GAO-03-1134T, Department of Homeland Security: Challenges and Steps in Establishing Sound Financial Management


This is the accessible text file for GAO report number GAO-03-1134T 
entitled 'Department of Homeland Security: Challenges and Steps in 
Establishing Sound Financial Management' which was released on 
September 10, 2003.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

On January 9, 2004, this document was revised to add various 
footnote references missing in the text of the body of the document.

Testimony: 

Before the Subcommittee on Government Efficiency and Financial 
Management, Committee on Government Reform, House of Representatives:

For Release on Delivery Expected at 2:00 p.m. EST Wednesday, September 
10, 2003:

Department of Homeland Security:

Challenges and Steps in Establishing Sound Financial Management:

Statement of McCoy Williams, Director Financial Management and 
Assurance:

[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-1134T] GAO-03-
1134T:

GAO Highlights:

Highlights of GAO-03-1134T, a testimony before the Subcommittee on 
Government Efficiency and Financial Management, House Committee on 
Government Reform, House of Representatives

Why GAO Did This Study:

Based on its budget, the Department of Homeland Security (DHS) is the 
largest entity in the federal government that is not subject to the 
Chief Financial Officers (CFO) Act of 1990. The department, with an 
estimated $39 billion in assets, an almost $40 billion fiscal year 
2004 budget request, and more than 170,000 employees, does not have a 
presidentially appointed CFO subject to Senate confirmation and is not 
required to comply with the Federal Financial Management Improvement 
Act (FFMIA) of 1996. In addition, we designated implementation and 
transformation of DHS as high risk based on three factors: (1) the 
implementation and transformation of DHS is an enormous undertaking 
that will take time to achieve in an effective and efficient manner, 
(2) components to be merged into DHS already face a wide array of 
existing challenges, and (3) failure to effectively carry out its 
mission would expose the nation to potentially very serious 
consequences.

In light of these conditions, the Subcommittee asked GAO to testify on 
the financial management challenges facing DHS, steps for establishing 
sound financial management and business processes at DHS, and GAO’s 
comments on H.R. 2886, The Department of Homeland Security Financial 
Accountability Act.

What GAO Found:

The Homeland Security Act of 2002 brought together 22 agencies to 
create a new cabinet-level department focusing on reducing U.S. 
vulnerability to terrorist attacks, and minimizing damages and 
assisting in recovery from attacks that do occur. Meeting this mission 
will require a results-oriented environment with a strong financial 
management infrastructure.

Creating strong financial management at DHS is particularly 
challenging because most of the entities brought together to form the 
department have their own financial management systems, processes, and 
in some cases, deficiencies. Four of the seven major agencies that 
transferred to DHS reported 18 material weaknesses in internal control 
for fiscal year 2002 and five of the seven major agencies had 
financial management systems that were not in substantial compliance 
with FFMIA. For DHS to develop a strong financial management 
infrastructure, it will need to address these and many other financial 
management issues. 

Through the study of several leading private and public sector finance 
organizations (Creating Value Through World-class Financial 
Management, GAO/AIMD-00-134), GAO has identified success factors, 
practices, and outcomes associated with world-class financial 
management. Four steps DHS can take to begin developing sound 
financial management and business processes are to: (1) make financial 
management an entitywide priority, (2) redefine the role of the 
finance organization, (3) provide meaningful information to decision 
makers; and (4) build a team that delivers results.

H.R. 2886 can help facilitate the creation of a first-rate financial 
management architecture at DHS by providing the necessary tools and 
setting high expectations. The bill would (1) make DHS a CFO Act 
agency, (2) require DHS to obtain an opinion on its internal controls, 
and (3) require DHS to include program performance information in its 
performance and accountability reports. GAO fully supports the 
objectives of the CFO Act to provide reliable financial information 
and improve financial management systems and controls and believes DHS 
should be included under the act and therefore also subject to FFMIA. 
Further, GAO strongly believes that auditor reporting on internal 
control can be a critical component of monitoring the effectiveness 
and accountability of an organization and supports DHS, as well as 
other CFO Act agencies, obtaining such opinions. In addition, GAO 
supports agencies including program performance information in their 
performance and accountability reports and strongly encourages DHS to 
report this information voluntarily. Finally, as introduced, H.R. 2886 
provided a waiver allowing DHS to forego a financial statement audit 
for fiscal year 2003. We understand an agreement has been reached to 
remove this waiver from the proposed legislation. DHS has committed to 
a 2003 financial statement audit, which is already underway. GAO 
supports dropping this provision from H.R. 2886.

What GAO Recommends:

www.gao.gov/cgi-bin/getrpt?GAO-03-1134T.

To view the full product, including the scope and methodology, click 
on the link above. For more information, contact McCoy Williams at 202-
512-6906 or williamsm1@gao.gov.

[End of section]

Mr. Chairman and Members of the Subcommittee:

I am pleased to be here today to discuss the major financial management 
challenges facing the Department of Homeland Security (DHS), steps for 
establishing sound financial management and business processes, and our 
comments on H.R. 2886, The Department of Homeland Security Financial 
Accountability Act. The perspective we offer in this testimony is 
derived from an extensive body of work on these topics completed by 
inspector generals, independent auditors, as well as from GAO reports; 
executive guidance; and testimony related to financial management and 
DHS.

The Homeland Security Act of 2002 brought together 22 diverse agencies 
and created a new cabinet-level department to help prevent terrorist 
attacks in the United States, reduce the vulnerability of the United 
States to terrorist attacks, and minimize the damage and assist in 
recovery from attacks that do occur. Efforts to improve homeland 
security will require a results-oriented approach to ensure mission 
accountability and sustainability over time, and DHS must have a strong 
financial management infrastructure to support these goals. As stated 
in the President's Management Agenda, accurate and timely financial 
information is needed to secure the best performance and highest 
measure of accountability for the American people.

DHS has stated its commitment to becoming a model of efficiency and 
effectiveness for the federal government. To achieve this goal, it must 
first overcome significant challenges in integrating 22 separate 
agencies and their systems into a single, effective department, as well 
as correct the wide array of existing management challenges in the 
inherited components. Developing a financial management architecture 
with integrated systems and business processes is one of the many 
difficult challenges the new department faces. We designated 
implementation and transformation of DHS as high risk based on three 
factors: (1) the implementation and transformation of DHS is an 
enormous undertaking that will take time to achieve in an effective and 
efficient manner, (2) components to be merged into DHS already face a 
wide array of existing challenges, and (3) failure to effectively carry 
out its mission would expose the nation to potentially very serious 
consequences.[Footnote 1] Our high-risk program has helped the 
executive branch and the Congress to galvanize efforts to seek lasting 
solutions to high-risk problems and challenges.

Complicating DHS's efforts to develop a strong financial management 
infrastructure are the many known financial management weaknesses and 
vulnerabilities in the agencies DHS inherited. For example, for four of 
the seven major agencies[Footnote 2] that transferred to DHS on March 
1, 2003--the Immigration and Naturalization Service (INS), the 
Transportation Security Administration (TSA), the Customs Service, and 
the Federal Emergency Management Agency (FEMA)--auditors reported 18 
material weaknesses[Footnote 3] in internal control for fiscal year 
2002. Further, for five of the seven major agencies, auditors reported 
that the agencies' financial management systems were not in substantial 
compliance with the Federal Financial Management Improvement Act 
(FFMIA) of 1996.[Footnote 4]

Building an effective financial management infrastructure will require 
sustained leadership from top management. Currently, based on its 
budget, DHS is the largest entity in the federal government that is not 
subject to the Chief Financial Officers (CFO) Act of 1990.[Footnote 5] 
As such, this department, with a fiscal year 2004 budget request of 
nearly $40 billion and currently more than 170,000 employees, does not 
have a presidentially appointed CFO subject to Senate confirmation and 
is not required to comply with FFMIA. The goals of the CFO Act and 
related financial reform legislation, such as FFMIA, are to provide the 
Congress and agency management with reliable financial information for 
managing and making day-to-day decisions and to improve financial 
management systems and controls to properly safeguard the government's 
assets. DHS should not be the only cabinet-level department not covered 
by what is the cornerstone for pursuing and achieving the requisite 
financial management systems and capabilities in the federal 
government.

The creation of DHS presents an opportunity for the federal government 
to ensure that it designs and implements a world-class organization 
with a first-rate financial management systems architecture. Providing 
DHS with the necessary tools, which would be facilitated by the passage 
of H.R. 2886, and setting high expectations are of paramount importance 
to its success. First, however, DHS must overcome many financial 
management challenges, which I will now discuss.

DHS Faces Significant Financial Management Challenges:

Although many of the larger agencies that transferred to DHS have been 
able to obtain unqualified or "clean" audit opinions on their annual 
financial statements, most employed significant effort and manual work-
arounds to do so in order to overcome a history of poor financial 
management systems and significant internal control weaknesses. 
Furthermore, some of the entities that transferred may also have 
weaknesses not yet identified or reported on merely because the 
problems were considered small or immaterial in relation to their large 
parent departments, such as the Department of Defense or the U.S. 
Department of Agriculture. Such weaknesses may become evident now that 
these smaller agencies are proportionately larger as a part of DHS, add 
to the known extensive existing challenges, and may therefore be 
subjected to increased levels of audit scrutiny. Cumulatively, these 
weaknesses and the efforts needed to resolve them to achieve sound 
financial management and business processes are an important reason for 
amending the CFO Act to include DHS and measuring DHS's financial 
management systems and internal control against the same important 
financial reform legislation and performance expectations as other 
federal departments and agencies.

DHS, like other federal agencies, has a stewardship obligation to 
prevent fraud, waste, and abuse, to use tax dollars appropriately, and 
to ensure financial accountability to the President, the Congress, and 
the American people. For the most part, DHS's component entities are 
using legacy financial management systems that have a myriad of 
problems, such as disparate, nonintegrated, outdated, and inefficient 
systems and processes. DHS will need to focus on building future 
systems as part of its enterprise architecture approach to ensure an 
overarching framework for the agency's integrated financial management 
processes. Plans and standard accounting policies and procedures must 
be developed and implemented to bridge the many financial environments 
in which inherited agencies currently operate to an integrated DHS 
system.

Another significant challenge for DHS is fixing the previously 
identified weaknesses that the agencies bring with them to DHS, a 
number of which I will now discuss.

Immigration and Naturalization Service:

While receiving unqualified audit opinions on its fiscal year 2001 and 
2002 financial statements,[Footnote 6] the former INS under the 
Department of Justice (DOJ) faces numerous challenges in achieving a 
sound financial management environment. Although INS was abolished and 
split into multiple bureaus within DHS, its prior financial management 
weaknesses will still need to be addressed and could be further 
complicated by this realignment.

For fiscal year 2002, INS's financial statement auditors reported three 
material internal control weaknesses and that its systems were not in 
substantial compliance with FFMIA. Specifically, auditors noted 
limitations in the design and operation of INS's financial accounting 
system, thereby requiring it to use stand-alone systems or obtain the 
required financial information via manual processes and nonroutine 
adjustments as part of the financial statement preparation process. 
Having systems that can routinely produce information for financial 
reporting on demand for day-to-day decision making is one of the 
expected results of the President's Management Agenda, as well as one 
of the goals of FFMIA.

In addition, for both fiscal years 2001 and 2002, auditors reported 
that INS did not have a reliable system for providing regular, timely 
data on the numbers of completed and pending immigration applications, 
and the associated collections of fees valued at nearly $1 billion for 
fiscal year 2002. Accordingly, INS was not able to accurately and 
regularly determine fees it earns without relying on an extensive 
servicewide, year-end physical count of over 5.4 million pending 
applications, as was the case in fiscal year 2002. INS has been 
developing a new tracking system to facilitate its inventory process. 
However, until the new system is implemented, INS must rely on 
inefficient manual processes that significantly disrupt its operations. 
These and other inherent weaknesses in INS's financial management 
process limit its ability to produce useful, accurate, and timely 
financial information.

Despite the importance and prevalence of information technology (IT) 
systems in accomplishing its core missions, INS has not yet established 
and implemented effective controls for managing its IT 
resources.[Footnote 7] The root cause of INS's systems problems has 
been an absence of effective enterprise architecture management and an 
IT investment management process. To address such weaknesses, INS has 
been developing an enterprise architecture, including a current and 
target architecture, as well as a transition plan. Similarly, INS has 
taken steps to implement rigorous and disciplined investment management 
controls. However, with the transfer to DHS and the splitting of INS, 
these plans will have to be reanalyzed, further delaying implementation 
of effective systems and complicating DHS's ability to produce 
reliable, timely, and accurate financial statements and information.

Federal Emergency Management Agency:

FEMA, the only CFO Act agency to transfer in its entirety to DHS, faces 
several major financial management challenges, in spite of receiving an 
unqualified opinion on its fiscal year 2002 financial 
statements.[Footnote 8] In fiscal year 2002 FEMA's auditors reported 
six material internal control weaknesses and that FEMA's financial 
management systems were not in substantial compliance with the 
requirements of FFMIA. One major weakness was FEMA's inability to 
efficiently prepare accurate financial statements as called for in the 
President's Management Agenda. For example, auditors reported that for 
fiscal year 2002, FEMA did not have an integrated financial reporting 
process that could generate financial statements as a byproduct of 
already existing processes, and that its financial statements were 
prepared late and required significant revisions.

In addition, auditors reported in fiscal year 2001 and again in fiscal 
year 2002 that FEMA did not have adequate accounting systems and 
processes to ensure that all property, plant, and equipment were 
properly recorded, accurately depreciated, and tracked in accordance 
with its polices and applicable federal accounting standards. As a 
result, FEMA's property management system cannot track items to 
supporting documentation or to a current location. Furthermore, FEMA 
lacks procedures to ensure that (1) equipment is consistently recorded 
on either a system or a component basis, (2) procedures are in place to 
ensure that property inventories are performed properly, and (3) all 
equipment is entered into its personal property management system. As a 
result, there is an increased risk that equipment and other property 
could be lost, stolen, or improperly recorded in its accounting 
records.

Since FEMA was the only agency to transfer to DHS in its entirety, it, 
unlike all of the other agencies, is left without a legacy department 
to prepare financial statements for the first 5 months of activity for 
fiscal year 2003 or an Office of Inspector General (OIG) to audit them, 
leaving FEMA's financial management information for the first 5 months 
of this fiscal year vulnerable to omissions, errors, and ultimately 
material misstatements. Given the weaknesses in, among other things, 
FEMA's property controls, we are initiating a review of FEMA's 
disbursement activity and property management controls covering this 5-
month period. We will keep this Subcommittee informed of our progress 
in this review. Until corrective actions are implemented to address 
weaknesses, FEMA will not be able to achieve effective financial 
accountability or ensure that property is properly accounted for.

U.S. Customs Service:

In fiscal year 2002, Customs under Treasury received a qualified 
opinion on a limited scope review[Footnote 9] of its internal controls. 
This qualified opinion was due to the identification of four material 
weaknesses in Customs' internal controls by its independent 
auditors.[Footnote 10] For example, auditors reported that Customs' 
financial systems did not capture all transactions as they occurred 
during the year; did not record all transactions properly; were not 
fully integrated; and did not always provide for essential controls 
with respect to override capabilities. As a result, extensive manual 
procedures and analysis were required to process certain routine 
transactions and prepare year-end financial statements.

Customs, which typically collects and processes over $23 billion in 
fees annually, was found to have poor collection procedures throughout 
the agency. Ongoing weaknesses in the design and operation of Customs' 
controls over trade activities and financial management and information 
systems continue to inhibit the effective management of these 
activities and protection of trade revenue. For example, auditors 
reported that Customs' Automated Commercial System could not provide 
summary information on the total unpaid assessments for duties, taxes, 
and fees by individual importer. The system also could not generate 
periodic management information on outstanding receivables, the age of 
receivables, or other data necessary for managers to effectively 
monitor collection procedures. Such a capability would allow Customs to 
give managers timely access to program revenue information and more 
effectively present performance measures, which is critical for 
implementation of the President's Management Agenda.

Despite Customs' progress in implementing recommendations GAO and 
others have made over the years, numerous weaknesses continue to hinder 
progress toward developing Customs' planned import system, the 
Automated Commercial Environment (ACE).[Footnote 11] ACE is intended to 
replace the current system used for collecting import-related data and 
ensuring, among other things, that trade-related revenue is properly 
collected and allocated. To ensure proper implementation of these 
initiatives, DHS's management must continue to provide a sustained 
level of commitment to its successful implementation. Until this system 
is fully implemented, billions in trade-related revenue will continue 
to be tracked by systems with inadequate controls. In addition, like 
INS, Customs faces additional financial management challenges because 
it was split into various components.

Transportation Security Administration:

TSA was created by the Aviation and Transportation Security 
Act[Footnote 12] under the Department of Transportation (DOT) in 
November 2001, to develop transportation security policies and programs 
that contribute to providing secure transportation for the American 
public. Despite its short history, the former TSA brings to DHS 
numerous financial management issues. In fiscal year 2002, auditors 
reported five material weaknesses and that TSA's systems were not in 
substantial compliance with FFMIA.[Footnote 13] Specifically, auditors 
found that TSA management had not established written accounting 
policies and procedures to properly perform TSA's financial management 
and budgeting functions during fiscal year 2002. This is an example of 
what can happen when a newly created entity does not thoroughly develop 
and implement standard accounting policies and procedures. DHS should 
carefully review TSA's weaknesses to avoid experiencing them on a 
departmentwide basis.

Auditors also reported that TSA did not maintain complete and accurate 
records of its passenger and baggage screening equipment, most notably 
its Explosive Detection System (EDS) equipment. For example, a 
significant amount of fixed assets were found to not be recorded in the 
financial statements and an adjustment of approximately $149 million 
was made after year-end to properly record construction in progress for 
the manufacture of EDS equipment. Until such weaknesses are resolved, 
millions of dollars spent on new equipment and other fixed assets could 
go unaccounted for or be improperly recorded, leaving TSA and DHS 
vulnerable to fraud, waste, and abuse.

Another weakness reported by DOT's OIG was TSA's inadequate controls 
over security screener contracts. Policies and procedures were not 
established to provide an effective span of control to monitor 
contractor costs and performance. This lack of oversight enabled 
contractors to charge TSA up to 97 percent more than the contractors 
charged air carriers prior to the federalization of the screener 
workforce. This weakness provides further evidence of the importance of 
carefully documenting policies and procedures early in the 
implementation of a new organization.

Office of Domestic Preparedness:

Established in 1998, the former Office of Domestic Preparedness (ODP) 
under DOJ's Office of Justice Programs provides grant funds and direct 
support to, among other things, help address the equipment, training, 
and technical assistance needs of state and local jurisdictions for 
responding to terrorism and terrorist-related activities.

Since its inception, auditors have reported deficiencies in ODP's 
ability to administer grant funds.[Footnote 14] In fiscal year 2002, we 
reported grant management as one of DOJ's major performance and 
accountability challenges.[Footnote 15] DOJ's OIG has found that while 
millions of dollars had been awarded, the funds were not awarded 
expeditiously, and grantees were very slow to spend the requested 
monies.[Footnote 16] According to the OIG, more than half of the monies 
requested and granted over the past few years remained unspent and some 
of the equipment purchased by state and local jurisdictions was 
unavailable for use because grantees did not properly distribute the 
equipment, could not locate it, or were inadequately trained to use it.

Since the DOJ OIG reported on this issue in fiscal year 2002, DHS has 
released more than $4.4 billion in grants to state and local 
governments and private sector organizations. This increased level of 
grants will only exacerbate these problems unless DHS works with 
grantees to improve the accountability over these funds.

Coast Guard:

Unlike many of the larger agencies that transferred to DHS, the Coast 
Guard did not have a stand-alone financial statement audit, but was 
audited as part of DOT's consolidated audit. Although the auditors for 
DOT have not reported significant financial management weaknesses at 
the Coast Guard in recent years, the Coast Guard still uses DOT's 
Departmental Accounting and Financial Information System, which, among 
other things, was unable to produce auditable financial statements 
based on the information within the system. In addition, we have listed 
the Coast Guard as part of DHS's major management challenges due to its 
dual missions of maritime safety and homeland security.[Footnote 17]

Concerns have also been reported regarding the Coast Guard's Deepwater 
Procurement Project, which currently has an estimated cost of $17 
billion over 20 years. It is intended to replace or modernize by 2022 
all assets used in missions that generally occur offshore. However, due 
to the events of September 11TH and the Coast Guard's expanded role in 
homeland security, additional project requirements have been 
identified, including accelerating the project to be completed in 10 
years. These changes may result in increased annual funding needs for 
the project, thus increasing the vulnerability to ineffective and 
inefficient use of funds.

Secret Service:

The Secret Service, formerly under the Department of the Treasury 
(Treasury), has also not had a stand-alone financial statement audit, 
but was audited as part of Treasury's consolidated audit. Although from 
an audit perspective the Secret Service was relatively small in 
relation to the Internal Revenue Service and Bureau of the Public Debt 
at Treasury, its missions of protecting the President and investigating 
financial crimes are sensitive. Auditors for Secret Service may 
identify internal control weaknesses that were not previously known, 
but may now be identified since the Secret Service is proportionately a 
larger component of DHS than it was under Treasury, and may therefore 
be subjected to increased levels of audit scrutiny.

Other Entities:

Aside from the known weaknesses at the 7 larger component agencies 
comprising DHS, some of the 15 smaller entities that transferred to DHS 
may also have weaknesses not previously identified. As with the Secret 
Service, these entities may be proportionately more significant at DHS 
than they were at their legacy departments. In addition, once combined, 
certain areas may be cumulatively subject to more audit scrutiny than 
when they were dispersed throughout other departments. Any such 
weaknesses will only exacerbate the extensive existing challenges.

Financial Reporting Challenges:

DHS plans to prepare financial statements for the 7 months ending 
September 30, 2003. We support DHS's decision to do so, but recognize 
that it will be very challenging given the problems DHS inherited, 
compounded by the additional complexity of merging a number of diverse 
entities, which literally has had to hit the ground running from day 
one. Obtaining a consolidated DHS financial statement audit for that 
same period will be equally challenging, but also worthwhile.

Since DHS is a new entity, its auditors have already begun performing 
audit procedures on beginning balances (i.e., transferred balances) as 
of March 1, 2003, the activity for the 7 months ending September 30, 
2003, and ending balances. The transfer date of March 1 represents a 
unique challenge because it does not fall on the end of a typical 
accounting period, such as the end of the fiscal year or reporting 
quarter. In addition, legacy departments' goals of reaching accelerated 
reporting dates[Footnote 18] for fiscal year 2003 may be impaired if 
DHS cannot provide intragovernmental information needed by these 
departments on time. OMB and Treasury require agencies to reconcile 
selected intragovernmental activity and balances with their "trading 
partners" (i.e., other agencies) and to report on the extent and 
results of intragovernmental activity and balance reconciliation 
efforts. This information is necessary, not only for the agencies' 
financial statements and reports, but also for the U.S. Consolidated 
Financial Statements.

These are unique challenges that must be addressed to ensure that 
accounts and amounts transferred to DHS are complete and accurate and 
that legacy departments' reporting is not negatively impacted. Any 
significant problems encountered could also negatively impact the 
preparation and audit of the U.S. government's fiscal year 2003 
financial statements.

In the longer term, DHS can only overcome its many challenges if it 
establishes systems, processes, and controls that help to ensure 
effective financial management and insists on the adherence to strong 
financial practices. In addition to addressing the many ongoing 
challenges existing in the programs of incoming agencies, DHS will need 
to focus on building future systems as part of its enterprise 
architecture approach to ensure an overarching framework for the 
agency's integrated financial management processes. Plans and standard 
accounting policies and procedures must be developed and implemented to 
bridge these financial environments into an integrated DHS system.

Mr. Chairman, I would now like to discuss steps DHS should take to 
establish sound financial management and business processes.

Steps for Establishing Sound Financial Management and Business 
Processes:

Successful financial management of DHS will depend on the department 
producing financial information that provides useful information for 
executive decision making. In April 2000, we issued an executive guide 
that provided guidance in creating value through financial 
management.[Footnote 19] After studying the financial management 
practices and improvement efforts of nine leading private and public 
sector finance organizations, we identified several success factors, 
practices, and outcomes associated with world-class financial 
management. The organizations we studied include The Boeing Company, 
Chase Manhattan Bank, General Electric Company, Hewlett-Packard, Owens 
Corning, Pfizer Inc., and the states of Massachusetts, Texas, and 
Virginia.

First and foremost, establishing the following goals is key to 
developing a world-class finance organization with sound financial 
management and business processes: (1) make financial management an 
entitywide priority, (2) redefine the role of the finance organization, 
(3) provide meaningful information to decision makers, and (4) build a 
team that delivers results. I will discuss each of these goals in more 
detail below, including several best practices that are critical in 
meeting these goals. These practices lead to finance organizations that 
provide timely information that is relevant to management, useful in 
the decision-making process, and adds value to the organization. Since 
it is a newly created entity, DHS has a unique opportunity to implement 
the identified practices when developing financial policies and 
activities to establish sound financial management and business 
processes.

Establish Financial Management as an Entitywide Priority:

Based on our study of world-class financial organizations, making 
financial management an entitywide priority is encouraged through the 
following best practices: (1) providing clear, strong, executive 
leadership, (2) building a foundation of control and accountability, 
and (3) using training to change the culture and engage line managers.

Top leadership involvement is essential for a successful realignment of 
this magnitude. Top leadership is responsible for allocating the 
resources needed to improve financial management and for building and 
maintaining the organization's commitment to doing business in a new 
way. The CFO Act established the position of CFO in 24 agencies (app. I 
lists the original 24 CFO Act agencies--FEMA has transferred to DHS 
since the act was enacted) in the federal government. These CFOs are 
given oversight authority regarding financial management matters and 
are responsible for ensuring that sound financial management is in 
place. As you know, DHS is not currently subject to the provisions of 
the CFO Act, and thus has no legal requirement to comply with its 
provisions. Although Secretary Ridge pledged financial management as a 
priority in his May 1, 2003, testimony, passage of H.R. 2886, which 
would amend the CFO Act to include DHS, is important to ensure the 
department's long-term commitment to establishing sound financial 
management and business processes.

Further, as DHS continues to integrate its 22 entities, it must build a 
strong overall foundation of control and accountability. Management 
should begin by considering any significant control issues with 
agencies that are being integrated to form DHS, many of which I have 
already highlighted. These issues must be addressed within the specific 
agencies, as well as departmentwide to ensure they do not continue to 
be control issues within the newly formed department. Additionally, 
increases in accountability should be encouraged through the production 
of financial and performance reports for major programs on a regular 
and frequent basis to help in the decision-making process and strategic 
planning. Ultimately, the foundation for regular and frequent reporting 
will be through development of an integrated financial management 
system--one capable of capturing data at an appropriate level of detail 
and producing relevant and reliable information for users based on 
their needs. In the case of DHS, the challenge of combining, 
integrating, modernizing, and in some cases replacing the systems of 
many disparate agencies will require careful planning if the conversion 
is to be successful.

Redefine the Role of the Finance Organization:

As discussed earlier, many of the larger agencies that transferred to 
DHS have a history of poor systems and inadequate financial management. 
In order to establish sound financial management and business 
processes, we found that world-class finance organizations redefined 
the role of the finance organization and implemented an integrated 
financial management structure that: (1) assessed the finance 
organization's role in meeting the department's mission, (2) maximized 
the efficiency of day-to-day accounting activities, and (3) organized 
the finance organization to add value.

The ever-increasing competition for resources requires careful 
allocation of funds. Without the support of an effective finance 
organization, program managers may not be able to determine costs 
associated with government activities, defend those costs, or identify 
the benefits derived from them. The finance organization must 
understand the department's mission and be able to provide information 
in support of that mission. Of key importance is the ability of the 
finance organization to efficiently complete routine accounting 
activities, thus freeing resources to focus on other finance-related 
priorities that are in support of the department's mission. As I 
previously discussed, many of the larger agencies that transferred into 
DHS spend significant time preparing financial statements using manual 
work-arounds and have a history of poor financial management systems 
and significant internal control weaknesses. Such a time-consuming 
method of routine financial statement preparation does not allow for 
efficient use of finance staff. As DHS develops its financial 
management and businesses processes, it should focus on developing the 
abilities to (1) efficiently and effectively complete routine 
processing activities and (2) compile the data needed to measure 
performance so that information is available to management on a day-to-
day basis.

Provide Meaningful Information for Decision Makers:

The overarching goal of the President's Management Agenda is the 
improvement of government performance. The finance organization must 
play a pivotal role in providing decision makers with the information 
they need to measure performance. To efficiently and effectively 
provide reliable information to decision makers, we identified three 
best practices in our study of world-class finance organizations: (1) 
develop systems that support the partnership between finance and 
operations, (2) reengineer processes in conjunction with new 
technology, and (3) translate financial data into meaningful 
information.

To help agencies set goals and measure performance, the Congress 
enacted the Government Performance and Results Act (GPRA) in 1993. As 
part of GPRA, agencies, including DHS, are required to prepare a 5-year 
performance plan and annual performance reports. These required reports 
provide a strategic planning and management framework intended to 
improve federal performance and hold agencies accountable for achieving 
results. GPRA was intended, in part, to improve congressional decision 
making by giving the Congress comprehensive and reliable information on 
the extent to which federal programs are fulfilling their statutory 
intent. Additionally, the President's Management Agenda includes 
improved financial management performance as one of the five 
governmentwide management goals. This initiative is aimed at ensuring 
that federal financial systems produce accurate and timely information 
to support operating, budget, and policy decisions. The finance 
organization is a key component of a department's ability to meet its 
requirements under GPRA and the objectives of the President's 
Management Agenda.

Build an Effective Finance Team:

Over the years, the federal government has had difficulty attracting 
and retaining talented financial management officials. Improving 
financial performance is difficult without experienced leadership and 
staff who are committed to success. Our study of several world-class 
finance organizations indicated the following as best practices to 
build a team that can deliver results: (1) develop a finance team with 
the right mix of skills and competencies, and (2) attract and retain 
talent.

Given the current demand on resources and the competition for qualified 
employees, developing and retaining a talented finance team that is 
capable of meeting the changing demands of the federal financial 
workplace is an important goal. The lack of highly qualified financial 
management professionals can hamper effective federal financial 
management operations. The CFO Act requires OMB's Deputy Director for 
Management to develop and maintain qualification standards for agency 
CFOs and their deputies; provide advice to agencies on the 
qualification, recruitment, performance, and retention of financial 
management personnel; and assess the adequacy of financial management 
staffs throughout the government. Additionally, the CFO Act places 
responsibility with the CFO to recruit, select, and train finance 
personnel.

To help department leaders manage their people and integrate human 
capital considerations into daily decision making and the program 
results they seek to achieve, we developed a strategic human capital 
model.[Footnote 20] This model is applicable to department leadership 
as a whole but is also applicable to finance organization leadership as 
they seek to attract, develop, and retain talent. The two critical 
success factors identified in our model to assist organizations in 
creating results-oriented cultures are (1) linking unit and individual 
performance to organizational goals and (2) involving employees in the 
decision-making process. Agency leaders have other opportunities for 
displaying their commitment to human capital. Continuous learning 
efforts, employee-friendly workplace policies, competency-based 
performance appraisal systems, and retention and reward programs are 
all ways in which agencies can value and invest in their human capital. 
The sustained provision of resources for such programs can show 
employees and potential employees the commitment agency leaders have to 
strategic human capital management. DHS should adopt these success 
factors in building a financial management team that delivers results.

It is well recognized that mergers of the magnitude of DHS carry 
significant risks, including lost productivity and inefficiencies. 
Successful transformations of large organizations generally can take 
from 5 to 7 years to achieve. Necessary management capacity, 
communication and information systems, as well as sound financial 
management and business processes must be established. Though creating 
and maintaining these structures will be demanding and time consuming, 
it is necessary to effectively implement the national homeland security 
strategy.[Footnote 21]

Over the past several months, we have met with DHS's CFO, Acting 
Inspector General and Assistant Inspector General for Audits, and its 
independent auditors performing its financial statement audit for 2003. 
We are committed to working in a coordinated effort with the Congress, 
DHS, and its auditors to provide advice to DHS on developing a sound 
financial management structure that will facilitate, and not hamper, 
its mission of securing the homeland. We believe that passage of H.R. 
2886 will further assist DHS in meeting this goal.

Comments on H.R. 2886:

Mr. Chairman, as you know, H.R. 2886 as introduced on July 24, 2003 
would amend the CFO Act to (1) add DHS as a CFO Act agency and remove 
FEMA as a CFO Act agency, (2) require DHS to obtain an audit opinion on 
its internal controls, and (3) require DHS to include program 
performance information in its performance and accountability reports. 
In addition, H.R. 2886 as introduced would have provided a waiver 
allowing DHS to forego a financial statement audit for fiscal year 
2003. We understand an agreement has been reached to remove this waiver 
from the proposed legislation. DHS's 2003 audit is already underway and 
the department has stated it is committed to obtaining this audit. The 
waiver option is, therefore, no longer needed, and we support dropping 
the provision from H.R. 2886.

Inclusion of DHS as a CFO Act Agency:

We supported passage of the CFO Act in 1990 and continue to strongly 
support its objectives of (1) giving the Congress and agency decision 
makers reliable financial, cost, and performance information both 
annually and, most important, as needed throughout the year to assist 
in managing programs and making difficult spending decisions, (2) 
dramatically improving financial management systems, controls, and 
operations to eliminate fraud, waste, abuse, and mismanagement and 
properly safeguard and manage the government's assets, and (3) 
establishing effective financial organizational structures to provide 
strong leadership. Achieving these goals is critical for establishing 
effective financial management, and we fully support amending the CFO 
Act to include DHS.

In developing the CFO Act, the Congress viewed the CFO as being a 
critical player in the management of an agency. At the time, financial 
management was not a priority in most federal agencies and was all too 
often an afterthought. All too often, the top financial management 
official wore many hats, which left little time for financial 
management; did not necessarily have any background in financial 
management; and focused primarily on the budget. By establishing 
statutorily the position of CFO, requiring that the person in the 
position have strong qualifications and a proven track record in 
financial management, and giving this person status as a presidential 
appointee, the Congress sought to change the then existing paradigm. Of 
the 24 agencies named in the 1990 CFO Act, 16 were designated as Level 
IV, Presidential appointee Senate confirmation positions and eight were 
career positions. Today, CFOs have become influential across government 
and the quality of the appointees has borne out the wisdom of the 
Congress's insistence that this position be elevated (meaning it 
reported to the top and had standing with other top officials). We have 
seen an evolution of the CFO position and a quantum change in the 
expertise and abilities of CFOs and the attractiveness of this position 
to someone having the type of proven track record in financial 
management that is needed in the federal government. In the end, the 
key attribute is the quality of the person in the position to affect 
change and carry out the role of CFO and whether the head of the agency 
supports the CFO and empowers that person to do the job needed. 
Appointment of the CFO by the President, subject to Senate 
confirmation, is one way to help ensure that the goals of the CFO Act 
are met and that has proven itself over time.

The CFO Act, as expanded by the Government Management Reform Act of 
1994, also requires agencies to prepare and have audited financial 
statements. The Congress added further emphasis to the importance of 
sound financial management when it enacted FFMIA. Under the 
Accountability of Tax Dollars Act of 2002,[Footnote 22] DHS, as an 
executive branch agency with budget authority greater than $25 million, 
would be required to obtain annual financial statement audits; however, 
its auditors would not have to report on compliance with FFMIA. 
Although DHS has appropriately contracted with independent auditors to 
report on its systems compliance with FFMIA for fiscal year 2003, it is 
not legally required to do so. FFMIA requires that agencies implement 
and maintain financial management systems that substantially comply 
with (1) federal systems requirements, (2) federal accounting 
standards, and (3) the U.S. Government Standard General Ledger. The 
ability to produce the data needed to efficiently and effectively 
manage the day-to-day operations of the federal government and provide 
accountability to taxpayers has been a long-standing challenge at most 
federal agencies. As we discussed earlier, auditors reported that many 
of the larger agencies that transferred to DHS were not in substantial 
compliance with FFMIA prior to their transfer to DHS. Given these 
preexisting compliance issues, in addition to issues that may arise 
with system integration initiatives, it is critical that DHS be legally 
required to comply with these important financial management reforms.

Opinion on Internal Controls:

Current OMB guidance for audits of government agencies and 
programs[Footnote 23] requires auditor reporting on internal control, 
but not at the level of providing an opinion on internal control 
effectiveness. However, we have long believed and the Comptroller 
General has gone on record in 
congressional testimony[Footnote 24] that auditors have an important 
role in providing an opinion on the effectiveness of internal control 
over financial reporting and compliance with laws and regulations in 
connection with major federal departments and agencies. For a number of 
years, we have provided separate opinions on internal control 
effectiveness for the federal entities that we audit because of the 
importance of internal control to protecting the public's interest. 
Specifically, we provide separate opinions on internal controls and 
compliance with laws and regulations for our audits of the U.S. 
government's consolidated financial statements, the financial 
statements of the Internal Revenue Service and Federal Deposit 
Insurance Corporation, the Schedules of Federal Debt managed by the 
Bureau of the Public Debt, and numerous small entities' operations and 
funds. Our reports and related efforts have engendered major 
improvements in internal control.

As part of the annual audit of our own financial statements, we 
practice what we recommend to others and contract with an independent 
public accounting firm for both an opinion on our financial statements 
and an opinion on the effectiveness of our internal control over 
financial reporting and compliance with laws and regulations. Our goal 
is to lead the way in establishing the appropriate level of auditor 
reporting on internal control for federal agencies, programs, and 
entities receiving significant amounts of federal funding. 
Additionally, three agencies, Social Security Administration (SSA), 
General Services Administration (GSA), and the Nuclear Regulatory 
Commission (NRC) voluntarily obtain separate opinions on internal 
control effectiveness from their auditors, which is commendable.

Another consideration as the Congress decides whether to enact new 
requirements is that an opinion on internal controls is what has been 
prescribed by the Congress for publicly traded corporations. A final 
rule issued by the Securities and Exchange Commission in June 2003 and 
effective in August 2003 provides guidance for implementation of 
Section 404 of the Sarbanes-Oxley Act of 2002,[Footnote 25] which 
requires publicly traded companies to establish and maintain an 
adequate internal control structure and procedures for financial 
reporting and include in its annual report a statement of management's 
responsibility for and management's assessment of the effectiveness of 
those controls and procedures in accordance with standards adopted by 
the Securities and Exchange Commission. The final rule defines this 
requirement and requires applicable companies to obtain a report in 
which a registered public accounting firm expresses an opinion, or 
states that an opinion cannot be expressed, concerning management's 
assessment of the effectiveness of internal controls over financial 
reporting.

Auditor reporting on internal control is a critical component of 
monitoring the effectiveness of an organization's accountability. GAO 
strongly believes that this is especially important for very large, 
complex, or challenged entities. By giving assurance about internal 
control, auditors can better serve their clients and other financial 
statement users and better protect the public interest by having a 
greater role in providing assurances of the effectiveness of internal 
control in deterring fraudulent financial reporting, protecting assets, 
and providing an early warning of internal control weaknesses. We 
believe auditor reporting on internal control is appropriate and 
necessary for publicly traded companies and major public entities 
alike. We also believe that such reporting is appropriate in other 
cases where management assessment and auditor examination and reporting 
on the effectiveness of internal control add value and mitigate risk in 
a cost-beneficial manner.

We know that some will point to increased costs as a reason to remove 
this provision from the legislation. We believe that auditors who 
follow the Financial Audit Manual--which was jointly developed by GAO 
and the President's Council on Integrity and Efficiency (PCIE)[Footnote 
26]--should ordinarily have little to no incremental costs associated 
with such reporting.

We fully support having DHS, as well as all CFO Act agencies, obtain an 
opinion on its internal control. If DHS is truly committed to becoming 
a model federal agency, it should begin obtaining opinions on internal 
control as soon as practical and set an example for other agencies to 
follow and in keeping with the actions already taken by SSA, GSA, NRC, 
and GAO.

Inclusion of Performance Information in Accountability Reports:

We also support agencies including program performance information in 
agency performance and accountability reports, so that relevant 
performance and financial information is presented in a consolidated 
and useful manner. Agencies currently have the discretion to include 
this information in a consolidated format. We strongly encourage DHS to 
consolidate this information in its accountability report beginning 
with fiscal year 2003.

In closing, the American people have increasingly demanded 
accountability from government and the private sector. The Congress has 
recognized, through legislation such as the CFO Act, that the federal 
government must be held to the highest standards. We already know that 
many of the larger agencies transferred to DHS have a history of poor 
financial management systems and significant internal control 
weaknesses. These known weaknesses provide further evidence that DHS's 
systems and financial controls should be subject to provisions of the 
CFO Act and thus FFMIA. We also strongly encourage DHS to become a 
model agency and, as soon as practical, obtain an opinion on its 
internal controls and report performance information in its 
accountability reports.

Mr. Chairman, this concludes my statement. I would be happy to answer 
any questions you or other Members of the Subcommittee may have at this 
time.

Contacts and Acknowledgments:

For information about this statement, please contact McCoy Williams, 
Director, Financial Management and Assurance, at (202) 512-6906, or 
Casey Keplinger, Assistant Director, at (202) 512-9323. You may also 
reach them by e-mail at [Hyperlink, williamsm1@gao.gov] or [Hyperlink, 
keplingerc@gao.gov]. Individuals who made key contributions to this 
testimony include Cary Chappell and Heather Dunahoo.

[End of section]

Appendix I: CFO Act Agencies:

24 CFO Act Agencies:

The Department of Agriculture The Department of Commerce  The 
Department of Defense  The Department of Education  The Department of 
Energy  The Department of Health and Human Services  The Department of 
Housing and Urban Development  The Department of Interior  The 
Department of Justice  The Department of Labor  The Department of State 
 The Department of Transportation  The Department of the Treasury  The 
Department of Veterans Affairs  The Environmental Protection Agency  
The National Aeronautics and Space Administration The Agency for 
International Development  The Federal Emergency Management 
Agency[Footnote 27] The General Services Administration  The National 
Science Foundation  The Nuclear Regulatory Commission  The Office of 
Personnel Management  The Small Business Administration The Social 
Security Administration:

[End of section]

Related GAO Products:

[End of section]

Fiscal Year 2002 U.S. Government Financial Statements: Sustained 
Leadership and Oversight Needed for Effective Implementation of 
Financial Management Reform. [Hyperlink, http://www.gao.gov/cgi-bin/
getrpt?GAO-03-572T] GAO-03-572T. Washington, D.C.: April 8, 2003.

Transportation Security Administration: Actions and Plans to Build a 
Results-Oriented Culture. [Hyperlink, http://www.gao.gov/cgi-bin/
getrpt?GAO-03-190] GAO-03-190. Washington, D.C.: January 2003.

High-Risk Series: An Update. [Hyperlink, http://www.gao.gov/cgi-bin/
getrpt?GAO-03-119] GAO-03-119. Washington, D.C.: January 2003.

Major Management Challenges and Program Risks: Federal Emergency 
Management Agency. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-
03-113] GAO-03-113. Washington, D.C.: January 2003.

Major Management Challenges and Program Risks: Department of the 
Treasury. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-109] 
GAO-03-109. Washington, D.C.: January 2003.

Major Management Challenges and Program Risks: Department of Justice. 
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-105] GAO-03-105. 
Washington, D.C.: January 2003.

Major Management Challenges and Program Risks: Department of Homeland 
Security. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-102] 
GAO-03-102. Washington, D.C.: January 2003.

Financial Management: FFMIA Implementation Necessary to Achieve 
Accountability. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-
31] GAO-03-31. Washington, D.C.: October 1, 2002.

Homeland Security: Critical Design and Implementation Issues. 
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-02-957T] GAO-02-
957T. Washington, D.C.: July 17, 2002.

A Model of Strategic Human Capital Management. [Hyperlink, http://
www.gao.gov/cgi-bin/getrpt?GAO-02-373SP] GAO-02-373SP. Washington, 
D.C.: March 2002.

Executive Guide: Creating Value Through World-class Financial 
Management. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO/AMID-00-
134] GAO/AMID-00-134. Washington, D.C.: April 2000.

(195024):

FOOTNOTES

[1] High-Risk Series: An Update, GAO-03-119 (Washington, D.C.: January 
2003).

[2] The seven major agencies that were transferred to DHS are: 
Immigration and Naturalization Service, Federal Emergency Management 
Agency, Customs Service, Transportation Security Administration, the 
Office of Domestic Preparedness, the U.S. Coast Guard, and the Secret 
Service.

[3] A material weakness is a condition that precludes the entity's 
internal control from providing reasonable assurance that 
misstatements, losses, or noncompliance, which are material in relation 
to the financial statements or to stewardship information, would be 
prevented or detected on a timely basis. 

[4] FFMIA requires auditors, as part of CFO Act agencies' financial 
statements, to report whether agencies' financial management systems 
substantially comply with (1) federal financial management systems 
requirements, (2) applicable federal accounting standards, and (3) the 
federal government's standard general ledger at the transaction level.

[5] Pub. L. No. 101-576, 104 Stat. 2838 (1990).

[6] U.S. Department of Justice, Office of Inspector General, 
Immigration and Naturalization Service Financial Statements, Fiscal 
Year 2002, Audit Report No. 03-22 (Washington, D.C.: May 2003).

[7] U.S. General Accounting Office, Major Management Challenges and 
Program Risks: Department of Justice, GAO-03-105 (Washington, D.C.: 
January 2003).

[8] Federal Emergency Management Agency, Annual Performance and 
Accountability Report Fiscal Year 2002 (Washington, D.C.: Jan. 24, 
2003).

[9] A limited scope review was performed in lieu of a financial 
statement audit due to security clearance procedures and other matters 
related to the access and handling of sensitive information, which 
delayed the start of the IT evaluation and thus prevented the auditors 
from completing test work on IT general and application controls.

[10] U.S. Department of the Treasury, Office of Inspector General, 
Financial Management: Report on Internal Control Over Financial 
Reporting of the U.S. Customs Service for Fiscal Year 2002, OIG-03-033 
(Washington, D.C.: Dec. 16, 2002).

[11] U.S. General Accounting Office, Customs Service Modernization: 
Automated Commercial Environment Progressing, but Further Acquisition 
Management Improvements Needed, GAO-03-406 (Washington, D.C.: February 
2003).

[12] Pub. L. No. 107-71, 115 Stat. 597 (2001).

[13] U.S. Department of Transportation, Office of Inspector General, 
Quality Control Review of Audited Financial Statements for Fiscal Year 
2002, TSA, QC-2003-016 (Washington, D.C.: Jan. 27, 2003). 

[14] U.S. Department of Justice, Office of Inspector General, Office of 
Justice Programs: State and Local Domestic Preparedness Grant Programs, 
02-15 (Washington, D.C.: March 2002). 

[15] U.S. General Accounting Office, Major Management Challenges and 
Program Risks: Department of Justice, GAO-03-105 (Washington, D.C.: 
January 2003).

[16] U.S. Department of Justice, Fiscal Year 2002 Performance and 
Accountability Report (Washington, D.C.: Jan. 31, 2003).

[17] U.S. General Accounting Office, Major Management Challenges and 
Program Risks: Department of Homeland Security, GAO-03-102 (Washington, 
D.C.: January 2003).

[18] The Office of Management and Budget (OMB) has issued accelerated 
reporting requirements that require agencies to prepare financial 
statements close to the end of the reporting period. Under these 
requirements, agency performance and accountability reports for fiscal 
year 2002 were due to OMB by February 1, 2003, and by fiscal year 2004 
agencies will be required to submit these reports by November 15, 2004. 
In addition, in fiscal year 2003, agencies are required to prepare and 
submit quarterly financial statements no later than 45 days after the 
end of the reporting period. 

[19] U.S. General Accounting Office, Executive Guide: Creating Value 
Through World-class Financial Management, GAO/AIMD-00-134 (Washington, 
D.C.: April 2000).

[20] U.S. General Accounting Office, A Model of Strategic Human Capital 
Management, GAO-02-373SP (Washington, D.C.: Mar. 15, 2002). 

[21] GAO convened a forum on September 24, 2002, to identify and 
discuss useful practices and lessons learned from major private and 
public sector organizational mergers, acquisitions, and 
transformations. U.S. General Accounting Office, Highlights of a GAO 
Forum: Mergers and Transformation: Lessons Learned for a Department of 
Homeland Security and Other Federal Agencies, GAO-03-293SP (Washington, 
D.C.: November 2002).

[22] Pub. L. No. 107-289, 116 Stat. 2049 (2002).

[23] Office of Management and Budget, Audit Requirements for Federal 
Financial Statements, Bulletin 01-02 (Washington, D.C.: Oct. 16, 2000).

[24] U.S. General Accounting Office, Fiscal Year 2002 U.S. Government 
Financial Statements: Sustained Leadership and Oversight Needed for 
Effective Implementation of Financial Management Reforms, GAO-03-572T.

[25] Pub. L. No. 107-204, 116 Stat. 745 (2002).

[26] Generally referred to as the GAO/PCIE Financial Audit Manual. 

[27] Under the Homeland Security Act of 2002, FEMA transferred to DHS 
and under H.R. 2886 would no longer be considered a CFO Act agency.