This is the accessible text file for GAO report number GAO-08-1018 entitled 'Financial Management: Persistent Financial Management Systems Issues Remain for Many CFO Act Agencies' which was released on October 3, 2008. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Committees: United States Government Accountability Office: GAO: September 2008: Financial Management: Persistent Financial Management Systems Issues Remain for Many CFO Act Agencies: FFMIA Fiscal Year 2007 Results: GAO-08-1018: GAO Highlights: Highlights of GAO-08-1018, a report to congressional committees. Why GAO Did This Study: The ability to produce the financial information needed to efficiently and effectively manage the day-to-day operations of the federal government and provide accountability to taxpayers continues to be a challenge for many federal agencies. To help address this challenge, the Federal Financial Management Improvement Act of 1996 (FFMIA) requires the 24 Chief Financial Officers (CFO) Act agencies to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL). FFMIA also requires GAO to report annually on the implementation of the act. This report, primarily based on GAO and inspectors general reports and agencies’ performance and accountability reports, discusses (1) the reported status of agencies’ systems compliance with FFMIA and overall federal financial management improvement efforts and (2) the remaining challenges to achieving the goals of FFMIA. What GAO Found: For fiscal year 2007, auditors reported 13 of 24 CFO Act agencies’ financial management systems were not in substantial compliance with FFMIA requirements. For these 13 agencies, auditors reported a number of problems, as shown below, that illustrate how agency financial management systems—including processes, procedures, and controls—are not providing reliable, useful, and timely information to help manage agency programs more effectively. As discussed in prior FFMIA reports, GAO remains concerned that the criteria for assessing substantial compliance with FFMIA are not well defined or consistently implemented across agencies. In addition, the majority of participants at a Comptroller General’s forum on improving federal financial management systems said there is little agreement on the definition of “substantial compliance.” To address GAO’s prior recommendation, OMB is in the process of revising its guidance, and GAO has reemphasized its concerns with the need for an appropriate definition of substantial compliance that focuses on financial management systems’ capabilities beyond financial statement preparation. Figure: [See PDF for image] Source: GAO analysis based on independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal year 2007. [End of figure] Agencies’ efforts to implement new systems far too often result in systems that do not meet cost, schedule, and performance goals. Recent modernization efforts by some agencies have been hampered by not following disciplined processes. To help avoid implementation problems, OMB continues to make progress on its financial management line of business initiative, which promotes business-driven, common solutions for agencies to enhance federal financial management, but additional efforts are needed. What GAO Recommends: Although no new recommendations are being made in this report, GAO reaffirms its prior recommendation that the Office of Management and Budget (OMB) revise its guidance to clarify the meaning of “substantial compliance” to provide consistency when assessing FFMIA compliance. GAO will continue to work with OMB on this issue. To view the full product, including the scope and methodology, click on [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-1018]. For more information, contact Kay L. Daly at (202) 512-9095 or dalykl@gao.gov [End of section] Contents: Letter: Results in Brief: Background: Continued Emphasis Needed on Federal Financial Management and FFMIA Compliance: Challenges Remain to Achieve Goals of FFMIA: Conclusion: Agency Comments and Our Evaluation: Appendix I: Scope and Methodology: Appendix II: Requirements and Standards Supporting Federal Financial Management: Federal Financial Management Systems Requirements: Federal Accounting Standards: U.S. Government Standard General Ledger (SGL): Appendix III: Publications in the Federal Financial Management Systems Requirements Series: Appendix IV: Statements of Federal Financial Accounting Concepts, Standards, Interpretations, and Technical Bulletins: Appendix V: Accounting and Auditing Policy Committee Technical Releases: Appendix VI: Checklists for Reviewing Systems under the Federal Financial Management Improvement Act: Appendix VII: Comments from the Office of Management and Budget: Appendix VIII: GAO Contact and Staff Acknowledgments: Related GAO Products: Table: Table 1: Six Problem Areas and the Potential Effect on Agency Financial Management: Figures: Figure 1: Comparison of 2007 Financial Statement Audit Results to FFMIA Assessments: Figure 2: Auditors' FFMIA Assessments for Fiscal Years 1998 through 2007: Figure 3: Number of Reported Problems for 13 Agencies with FFMIA Noncompliant Systems for Fiscal Year 2007: Figure 4: Agency Systems Architecture: Abbreviations: AAPC: Accounting and Auditing Policy Committee: CFO: Chief Financial Officer: DHS: Department of Homeland Security: DOD: Department of Defense: FAM: Financial Audit Manual: FASAB: Federal Accounting Standards Advisory Board: FFMIA: Federal Financial Management Improvement Act: FFMSR: federal financial management systems requirements: FISMA: Federal Information Security Management Act: FMFIA: Federal Managers' Financial Integrity Act: FMLOB: financial management line of business: FSIO: Financial Systems Integration Office: HHS: Department of Health and Human Services: IG: inspector general: IRS: Internal Revenue Service: JFMIP: Joint Financial Management Improvement Program: OFFM: Office of Federal Financial Management: OMB: Office of Management and Budget: OPM: Office of Personnel Management: PCIE: President's Council on Integrity and Efficiency: SBA: Small Business Administration: SFFAC: Statements of Federal Financial Accounting Concepts: SFFAS: Statements of Federal Financial Accounting Standards: SGL: U.S. Government Standard General Ledger: UFMS: Unified Financial Management System: United States Government Accountability Office: Washington, DC 20548: September 30, 2008: The Honorable Joseph I. Lieberman: Chairman: The Honorable Susan M. Collins: Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Henry A. Waxman: Chairman: The Honorable Tom Davis: Ranking Member: Committee on Oversight and Government Reform: House of Representatives: Reliable, useful, and timely financial data are needed to efficiently and effectively manage the day-to-day operations of the federal government and ultimately provide accountability to taxpayers and the Congress. The value of reliable financial information for prudent and forward-thinking decision making cannot be overstated, especially given our nation's current fiscal environment. As we have reported for a number of years,[Footnote 1] the federal government faces large and growing structural deficits primarily because of known demographic trends and rising health care costs. These long-term challenges have profound implications for our future economic growth, standard of living, and national security. Significant resources will be needed to address many of these areas, and difficult choices and trade-offs are unavoidable. It is within this scenario that the implications of ongoing weaknesses in agencies' ability to produce reliable and timely financial information become clear. Accurate data on which to base crucial program and resource decisions are critical to meeting the challenges our nation faces in the 21st century. To address these long-standing weaknesses, the Congress mandated financial management systems reform within the federal government by enacting the Federal Financial Management Improvement Act of 1996 (FFMIA).[Footnote 2] FFMIA requires the departments and agencies covered by the Chief Financial Officers (CFO) Act of 1990[Footnote 3] to implement and maintain financial management systems,[Footnote 4] that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL) at the transaction level. FFMIA builds on the foundation laid by the CFO Act, which has the goal of modern financial management systems that enable the systematic measurement of performance; the development of cost information; and the integration of program, budget, and financial information for management reporting. FFMIA also requires auditors to state in their audit reports whether the agencies' financial management systems comply with the act's requirements. In addition, we are required to report annually on the implementation status of the act. (See the Related GAO Products list at the end of this report for our prior reports and testimonies under this mandate.) This report discusses (1) the reported status of agencies' systems compliance with FFMIA and overall federal financial management improvement efforts and (2) the remaining challenges to achieving the goals of FFMIA. This report incorporates historical information from our prior FFMIA reports, as well as financial management systems issues from other GAO reports, agency inspectors general (IG) reports, and agencies' performance and accountability reports for fiscal year 2007. We analyzed and compiled data from these reports; conducted interviews of agency officials, IG officials, and agency auditors; and obtained selected documentation. To assess data reliability for the purposes of this report, we performed procedures to assure ourselves of the independence and qualifications of the auditors for the 24 CFO Act agencies. We did not re-perform the auditors' work as it was beyond the scope of this engagement. We analyzed applicable results from a Comptroller General's forum[Footnote 5] held in December 2007 on improving the federal government's financial management systems. We also met with Office of Management and Budget (OMB) officials to discuss their current efforts to improve federal financial management and address our prior recommendations related to FFMIA. We conducted this performance audit from December 2007 to September 2008 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Details on our scope and methodology are included in appendix I. Results in Brief: The auditors' FFMIA assessments for the 24 CFO Act agencies for fiscal year 2007 illustrate that many agencies still do not have effective financial management systems, including processes, procedures, and controls in place that can routinely produce reliable, useful, and timely financial information that federal managers can use for day-to- day decision-making purposes. The primary goal of FFMIA is for agencies to improve financial management systems so that financial information from these systems can be used to help manage agency programs more effectively and enhance the ability to prepare auditable financial statements. For fiscal year 2007, agency auditors reported that 13 of the 24 CFO Act agencies' systems did not substantially comply with one or more of the three FFMIA requirements. This compares with 17 agencies reported as not substantially compliant with one or more of these FFMIA requirements for fiscal year 2006. FFMIA assessments for six CFO Act agencies changed, with auditors reporting one agency's financial management systems as no longer in substantial compliance, and the other five as no longer substantially noncompliant with FFMIA requirements for fiscal year 2007.[Footnote 6] While auditors reported that improvements at those five agencies were largely because of agency- implemented corrective actions, in some cases, varying interpretations of OMB's FFMIA guidance on the definition of "substantial compliance" may have also played a role. In addition, the majority of participants at a recent Comptroller General's forum on improving federal financial management systems said there is little agreement on the definition of substantial compliance. Furthermore, auditors for the Department of Justice told us that the reduction of certain material weaknesses[Footnote 7] to significant deficiencies[Footnote 8] was a factor for the change in their FFMIA assessment of substantial compliance. We are concerned that agencies and auditors are interpreting OMB's FFMIA guidance to mean that if an agency has no material weaknesses, its systems are substantially compliant with the three FFMIA requirements. Although current FFMIA guidance includes examples of compliance indicators, we have found, in the past, that several agency auditors used the indicators as a checklist for determining an agency's systems compliance. In our view, a checklist approach is not appropriate for assessing whether agency financial management systems--including processes, procedures, and controls--are substantially compliant with FFMIA and does not meet the expectations of the Congress[Footnote 9] in requiring auditor reporting under FFMIA. OMB recently provided a draft of its revised Circular No. A-127, Financial Management Systems, to the CFO Council to review and provide comments. We provided comments on the draft that highlighted and reemphasized some of our previous concerns expressed in our prior reports and recommendations to OMB on improving its FFMIA audit guidance and clarifying the definition of "substantial compliance."[Footnote 10] The modernization of federal financial management systems has been a long-standing challenge at many federal agencies. For agencies to achieve FFMIA compliance, they need to implement systems that give them reliable, useful, and timely information and do so using disciplined processes. However, these efforts far too often result in systems that do not meet their cost, schedule, and performance goals. For example, financial management system implementation problems continue at the Department of Defense (DOD), the Department of Health and Human Services (HHS), and the Department of Homeland Security (DHS). In part, to improve the outcome of financial management systems implementation and FFMIA compliance, OMB continues to move forward on a key initiative--the financial management line of business (FMLOB) which involves standardizing business processes and data elements governmentwide, incorporating these standards into core financial system requirements and software, and leveraging common solutions through a competitive environment of shared service providers. Although some aspects of the initiative have taken longer than OMB expected, OMB and the Financial Systems Integration Office (FSIO) have demonstrated continued progress toward implementation of the FMLOB initiative by issuing a common governmentwide accounting classification structure, financial services assessment guide, and standard business processes for funds and payment management. However, as we previously recommended,[Footnote 11] additional efforts, such as developing an overall concept of operations and identifying and defining additional standard business processes, are needed to address key aspects of this initiative. OMB officials told us their efforts on these aspects of this initiative are continuing, and we are working with OMB to gain a more in-depth understanding of its progress. While we are not making any new recommendations in this report, we reaffirm our prior recommendation aimed at enhancing OMB's audit guidance related to FFMIA assessments. Specifically, we recommended that OMB explore further clarification of the definition of "substantial compliance" to assist auditors and agency management to consistently apply criteria and evaluate FFMIA compliance. In commenting on a draft of this report, OMB agreed with our assessment that federal agencies still need to improve their financial systems so that reliable, useful, and timely financial management information is available for decision making. OMB stated that it was working aggressively to assist agencies in building a strong foundation of financial management practices. With regard to our prior recommendation for guidance clarifying the definition of substantial compliance, OMB has begun a significant re-write of OMB Circular No. A-127, Financial Management Systems, as well as an update to OMB's implementation guidance for FFMIA. OMB stated the re-write of OMB Circular No. A-127 will clarify the definition of substantial compliance so that auditors and agency heads interpret the guidance more consistently. We will continue to work with OMB so that a clear definition of substantial compliance with FFMIA is developed and to address other concerns. Our detailed discussion of OMB's comments can be found in the Agency Comments and Our Evaluation section. We have reprinted OMB's comments in appendix VII. Background: FFMIA is part of a series of financial management reform legislation enacted since the early 1980s. This series of legislation started with the Federal Managers' Financial Integrity Act of 1982[Footnote 12] (FMFIA), which the Congress passed to strengthen internal controls and accounting systems throughout the federal government, among other purposes. Issued pursuant to FMFIA, the Comptroller General's Standards for Internal Control in the Federal Government[Footnote 13] provides the standards that are directed at helping agency managers implement effective internal control, an integral part of improving financial management systems. Internal control plays a major role in managing an organization and comprises the plans, methods, and procedures used to meet missions, goals, and objectives. In summary, internal control helps government program managers achieve desired results through effective management of public resources. Effective internal control also helps in managing change to cope with shifting environments and evolving demands and priorities. As programs change and agencies strive to enhance operational processes and implement new technological developments, management must continually assess and evaluate its internal control to ensure that the control activities being used are effective and updated when necessary. While agencies had achieved some early success in identifying and correcting material internal control and accounting system weaknesses, their efforts to implement FMFIA had not produced the results intended by the Congress and sufficiently improved general and financial management in the federal government. Therefore, beginning in the 1990s, the Congress passed additional management reform legislation to achieve these management improvements in the federal government. This legislation includes the (1) CFO Act of 1990, (2) Government Performance and Results Act of 1993,[Footnote 14] (3) Government Management Reform Act of 1994,[Footnote 15] (4) FFMIA, (5) Clinger-Cohen Act of 1996,[Footnote 16] (6) Accountability of Tax Dollars Act of 2002,[Footnote 17] (7) Improper Payments Information Act of 2002,[Footnote 18] (8) Federal Information Security Management Act of 2002 (FISMA),[Footnote 19] and (9) Department of Homeland Security Financial Accountability Act of 2004.[Footnote 20] The combination of reforms ushered in by these laws, if successfully implemented, provides a solid foundation to improve the accountability of government programs and operations as well as to routinely produce valuable cost and operating performance information. These financial management reform laws reflect the importance of improving financial management of the federal government. Appendixes II through VI include details on the various requirements, guidance, standards, and checklists that support federal financial management. Guidance Related to FFMIA: OMB sets governmentwide financial management policies and requirements, as well as guidance related to FFMIA. OMB Circular No. A-127, Financial Management Systems, defines the policies and standards prescribed for executive agencies to follow in developing, operating, evaluating, and reporting on financial management systems. OMB Circular No. A-127 references the series of publications entitled federal financial management systems requirements, issued by the Joint Financial Management Improvement Program (JFMIP)[Footnote 21] as the primary source of governmentwide requirements for financial management systems. Federal financial management systems requirements, among other things, provide a framework for establishing integrated financial management systems to support program and financial managers. Appendix III lists the series of federal financial management systems requirements published to date. In a January 4, 2001, memorandum, Revised Implementation Guidance for the Federal Financial Management Improvement Act, OMB provided guidance for agencies and auditors to use in assessing substantial compliance. The guidance describes the factors that should be considered in determining whether an agency's systems substantially comply with FFMIA's three requirements and provides guidance to agency heads to assist in developing corrective action plans for bringing their systems into compliance with FFMIA. There are examples included in the guidance on the types of indicators that should be used as a basis in assessing whether an agency's systems are in substantial compliance with FFMIA requirements. In addition, we have worked in partnership with the President's Council on Integrity and Efficiency[Footnote 22] (PCIE) to develop and maintain the joint GAO/PCIE Financial Audit Manual (FAM). The FAM presents a methodology that auditors may, but are not required to, use to perform financial statement audits of federal entities in accordance with professional standards and includes sections that provide specific procedures auditors should perform when assessing FFMIA compliance.[Footnote 23] These sections include guidance and detailed audit steps for testing agency financial management systems' substantial compliance with the requirements of FFMIA. The FAM guidance on FFMIA assessments recognizes that while financial statement audits offer some assurance on FFMIA compliance, auditors should design and implement additional testing to satisfy FFMIA criteria. Testing for compliance with FFMIA is efficiently accomplished, for the most part, as part of the work done in understanding agency systems in the internal control phase of the audit, and the FAM provides specific guidance on what additional testing should be performed, such as tests of information system controls and nonsampling control tests. Continued Emphasis Needed on Federal Financial Management and FFMIA Compliance: The purpose of financial management systems goes beyond providing the data necessary to comply with various financial reporting requirements to focus on routinely producing reliable, useful, and timely financial information that federal managers can use for day-to-day decision- making purposes. Recognizing that decision makers can benefit from a better understanding of the challenges and opportunities associated with federal financial management systems, the Comptroller General convened a forum[Footnote 24] on improving federal financial management systems in December 2007. According to several participants, producing accurate financial statements should be viewed as a by-product of effective business processes and financial management systems. We have consistently provided this perspective for a number of years in our prior reports. As in prior years, the auditors' fiscal year 2007 FFMIA assessments for the 24 CFO Act agencies illustrate that many agencies still do not have effective financial management systems, including processes, procedures, and controls in place that can produce reliable, useful, and timely financial information with which to make informed decisions on an ongoing basis. The primary goal of FFMIA is for agencies to improve financial management systems so that financial information from these systems can be used to help manage agency programs more effectively and enhance the ability to prepare auditable financial statements. Auditors reported a change in their FFMIA assessment for five agencies' systems that they determined are no longer in substantial noncompliance for fiscal year 2007. The auditors noted these agencies took corrective action in the areas of compliance with federal accounting standards and federal financial management systems requirements. However, in light of the significant deficiencies and problems that auditors are still reporting, we remain concerned that criteria for substantial compliance with FFMIA requirements are not well defined or consistently implemented across the 24 CFO Act agencies. Comptroller General's Forum Provides Useful Insight to FFMIA Implementation: Recognizing that decision makers can benefit from a better understanding of the challenges and opportunities associated with federal financial management systems, the Comptroller General convened a forum on December 11, 2007. The forum brought together knowledgeable and recognized financial management leaders from the federal government, including the CFO, Chief Information Officer, and IG communities, and selected other officials with extensive experience in financial management from both the public and private sectors. One of the themes from the forum was that federal financial management leaders should refocus their efforts on comprehending and meeting program managers' financial information requirements and not simply on meeting financial reporting compliance requirements. Despite agencies' emphasis on meeting financial reporting compliance requirements, about two thirds of forum participants (21 of 33 respondents) agreed that financial management systems are not able to provide or provide little information that is reliable, useful, and timely to assist managers in their day-to-day decision-making, which is the ultimate goal of FFMIA. Figure 1 shows 19 of the 24 CFO Act agencies received an unqualified opinion on their financial statements in fiscal year 2007. However, for 8 of these 19 agencies, auditors reported that systems did not substantially comply with one or more of the three FFMIA requirements and that significant problems exist, as discussed later. Figure 1: Comparison of 2007 Financial Statement Audit Results to FFMIA Assessments: This figure is a combination of two charts showing comparison of 2007 financial statement audit results to FFMIA assessments. 24 CFO Act agencies' financial statement audit results: 19 agencies: Unqualified opinion; 5 agencies: Disclaimer or qualified opinion. 13 CFO Act agencies' systems not substantially compliant with FFMIA: 5 agencies: Disclaimer or qualified opinion; 8 agencies: Unqualified opinion. [See PDF for image] Source: GAO analysis based on independent auditors financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal year 2007. [End of figure] According to auditors, some of these 8 agencies have been able to obtain unqualified audit opinions through extensive labor-intensive efforts, which include using ad hoc procedures, expending significant resources, and making billions of dollars in adjustments to derive financial statements. This is usually the case when agencies have inadequate systems that are not integrated and routinely reconciled. These time-consuming procedures must be combined with sustained efforts to improve agencies' underlying financial management systems and controls. Forum participants said that producing accurate financial statements should be viewed as a byproduct of effective business processes and financial management systems. We have expressed a similar viewpoint in the past.[Footnote 25] If agencies continue year after year to rely on costly and time-intensive manual efforts to achieve or maintain unqualified opinions, the Congress and others may be misled as to the true status of agencies' financial management systems capabilities. While work performed in auditing financial statements would naturally offer some perspective regarding FFMIA compliance, the work necessary to assess substantial compliance of systems with the FFMIA requirements has a complementary but broader focus than that performed for purposes of rendering an opinion on the financial statements. In performing financial statement audits, auditors generally focus on the capability of the financial management systems to process and summarize financial information that flows into the financial statements. For purposes of FFMIA, financial management systems include systems, processes, procedures, and controls that produce the information management uses day to day, not just systems that produce annual financial statements. Thus, according to the FAM, to report on system compliance with FFMIA, the auditor should understand the design of and test, as needed, the financial management systems (including the financial portion of any mixed systems[Footnote 26]) used for managing financial operations, supporting financial planning, management reporting, budgeting activities, and systems accumulating and reporting cost information. Several forum participants expressed concern that because of the efforts devoted to preparing financial reports and meeting financial reporting compliance requirements, finance organizations have not focused sufficient attention on understanding and meeting the financial management needs of their own program managers. FFMIA was designed to lead to system improvements that would result in agency managers routinely having access to reliable, useful, and timely financial- related information to measure performance and increase accountability throughout the year. If significant adjustments are made at year end for financial statement reporting purposes, then management has more than likely been operating with inaccurate data throughout the year. FFMIA Assessments Disclose Continued Noncompliance and System Weaknesses: According to auditors, the majority of federal agencies' financial management systems are still not in substantial compliance with FFMIA requirements. As shown in figure 2, auditors reported that 13 of the 24 CFO Act agencies' systems did not substantially comply with one or more of the three FFMIA requirements for fiscal year 2007. This compares with 17 agencies whose systems were reported as not substantially compliant with FFMIA requirements for fiscal year 2006. Based on our review of the fiscal year 2007 audit reports for the 13 agencies reported to have systems not in substantial compliance with one or more of FFMIA's three requirements, noncompliance with federal financial management systems requirements was the most frequently auditor-cited deficiency of the three FFMIA requirements. Figure 2: Auditors' FFMIA Assessments for Fiscal Years 1998 through 2007: This figure is a bar graph showing auditors' FFMIA assessments for fiscal years 1998 through 2007. The X axis represents the fiscal year, and the Y axis represents CFO Act agencies not in compliance. Fiscal year: 1998; CFO Act agencies not in compliance: 21. Fiscal year: 1999; CFO Act agencies not in compliance: 21. Fiscal year: 2000; CFO Act agencies not in compliance: 19. Fiscal year: 2001; CFO Act agencies not in compliance: 20. Fiscal year: 2002; CFO Act agencies not in compliance: 19. Fiscal year: 2003; CFO Act agencies not in compliance: 17. Fiscal year: 2004; CFO Act agencies not in compliance: 16. Fiscal year: 2005; CFO Act agencies not in compliance: 18. Fiscal year: 2006; CFO Act agencies not in compliance: 17. Fiscal year: 2007; CFO Act agencies not in compliance: 13. [See PDF for image] Source: GAO complied from independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal year 1998 through 2007. [End of figure] Auditors for six CFO Act agencies reported a change in the FFMIA assessment for fiscal year 2007. The auditor for one agency, EPA, changed its FFMIA assessment from no instances of substantial noncompliance in fiscal year 2006, to not being in substantial compliance with FFMIA requirements for fiscal year 2007 because of problems related to security over certain information systems. The auditors for five agencies reported agencies' financial management systems[Footnote 27] were no longer in substantial noncompliance. As discussed later, auditors for these five agencies noted that the agencies took corrective action in the areas of federal accounting standards and federal financial management systems requirements. However, as we have previously reported,[Footnote 28] we are still concerned that criteria for substantial compliance are not well defined or consistently implemented across the 24 CFO Act agencies. In light of the significant deficiencies and problems that auditors are still reporting, it appears that agencies and auditors may be interpreting OMB's January 4, 2001, FFMIA guidance to mean that if an agency has no material weaknesses, it is in substantial compliance with the three FFMIA requirements. Further, we caution that the number of agencies reported as noncompliant may be even greater because all but one auditor provided negative assurance.[Footnote 29] As we have previously reported,[Footnote 30] when auditors express negative assurance, the auditors are not saying that they determined the systems to be substantially compliant, but that the work performed did not identify instances of noncompliance. Therefore, the auditors may not have identified all instances of noncompliance with FFMIA requirements and included all problems in their reports. Based on our review of the fiscal year 2007 audit reports for the 13 agencies reported to have systems not in substantial compliance with one or more of FFMIA's three requirements, noncompliance with federal financial management systems requirements was the deficiency auditors most frequently cited of the three FFMIA requirements. To better understand the underlying issues regarding agencies' noncompliance with federal financial management systems requirements, we divided this requirement into four problem areas including nonintegrated systems, inadequate reconciliation procedures, lack of accurate and timely recording, and weak security over information systems. These four problem areas related to federal financial management systems requirements, plus the two areas related to noncompliance with the SGL and lack of adherence to federal accounting standards result in six problem areas. Figure 3 shows the number of agencies with problems reported in each of the six areas for fiscal year 2007. Figure 3: Number of Reported Problems for 13 Agencies with FFMIA Noncompliant Systems for Fiscal Year 2007: This figure is a bar graph showing the number of reported problems for 13 agencies with FFMIA noncompliant systems for fiscal year 2007. The X axis represents problem areas, and the Y axis represents CFO Act agencies. Problem area: Nonintegrated financial management systems; CFO Act agencies: 8. Problem area: Inadequate reconciliation procedures; CFO Act agencies: 10. Problem area: Lack of accurate and timely recording; CFO Act agencies: 11. Problem area: Weak security over information systems; CFO Act agencies: 11. Problem area: Lack of adherence to federal accounting standards; CFO Act agencies: 7. Problem area: Noncompliance with the SGL; CFO Act agencies: 5. [See PDF for image] Source: GAO analysis based on independent auditors' financial statement audit reports prepared by agency inspectors general and contract auditors for fiscal year 2007. [A] Problem reflects noncompliance with federal financial management systems requirements. [End of figure] The weaknesses reported by the auditors ranged from serious, pervasive systems problems to less serious problems that may affect only one aspect of an agency's accounting operation. While at some agencies, the problems were so serious that they affected the auditor's opinion on the agency's financial statements, at other agencies, the auditors cited problems that represented significant deficiencies in the design or operation of internal control, but were determined not to be material to the financial statements taken as a whole. Table 1 illustrates the potential effect these six types of problems can have on an agency's financial management. For example, the auditor for the Department of the Treasury reported that IRS personnel rely on resource-intensive compensating procedures to prepare its financial statements in a timely manner because of serious internal control and financial management systems deficiencies. These challenges affect IRS's ability to fulfill its responsibilities as the nation's tax collector because its managers lack accurate, useful, and timely financial information and sound controls with which to make fully informed decisions day-to-day and to ensure ongoing accountability. Table 1: Six Problem Areas and the Potential Effect on Agency Financial Management: Problem area: Nonintegrated financial management systems[A]; Effect: When agencies do not have an integrated financial management system, they are often forced to rely on ad hoc programming, analysis, or actions such as duplicative transaction entries. In these situations, agencies must either expend major efforts and resources to generate financial information that their systems should be able to provide on a recurring basis or not have it. Problem area: Inadequate reconciliation procedures[A]; Effect: Failure to perform reconciliations puts agencies at risk of operating with incomplete and inaccurate financial data on which to base decisions. Problem area: Lack of accurate and timely recording of financial information[A]; Effect: Recording transactions in the general ledger in an untimely manner can result in inaccurate reporting in agencies' financial reports and other management reports that are used to guide managerial decision-making. Problem area: Weak security controls over information systems[A]; Effect: Significant computer security weaknesses in systems results in federal data at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure, and critical operations at risk of disruption. Problem area: Lack of adherence to federal accounting standards; Effect: Federal accounting standards form the foundation for preparing consistent and meaningful financial statements and other financial reports both for individual agencies and the government as a whole. Without adherence to federal accounting standards, agencies cannot be assured that the financial reports contain reliable information about the financial position, activities, and results of operations of their programs and activities on an ongoing basis. Problem area: Noncompliance with the SGL; Effect: The SGL is intended to improve data stewardship throughout the federal government; enabling consistent reporting at all levels within the agencies and providing comparable data and financial analysis governmentwide. If the SGL is not properly implemented, agencies cannot be assured that information in their financial statements is properly and consistently compiled and reported. Source: GAO analysis of federal financial management systems requirements, related laws, and guidance. [A] Problem reflects noncompliance with federal financial management systems requirements. [End of table] Although Improvements Reported in FFMIA Compliance, Concerns Remain with FFMIA Guidance: For fiscal year 2007, auditors for five agencies no longer reported a lack of substantial compliance with FFMIA requirements. While auditors reported that improvements at those five agencies were because of agency-implemented corrective actions, in some cases, it appears that varying interpretations of OMB's FFMIA guidance on the definition of "substantial compliance" may have played a role. The implementation guidance provides indicators of substantial compliance, such as whether an agency's "audit disclosed no material weaknesses in internal control that affect the agency's ability to prepare financial statements and related disclosures."[Footnote 31] However, this indicator only addresses the federal accounting standards requirement of FFMIA, not the federal financial management systems or the SGL requirement. We are concerned that auditors are interpreting OMB's FFMIA implementation guidance to mean that if an agency has no material weaknesses in controls over the area of financial reporting, it is compliant with FFMIA. For example, the auditor for Justice told us that the reduction of certain material weaknesses to significant deficiencies was a factor for the change in its FFMIA assessment of substantial compliance. Based primarily on the information contained in the agencies' performance and accountability reports, the following summarizes how auditors determined that five agencies were no longer substantially noncompliant in fiscal year 2007. * Department of Energy--The Department of Energy's auditor reported one material weakness related to FFMIA noncompliance in the area of federal accounting standards at the end of fiscal year 2006. For 2006, the auditor reported that the department did not properly account for obligations and undelivered orders, which affected the accuracy, validity, and completeness of these account balances. During fiscal year 2007, the department reported it took corrective actions including, but not limited to, improving several reports and related reconciliation processes. Because of these efforts, the auditor reported that the corrective actions related to the material weakness on obligations and undelivered orders were fully implemented and considered the finding closed in fiscal year 2007. In fiscal year 2007, Energy had a significant deficiency related to network vulnerabilities and weaknesses in access and other security controls in the department's unclassified computer information systems. The auditor concluded that its tests disclosed no instances in which the department's financial management systems did not substantially comply with the three FFMIA requirements for fiscal year 2007. * Department of the Interior--At the end of fiscal year 2006, the Department of the Interior's auditor reported FFMIA-related findings in the area of federal accounting standards, that resulted in the department not being in substantial compliance with FFMIA requirements. The findings included a material weakness related to controls over Indian Trust Funds and a reportable condition on the improper disclosure of the condition of museum collections. According to management, Interior implemented corrective actions during fiscal year 2007, including closing 9,400 probate cases and deploying the Trust Asset and Accounting Management System. As a result, the auditor reduced the Indian Trust Fund finding to a significant deficiency and closed the museum collection finding entirely in fiscal year 2007. While the department invested a significant amount of resources to improve its controls over Indian Trust Funds, the auditor noted that Interior needs to continue its efforts to resolve historical differences and to improve procedures and internal controls for entering and maintaining Trust Fund information. In addition, a repeat significant deficiency was reported by the auditor on general and application controls over financial management systems. The auditor stated that the previously mentioned findings were not significant enough to warrant concluding that the department was substantially noncompliant with FFMIA requirements for fiscal year 2007. * Department of Justice--Justice's auditor reported FFMIA-related findings in the area of federal financial management systems requirements that resulted in the department not being in substantial compliance with FFMIA requirements at the end of fiscal year 2006. One of these findings was a repeat material weakness related to the department's financial management systems' general and application controls. According to the auditor, during fiscal year 2007, three out of the four components that had long-standing material weaknesses in this area--United States Marshals Service, Office of Justice Programs, and the Bureau of Alcohol, Tobacco, Firearms and Explosives--made enough improvements to internal controls over their information system environment to reduce the finding from a material weakness to a significant deficiency. Some of the reported corrective actions included increasing security awareness and training, and implementing stronger password setting policy. In its commentary and summary of Justice's annual financial statement for fiscal year 2007,[Footnote 32] the Justice IG made the following comment about Justice's financial system environment: "Inadequate, outdated, and in some cases non- integrated financial management systems do not provide certain automated financial transaction processing activities that are necessary to support management's need for timely and accurate financial information throughout the year." In the IG's 2007 list of top management and performance challenges facing Justice,[Footnote 33] the IG also reported that "the Department's efforts over the past few years to implement the Unified Financial Management System (UFMS) to replace the seven major accounting systems currently used throughout the Department have been subject to fits and starts. Three years after the Department selected a vendor for the unified system it has made little progress in deploying the UFMS. The Department notes that problems with funding, staff turnover, and other competing priorities have caused the delays in implementing the UFMS. Until that time, Department-wide accounting information will have to continue to be produced manually, a costly process that undermines the Department's ability to prepare financial statements that are timely and in accordance with generally accepted accounting principles. Furthermore, the Federal Bureau of Investigation and United States Marshals Service will not be able to achieve compliance with the FFMIA requirement to record all activity at the United States Standard General Ledger transaction level until the UFMS has been fully implemented." We also noted that all nine of Justice's components still had at least one significant deficiency or material weakness related to general and application controls, and five out of the nine components had findings related to a second significant deficiency on improving internal controls to ensure that transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in accordance with generally accepted accounting principles. Justice's auditor concluded that its tests disclosed no instances in which the department's financial management systems did not substantially comply with the three requirements of FFMIA for fiscal year 2007. * Department of Labor--Labor's auditor reported FFMIA-related reportable conditions in the area of federal financial management systems requirements, which resulted in the department not being in substantial compliance with FFMIA requirements at the end of fiscal year 2006. These reportable conditions related to lack of strong application controls over access to and protection of financial information, lack of strong logical security controls to secure Labor's networks and information, and weaknesses noted in the change control process for a benefits system. In addition, Labor's fiscal year 2006 FISMA report identified a significant deficiency related to a mixed system. According to management, Labor pursued an aggressive remediation process during fiscal year 2007 by revising computer security guidance and performing access controls testing and evaluation for all major information systems. Labor's auditors noted improvements in the areas of general computer controls related to a Labor benefits system, controls over the mixed system cited in the fiscal year 2006 FISMA report, and updated policies and procedures. For fiscal year 2007, auditors for Labor reported 2 prior year reportable conditions as one significant deficiency related to the lack of adequate controls over access to key financial and support systems. Specifically, the auditor noted issues that were present in multiple financial systems across the department such as inactive accounts were not disabled or deleted in a timely manner; generic accounts existed on systems; and access to sensitive files, directories, or software was not restricted. According to the auditor, each access control issue mentioned presented a reasonably possible chance to adversely affect Labor's ability to initiate, authorize, record, process, or report financial data. The auditor also reported that these access control weaknesses could lead to users with inappropriate access to financial systems; inefficient processes, lack of completeness, accuracy, or integrity of financial data; and/or the lack of detection of unusual activity within financial systems. As a result of the access control weaknesses identified, the IG reported an access control significant deficiency in conjunction with its testing of compliance with FISMA for fiscal year 2007. However, the IG's fiscal year 2007 FISMA report did not communicate significant deficiencies for specific systems; instead, it reported significant deficiencies by control type, grouping all impacted systems together in each deficiency. Labor's auditors stated, as a result, they could not determine the severity of deficiencies for any individual financial or mixed system. Labor's auditor concluded that the department complied, in all material respects, with the requirements of FFMIA as of September 30, 2007. * Small Business Administration (SBA)--At the end of fiscal year 2006, auditors reported that SBA was not substantially compliant with FFMIA requirements in the area of federal financial management systems requirements. The related finding involving weak information technology security controls was characterized as a reportable condition. During fiscal year 2007, the auditor noted improvements in formalizing policies and procedures over granting users emergency access, documenting reviews of remote users, and formalizing continuity of operations plans. Despite the identified improvements, the auditors continued to report issues in the areas of security access controls, software program changes, and end-user computing and reported the condition as a significant deficiency. For fiscal year 2007, the auditor reported no instances in which the department's financial management systems did not substantially comply with the three requirements of FFMIA. We have previously reported[Footnote 34] that auditors have expressed a need for clarification on the definition of "substantial compliance" with FFMIA. Further, when asked to what extent agreement exists on the definition of substantial compliance with FFMIA, 20 of 35 participants at the December 2007 Comptroller General forum stated that agreement exists to little or no extent while the other 15 of 35 believed agreement exists to a moderate extent. We initially recommended that OMB clarify its guidance on the meaning of substantial compliance in our report[Footnote 35] covering FFMIA fiscal year 2000 results and have reiterated this recommendation thereafter with OMB action starting this year. In prior years, OMB has responded that it has been focusing on various initiatives, and it agreed to consider clarifying the definition of "substantial compliance" in future policy and guidance updates. Last year OMB stated that in its update to Circular No. A-127, Financial Management Systems, its goal would be to simplify FFMIA compliance requirements as well as to better balance the FFMIA objectives of generating audited financial statements and providing meaningful information for decision makers. Accordingly, OMB agreed to take this recommendation under advisement and is currently revising its guidance. As we have previously reported,[Footnote 36] without a consistent agreement and application of a common definition of substantial compliance, the status of agency financial management systems' compliance remains uncertain. Although OMB's January 4, 2001, FFMIA implementation guidance includes examples of compliance indicators, we found in the past that several agency auditors used the indicators as a checklist for determining an agency's systems compliance. In our view, a checklist approach is inappropriate for assessing the substantial compliance of agency systems, including processes, procedures, and controls with FFMIA. This approach also does not meet the expectations of the Congress[Footnote 37] in requiring the auditor to insist on rigorous adherence to the accounting standards in reporting whether the agency's financial management systems substantially comply with the three requirements of FFMIA. Congress also expected that the audit community would discharge this compliance function consistent with established practices of the profession and the exercise of sound professional judgment. A comprehensive approach that considers key systems' functionalities, such as tests of information system controls and nonsampling control tests, is essential for auditors to obtain assurance that the agencies' systems provide reliable, useful, and timely information for decision makers on an ongoing basis throughout the year and not just for preparing year-end financial statements. OMB's guidance lays out the key factors that auditors should consider when assessing whether an agency's systems are substantially compliant. OMB's guidance calls for auditors to use their professional judgment when considering factors such as providing reliable and timely information for managing current operations; accounting for assets so they can be properly protected from loss, misappropriation, or destruction; and whether a system's performance prevents an agency from meeting specific FFMIA requirements. Nonetheless, because auditors have focused their consideration of FFMIA substantial compliance on issues related to the financial statement audit, it is important that the meaning of substantial compliance be clarified and refocused to include other aspects in addition to financial statement audit results. While we agree that the use of professional judgment is critical, we continue to believe that a consensus is needed on what constitutes substantial compliance. In regard to our previous recommendation that OMB explore further clarification of the definition of "substantial compliance," OMB is in the process of revising OMB Circular No. A-127 and its FFMIA implementation guidance. In May 2008, OMB issued a draft Circular No. A- 127 for CFO Council review and comment. In our comments on the draft Circular No. A-127, we reemphasized our concerns with, among other things, the need for an appropriate definition of substantial compliance that focuses on financial management systems' capabilities beyond financial statement preparation. OMB is considering the comments received and had not issued a public draft as of August 2008, but is planning to finalize the guidance in October 2008. Challenges Remain to Achieve Goals of FFMIA: Auditors' FFMIA assessments pointed out that many of the CFO Act agencies have significant problems with the financial management systems in use today. For agencies to achieve FFMIA compliance, they need to implement systems that give them reliable, useful, and timely information and do so using disciplined processes. The modernization of federal financial management systems has been a long-standing challenge at many federal agencies. Past systems implementation attempts have failed to deliver the promised capability on time and within budget. For example, we reported in September 2004[Footnote 38] that HHS did not effectively implement the best practices needed to reduce the risks associated with the implementation of a new system. Three years later, auditors report HHS continues to experience problems converting to the system. In part, to combat the past failures of individual agencies' efforts, OMB developed the FMLOB initiative, which involves standardizing business processes and data elements governmentwide, and leveraging common solutions through a competitive environment of shared service providers to which agency financial management systems can be migrated. The initiative is intended to enable seamless data integration across agencies and avoid costly and redundant investment in "in-house" financial management system solutions. Although OMB continues to make progress on this initiative and priorities have been developed to focus efforts through December 2009, some aspects of the initiative have taken longer than OMB expected. We have previously reported[Footnote 39] concerns with this initiative, such as the lack of a concept of operations and need for a clear plan for migrating agencies to shared service providers. Similarly, participants at the forum expressed uncertainties about the previous goal for migrating the majority of agencies to a shared service provider by 2011. System Implementation Problems Plague Agencies: One of our ongoing and consistent reporting themes has been that the modernization of federal financial management systems has been a long- standing challenge at many federal agencies across the government. While the development of a financial management system can never be risk free, effective implementation of best practices in systems development and implementation efforts (commonly referred to as disciplined processes)[Footnote 40] can reduce those risks to acceptable levels. Nevertheless, agency efforts far too often result in systems that do not meet their cost, schedule, and performance goals. While agencies anticipate that the new systems will provide reliable, useful, and timely data to support managerial decision making, our work and that of others has shown that has often not been the case. For example, modernization efforts at DOD, HHS, and DHS have been hampered by agencies not following disciplined processes. * As we reported in July 2007,[Footnote 41] the Army's approach for investing about $5 billion over the next several years in its General Fund Enterprise Business System, Global Combat Support System-Army Field/Tactical,[Footnote 42] and Logistics Modernization Program did not include alignment with the Army enterprise architecture or use of a portfolio-based business system investment review process. Moreover, we reported that the Army's lack of a concept of operations has contributed to its failure to take full advantage of business process reengineering opportunities that are available when using an enterprise resource planning solution. Further, the Army did not have reliable processes--such as an independent verification and validation function, or analyses, such as economic analyses--to support its management of these programs. We concluded that until the Army adopts a business system investment management approach that provides for reviewing groups of systems and making enterprise decisions on how these groups will collectively interoperate to provide a desired capability, it runs the risk of investing significant resources in business systems that do not provide the desired functionality and efficiency. * As we previously reported in September 2004,[Footnote 43] HHS did not follow key disciplined processes necessary to reduce the risks associated with implementing the Unified Financial Management System (UFMS) to acceptable levels. We identified problems in such key areas as requirements management, including developing a concept of operations, data conversion, and risk management. Three years later, in fiscal year 2007, HHS's auditors reported[Footnote 44] that serious financial system issues continue as a result of conversion problems. For example, over 800 entries, exceeding $170 billion, had to be manually recorded into the UFMS system; more than $1 billion in transactions were inappropriately posted; and a cumbersome, manual process is used to compile its financial statements. Sustained efforts will be necessary to overcome these continuing serious weaknesses. * In June 2007, we reported[Footnote 45] that DHS lacked a financial management strategy that included a formal strategic financial management plan to implement or migrate to an integrated system. In addition, DHS's concept of operations did not contain an adequate description of the legacy systems and a clear articulation of the vision that should guide the department's improvement efforts, and key requirements developed for the project were unclear and incomplete. Since then, DHS has developed a strategy to consolidate the department's financial systems down to two platforms--SAP and Oracle. However, according to a recent DHS IG report,[Footnote 46] DHS did not perform a complete analysis of all potential systems and service providers as part of its process to select a financial systems solution. As a result of a bid protest, in a March 17, 2008, ruling, the United States Court of Federal Claims held that DHS's sole source procurement for financial systems application software had violated a provision in the Competition in Contracting Act requiring full and open competition using competitive procedures[Footnote 47] and required DHS to conduct a competitive procurement.[Footnote 48] In response to this decision, DHS is revisiting its financial systems consolidation strategy. As illustrated by these examples, more discipline is needed in implementation efforts to avoid the problems that can occur when best practices are not followed. Similarly, participants at the forum stated that it is time to start putting into practice the lessons learned from previous implementation efforts. As part of an effort to begin confronting these challenges, forum participants offered a range of perspectives, insights, and examples. Experience related to financial management, human capital management, systems ownership, customization of commercial off-the-shelf software, and the purchase of shared services has provided useful insights that should help financial managers avoid some of the obstacles that impeded past projects. Consistent with our long-held views, financial managers at the forum also identified various useful system implementation practices, including conducting independent verification and validation, and periodically reevaluating system implementation projects. Financial Management Line of Business Initiative Continues to Evolve: In March 2004, OMB launched the FMLOB initiative, in part, to improve the outcome of financial management system implementations so that agencies have systems that ensure ongoing accountability and generate reliable, useful, and timely information for decision-making purposes emphasized by FFMIA. Since then, OMB and FSIO have continued to make gradual progress toward achieving FMLOB goals[Footnote 49] by issuing a common governmentwide accounting classification structure, a financial services assessment guide, and standard business processes for funds and payment management, as well as developing other planning tools designed to leverage these standards and shared solutions. However, additional efforts are needed to address recommendations included in our March 2006 report regarding key aspects of this initiative, such as developing an overall concept of operations, identifying and defining additional standard business processes, and ensuring that agencies do not continue to develop and implement their own stove-piped systems.[Footnote 50] We are currently working with OMB to gain a more in-depth understanding of FMLOB-related efforts and progress toward addressing these recommendations. The following provides an overview of the status of OMB's efforts and concerns identified in these areas. * Developing a concept of operations. A concept of operations would provide a useful tool to explain how financial management systems can operate cohesively in conjunction with other related systems and to help minimize an agency's individualized, stove-piped efforts. Participants attending the forum confirmed our concerns regarding the need for this important tool, pointing out that OMB's various lines of business initiatives are serving to preserve existing stovepipes. For example, participants said it is unclear why separate lines of business are needed for budget and financial management. Although OMB officials told us that a draft concept of operations document is currently under review, the extent to which these concerns will be addressed is unclear. * Identifying and implementing standard business processes. In a January 2008 memo summarizing FMLOB efforts and priorities,[Footnote 51] OMB recognized the risk associated with implementing business processes that are not standardized across government as well as the need to develop additional guidance and other tools. Specifically, the memo states that once business standards have been completed, incorporated into core financial system requirements, and tested during the FSIO software qualification and certification process, shared service providers will only be permitted to utilize the certified products as configured. To date, two standard business processes have been issued, and OMB expects three additional standard business processes to be finalized in December 2008.[Footnote 52] Recognizing the need to further develop FMLOB guidance and tools, OMB identified priorities for the remainder of 2008 and 2009, which include identifying and developing additional business standards (e.g., interface data elements), expanding migration planning guidance, finalizing and developing cost and performance measurements related to FMLOB business standards, incorporating these standards into core financial systems requirements and software, and updating related testing methodology and scenarios. * Establishing a clear migration path. To ensure that agencies migrate to a shared service provider in accordance with OMB's stated approach rather than attempt to develop and implement their own stove-piped business systems, we previously recommended that OMB establish a clear migration path or timetable for future migrations. OMB estimates for when migrations will be completed are evolving and no firm timeframes have been set. OMB's general guidance is that agencies should migrate to a shared service provider when it is cost effective to do so and they have maximized the return on investment in the current system. Although OMB previously established a goal of migrating the majority of agencies toward the use of shared service providers by 2011, more recent information indicates that agency migrations will take longer than OMB expected. For example, participants attending the forum appeared uncertain regarding the ability of their respective organizations to reach this goal by 2011. OMB's more recent estimate[Footnote 53] indicates that many migrations are scheduled through fiscal year 2015 and that some agency migrations have not yet been scheduled. Agency migrations to a shared service provider are an important aspect to achieving FMLOB goals. Even without a clear migration path, some agencies may readily migrate to a shared service provider to minimize the tremendous undertaking of implementing or significantly upgrading a financial system. However, other agencies may continue efforts to implement stand-alone systems that place additional resources at risk because of potential financial system implementation failures. Further, other concerns that exist within the federal financial management community include the availability of sufficient resources, the viability of the initiative on a governmentwide basis, and the potential loss of control of critical financial functions. For example, none of the forum participants believed the resources available to implement the initiative are fully adequate. Some participants also indicated that some financial leaders may be reluctant to transition their agencies' financial management activities on a wholesale basis because of their fear of losing control of critical functions and lack of trust in a shared service providers' ability to effectively meet their needs. Conclusion: Shifting financial management leaders' focus from meeting financial reporting compliance requirements to comprehending and meeting program managers' financial information requirements is key to more meaningful, value-added financial management. Given our nation's current fiscal environment, reliable financial information for prudent and forward- thinking decision making is imperative. If properly developed, implemented, and managed, financial management systems can provide essential financial data in support of day-to-day managerial decision making--the ultimate goal of FFMIA. To accomplish this goal, CFO Act agencies must continue to strive toward routinely producing not only annual financial statements that can pass the scrutiny of a financial audit, but also other meaningful financial and performance data. Over a decade has passed since the enactment of FFMIA, and the majority of agencies continue to lack financial management systems--including processes, procedures, and controls--that substantially comply with the requirements of the act, even though the majority of agencies are achieving "clean" audit opinions. Consistent and diligent OMB commitment and oversight toward achieving financial management system capabilities and the common goals of the FMLOB initiative and FFMIA are essential. In our view, the indicators included in OMB's guidance are not a substitute for the rigorous criteria needed for assessing substantial compliance with FFMIA. While we are not making any new recommendations in this report, we will continue to work with OMB to help ensure that it provides agency management and auditors with the guidance needed to bring about reliable and consistent assessments of, and meaningful improvements in, financial management systems as envisioned by FFMIA. Accordingly, we reiterate our prior recommendation for OMB to clarify its guidance on the meaning of "substantial compliance" with FFMIA. Significant and long-standing obstacles remain for developing and implementing effective financial management systems, including processes, procedures, and controls. It is important that emphasis on correcting these deficiencies be sustained by the current administration as well as the new administration that will be taking office next year. Continued congressional oversight will also be crucial in transforming federal financial management systems. Agency Comments and Our Evaluation: We received written comments (reprinted in app. VII) from the Deputy Controller, Office of Federal Financial Management, Office of Management and Budget on a draft of this report. In its comments, OMB agreed with our assessment that federal agencies still need to improve their financial systems so that reliable, useful, and timely financial management information is available for decision making. OMB stated that it was working aggressively to assist agencies in building a strong foundation of financial management practices through OMB's financial management and systems oversight and under the FMLOB initiative. According to OMB, both efforts support the goals of FFMIA to improve governmentwide financial management and to facilitate timely and reliable information for day-to-day management. While OMB stated that the number of noncompliances with FFMIA was reduced to 10, compared to 12 for the previous year, that number differed from our report findings due to the fact that OMB's number was based on the assessments made by the 24 CFO Act agency heads rather than by the independent auditors as we reported. With regard to our prior recommendation for guidance that clarifies the definition of substantial compliance, OMB has begun a significant re- write of OMB Circular No. A-127, Financial Management Systems, as well as an update to OMB's implementation guidance for FFMIA. OMB stated the re-write of OMB Circular No. A-127 will clarify the definition of substantial compliance so that auditors and agency heads interpret the guidance more consistently. We will continue to work with OMB by providing comments and recommendations on the draft so that a clear definition of substantial compliance with FFMIA is developed and to address other concerns. OMB also provided technical comments on a draft of this report that we incorporated as appropriate. In addition, we also received technical comments from several agencies cited in the report and incorporated them as appropriate. We are sending copies of this report to the Chairman and Ranking Member, Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Senate Committee on Homeland Security and Governmental Affairs, and to the Chairman and Ranking Member, Subcommittee on Government Management, Organization, and Procurement, House Committee on Oversight and Government Reform. We are also sending copies to the Director, Office of Management and Budget; the heads of the 24 CFO Act agencies in our review; and agency CFOs and Inspectors General. Copies will be made available to others upon request. In addition, this report will be available at no charge on the GAO web site at [hyperlink, http://www.gao.gov]. This report was prepared under the direction of Kay L. Daly, Acting Director, Financial Management and Assurance, who may be reached at (202) 512-9095 or dalykl@gao.gov if you have any questions. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff that made key contributions to this report are listed in appendix VIII. Signed by: Kay L. Daly: Acting Director, Financial Management and Assurance: [End of section] Appendix I: Scope and Methodology: We reviewed the fiscal year 2007 financial statement audit reports for the 24 Chief Financial Officer (CFO) Act agencies contained in their performance and accountability reports. We further analyzed and compiled the auditors' assessments of agency financial systems' compliance and the problems that affect Federal Financial Management Improvement Act (FFMIA) compliance. We did not re-perform the auditors' work as it was beyond the scope of this engagement. To determine whether the data were sufficiently reliable, we performed the following procedures. We gained an understanding of the independence and quality control environments at the respective auditors that made the agencies' FFMIA assessment; leveraged our understanding of the methodology used by the inspectors general (IG) and their contract auditors in past years to reach conclusions on FFMIA compliance at the respective agencies; considered management responses to the auditor's findings and conclusions; and conducted interviews to improve our understanding of the procedures applied and/or conclusions drawn, where appropriate. We also reviewed the data for obvious inconsistencies or errors, completeness, and changes from the prior year. When we found data which were inconsistent or incomplete we brought them to the attention of the cognizant IG staff or contract auditor and worked with them to resolve any issues before using the data as a basis for this report. When we encountered data that varied from the prior year, we reviewed the performance and accountability report and auditor's report to determine the reason for the change. We conducted interviews with the auditors and IG staffs, and obtained selected supporting documentation. Based on these actions, we determined that the data from these reports were sufficiently reliable for the purposes of using the work of other auditors in our report. Using the auditors' reports for 13 of the 24 CFO Act agencies that auditors reported as noncompliant with FFMIA for fiscal year 2007, we identified problems reported by the auditors that affected agency systems' compliance with FFMIA. The problems identified in these reports are consistent with long-standing financial management weaknesses we have reported based on our work at a number of agencies. Further, we identified other GAO and IG reports that discussed financial management systems issues and analyzed and summarized the reports. In addition, we analyzed the results and information obtained from the recent Comptroller General's forum on improving the federal government's financial management systems.[Footnote 54] We also met with the Office of Management and Budget (OMB) officials to discuss their current efforts to improve federal financial management and address our prior recommendations related to FFMIA. In addition, we reviewed documentation provided by OMB regarding its current initiatives. We conducted this performance audit from December 2007 to September 2008, in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We requested comments on a draft of this report from the Director, Office of Management and Budget, or his designee. We received written comments from the Deputy Controller. OMB's comments are discussed in the Agency Comments and Our Evaluation section and reprinted in appendix VII. We also received technical comments from OMB, which we incorporated as appropriate. In addition, we provided relevant excerpts from a draft of this report to agencies specifically cited in the report. Several agencies provided technical comments which we incorporated as appropriate. [End of section] Appendix II: Requirements and Standards Supporting Federal Financial Management: Congress enacted the Federal Financial Management Improvement Act (FFMIA)[Footnote 55] in 1996 to obtain the benefits of effective financial management of the federal government that would flow from enforced implementation of three earlier 1990s financial management developments. First, the Chief Financial Officers (CFO) Act of 1990 (CFO Act),[Footnote 56] as expanded by the Government Management Reform Act of 1994,[Footnote 57] initiated significant financial management reform at 24 major agencies by establishing a centralized agency financial management leadership structure and imposing financial discipline through required annual agencywide audited financial statements. Second, the Joint Financial Management Improvement Program (JFMIP)[Footnote 58] in 1995 issued revised Core Financial System Requirements, which set out the functional and technical requirements for an agency's core financial system.[Footnote 59] Third, the Federal Accounting Standards Advisory Board (FASAB), which was established in 1990, had made significant progress after 6 years of work in developing the federal government's first set of comprehensive financial accounting standards and concepts[Footnote 60] designed to meet the needs of federal agencies and users of federal financial information. Moreover, FFMIA requires implementation of the U.S. Government Standard General Ledger (SGL). The SGL is intended to improve data stewardship throughout the federal government enabling consistent reporting at all levels within the agencies and providing comparable data and financial analysis governmentwide. Even with these improvements, the Senate Committee on Governmental Affairs, which considered the legislation resulting in FFMIA, stated that federal agencies' financial management systems were inadequate and could be improved by creating a means to use the audit process established by the CFO Act to assure that federal agencies would implement and maintain financial management systems that use the applicable federal financial management systems requirements and federal accounting standards.[Footnote 61] Federal Financial Management Systems Requirements: The policies and standards prescribed for executive agencies to follow in developing, operating, evaluating, and reporting on financial management systems are defined in the OMB Circular No. A-127, Financial Management Systems. The components of an integrated financial management system include the core financial system, managerial cost accounting system, administrative systems, and certain programmatic systems. Administrative systems are those that are common to all federal agency operations,[Footnote 62] and programmatic systems are those needed to fulfill an agency's mission. OMB Circular No. A-127 refers to the series of publications entitled federal financial management systems requirements, initially issued by the Joint Financial Management Improvement Program's (JFMIP) Program Management Office as the primary source of governmentwide requirements for financial management systems. However, as of December 2004, the Financial Systems Integration Office (FSIO) assumed responsibility for coordinating the work related to federal financial management systems requirements and OMB's Office of Federal Financial Management (OFFM) is responsible for issuing the new or revised regulations. In December 2004, the JFMIP Principals--the Comptroller General of the United States, the Secretary of the Treasury, and the Directors of OMB and the Office of Personnel Management--voted to modify the roles and responsibilities of JFMIP, resulting in the creation of FSIO. Appendix III lists the federal financial management systems requirements published to date. Figure 4 is the current model that illustrates how these systems interrelate in an agency's overall systems architecture. Figure 4: Agency Systems Architecture: This figure is a chart showing the agency systems architecture. [See PDF for image] Source: OMB. [End of figure] Federal Accounting Standards: FASAB[Footnote 63] promulgates federal accounting standards and concepts that agency chief financial officers use in developing financial management systems and preparing financial statements. FASAB develops the appropriate federal accounting standards and concepts after considering the financial and budgetary information needs of the Congress, executive agencies, and other users of federal financial information and comments from the public. FASAB forwards the standards and concepts to the Comptroller General, the Director of OMB, the Secretary of the Treasury, and the Director of the Congressional Budget Office for a 90-day review. If, within 90 days, neither the Comptroller General nor the Director of OMB objects to the standard or concept, then it is issued and becomes final. FASAB announces finalized concepts and standards in The Federal Register. The American Institute of Certified Public Accountants designated the federal accounting standards promulgated by FASAB as being generally accepted accounting principles for the federal government. This recognition enhances the acceptability of the standards, which form the foundation for preparing consistent and meaningful financial statements both for individual agencies and the government as a whole. Currently, there are 32 Statements of Federal Financial Accounting Standards (SFFAS) and 5 Statements of Federal Financial Accounting Concepts (SFFAC).[Footnote 64] The concepts and standards are the basis for OMB's guidance to agencies on the form and content of their financial statements and for the government's consolidated financial statements. Appendix IV lists the concepts, standards, interpretations,[Footnote 65] and technical bulletins, along with their respective effective dates. FASAB's Accounting and Auditing Policy Committee (AAPC)[Footnote 66] assists in resolving issues related to the implementation of federal accounting standards. AAPC's efforts result in guidance for preparers and auditors of federal financial statements in connection with implementation of federal accounting standards. To date, AAPC has issued nine technical releases, which are listed in appendix V along with their release dates. U.S. Government Standard General Ledger (SGL): The SGL was established by an interagency task force under the direction of OMB and mandated for use by agencies in OMB and Treasury regulations in 1986. The SGL promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions used to standardize federal agencies' financial information accumulation and processing throughout the year, enhance financial control, and support budget and external reporting, including financial statement preparation. The SGL is intended to improve data stewardship throughout the federal government, enabling consistent reporting at all levels within the agencies and providing comparable data and financial analysis governmentwide.[Footnote 67] [End of section] Appendix III: Publications in the Federal Financial Management Systems Requirements Series: Federal financial management systems requirements (FFMSR) document: FFMSR-8 System Requirements for Managerial Cost Accounting; Issue date: February 1998. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-99-5 Human Resources & Payroll Systems Requirements; Issue date: April 1999. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-99-8 Direct Loan System Requirements; Issue date: June 1999. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-99-9 Travel System Requirements; Issue date: July 1999. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-99-14 Seized Property and Forfeited Assets Systems Requirements; Issue date: December 1999. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-00-01 Guaranteed Loan System Requirements; Issue date: March 2000. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-00-3 Grant Financial System Requirements; Issue date: June 2000. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-00-4 Property Management Systems Requirements; Issue date: October 2000. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-01-01 Benefit System Requirements; Issue date: September 2001. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-02-02 Acquisition/Financial Systems Interface Requirements; Issue date: June 2002. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-03-01 Revenue System Requirements; Issue date: January 2003. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-03-02 Inventory, Supplies and Materials System Requirements; Issue date: August 2003. Federal financial management systems requirements (FFMSR) document: JFMIP-SR-01-04 Framework for Federal Financial Management Systems; Issue date: April 2004. Federal financial management systems requirements (FFMSR) document: OFFM-NO-0106 Core Financial System Requirements; Issue date: January 2006. Federal financial management systems requirements (FFMSR) document: OFFM-NO-0206 Insurance System Requirements; Issue date: June 2006. Source: OMB's Office of Federal Financial Management (OFFM). Note: Effective December 1, 2004 all financial management system requirements documents and other guidance initially issued by the JFMIP were transferred to OFFM and remain in effect until modified. [End of table] [End of section] Appendix IV: Statements of Federal Financial Accounting Concepts, Standards, Interpretations, and Technical Bulletins: Concepts: SFFAC No. 1 Objectives of Federal Financial Reporting. Concepts: SFFAC No. 2 Entity and Display. Concepts: SFFAC No. 3 Management's Discussion and Analysis. Concepts: SFFAC No. 4 Intended Audience and Qualitative Characteristics for the Consolidated Financial Report of the United States Government. Concepts: SFFAC No. 5 Definitions of Elements and Basic Recognition Criteria for Accrual-Basis Financial Statements. Standards: SFFAS No. 1 Accounting for Selected Assets and Liabilities; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 2 Accounting for Direct Loans and Loan Guarantees; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 3 Accounting for Inventory and Related Property; Effective for fiscal year[A]: 1994. Standards: SFFAS No. 4 Managerial Cost Accounting Standards and Concepts; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 5 Accounting for Liabilities of the Federal Government; Effective for fiscal year[A]: 1997. Standards: SFFAS No. 6 Accounting for Property, Plant, and Equipment; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 7 Accounting for Revenue and Other Financing Sources and Concepts for Reconciling Budgetary and Financial Accounting; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 8 Supplementary Stewardship Reporting; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 9 Deferral of the Effective Date of Managerial Cost Accounting Standards for the Federal Government in SFFAS No. 4; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 10 Accounting for Internal Use Software; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 11 Amendments to Accounting for Property, Plant, and Equipment- - Definitional Changes-Amending SFFAS 6 and SFFAS 8 Accounting for Property, Plant, and Equipment and Supplementary Stewardship Reporting; Effective for fiscal year[A]: 1999. Standards: SFFAS No. 12 Recognition of Contingent Liabilities Arising from Litigation: An Amendment of SFFAS 5, Accounting for Liabilities of the Federal Government; Effective for fiscal year[A]: 1998. Standards: SFFAS No. 13 Deferral of Paragraph 65.2 - Material Revenue- Related Transactions Disclosures; Effective for fiscal year[A]: 1999. Standards: SFFAS No. 14 Amendments to Deferred Maintenance Reporting Amending SFFAS 6, Accounting for Property, Plant and Equipment and SFFAS 8, Supplementary Stewardship Reporting; Effective for fiscal year[A]: 1999. Standards: SFFAS No. 15 Management's Discussion and Analysis; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 16 Amendments to Accounting for Property, Plant, and Equipment - Measurement and Reporting for Multi-Use Heritage Assets: Amending SFFAS 6 and SFFAS 8 Accounting for Property, Plant, and Equipment and Supplementary Stewardship Reporting; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 17 Accounting for Social Insurance; Effective for fiscal year[A]: 2000. Standards: SFFAS No. 18 Amendments to Accounting Standards for Direct Loans and Loan Guarantees in Statement of Federal Financial Accounting Standards No. 2; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 19 Technical Amendments to Accounting Standards for Direct Loans and Loan Guarantees in Statement of Federal Financial Accounting Standards No. 2; Effective for fiscal year[A]: 2003. Standards: SFFAS No. 20 Elimination of Certain Disclosures Related to Tax Revenue Transactions by the Internal Revenue Service, Customs, and Others, Amending SFFAS 7, Accounting for Revenue and Other Financing Sources; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 21 Reporting Corrections of Errors and Changes in Accounting Principles, Amendment of SFFAS 7, Accounting for Revenue and Other Financing Sources; Effective for fiscal year[A]: 2002. Standards: SFFAS No. 22 Change in Certain Requirements for Reconciling Obligations and Net Cost of Operations, Amendment of SFFAS 7, Accounting for Revenue and Other Financing Sources; Effective for fiscal year[A]: 2001. Standards: SFFAS No. 23 Eliminating the Category National Defense Property, Plant, and Equipment; Effective for fiscal year[A]: 2003. Standards: SFFAS No. 24 Selected Standards for the Consolidated Financial Report of the United States Government; Effective for fiscal year[A]: 2002. Standards: SFFAS No. 25 Reclassification of Stewardship Responsibilities and Eliminating the Current Services Assessment; Effective for fiscal year[A]: 2003/2005. Standards: SFFAS No. 26 Presentation of Significant Assumptions for the Statement of Social Insurance: Amending SFFAS 25; Effective for fiscal year[A]: 2009. Standards: SFFAS No. 27 Identifying and Reporting Earmarked Funds; Effective for fiscal year[A]: 2006. Standards: SFFAS No. 28 Deferral of the Effective Date of Reclassification of the Statement of Social Insurance: Amending SFFAS 25 and 26; Effective for fiscal year[A]: 2005. Standards: SFFAS No. 29 Heritage Assets and Stewardship Land; Effective for fiscal year[A]: 2006. Standards: SFFAS No. 30 Inter-Entity Cost Implementation Amending SFFAS 4, Managerial Cost Accounting Standards and Concepts; Effective for fiscal year[A]: 2009. Standards: SFFAS No. 31 Accounting for Fiduciary Activities; Effective for fiscal year[A]: 2009. Standards: SFFAS No. 32 Consolidated Financial Report of the United States Government Requirements: Implementing Statement of Federal Financial Accounting Concepts 4 "Intended Audience and Qualitative Characteristics for the Consolidated Financial Report of the United States Government"; Effective for fiscal year[A]: 2006. Interpretations: No. 1 Reporting on Indian Trust Funds in General Purpose Financial Reports of the Department of the Interior and in the Consolidated Financial Statements of the United States Government: An Interpretation of SFFAS 7; Effective for fiscal year[A]: 1998. Interpretations: No. 2 Accounting for Treasury Judgment Fund Transactions: An Interpretation of SFFAS 4 and SFFAS 5; Effective for fiscal year[A]: 1997. Interpretations: No. 3 Measurement Date for Pension and Retirement Health Care Liabilities; Effective for fiscal year[A]: 1998. Interpretations: No. 4 Accounting for Pension Payments in Excess of Pension Expense; Effective for fiscal year[A]: 1998. Interpretations: No. 5 Recognition by Recipient Entities of Receivable Nonexchange Revenue: An Interpretation of SFFAS 7; Effective for fiscal year[A]: 1998. Interpretations: No. 6 Accounting for Imputed Intra-departmental Costs: An Interpretation of SFFAS No. 4; Effective for fiscal year[A]: 2005. Interpretations: No. 7 Items Held for Remanufacture; Effective for fiscal year[A]: 2007. Technical bulletins: TB 2000-1 Purpose and Scope of FASAB Technical Bulletins and Procedures for Issuance; Effective for fiscal year[A]: 2000. Technical bulletins: TB 2002-1 Assigning to Component Entities Costs and Liabilities that Result from Legal Claims Against the Federal Government; Effective for fiscal year[A]: 2002. Technical bulletins: TB 2002-2 Disclosures Required by Paragraph 79(g) of SFFAS 7 Accounting for Revenue and Other Financing Sources and Concepts for Reconciling Budgetary and Financial Accounting; Effective for fiscal year[A]: 2002. Technical bulletins: TB 2003-1 Certain Questions and Answers Related to the Homeland Security Act of 2002; Effective for fiscal year[A]: 2003. Technical bulletins: TB 2006-1 Recognition and Measurement of Asbestos- Related Cleanup Costs; Effective for fiscal year[A]: 2010. Source: FASAB. [A] Effective dates do not apply to Statements of Federal Financial Accounting Concepts. [End of table] [End of section] Appendix V: Accounting and Auditing Policy Committee Technical Releases: Technical Release: TR-1 Audit Legal Representation Letter Guidance; Release date: March 1, 1998. Technical Release: TR-2 Determining Probable and Reasonably Estimable for Environmental Liabilities in the Federal Government; Release date: March 15, 1998. Technical Release: TR-3 Preparing and Auditing Direct Loan and Loan Guarantee Subsidies Under the Federal Credit Reform Act; Release date: July 31, 1999. Technical Release: TR-4 Reporting on Non-Valued Seized and Forfeited Property; Release date: July 31, 1999. Technical Release: TR-5 Implementation Guidance on SFFAS No. 10: Accounting for Internal Use Software; Release date: May 14, 2001. Technical Release: TR-6 Preparing Estimates for Direct Loan and Loan Guarantee Subsidies Under the Federal Credit Reform Act (Amendments to TR-3); Release date: January 2004. Technical Release: TR-7 Clarification of Standards Relating to the National Aeronautics and Space Administration's Space Exploration Equipment; Release date: May 25, 2007. Technical Release: TR-8 Clarification of Standards Relating to Inter- Entity Costs; Release date: February 20, 2008. Technical Release: TR-9 Implementation Guide for Statement of Federal Financial Accounting Standards 29: Heritage Assets and Stewardship Land; Release date: February 20, 2008. Source: FASAB. [End of table] [End of section] Appendix VI: Checklists for Reviewing Systems under the Federal Financial Management Improvement Act: Checklist: GAO/AIMD-00-21.2.3; Human Resources and Payroll Systems Requirements; Issue date: March 2000. Checklist: GAO-01-99G; Seized Property and Forfeited Assets Systems Requirements; Issue date: October 2000. Checklist: GAO/AIMD-21.2.6; Direct Loan System Requirements; Issue date: April 2000. Checklist: GAO/AIMD-21.2.8; Travel System Requirements; Issue date: May 2000. Checklist: GAO/AIMD-99-21; .2.9 System Requirements for Managerial Cost Accounting; Issue date: January 1999. Checklist: GAO-01-371G; Guaranteed Loan System Requirements; Issue date: March 2001. Checklist: GAO-01-911G; Grant Financial System Requirements; Issue date: September 2001. Checklist: GAO-02-171G; Property Management Systems Requirements; Issue date: December 2001. Checklist: GAO-04-22G; Benefit System Requirements; Issue date: October 2003. Checklist: GAO-04-650G; Acquisition/Financial Systems Interface Requirements; Issue date: June 2004. Checklist: GAO-05-225G; Core Financial System Requirements; Issue date: February 2005. Source: GAO. [End of table] [End of section] Appendix VII: Comments from the Office of Management and Budget: Executive Office Of The President: Office Of Management And Budget: Washington, D.C. 20503: September 19, 2008: Ms. Kay Daly: Acting Director, Financial Management and Assurance: United States Government Accountability Office: Washington, DC 20548: Dear Ms. Daly: Thank you for the opportunity to comment on the Government Accountability Office (GAO) draft report entitled "Persistent Financial Management Systems Issues Remain for Many CFO Act Agencies (GAO-08- 1018)." We appreciate GAO's careful review and agree with your assessment that federal agencies still need to improve their financial systems so that reliable, useful, and timely financial management information is available for decision making. While significant work remains, we also want acknowledge that agencies are continuing to make progress. Specifically, the number of noncompliances with the Federal Financial Management Improvement Act of 1996 (FFMIA) was reduced to 10 from 12 over the previous year. Moreover, the number of disagreements between auditors and agencies over the FFMIA compliance results has declined to three from five compared to last year. We are continuing to work aggressively to assist agencies in building a strong foundation of financial management practices through OMB's financial management and systems oversight and under the Financial Management Line of Business (FMLoB) initiative. Both efforts support the goals of FFMIA to improve government-wide financial management and to facilitate timely and reliable information for day-to-day management. This past year, we began a significant re-write of OMB Circular No. A- 127, Financial Management Systems, as well as an update to OMB's implementation guidance for FFMIA. These materials will address prior GAO recommendations to clarify the definition of FFMIA substantial compliance so that auditors and agency heads interpret the guidance more consistently. As you noted in your report, there have been significant accomplishments this past year with regards to the FMLoB initiative. Specifically, we finalized the Common Government Accounting Classification structure and two major business process standards: funds control and payment management. For the upcoming fiscal year, we plan to continue that success by issuing additional business process standards, receivable and reporting, and will make substantial progress in developing a standard reimbursables process. The new standards will be added to the core financial system requirements and become the baseline that all agencies will follow when implementing their financial systems. Thank you again for the opportunity to review and provide comment on your draft report. Signed by: Danny Werfel: Deputy Controller: [End of section] Appendix VIII: GAO Contact and Staff Acknowledgments: GAO Contact: Kay L. Daly, (202) 512-9095 or dalykl@gao.gov: Acknowledgments: In addition to the contact named above, Michael S. LaForge, Assistant Director; F. Abe Dymond, Assistant General Counsel; Rosalinda Cobarrubias; Francine DelVecchio; Tiffany Epperson; Lauren S. Fassler; Jim Kernen; Sheila D. Miller; and Patrick Tobo made key contributions to this report. [End of section] Related GAO Products: Financial Management: Long-standing Financial Systems Weaknesses Present a Formidable Challenge. GAO-07-914. Washington, D.C.: August 3, 2007. Federal Financial Management: Critical Accountability and Fiscal Stewardship Challenges Facing Our Nation. GAO-07-542T. Washington, D.C.: March 1, 2007. Financial Management: Improvements Under Way but Serious Financial Systems Problems Persist. GAO-06-970. Washington, D.C.: September 26, 2006. Financial Management: Achieving FFMIA Compliance Continues to Challenge Agencies. GAO-05-881. Washington, D.C.: September 20, 2005. Financial Management: Improved Financial Systems Are Key to FFMIA Compliance. GAO-05-20. Washington, D.C.: October 1, 2004. Financial Management: Recurring Financial Systems Problems Hinder FFMIA Compliance. GAO-04-209T. Washington, D.C.: October 29, 2003. Financial Management: Sustained Efforts Needed to Achieve FFMIA Accountability. GAO-03-1062. Washington, D.C.: September 30, 2003. Financial Management: FFMIA Implementation Necessary to Achieve Accountability. GAO-03-31. Washington, D.C.: October 1, 2002. Financial Management: Effective Implementation of FFMIA Is Key to Providing Reliable, Useful, and Timely Data. GAO-02-791T. Washington, D.C.: June 6, 2002. Financial Management: FFMIA Implementation Critical for Federal Accountability. GAO-02-29. Washington, D.C.: October 1, 2001. Financial Management: Federal Financial Management Improvement Act Results for Fiscal Year 1999. GAO/AIMD-00-307. Washington, D.C.: September 29, 2000. Financial Management: Federal Financial Management Improvement Act Results for Fiscal Year 1998. GAO/AIMD-00-3. Washington, D.C.: October 1, 1999. Financial Management: Federal Financial Management Improvement Act Results for Fiscal Year 1997. GAO/AIMD-98-268. Washington, D.C.: September 30, 1998. Financial Management: Implementation of the Federal Financial Management Improvement Act of 1996. GAO/AIMD-98-1. Washington, D.C.: October 1, 1997. [End of section] Footnotes: [1] GAO, Fiscal Stewardship: A Critical Challenge Facing Our Nation, GAO-07-362SP (Washington, D.C.: January 2007); Suggested Areas for Oversight for the 110th Congress, GAO-07-235R (Washington, D.C.: Nov. 17, 2006); 21st Century Challenges: Reexamining the Base of the Federal Government, GAO-05-325SP (Washington, D.C.: February 2005). [2] Federal Financial Management Improvement Act of 1996, Pub. L. No. 104-208, div. A., § 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 30, 1996). [3] Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990). [4] The term financial management systems includes the financial systems and the financial portions of mixed systems necessary to support financial management, including automated and manual processes, procedures, controls, data, hardware, software, and support personnel dedicated to the operation and maintenance of system functions. [5] GAO, Highlights of a Forum Convened by the Comptroller General of the United States: Improving the Federal Government's Financial Management Systems, GAO-08-447SP (Washington D.C.: Apr. 16, 2008). [6] The five CFO Act agencies whose auditors no longer reported lack of substantial compliance with FFMIA requirements were the departments of Energy, the Interior, Justice, and Labor, and the Small Business Administration (SBA). The one agency that moved into noncompliance was the Environmental Protection Agency. [7] A "material weakness" is a significant deficiency or combination of significant deficiencies that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected. [8] A "significant deficiency" is a control deficiency, or combination of deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report financial data reliability in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected. [9] S. Rep. No. 104-339, at 10 (July 30, 1996). [10] GAO, Financial Management: FFMIA Implementation Critical for Federal Accountability, GAO-02-29 (Washington, D.C.: Oct. 1, 2001) and GAO, Financial Management: FFMIA Implementation Necessary to Achieve Accountability, GAO-03-31 (Washington, D.C.: Oct. 1, 2002). [11] GAO, Financial Management Systems: Additional Efforts Needed to Address Key Causes of Modernization Failures, GAO-06-184 (Washington, D.C.: Mar. 15, 2006). [12] Pub. L. No. 97-255, 96 Stat. 814 (Sept. 8, 1982) (codified at 31 U.S.C. § 3512 (c), (d)). [13] GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). [14] Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993). [15] Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994). [16] Pub. L. No. 104-106, div. E, 110 Stat. 186, 679 (Feb. 10, 1996). [17] Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002) (codified at 31 U.S.C. § 3515). The Accountability of Tax Dollars Act of 2002 extends the requirement to prepare and submit audited financial statements to most executive agencies not subject to the CFO Act unless they are exempted by OMB. However, these agencies are not required to have systems that are compliant with FFMIA requirements. [18] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). [19] Pub L. No. 107-347, title III, 116 Stat. 2946 (Dec. 17, 2002). [20] Pub. L. No. 108-330, 118 Stat. 1275 (Oct. 16, 2004). [21] In December 2004, the JFMIP Principals voted to modify the roles and responsibilities of the JFMIP, resulting in the creation of FSIO. FSIO assumed responsibility for coordinating the work related to federal financial management systems requirements and OMB's Office of Federal Financial Management (OFFM) is responsible for issuing the new or revised regulations. See OMB, Update on the Financial Management Line of Business and the Financial Systems Integration Office, memorandum (Washington, D.C.: Dec. 16, 2005). [22] The PCIE--which is governed by Executive Order No. 12805 of May 11, 1992--was established to (1) address integrity, economy, and effectiveness issues that transcend individual government agencies and (2) increase the professionalism and effectiveness of inspectors general personnel throughout the government. The PCIE is composed primarily of the presidentially appointed inspectors general. Officials from OMB, the Federal Bureau of Investigation, Office of Government Ethics, Office of Special Counsel, and the Office of Personnel Management (OPM) serve on the PCIE as well. [23] GAO/PCIE, Financial Audit Manual, Volume 1, GAO-08-585G (Washington D.C.: July 2008) and GAO/PCIE, Financial Audit Manual, Volume 2, GAO-08-586G (Washington D.C.: July 2008). [24] GAO-08-447SP. [25] GAO-02-29, GAO-03-31. [26] The term mixed system means an information system that supports both financial and nonfinancial functions of the federal government or components thereof. [27] Departments of Energy, the Interior, Justice, and Labor, and the Small Business Administration. [28] See, for example, GAO-02-29 and GAO, Financial Management: Long- standing Financial Systems Weaknesses Present a Formidable Challenge, GAO-07-914 (Washington, D.C.: Aug. 3, 2007). [29] Auditors provide "negative assurance" when they state that nothing came to their attention during the course of their planned procedures to indicate that the agency's financial management systems did not meet FFMIA requirements. Under generally accepted government auditing standards, there are no requirements to perform additional testing beyond that needed for a financial statement audit for an auditor to give negative assurance. Testing that is not sufficient to support an opinion means that an area of noncompliance may be missed. In contrast, providing positive assurance of FFMIA compliance requires auditors to perform more audit procedures than those needed to render an opinion on the financial statements. [30] GAO-02-29. [31] OMB, Revised Implementation Guidance for the Federal Financial Management Improvement Act, memorandum (Washington, D.C.: Jan. 4, 2001). [32] U.S. Department of Justice, Office of the Inspector General, U.S. Department of Justice Annual Financial Statement Fiscal Year 2007 Commentary and Summary, Audit Report 08-01 (Washington, D.C.: December 2007). [33] U.S. Department of Justice Office of the Inspector General, Top Management and Performance Challenges in the Department of Justice, memorandum (Washington, D.C.: 2007). [34] See, for example, GAO-07-914. [35] GAO-02-29. [36] See, for example, GAO-02-29 and GAO-07-914. [37] S. Rep. No. 104-339, at 10 (July 30, 1996). [38] GAO, Financial Management Systems: Lack of Disciplined Processes Puts Implementation of HHS' Financial System at Risk, GAO-04-1008 (Washington, D.C.: Sept. 23, 2004). [39] GAO-06-184. [40] Disciplined processes have been shown to reduce the risks associated with software development and acquisition efforts to acceptable levels and are fundamental to successful system implementations. Examples of some of the disciplined processes include requirements management, testing, risk management, data conversion, and project management. [41] GAO, DOD Business Transformation: Lack of an Integrated Strategy Puts the Army's Asset Visibility System Investments at Risk, GAO-07-860 (Washington, D.C.: July 27, 2007). [42] Field/Tactical refers to Army units that are deployable to locations around the world such as Iraq and Afghanistan. [43] GAO-04-1008. [44] Department of Health and Human Services, FY 2007 Agency Financial Report (Washington, D.C.: Nov. 15, 2007). [45] GAO, Homeland Security: Departmentwide Integrated Financial Management Systems Remain a Challenge, GAO-07-536 (Washington, D.C.: June 21, 2007). [46] Department of Homeland Security Office of Inspector General, Letter Report: Review of DHS' Financial Systems Consolidation Project, OIG-08-47 (Washington, D.C.: May 9, 2008). [47] See Savantage Financial Services, Inc. v. United States, 81 Fed. Cl. 300, 308 (2008): see also Competition in Contracting Act, codified, in part, as amended, at 41 U.S.C. § 253 (a). [48] 81 Fed. Cl. 300, 311. [49] According to OMB, the goals of the FMLOB initiative are to (1) provide timely and accurate data for decision making; (2) facilitate stronger internal controls that ensure integrity in accounting and other stewardship activities; (3) reduce costs by providing a competitive alternative for agencies to acquire, develop, implement, and operate financial management systems through shared service solutions; (4) standardize systems, business processes, and data elements; and (5) provide for seamless data exchange between and among federal agencies by implementing a common language and structure for financial information and system interfaces. [50] GAO-06-184. [51] OMB, Update on the Financial Management Line of Business, memorandum (Washington, D.C.: Jan. 28, 2008). [52] FSIO, Financial Management Systems Standard Business Processes for U.S. Government Agencies (Washington, D.C.: July 18, 2008). This document presents governmentwide common processes and activities, standard business rules, and data exchanges for core financial business processes. It contains detailed descriptions of the funds and payment management processes and indicates that the receivables management, reimbursables, and reporting processes will be presented at a future date. [53] OMB, Budget of the United States Government Fiscal Year 2009, Analytical Perspectives, Supplemental Materials, Table 9-9 (Washington, D.C.: Feb. 4, 2008). [54] GAO, Highlights of a Forum Convened by the Comptroller General of the United States: Improving the Federal Government's Financial Management Systems, GAO-08-447SP (Washington D.C.: Apr. 16, 2008). [55] Federal Financial Management Improvement Act of 1996, Pub. L. No. 104-208, div. A., § 101(f), title VIII, 110 Stat. 3009, 3009-389 (Sept. 30, 1996). [56] Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990). [57] Pub. L. No. 103-356, 108 Stat. 3410 (Oct. 13, 1994). [58] JFMIP was originally formed under the authority of the Budget and Accounting Procedures Act of 1950 and was a joint and cooperative undertaking of GAO, the Department of the Treasury, the Office of Management and Budget (OMB), and the Office of Personnel Management (OPM), working in cooperation with each other to improve financial management practices in the federal government. As a result of a realignment that OMB announced in December 2004, JFMIP's responsibilities for financial management policy and oversight in the federal government were transferred to OMB's Office of Federal Financial Management (OFFM). Although JFMIP no longer exists as a separate organization, its four Principals--the Comptroller General of the United States, the Secretary of the Treasury, and the Directors of OMB and OPM--continue to meet at their discretion. [59] Core financial system capabilities, as defined by OFFM, include managing general ledger, funding, payments, receivables, and certain basic cost functions. [60] Accounting standards are authoritative statements of how particular types of transactions and other events should be reflected in financial statements, while accounting concepts explain the objectives and ideas upon which the standards were developed. [61] S. Rep. No. 104-339, at 1-13 (July 30, 1996). [62] Examples of administrative systems include budget, acquisition, travel, property, and human resources and payroll. [63] In October 1990, the Secretary of the Treasury, the Director of OMB, and the Comptroller General established FASAB to develop a set of generally accepted accounting standards and concepts for the federal government. Effective October 1, 2003, FASAB is comprised of six nonfederal or public members, one member from the Congressional Budget Office, and the three sponsors. [64] Accounting standards are authoritative statements of how particular types of transactions and other events should be reflected in financial statements. SFFACs explain the objectives and ideas upon which FASAB develops the standards. [65] An interpretation is a document of narrow scope that provides clarifications of original meaning, additional definitions, or other guidance pertaining to an existing federal accounting standard. [66] In 1997, FASAB, in conjunction with OMB, Treasury, GAO, the Chief Financial Officers Council, and the President's Council on Integrity and Efficiency, established AAPC to assist the federal government in improving financial reporting. [67] SGL guidance is published in the Treasury Financial Manual. Treasury's Financial Management Service is responsible for maintaining the SGL and answering agency inquiries. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: