health and Human Services; 
Program: 14. State Children's Insurance Program; 
Reported amount of improper payments: $0.

Agency: 4. Department of Health and Human Services; 
Program: 15. Child Care and Development Fund; 
Reported amount of improper payments: $0.

Agency: 5. Department of Housing and Urban Development; 
Program: 16. Low Income Public Housing; 
Reported amount of improper payments: $650,000,000.

Agency: 5. Department of Housing and Urban Development; 
Program: 17. Section 8 Tenant Based; 
Reported amount of improper payments: $1,215,000,000.

Agency: 5. Department of Housing and Urban Development; 
Program: 18. Section 8 Project Based; 
Reported amount of improper payments: $662,000,000.

Agency: 5. Department of Housing and Urban Development; 
Program: 19. Community Development Block Grant (Entitlement Grants, 
States/ Small Cities); 
Reported amount of improper payments: $0.

Agency: 6. Department of Labor; 
Program: 20. Unemployment Insurance; 
Reported amount of improper payments: $4,225,000,000.

Agency: 6. Department of Labor; 
Program: 21. Federal Employees' Compensation Act; 
Reported amount of improper payments: $9,055,000.

Agency: 6. Department of Labor; 
Program: 22. Workforce Investment Act; 
Reported amount of improper payments: $3,066,075.

Agency: 7. Department of Treasury; 
Program: 23. Earned Income Tax Credit; 
Reported amount of improper payments: $10,500,000,000.

Agency: 8. Department of Transportation; 
Program: 24. Airport Improvement Program; 
Reported amount of improper payments: $14,000,000.

Agency: 8. Department of Transportation; 
Program: 25. Highway Planning and Construction; 
Reported amount of improper payments: $1,400,000.

Agency: 8. Department of Transportation; 
Program: 26. Federal Transit--Capital Investment Grants; 
Reported amount of improper payments: $32,000,000.

Agency: 8. Department of Transportation; 
Program: 27. Federal Transit--Formula Grants; 
Reported amount of improper payments: $64,000,000.

Agency: 9. Department of Veterans Affairs; 
Program: 28. Compensation; 
Reported amount of improper payments: $129,063,000.

Agency: 9. Department of Veterans Affairs; 
Program: 29. Dependency and Indemnity Compensation; 
Reported amount of improper payments: $0.

Agency: 9. Department of Veterans Affairs; 
Program: 30. Pension; 
Reported amount of improper payments: $250,535,000.

Agency: 9. Department of Veterans Affairs; 
Program: 31. Insurance Programs; 
Reported amount of improper payments: $261,000.

Agency: 10. Environmental Protection Agency; 
Program: 32. Clean Water State Revolving Funds; 
Reported amount of improper payments: $.13%; 
Reported as a rate, no amount.

Agency: 10. Environmental Protection Agency; 
Program: 33. Drinking Water State Revolving Funds; 
Reported amount of improper payments: $.04%; Reported as a rate, no 
amount.

Agency: 11. National Science Foundation; 
Program: 34. Research and Education Grants and Cooperative Agreements; 
Reported amount of improper payments: $0.

Agency: 12. Office of Personnel Management; 
Program: 35. Retirement Program (Civil Service Retirement System and 
Federal Employees Retirement System); 
Reported amount of improper payments: $177,300,000.

Agency: 12. Office of Personnel Management; 
Program: 36. Federal Employees Health Benefits Program; 
Reported amount of improper payments: $28,200,000.

Agency: 12. Office of Personnel Management; 
Program: 37. Federal Employees Group Life Insurance; 
Reported amount of improper payments: $448,000.

Agency: 13. Railroad Retirement Board; 
Program: 38. Retirement and Survivors Benefits; 
Reported amount of improper payments: $168,327,370.

Agency: 13. Railroad Retirement Board; 
Program: 39. Railroad Unemployment Insurance Benefits; 
Reported amount of improper payments: $2,778,000.

Agency: 14. Small Business Administration; 
Program: 40. 7(a) Business Loan Program; 
Reported amount of improper payments: $13,000,000.

Agency: 14. Small Business Administration; 
Program: 41. 504 Certified Development Companies; 
Reported amount of improper payments: None.

Agency: 14. Small Business Administration; 
Program: 42. Disaster Assistance; 
Reported amount of improper payments: $0[A].

Agency: 14. Small Business Administration; 
Program: 43. Small Business Investment Companies; 
Reported amount of improper payments: $0[B].

Agency: 15. Social Security Administration; 
Program: 44. Old Age and Survivors' Insurance; 
Reported amount of improper payments: $600,000,000.

Agency: 15. Social Security Administration; 
Program: 45. Disability Insurance; 
Reported amount of improper payments: $340,000,000.

Agency: 15. Social Security Administration; 
Program: 46. Supplemental Security Income Program; 
Reported amount of improper payments: $2,740,000,000.

Total; 
31 of 46 agency programs reported estimated amounts; 
Reported amount of improper payments: $35,654,504,445.

Source: Agency fiscal year 2003 Performance and Accountability Reports 
(data); GAO (analysis).

Note: An "0" indicates that the agency did not report amounts for the 
program.

[A] SBA reported improper payment rates and amounts for certain 
disaster loans; it did not provide a programwide estimate of improper 
payments.

[B] SBA reported potential improper payment rates and amounts for 
certain small business investment company transactions; it did not 
provide a programwide estimate of improper payments.

[End of table]

Selected GAO Products Related DHS's Financial Management Challenges:

U.S. General Accounting Office, Department of Homeland Security: 
Challenges and Steps in Establishing Sound Financial Management, GAO-
03-1134T (Washington, D.C.: Sept. 10, 2003).

U.S. General Accounting Office, Fiscal Year 2002 U.S. Government 
Financial Statements: Sustained Leadership and Oversight Needed for 
Effective Implementation of Financial Management Reform, GAO-03-572T 
(Washington, D.C.: Apr. 8, 2003).

U.S. General Accounting Office, Customs Service Modernization: 
Automated Commercial Environment Progressing, but Further Acquisition 
Management Improvements Needed, GAO-03-406 (Washington, D.C.: Feb. 28, 
2003).

U.S. General Accounting Office, Transportation Security 
Administration: Actions and Plans to Build a Results-Oriented Culture, 
GAO-03-190 (Washington, D.C.: Jan. 17, 2003).

U.S. General Accounting Office, High-Risk Series: An Update, GAO-03-119 
(Washington, D.C.: January 2003).

U.S. General Accounting Office, Major Management Challenges and Program 
Risks: Federal Emergency Management Agency, GAO-03-113 (Washington, 
D.C.: January 2003).

U.S. General Accounting Office, Major Management Challenges and Program 
Risks: Department of the Treasury, GAO-03-109 (Washington, D.C.: 
January 2003).

U.S. General Accounting Office, Major Management Challenges and Program 
Risks: Department of Justice, GAO-03-105 (Washington, D.C.: January 
2003).

U.S. General Accounting Office, Major Management Challenges and Program 
Risks: Department of Homeland Security, GAO-03-102 (Washington, D.C.: 
January 2003).

U.S. General Accounting Office, Financial Management: FFMIA 
Implementation Necessary to Achieve Accountability, GAO-03-31 
(Washington, D.C.: Oct. 1, 2002).

U.S. General Accounting Office, Homeland Security: Critical Design and 
Implementation Issues, GAO-02-957T (Washington, D.C.: July 17, 2002).

U.S. General Accounting Office, A Model of Strategic Human Capital 
Management, GAO-02-373SP (Washington, D.C.: March 2002).

U.S. General Accounting Office, Executive Guide: Creating Value Through 
World-class Financial Management, GAO/AMID-00-134 (Washington, D.C.: 
April 2000).

(195046):

FOOTNOTES

[1] U.S. General Accounting Office, High-Risk Series: An Update, GAO-
03-119 (Washington, D.C.: January 2003).

[2] For example, see U.S. General Accounting Office, Major Management 
Challenges and Program Risk: Department of Homeland Security, GAO-03-
102 (Washington, D.C.: January 2003) and Department of Homeland 
Security: Challenges and Steps in Establishing Sound Financial 
Management, GAO-03-1134T (Washington, D.C.: Sept. 10, 2003).

[3] Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990).

[4] FFMIA, Pub. L. No. 104-208, div. A, §101(f), title VIII, 110 stat. 
3009, 3009-389 (Sept. 30, 1996). FFMIA requires the major departments 
and agencies covered by the CFO Act to implement and maintain financial 
management systems that comply substantially with (1) federal financial 
management systems requirements, (2) applicable federal accounting 
standards, and (3) the federal government's standard general ledger at 
the transaction level.

[5] A material weakness is a condition that precludes the entity's 
internal control from providing reasonable assurance that 
misstatements, losses, or noncompliance material in relation to the 
financial statements or to the stewardship information would be 
prevented or detected on a timely basis.

[6] Reportable conditions are matters coming to auditor's attention 
that, in their judgment, should be communicated because these represent 
significant deficiencies in the design or operation of internal control 
that could adversely affect the federal government's ability to meet 
the internal control objectives.

[7] Observations and recommendations are weaknesses that do not meet 
the criteria for reportable conditions that are typically communicated 
from the auditor to the appropriate level of entity management in a 
management letter.

[8] Prior to its transfer to DHS, FEMA was 1 of the 24 CFO Act 
agencies. 

[9] U.S. General Accounting Office, Customs Service Modernization: 
Automated Commercial Environment Progressing, but Further Acquisition 
Management Improvements Needed, GAO-03-406 (Washington D.C.: Feb. 28, 
2003).

[10] U.S. General Accounting Office, Coast Guard: Deepwater Program 
Acquisition Schedule Update Needed, GAO-04-695 (Washington D.C. June 
14, 2004).

[11] U.S. General Accounting Office, Department of Defense: Financial 
and Business Management Transformation Hindered by Long-standing 
Problems, GAO-04-941T (Washington, D.C.: July 8, 2004).

[12] U.S. General Accounting Office, Information Technology: 
Architecture Needed to Guide NASA's Financial Management Modernization, 
GAO-04-43 (Washington, D.C.: Nov. 21, 2003) and U.S. General Accounting 
Office, National Aeronautics and Space Administration: Significant 
Actions Needed to Address Long-standing Financial Management Problems, 
GAO-04-754T (Washington, D.C.: May 19, 2004).

[13] The U.S. House of Representatives is considering a related bill 
with similar provisions, the Department of Homeland Security Financial 
Accountability Act, H.R. 4259.

[14] Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002).

[15] Office of Management and Budget, Audit Requirements for Federal 
Financial Statements, Bulletin 01-02 (Washington, D.C.: Oct. 16, 2000).

[16] U.S. General Accounting Office, Fiscal Year 2002 U.S. Government 
Financial Statements: Sustained Leadership and Oversight Needed for 
Effective Implementation of Financial Management Reform, GAO-03-572T 
(Washington, D.C.: Apr. 8, 2003).

[17] Pub. L. No. 107-204, §§302, 404, 906 116 Stat. 745, 777, 789, 806 
(July 30, 2002). 

[18] The Securities and Exchange Commission approved the Public Company 
Accounting Oversight Board's Auditing Standard Number 2, An Audit of 
Internal Control Over Financial Reporting Performed in Conjunction With 
an Audit of Financial Statements, on June 17, 2004. This guidance 
provides standards and related performance guidance for independent 
audits as they attest to, and report on, management's assessment of the 
effectiveness of internal control over financial reporting under 
Section 404 of the Sarbanes-Oxley Act of 2002.