DHS Financial Management: Continued Effort Needed to Address Internal Control and System Challenges
Highlights
What GAO Found
GAO reported that the Department of Homeland Security (DHS) had made considerable progress toward obtaining a clean opinion on its financial statements. For example, DHS reduced the number of audit qualifications from 11 in 2005 to 1 in 2010. DHS is working to resolve the deficiencies in the U.S. Coast Guard's (USCG) ability to complete certain reconciliations and provide evidence supporting certain components of general property, plant, and equipment and heritage and stewardship assets that caused DHS's auditors to issue a qualified opinion on its fiscal year 2012 financial statements. DHS has a goal of achieving a clean opinion for fiscal year 2013. However, the DHS auditors' report for fiscal year 2012, the most recently completed audit, indicated that DHS continues to rely on compensating controls and complex manual work-arounds to support its financial reporting, rather than sound internal control and effective financial management systems.
GAO also reported that DHS had made limited progress in establishing effective controls to obtain a clean opinion on its internal control over financial reporting. Although the number of auditor-reported material weaknesses in DHS's internal control over financial reporting has decreased from 10 in 2005 to 5 in 2011, DHS's auditors reported five material weaknesses for fiscal year 2012 related to deficiencies at eight components, including USCG. According to DHS's auditors, the existence of these material weaknesses limits DHS's ability to process, store, and report financial data in a manner that ensures accuracy, confidentiality, integrity, and availability of data without substantial manual intervention. DHS has plans to resolve the remaining five material internal control weaknesses, with a goal of achieving a clean opinion on internal control over financial reporting for fiscal year 2016. DHS will continue to face challenges in attaining a clean opinion on its internal control over financial reporting, as well as obtaining and sustaining a clean opinion on its financial statements, until serious internal control and financial management systems deficiencies are resolved.
Furthermore, GAO reported that DHS is in the early planning stages of implementing its decentralized approach for modernizing its components' financial systems, with each component determining the specific solution for its financial systems modernization. As of September 2013, DHS estimated that its financial system modernization efforts will not be completed until fiscal year 2018. Under this approach, DHS plans to modernize the financial systems of components with the most critical need first and integrate the financial systems with asset management and acquisition systems, resulting in component-level integrated financial management systems. GAO found that DHS's decentralized approach is consistent with relevant Office of Management and Budget requirements. However, DHS had not fully incorporated information technology (IT) best practices, including developing a description of how its components' financial management systems will operate in the future (detailed target state) or how components will transition to a new financial management environment (department-level transition plan). Without a detailed target state and department-level transition plan, DHS has an increased risk of, among other things, investing in and implementing systems that do not provide the desired capabilities and inefficiently using resources during its financial management system modernization efforts.
Why GAO Did This Study
GAO was asked to testify on DHS's efforts to improve its financial management and reporting. Specifically, this statement is based primarily on GAO's September 2013 report and, like that report, discusses the extent to which DHS has made progress in obtaining a clean opinion on its financial statements; obtaining a clean opinion on its internal control over financial reporting; and modernizing its financial systems, including the extent to which DHS's approach for modernizing its current financial systems was consistent with OMB requirements and certain IT best practices.
Recommendations
GAO is not making any new recommendations. However, GAOs September 2013 report included two recommendations to DHS regarding the need to follow IT best practices related to its target state and transition plan. DHS generally agreed with the recommendations and described actions already taken, but GAO believes that further action is needed to address them. GAO also had two other findings and recommendations related to IT best practices and the need for DHS, at the time of GAOs review, to update its standard operating procedures and include specific procedures for its integrated master schedule and lessons learned process. GAO agreed that DHS completed actions to address these two recommendations after receiving the draft report for comment.