GAO-04-209T, Financial Management: Recurring Financial Systems Problems Hinder FFMIA Compliance


This is the accessible text file for GAO report number GAO-04-209T 
entitled 'Financial Management: Recurring Financial Systems Problems 
Hinder FFMIA Compliance' which was released on October 29, 2003.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

Testimony: 

Before the Subcommittee on Government Efficiency and Financial 
Management, Committee on Government Reform, House of Representatives:

For Release on Delivery Expected at 2:30 p.m. EST Wednesday, October 
29, 2003:

FINANCIAL MANAGEMENT:

Recurring Financial Systems Problems Hinder FFMIA Compliance:

Statement of Sally E. Thompson Director, Financial Management and 
Assurance:

GAO-04-209T:

GAO Highlights:

Highlights of GAO-04-209T, a testimony before the Subcommittee on 
Government Efficiency and Financial Management, Committee on 
Government Reform, House of Representatives 

Why GAO Did This Study:

The Federal Financial Management Improvement Act of 1996 (FFMIA) 
requires Chief Financial Officers (CFO) Act agencies to implement and 
maintain financial management systems that comply substantially with 
(1) federal financial management systems requirements, (2) federal 
accounting standards, and (3) the U.S. Government Standard General 
Ledger. Most federal agencies face long-standing challenges, which are 
discussed in greater detail in our mandated September 2003 report, 
Sustained Efforts Needed to Achieve FFMIA Accountability (GAO-03-1062).
In light of these circumstances, the Subcommittee asked GAO to testify 
about recurring financial management systems problems and agencies’ 
efforts to upgrade their systems.

What GAO Found:

The results of the fiscal year 2002 FFMIA assessments performed by 
agency inspectors general or their contract auditors again show that 
the same types of problems continue to plague the financial management 
systems used by the CFO Act agencies. While much more severe at some 
agencies than others, the nature and severity of the problems indicate 
that overall, agency management lacks the full range of information 
needed for accountability, performance reporting, and decision making. 
As shown in the figure below, audit reports highlight six recurring 
problems that have been consistently reported for those agencies whose 
auditors reported noncompliant systems.

Problems Reported by Auditors for Fiscal Years 2000 through 2002

[See PDF for image]

[End of figure]
 
Agencies have recognized the seriousness of the financial systems 
weaknesses, and have many efforts underway to implement or upgrade 
financial systems to alleviate long-standing problems. As of September 
30, 2002, 17 CFO Act agencies advised us they were planning to or were 
in the process of implementing a new core financial system. It is 
imperative that agencies adopt leading practices, such as top 
management commitment and business process reengineering, to ensure 
successful systems implementation and to avoid complicating factors, 
such as poor communication and inadequate project planning, that have 
hampered some agencies’ efforts in the past.

Congressional oversight, the Joint Financial Management Improvement 
Program Principals, and the President’s Management Agenda are driving 
forces behind several governmentwide efforts now underway to improve 
federal financial management. Continued attention by these key drivers 
is critical to sustaining agencies efforts to improve their financial 
management systems.  

What GAO Recommends:

GAO is not making new recommendations in this testimony, but in a past 
report has made specific recommendations aimed at addressing the 
problems hindering agencies’ compliance with FFMIA. 

www.gao.gov/cgi-bin/getrpt?GAO-04-209T.

To view the full product, including the scope and methodology, click 
on the link above. For more information, contact Sally Thompson, 
(202) 512-9450, thompsons@gao.gov.

[End of section]

Mr. Chairman and Members of the Subcommittee:

I am pleased to be here to discuss the challenges most of the federal 
departments and agencies still face in meeting the primary goals of the 
Congress in enacting the Federal Financial Management Improvement Act 
of 1996 (FFMIA).[Footnote 1] As you requested, our testimony today 
addresses the recurring financial management systems problems that 
agencies are facing and the status of their efforts to implement 
systems that substantially comply with FFMIA.

As you know, FFMIA builds on the foundation laid by the Chief Financial 
Officers (CFO) Act of 1990[Footnote 2] by reflecting the need for 
agencies to have financial management systems that can generate timely, 
accurate, and useful information with which to make informed decisions 
and to ensure accountability on an ongoing basis. FFMIA requires the 
major departments and agencies covered by the CFO Act[Footnote 3] to 
implement and maintain financial management systems that comply 
substantially with the (1) federal financial management systems 
requirements, (2) applicable federal accounting standards, and (3) U.S. 
Government Standard General Ledger (SGL) at the transaction level. 
Further, FFMIA requires auditors to report in their CFO Act financial 
statement audit reports whether the agencies' financial management 
systems comply with FFMIA's requirements. We are also required to 
report annually on the implementation of the act.

As discussed in our recently issued annual report on FFMIA,[Footnote 4] 
the results of the fiscal year 2002 FFMIA assessments performed by 
agency inspectors general (IG) or their contract auditors again show 
that the same types of problems still plague the financial management 
systems used by the CFO Act agencies. While much more severe at some 
agencies than others, the nature and severity of the problems indicate 
that overall, agency management lacks the full range of information 
needed for accountability, performance reporting, and decision making. 
While the CFO Act agencies have obtained more clean or unqualified 
audit opinions on their financial statements, often through 
extraordinary, labor-intensive measures, there is little evidence of 
marked improvements in agencies' capacities to create the full range of 
information needed to manage day-to-day operations. As we have 
previously testified[Footnote 5] before this Subcommittee, if agencies 
continue year after year to rely on significant costly and time-
intensive manual efforts to achieve or maintain unqualified opinions 
without improving underlying financial management systems, it can 
mislead the public about the true status of the agencies' financial 
management capabilities.

Agencies have recognized the seriousness of the financial systems 
weaknesses, and have many efforts underway to implement or upgrade 
financial systems to alleviate long-standing problems. As of September 
30, 2002, 17 CFO Act agencies advised us they were planning to or were 
in the process of implementing a new core financial system. Under the 
Office of Management and Budget's (OMB) Circular A-127, Financial 
Management Systems, agencies are required to purchase commercial off-
the-shelf (COTS) packages sold by vendors whose core financial systems 
software has been certified.[Footnote 6] Some of the key factors that 
affect FFMIA compliance of an implemented COTS package include how the 
software works in the agency's environment, whether any customizations 
or modifications[Footnote 7] have been made to the software, and the 
success of converting data from legacy systems to new systems.

Successful implementation efforts of financial management systems are 
supported by the presence of several key characteristics, which apply 
to both the public and private sectors. These characteristics include, 
among others, (1) involvement by the users, (2) support of executive 
management, (3) leadership provided by experienced project managers, 
(4) clear definition and management of project requirements, (5) proper 
planning, and (6) realistic expectations. Conversely, financial systems 
implementation projects are often hindered by the lack of executive 
support, poor communication between managers and stakeholders, poor 
estimations and planning, and poor documentation and updating of user 
requirements.

To provide impetus for upgrading financial management systems that 
provide reliable, timely, and useful data, congressional oversight, the 
Joint Financial Management Improvement Program (JFMIP) 
Principals,[Footnote 8] and the President's Management Agenda (PMA) are 
driving forces behind several governmentwide efforts now underway to 
improve federal financial management. The Congress has demonstrated 
leadership in improving federal financial management by enacting 
financial management reform laws and through oversight hearings, such 
as this one today. The JFMIP Principals have continued the series of 
regular deliberative meetings that focus on key financial management 
reform issues. The PMA, being implemented by the administration as an 
agenda for improving the management and performance of the federal 
government, includes five crosscutting initiatives, including improved 
financial performance. Continued attention by these key drivers is 
critical to sustaining agencies' efforts to improve their financial 
management systems.

My statement today will focus on these issues and discuss (1) auditors' 
determinations of FFMIA compliance for fiscal year 2002, (2) problems 
that affect agency systems' compliance with FFMIA, (3) agency efforts 
to implement new core financial systems, (4) key characteristics of 
successful systems implementation and the challenges federal agencies 
face, and (5) the status of governmentwide financial management 
improvement efforts.

Auditors' Assessments of FFMIA Compliance for Fiscal Year 2002:

For fiscal year 2002, Inspectors General and their contract auditors 
reported that the systems for 19 of the 24 CFO Act agencies did not 
comply substantially with at least one of the FFMIA requirements--
federal financial management systems requirements, applicable federal 
accounting standards, or the SGL. Auditors' assessments of financial 
systems' compliance with FFMIA for 3 agencies--the Department of Labor 
(DOL), Environmental Protection Agency (EPA), and the National Science 
Foundation (NSF)--changed from fiscal years 2001 to 2002. For fiscal 
year 2002, the auditors for DOL concluded that its systems were not in 
substantial compliance with the managerial cost standard and thus were 
not in compliance with FFMIA. Auditors for EPA and NSF found the 
agencies' respective systems to be in substantial compliance, a change 
from the fiscal year 2001 assessments.

As we have testified previously,[Footnote 9] while the number of 
agencies receiving clean opinions increased over the past 6 years from 
11 in fiscal year 1997 to 21 for fiscal year 2002, the number of 
agencies reported to have systems that lacked substantial compliance 
with FFMIA has remained steady. While the increase in unqualified 
opinions is noteworthy, a more important barometer of financial 
systems' capability and reliability is that the number of agencies for 
which auditors provided negative assurance[Footnote 10] of FFMIA 
compliance has remained relatively constant throughout this same 
period. In our view, this has led to an expectation gap. When more 
agencies receive clean opinions, expectations are raised that the 
government has sound financial management and can produce reliable, 
useful, and timely information on demand throughout the year, whereas 
FFMIA assessments offer a different perspective. For agencies equipped 
with modern, fully integrated financial management systems, preparation 
of financial statements would be more routine and much less costly.

Auditors for the remaining five agencies--the Department of Energy, 
EPA, the General Services Administration (GSA), NSF, and the Social 
Security Administration (SSA)--provided negative assurance in 
reporting on FFMIA compliance for fiscal year 2002. In their respective 
reports, they included language stating that while they did not opine 
as to FFMIA compliance, nothing came to their attention during the 
course of their planned procedures indicating that these agencies' 
financial management systems did not meet FFMIA requirements. If 
readers do not understand the concept of negative assurance, they may 
have gained an incorrect impression that these systems have been fully 
tested by the auditors and found to be substantially compliant. Because 
the act requires auditors to "report whether" agency systems are 
substantially compliant, we believe the auditor needs to provide 
positive assurance, which would be a definitive statement as to whether 
agency financial management systems substantially comply with FFMIA, as 
required under the statute. This is what we will do for the financial 
statement audits we perform when reporting that an entity's financial 
management systems were in substantial compliance. To provide positive 
assurance, auditors need to consider many other aspects of financial 
management systems than those applicable to the purposes of rendering 
an opinion on the financial statements.

Widespread Systems Problems Affect FFMIA Compliance:

Based on our review of the fiscal year 2002 audit reports for the 19 
agencies reported to have systems not in substantial compliance with 
one or more of FFMIA's three requirements, we identified six primary 
problems[Footnote 11] affecting FFMIA noncompliance:

* nonintegrated financial management systems,

* inadequate reconciliation procedures,

* lack of accurate and timely recording of financial information,

* noncompliance with the SGL,

* lack of adherence to federal accounting standards, and:

* weak security controls over information systems.

The relative frequency of these problems[Footnote 12] at the 19 
agencies reported as having noncompliant systems is shown in figure 1. 
In addition, we caution that the occurrence of problems in a particular 
category may be even greater than auditors' reports of FFMIA 
noncompliance would suggest because auditors may not have included all 
problems in their reports. FFMIA testing may not be comprehensive and 
other problems may exist that were not identified and reported. For 
example, at some agencies, the problems are so serious and well known 
that the auditor can readily determine that the systems are not 
substantially compliant without examining every facet of FFMIA 
compliance.

Figure 1: Problems Reported by Auditors for Fiscal Years 2000 through 
2002:

[See PDF for image]

[End of figure]

Nonintegrated Financial Management Systems:

The CFO Act calls for agencies to develop and maintain an integrated 
accounting and financial management system[Footnote 13] that complies 
with federal systems requirements and provides for (1) complete, 
reliable, consistent, and timely information that is responsive to the 
financial information needs of the agency and facilitates the 
systematic measurement of performance, (2) the development and 
reporting of cost management information, and (3) the integration of 
accounting and budgeting information. In this regard, OMB Circular A-
127, Financial Management Systems, requires agencies to establish and 
maintain a single integrated financial management system that conforms 
with functional requirements published by JFMIP.

An integrated financial system coordinates a number of functions to 
improve overall efficiency and control. For example, integrated 
financial management systems are designed to avoid unnecessary 
duplication of transaction entry and greatly lessen reconciliation 
issues. With integrated systems, transactions are entered only once and 
are available for multiple purposes or functions. Moreover, with an 
integrated financial management system, an agency is more likely to 
have reliable, useful, and timely financial information for day-to-day 
decision making as well as external reporting.

Agencies that do not have integrated financial management systems 
typically must expend major effort and resources, including in some 
cases hiring external consultants, to develop information that their 
systems should be able to provide on a daily or recurring basis. In 
addition, opportunities for errors are increased when agencies' systems 
are not integrated. Agencies with nonintegrated financial systems are 
more likely to be required to devote more resources to collecting 
information than those with integrated systems.

Auditors frequently mentioned the lack of modern, integrated financial 
management systems in their fiscal year 2002 audit reports. As shown in 
figure 1, auditors for 12 of the 19 agencies with noncompliant systems 
reported this as a problem. For example, auditors for the Department of 
Transportation (DOT) reported that its major agencies still use the 
Departmental Accounting and Financial Information System (DAFIS), the 
existing departmentwide accounting system[Footnote 14] and cannot 
produce auditable financial statements based on the information in 
DAFIS. For example, DOT's IG reported that DOT made about 860 
adjustments outside of DAFIS totaling $51 billion in order to prepare 
the financial statements.[Footnote 15] DOT's IG also reported that 
there were problems linking some information between DAFIS and the 
Federal Highway Administration's Fiscal Management Information System 
(FMIS). DOT uses FMIS to record initial obligations for federal aid 
grants to states. However, due to problems resulting from upgrades and 
changes made to the FMIS system, all obligations are not electronically 
transferred from FMIS to DAFIS. As of September 30, 2002, valid 
obligations of about $388 million were understated. Moreover, problems 
linking information also existed between Delphi, DOT's new financial 
management system, and the Federal Transit Administration's (FTA) 
financial feeder systems that prevented FTA from electronically 
processing about $350 million in payments related to its Electronic 
Clearing House Operation. These transactions had to be manually 
processed into Delphi. What is important here is that the information 
developed to prepare auditable annual financial statements is not 
available on an ongoing basis for day-to-day management of DOT's 
programs and operations.

As we have reported,[Footnote 16] cultural resistance to change, 
military service parochialism, and stovepiped operations have played a 
significant role in impeding previous attempts to implement broad-based 
reforms at the Department of Defense (DOD). The department's stovepiped 
approach is most evident in its current financial management systems 
environment, which DOD recently estimated to include approximately 
2,300 systems and systems development projects--many of which were 
developed in piecemeal fashion and evolved to accommodate different 
organizations, each with its own policies and procedures. As DOD 
management has acknowledged,[Footnote 17] the department's current 
financial environment is comprised of many discrete systems 
characterized by poor integration and minimal data standardization and 
prevents managers from making more timely and cost-effective decisions.

Inadequate Reconciliation Procedures:

A reconciliation process, even if performed manually, is a valuable 
part of a sound financial management system. In fact, the less 
integrated the financial management system, the greater the need for 
adequate reconciliations because data are accumulated from various 
sources. For example, the Department of Health and Human Services (HHS) 
IG reported[Footnote 18] that the department's lack of an integrated 
financial management system continues to impair the ability of certain 
operating divisions to prepare timely information. Moreover, certain 
reconciliation processes were not adequately performed to ensure that 
differences were properly identified, researched, and resolved in a 
timely manner and that account balances were complete and accurate. 
Reconciliations are needed to ensure that data have been recorded 
properly between the various systems and manual records. The 
Comptroller General's Standards for Internal Control in the Federal 
Government highlights reconciliation as a key control activity.

As shown in figure 1, auditors for 11 of the 19 agencies with 
noncompliant systems reported that the agencies had reconciliation 
problems, including difficulty reconciling their fund balance with 
Treasury accounts[Footnote 19] with Treasury's records. Treasury policy 
requires agencies to reconcile their accounting records with Treasury 
records monthly, which is comparable to individuals reconciling their 
checkbooks to their monthly bank statements. As we recently 
testified,[Footnote 20] DOD had at least $7.5 billion in unexplained 
differences between Treasury and DOD fund activity records. Many of 
these differences represent disbursements made and reported to Treasury 
that had not yet been properly matched to obligations and recorded in 
DOD accounting records. In addition to these unreconciled amounts, DOD 
identified and reported an additional $3.6 billion in payment recording 
errors. These include disbursements that DOD has specifically 
identified as containing erroneous or missing information and that 
cannot be properly recorded and charged against the correct, valid fund 
account. DOD records many of these payment problems in suspense 
accounts. While DOD made $1.6 billion in unsupported adjustments to its 
fund balances at the end of fiscal year 2002 to account for a portion 
of these payment recording errors, these adjustments did not resolve 
the related errors.

Inadequate reconciliation procedures also complicate the 
identification and elimination of intragovernmental activity and 
balances, which is one of the principal reasons we continue to disclaim 
on the government's consolidated financial statements. As we testified 
in April 2003,[Footnote 21] agencies had not reconciled 
intragovernmental activity and balances with their trading 
partners[Footnote 22] and, as a result, information reported to 
Treasury is not reliable. For several years, OMB and Treasury have 
required CFO Act agencies to reconcile selected intragovernmental 
activity and balances with their trading partners. However, a 
substantial number of CFO Act agencies did not perform such 
reconciliations for fiscal years 2002 and 2001, citing such reasons as 
(1) trading partners not providing needed data, (2) limitations and 
incompatibility of agency and trading partner systems, and (3) human 
resource issues. For both of these years, amounts reported for federal 
trading partners for certain intragovernmental accounts were 
significantly out of balance. Actions are being taken governmentwide 
under OMB's leadership to address problems associated with 
intragovernmental activity and balances.

Lack of Accurate and Timely Recording of Financial Information:

Auditors for 17 agencies reported the lack of accurate and timely 
recording of financial information for fiscal year 2002 compared to the 
14 agencies[Footnote 23] for which auditors noted similar problems in 
their 2001 reports. Accurate and timely recording of financial 
information is key to successful financial management. Timely recording 
of transactions can facilitate accurate reporting in agencies' 
financial reports and other management reports that are used to guide 
managerial decision making. The Comptroller General's Standards for 
Internal Control in the Federal Government states that transactions 
should be promptly recorded to maintain their relevance and value to 
management in controlling operations and making decisions.

Untimely recording of transactions during the fiscal year can result in 
agencies making substantial efforts at fiscal year-end to perform 
extensive manual financial statement preparation efforts that are 
susceptible to error and increase the risk of misstatements. Gathering 
financial data only at year-end does not provide adequate time to 
analyze transactions or account balances. Further, it impedes 
management's ability throughout the year to have timely and useful 
information for decision making. For example, auditors 
reported[Footnote 24] that, for fiscal year 2002, Department of Justice 
(Justice) components did not adjust the status of obligations on a 
quarterly basis as required, and as a result, extensive manual efforts 
had to be performed at year-end to correct the status of obligation 
records. This process of reviewing the status of obligations only at 
the end of the year increases the risk that errors will go undetected, 
does not provide managers with accurate information during the year for 
decision making, and results in misstatements in the financial 
statements.

Noncompliance with the SGL:

Implementing the SGL at the transaction level is one of the specific 
requirements of FFMIA. However, as shown in figure 1, auditors for 9 of 
the 19 noncompliant agencies reported that the agencies' systems did 
not comply with SGL requirements. The SGL promotes consistency in 
financial transaction processing and reporting by providing a uniform 
chart of accounts and pro forma transactions. Use of the SGL also 
provides a basis for comparison at agency and governmentwide levels. 
These defined accounts and pro forma transactions are used to 
standardize the accumulation of agency financial information, as well 
as enhance financial control and support financial statement 
preparation and other external reporting. By not implementing the SGL, 
agencies are challenged to provide consistent financial information 
across their components and functions.

As in previous years, the Department of Housing and Urban Development's 
(HUD) auditors reported that the Federal Housing Administration's (FHA) 
systems were noncompliant with the SGL for fiscal year 2002 because FHA 
must use several manual processing steps to convert its commercial 
accounts to SGL accounts.[Footnote 25] FHA's 19 legacy insurance 
systems, which fed transactions to its commercial general ledger 
system, lacked the capabilities to process transactions in the SGL 
format. Therefore, FHA provided only consolidated summary-level data to 
HUD's Central Accounting and Program System (HUDCAPS). As we 
reported,[Footnote 26] FHA used several manual processing steps to 
provide summary-level data, including the use of personal-computer-
based software to convert the summary-level commercial accounts to 
government SGL, and transfer the balances to HUDCAPS. This process did 
not comply with JFMIP requirements that the core financial system 
provide for automated month-and year-end closing of SGL accounts and 
the roll-over of the SGL account balances.

Lack of Adherence to Federal Accounting Standards:

One of FFMIA's requirements is that agencies' financial management 
systems account for transactions in accordance with federal accounting 
standards. Agencies face significant challenges implementing these 
standards. As shown in figure 1, auditors for 13 of the 19 agencies 
with noncompliant systems reported that these agencies had problems 
complying with one or more federal accounting standards. Auditors 
reported that agencies are having problems implementing standards that 
have been in effect for some time, as well as standards that have been 
promulgated in the last few years. For example, auditors for three 
agencies--DOD, Justice, and the Federal Emergency Management Agency 
(FEMA)--reported weaknesses in compliance with Statement of Federal 
Financial Accounting Standards (SFFAS) No. 6, Accounting for Property, 
Plant, and Equipment, which became effective for fiscal year 1998. 
Auditors for DOD reported that DOD did not capture the correct 
acquisition date and cost of its property, plant, and equipment, due to 
system limitations.

Therefore, DOD could not provide reliable information for reporting 
account balances and computing depreciation. Auditors for two agencies-
-HUD and Justice--reported weaknesses in compliance with SFFAS No. 7, 
Revenue and Other Financing Sources, which also became effective for 
fiscal year 1998. For example, auditors reported a material weakness 
for FHA's budget execution and fund control. According to the auditors, 
FHA's financial systems and processes are not capable of fully 
monitoring and controlling budgetary resources. Finally, auditors for 
three agencies--the Agency for International Development (AID), the 
National Aeronautics and Space Administration (NASA), and the Nuclear 
Regulatory Commission (NRC)--reported trouble with implementing SFFAS 
No. 10, Accounting for Internal Use Software, which became effective at 
the beginning of fiscal year 2001. For example, auditors reported that 
NASA's policies and procedures do not specifically address purchasing 
software as part of a package of products and services. In their 
testing, NASA's auditors identified errors for costs that were 
originally recorded as expenses, but instead should have been 
capitalized as assets.

Managerial cost information is required by the CFO Act of 1990, and 
since 1998 by a federal accounting standard. Auditors for five agencies 
reported problems implementing SFFAS No. 4, Managerial Cost Accounting 
Concepts and Standards. For example, auditors for DOL reported that the 
department has not developed the capability to routinely report the 
cost of outputs used to manage program operations at the operating 
program and activity levels. Moreover, DOL does not use managerial cost 
information for purposes of performance measurement, planning, 
budgeting, or forecasting. At DOT, auditors stated that its agencies, 
other than the Federal Aviation Administration (FAA) and the U.S. Coast 
Guard,[Footnote 27] have begun to identify requirements for 
implementing cost accounting systems. DOT's existing accounting system, 
DAFIS, does not have the capability to capture full costs, including 
direct and indirect costs assigned to DOT programs. The Secretary 
recently advised OMB that as the remaining DOT agencies migrate to 
Delphi, DOT's new core financial system, Delphi will provide them with 
enhanced cost accounting capabilities.

Managerial cost information is critical for implementing the PMA. 
According to the PMA, the accomplishment of the other four crosscutting 
initiatives[Footnote 28] will matter little without the integration of 
agency budgets with performance. Although the lack of a consistent 
information and reporting framework for performance, budgeting, and 
accounting may obscure how well government programs are performing as 
well as inhibit comparisons, no one presentation can meet all users' 
needs. Any framework should support an understanding of the links 
between performance, budgeting, and accounting information measured and 
reported for different purposes. However, even the most meaningful 
links between performance results and resources consumed are only as 
good as the underlying data. Moreover, this link between resources 
consumed and performance results is necessary to make public-private 
competition decisions as part of competitive sourcing. Therefore, 
agencies must address long-standing problems within their financial 
systems. As agencies implement and upgrade their financial management 
systems, opportunities exist for developing cost management information 
as an integral part of these systems to provide important information 
that is timely, reliable, and useful.

As we recently reported,[Footnote 29] DOD's continuing inability to 
capture and report the full cost of its programs represents one of the 
most significant impediments facing the department. DOD does not have 
the systems and processes in place to capture the required cost 
information from the hundreds of millions of transactions it processes 
each year. Lacking complete and accurate overall life-cycle cost 
information for weapons systems impairs DOD's and congressional 
decisionmakers' ability to make fully informed decisions about which 
weapons, or how many, to buy. DOD has acknowledged that the lack of a 
cost accounting system is its largest impediment to controlling and 
managing weapon systems costs.

Weak Security Controls over Information Systems:

Information security weaknesses are one of the frequently cited reasons 
for noncompliance with FFMIA and are a major concern for federal 
agencies and the general public. These weaknesses are placing enormous 
amounts of government assets at risk of inadvertent or deliberate 
misuse, financial information at risk of unauthorized modification or 
destruction, sensitive information at risk of inappropriate disclosure, 
and critical operations at risk of disruption. Auditors for all 19 of 
the agencies reported as noncompliant with FFMIA identified weaknesses 
in security controls over information systems. Unresolved information 
security weaknesses could adversely affect the ability of agencies to 
produce accurate data for decision making and financial reporting 
because such weaknesses could compromise the reliability and 
availability of data that are recorded in or transmitted by an agency's 
financial management system.

General controls are the policies, procedures, and technical controls 
that apply to all or a large segment of an entity's information systems 
and help ensure their proper operation. The six major areas are (1) 
security program management, which provides the framework for ensuring 
that risks are understood and that effective controls are selected and 
properly implemented, (2) access controls, which ensure that only 
authorized individuals can read, alter, or delete data, (3) software 
development and change controls, which ensure that only authorized 
software programs are implemented, (4) segregation of duties, which 
reduces the risk that one individual can independently perform 
inappropriate actions without detection, (5) operating systems 
controls, which protect sensitive programs that support multiple 
applications from tampering and misuse, and (6) service continuity, 
which ensures that computer-dependent operations experience no 
significant disruption. As we discussed in our April 2003 
testimony,[Footnote 30] our analyses of audit reports issued from 
October 2001 through October 2002 for 24 of the largest federal 
agencies[Footnote 31] continued to show significant weaknesses in 
federal computer systems that put critical operations and assets at 
risk. Weaknesses continued to be reported in each of the 24 agencies 
included in our review, and they covered all six major areas of general 
controls. Although our analyses showed that most agencies had 
significant weaknesses in these six control areas, weaknesses were most 
often cited for access controls and security program management.

Since 1997, GAO has considered information security a governmentwide 
high-risk area.[Footnote 32] As shown by our work and work performed by 
the IGs, security program management continues to be a widespread 
problem. Concerned with reports of significant weaknesses in federal 
computer systems that make them vulnerable to attack, the Congress 
enacted Government Information Security Reform provisions[Footnote 33] 
(commonly known as GISRA) to reduce these risks and provide more 
effective oversight of federal information security. GISRA required 
agencies to implement an information security program that is founded 
on a continuing risk management cycle and largely incorporates existing 
security policies found in OMB Circular A-130, Management of Federal 
Information Resources. GISRA provided an overall framework for managing 
information security and established new annual review, independent 
evaluation, and reporting requirements to help ensure agency 
implementation and both OMB and congressional oversight.

In its required fiscal year 2002 GISRA report to the Congress, OMB 
stated that the federal government had made significant strides in 
addressing serious and pervasive information technology security 
problems, but that more needed to be done, particularly to address both 
the governmentwide weaknesses identified in its fiscal year 2001 report 
to the Congress and new challenges.[Footnote 34] Also, OMB reported 
significant progress in agencies' information technology security 
performance, primarily as indicated by quantitative governmentwide 
performance measures that OMB required agencies to disclose beginning 
with their fiscal year 2002 reports. These include measures such as the 
number of systems that have been assessed for risk, have an up-to-date 
security plan, and for which security controls have been tested.

As discussed in our June 2003 testimony,[Footnote 35] the 
governmentwide weaknesses identified by OMB, as well as the limited 
progress in implementing key information security requirements, 
continue to emphasize that, overall, agencies are not effectively 
implementing and managing their information security programs. For 
example, of the 24 large federal agencies we reviewed, 11 reported that 
they had assessed risk for 90 to 100 percent of their systems for 
fiscal year 2002, but 8 reported that they had assessed risk for less 
than half of their systems.

The information security program, evaluation, and reporting 
requirements established by GISRA have been permanently authorized and 
strengthened through the recently enacted Federal Information Security 
Management Act of 2002 (FISMA).[Footnote 36] In addition, FISMA 
provisions establish additional requirements that can assist the 
agencies in implementing effective information security programs, help 
ensure that agency systems incorporate appropriate controls, and 
provide information for administration and congressional oversight. 
These requirements include the designation and establishment of 
specific responsibilities for an agency senior information security 
officer, implementation of minimum information security requirements 
for agency information and information systems, and required agency 
reporting to the Congress.

Agencies' fiscal year 2003 FISMA reports, due to OMB in September 2003, 
should provide additional information on the status of agencies' 
efforts to implement federal information security requirements. In 
addition, FISMA requires each agency to report any significant 
deficiency in an information security policy, procedure, or practice 
relating to financial management systems as an instance of a lack of 
substantial compliance under FFMIA.[Footnote 37]

Agency Efforts to Implement New Core Financial Systems:

The continuing trend of noncompliance with FFMIA indicates the overall 
long-standing poor condition of agency financial systems. Correcting 
the systems problems is a difficult challenge for agencies because of 
the age and poor condition of their critical financial systems. Some of 
the federal government's computer systems were originally designed and 
developed years ago and do not meet current systems requirements. These 
legacy systems cannot provide reliable financial information for key 
governmentwide initiatives, such as integrating budget and performance 
information.

Across government, agencies have many efforts underway to implement or 
upgrade financial systems to alleviate long-standing weaknesses in 
financial management. As we recently reported,[Footnote 38] as of 
September 30, 2002, 17 agencies advised us that they were planning to 
or were in the process of implementing a new core financial 
system.[Footnote 39] Of these 17 agencies, 11 had selected 
certified[Footnote 40] software. The other 6 agencies have not reached 
the software selection phase of their acquisition process.

Implementing a core financial system that has been certified does not 
guarantee that these agencies will have financial systems that are 
compliant with FFMIA. Certification of core financial systems and 
testing vendor COTS packages help ensure that financial management 
system requirements and the vendor software remain aligned. One 
critical factor affecting FFMIA compliance is the integration of the 
core financial system with the agency's administrative[Footnote 41] and 
programmatic[Footnote 42] systems and the validity and completeness of 
data from these systems. Other factors affecting a COTS core financial 
system's ability to comply with FFMIA include how the software package 
works in the agency's environment, whether any modifications or 
customizations have been made to the software, and the success of 
converting data from legacy systems to new systems. As of September 30, 
2002, target implementation dates for 16 of the 17 agencies planning to 
implement new core financial systems ranged from fiscal years 2003 to 
2008. One agency--DOD--had not yet determined its target date for full 
implementation. As shown in figure 2, 3 of the 16 agencies--
Agriculture, GSA, and NASA--planned to complete implementation in 
fiscal year 2003. Three other agencies--SSA, Commerce, and DOT--planned 
to complete their implementations in fiscal year 2004. The Department 
of Energy established fiscal year 2005 as its target implementation 
date and 3 agencies--the departments of State and Veterans Affairs and 
AID--have targeted fiscal year 2006 for completion. Moreover, as shown 
in figure 2, 4 agencies--DOL, HHS, EPA, and HUD--have set fiscal year 
2007 as their implementation target date. Finally, 2 agencies--the 
Departments of the Interior and Justice[Footnote 43]--projected fiscal 
year 2008 for completion of their core financial systems 
implementation.

Figure 2: Agency Target Dates for Implementation of Core Financial 
Systems as of September 30, 2002:

[See PDF for image] - graphic text:

[End of figure]

The remaining 7 of the 24 CFO Act agencies that advised us that they 
had no plans to implement a new system had either recently implemented 
a new core financial system in the last several years or were not 
planning to implement an agencywide core financial system. Five of the 
7 agencies had fully implemented new core financial systems since the 
beginning of fiscal year 2001--including the Department of Education, 
NSF,[Footnote 44] NRC, the Small Business Administration (SBA), and 
OPM. FEMA had implemented a new system prior to fiscal year 2001. The 
remaining agency, Treasury,[Footnote 45] is not planning to implement 
an agencywide core financial system, but several of its subcomponent 
agencies--including the Internal Revenue Service and the Office of the 
Comptroller of the Currency--are in the process of implementing core 
financial system software packages.

In their performance and accountability reports, management for some 
agencies stated that full implementation of these new systems will 
address their systems' substantial noncompliance with FFMIA. However, 
as previously mentioned, implementation of a new core financial system 
may not resolve all of an agency's financial management weaknesses 
because of the myriad of problems affecting agencies beyond their core 
financial systems. Nevertheless, it is imperative that agencies adopt 
leading practices to help ensure successful systems implementation.

Successful Implementation of Financial Management Systems Is Key for 
Improved Financial Reporting:

Implementing new financial management systems provides a foundation for 
improved financial management, including enhanced financial reporting 
capabilities that will help financial managers meet OMB's accelerated 
reporting deadlines[Footnote 46] and make better financial management 
decisions due to more timely information. Successful implementation of 
financial management systems has been a continuous challenge for both 
federal agencies and private sector entities. In the past, federal 
agencies have experienced setbacks and delays in their implementation 
processes. These delays were caused by various factors, including a 
lack of executive-level involvement, poor communication between 
managers and users, and inadequate project planning. For example, our 
work at NASA has shown the need for consistent executive support, 
communication with all stakeholders, full identification of user 
requirements, and adequate planning.

Recent work at NASA illustrates some of the specific problems agencies 
are encountering in implementing JFMIP-certified financial systems. In 
April 2000, NASA began its Integrated Financial Management Program 
(IFMP), its third attempt in recent years at modernizing financial 
processes and systems. NASA's previous two efforts were eventually 
abandoned after a total of 12 years and a reported $180 million in 
spending. As part of this third effort, NASA recently implemented a new 
core financial module that was expected to provide financial and 
program managers with timely, consistent, and reliable cost and 
performance information for management decisions. However, earlier this 
year we reported[Footnote 47] that NASA's core financial module was not 
being implemented to accommodate the information needed by program 
managers, cost estimators, and the Congress. The need for ongoing 
communication between project managers and systems users is crucial to 
any successful systems implementation project. Project managers need to 
understand the basic requirements of users, while users should be 
involved in the project's planning process. NASA's program officials 
chose to defer the development of some functions and related user 
requirements in order to expedite the systems implementation process. 
As a result, the new system will not meet the needs of some key users 
who will continue to rely on information from nonintegrated programs 
outside of the core financial module, or use other labor-intensive 
means, to capture the data they need to manage programs.

NASA has also not followed certain other best practices for acquiring 
and implementing its new financial management system. NASA's 
implementation plan calls for the system to be constructed using 
commercial components; however, NASA has not analyzed the 
interdependencies of the various subsystems. When constructing a system 
from commercial components, it is essential to understand the features 
and characteristics of each component in order to select compatible 
systems that can be integrated without having to build and maintain 
expensive interfaces. By acquiring components without first 
understanding their relationships, NASA has increased its risks of 
implementing a system that will not optimize mission performance, and 
that will cost more and take longer to implement than necessary.

Private sector entities have also encountered a number of challenges 
and setbacks when implementing new systems. These challenges have 
included competition between internal organizational units, user 
resistance to the new systems, and frequent changes in management and 
to underlying corporate strategy. Entities are overcoming their 
challenges because better tools have been created to monitor and 
control progress and skilled project managers with better management 
processes are being used.

The Standish Group International, Inc.[Footnote 48] (Standish Group) 
has reported that the number of successful systems implementation 
projects in the private sector is increasing. From 1994 to 2000, 
successful projects increased from 28,000 to 78,000. The Standish 
Group, through its research,[Footnote 49] has identified 10 project 
success factors. These factors include user involvement, executive 
support, experienced project managers, firm basic requirements, clear 
business objectives, minimized scope, standard software 
infrastructure, formal methodology, reliable estimates, and 
other.[Footnote 50]

Also, according to the Standish Group, although no project requires all 
10 factors to be successful,[Footnote 51] the more factors that are 
present in the project strategy, the higher the chance of a successful 
implementation. As discussed above, many of these factors have been 
challenges for both private sector and federal entities. By its very 
nature, the implementation of a new financial management system is a 
risky proposition. Therefore, it is crucial that federal departments 
and agencies follow accepted best practices and embrace as many of the 
key characteristics for successful implementation projects as possible 
to help minimize the risk of failed projects and result in systems that 
provide the necessary data for management's needs.

Our executive guide[Footnote 52] on creating value through world-class 
financial management describes 11 practices critical for establishing 
and maintaining sound financial operations. These practices include 
reengineering processes in conjunction with new technology. As a 
result, using commercial components such as COTS packages may require 
significant changes in the way federal departments conduct their 
business. According to the leading finance organizations that formed 
the basis for our executive guide, a key to successful implementation 
of COTS systems is reengineering business processes to fit the new 
software applications that are based on best practices. Moreover, OMB's 
former Associate Director for Information Technology and e-Government 
has stated that "IT will not solve management problems--re-engineering 
processes will.":

The conversion of data from an old system to a new system is also 
critical. In December 2002, JFMIP issued its White Paper: Financial 
Systems Data Conversion - Considerations. The purpose of this JFMIP 
document is to raise awareness of financial systems data conversion 
considerations to be addressed by financial management executives and 
project managers when planning or implementing a new financial 
management system. The JFMIP paper addresses (1) key considerations 
regarding data conversion and cutover to the new system, (2) best 
approaches for completing the data conversion and cutover, and (3) ways 
to reduce the risks associated with these approaches.

Status of Governmentwide Financial Management Improvement Efforts:

As we have discussed, the goal of FFMIA is for agencies to have timely, 
reliable, and accurate information with which to make informed 
decisions and to ensure accountability on an ongoing basis. Figure 3 
shows the three levels of the pyramid that result in the end goal, 
accountability and useful management information. The bottom level of 
the pyramid is the legislative framework that underpins the improvement 
of the general and financial management of the federal government. The 
second level shows the drivers that build on the legislative 
requirements and influence agency actions to meet these requirements. 
The three drivers are (1) congressional and other oversight, (2) the 
activities of the JFMIP Principals, and (3) the PMA. The third level of 
the pyramid represents the key success factors for accountability and 
meaningful management information--integrating core and feeder 
financial systems, producing reliable financial and performance data 
for reporting, and ensuring effective internal control. The result of 
these three levels, as shown at the top of the pyramid, is 
accountability and meaningful management information needed to assess 
and improve the government's effectiveness, financial condition, and 
operating performance.

Figure 3: Pyramid to Accountability and Useful Management Information 
Congressional Oversight:

[See PDF for image]

[End of figure]

Congressional Oversight:

The leadership demonstrated by the Congress has been an important 
catalyst to reforming financial management in the federal government. 
As previously discussed, the legislative framework provided by the CFO 
Act and FFMIA, among others, produced a solid foundation to stimulate 
needed change. For example, in November 2002, the Congress enacted the 
Accountability of Tax Dollars Act of 2002[Footnote 53] to extend the 
financial statement audit requirements for CFO Act agencies to most 
executive branch agencies. In addition, there is value in sustained 
congressional interest in these issues, as demonstrated by hearings on 
federal financial management and reform held over the past several 
years. It will be key that the appropriations, budget, authorizing, and 
oversight committees hold agency top management accountable for 
resolving these problems and that they support improvement efforts. The 
continued attention by the Congress to these issues will be critical to 
sustaining momentum for financial management reform.

JFMIP Principals:

Starting in August 2001, the JFMIP Principals have been meeting 
regularly to deliberate and reach agreements focused on financial 
management reform issues including (1) defining success measures for 
financial performance that go far beyond an unqualified audit 
opinion,[Footnote 54] (2) significantly accelerating financial 
statement reporting to improve timeliness for decision making, and (3) 
addressing difficult accounting and reporting issues, including 
impediments to an audit opinion on the federal government's 
consolidated financial statements. This forum has provided an 
opportunity to reach decisions on key issues and undertake strategic 
activities that reinforce the effectiveness of groups such as the CFO 
Council in making progress toward federal financial management. In 
fiscal year 2002, the JFMIP Principals continued the series of these 
deliberative meetings. Continued personal involvement of the JFMIP 
Principals is critical to the full and successful implementation of 
federal financial management reform and to providing greater 
transparency and accountability in managing federal programs and 
resources.

President's Management Agenda and the Executive Branch Management 
Scorecard:

The PMA,being implemented by the administration as an agenda for 
improving the management and performance of the federal government, 
targets the most apparent deficiencies where the opportunity to improve 
performance is the greatest. While FFMIA implementation relates 
directly to the improved financial performance initiative, development 
and maintenance of FFMIA-compliant systems will also affect the 
implementation of the other four initiatives. Furthermore, the 
modernization of agency financial management systems, as envisioned by 
FFMIA, is critical to the success of all of these initiatives. Notably, 
OMB is developing a federal enterprise architecture that will affect 
the government's ability to make significant progress across the PMA. 
For example, as part of the e-gov initiative, the number of federal 
payroll providers is being consolidated. Numerous agencies had targeted 
their payroll operations for costly modernization efforts. According to 
OMB, millions of dollars will be saved through shared resources and 
processes and by modernizing on a cross-agency and governmentwide 
basis. The administration's implementation of its Program Assessment 
Rating Tool (PART) relates specifically to the PMA initiative of 
integration of budget and performance information. Reliable cost data, 
so crucial to effective FFMIA implementation, is critical not only for 
the improved financial performance and budget and performance 
integration initiatives, but also for competitive sourcing. For 
effective management, this cost information must not only be timely and 
reliable, but also both useful and used.

The administration is using the Executive Branch Management Scorecard, 
based on governmentwide standards for success, to highlight agencies' 
progress in achieving the improvements embodied in the PMA. OMB uses a 
grading system of red, yellow, and green to indicate agencies' status 
in achieving the standards for success for each of the five 
crosscutting initiatives. It also assesses and reports progress using a 
similar "stoplight" system.

The focus that the administration's scorecard approach brings to 
improving management and performance, including financial management 
performance, is certainly a step in the right direction. The value of 
the scorecard is not in the scoring per se, but the degree to which the 
scores lead to sustained focus and demonstrable improvements. This will 
depend on continued efforts to assess progress and maintain 
accountability to ensure that the agencies are able to, in fact, 
improve their performance. It will be important that there be 
continuous rigor in the scoring process for this approach to be 
credible and effective in providing incentives that produce lasting 
results. Also, it is important to recognize that many of the challenges 
the federal government faces, such as improving financial management, 
are long-standing and complex, and will require sustained attention.

Closing Comments:

The primary purpose of FFMIA is to ensure that agency financial 
management systems routinely provide reliable, useful, and timely 
financial information so that government leaders will be better 
positioned to invest resources, reduce costs, oversee programs, and 
hold agency managers accountable for the way they run programs. While 
many agencies are receiving unqualified opinions on their financial 
statements, auditor determinations of FFMIA compliance are lagging 
behind. To achieve the financial management improvements envisioned by 
the CFO Act, FFMIA, and more recently, the President's Management 
Agenda, agencies need to modernize their financial systems to generate 
reliable, useful, and timely financial information throughout the year 
and at year-end. However, as we have discussed today, agencies are 
facing significant challenges in implementing new financial management 
systems. We are seeing a strong commitment from the President, the 
JFMIP Principals, and the Secretaries of major departments to ensure 
that these needed modernizations come to fruition. This commitment is 
critical to the success of the efforts under way as well as those still 
in a formative stage, and must be sustained. Finally, Mr. Chairman, the 
leadership demonstrated by you and the members of this Subcommittee is 
an important catalyst to reforming financial management in the federal 
government. Continued attention to these issues will be critical to 
sustaining momentum on financial management reforms.

Mr. Chairman, this concludes my statement. I would be pleased to answer 
any questions you or other members of the Subcommittee may have at this 
time.

Contacts and Acknowledgments:

For further information about this statement, please contact Kay L. 
Daly at (202) 512-9312. Other key contributors to this testimony 
include Sandra S. Silzer and Bridget A. Skjoldal.

(193052):

FOOTNOTES

[1] Pub. L. No. 104-208, sec.101(f)(title VIII), 110 Stat. 3009-389.

[2] Pub. L. No. 101-576, 104 Stat. 2838 (1990). 

[3] There were initially 24 CFO Act agencies (see footnote 2 above). 
The Federal Emergency Management Agency (FEMA), one of the 24 CFO Act 
agencies, was subsequently transferred to the new Department of 
Homeland Security (DHS) effective March 1, 2003. With this transfer, 
FEMA will no longer be statutorily required to prepare audited stand-
alone financial statements. We included FEMA in our review because FEMA 
was a CFO Act agency as of September 30, 2002. DHS must prepare audited 
financial statements under the Accountability of Tax Dollars Act of 
2002, because it is a "covered executive agency" for purposes of 31 
U.S.C. 3515. However, DHS was not established as a CFO Act agency and 
therefore is not statutorily subject to FFMIA. Consideration is now 
being given to making DHS a CFO Act agency and therefore subject to 
FFMIA in the Department of Homeland Security Financial Accountability 
Act, H.R. 2886, 108TH Congress.

[4] U.S. General Accounting Office, Financial Management: Sustained 
Efforts Needed to Achieve FFMIA Accountability, GAO-03-1062 
(Washington, D.C.: Sept. 30, 2003).

[5] U.S. General Accounting Office, Financial Management: Effective 
Implementation of FFMIA is Key to Providing Reliable, Useful, and 
Timely Data, GAO-02-791T (Washington, D.C.: June 6, 2002) and Financial 
Management: Agencies Face Many Challenges in Meeting the Goals of the 
Federal Financial Management Improvement Act, GAO/T-AIMD-00-178 
(Washington, D.C.: June 6, 2000).

[6] The Program Management Office, managed by the Executive Director of 
the Joint Financial Management Improvement Program (JFMIP), with funds 
provided by the CFO Council agencies, tests vendor COTS packages and 
certifies that they meet certain federal financial management systems 
requirements for core financial systems.

[7] Customization is the process of setting parameters within an 
application to make it operate in accordance with the entity's business 
rules. Customizations are normally supported by vendors in subsequent 
upgrades. Modification is the process of writing or changing code and 
modifications are not supported by vendors in subsequent upgrades.

[8] The JFMIP Principals are the Secretary of the Treasury, the 
Directors of OMB and the Office of Personnel Management (OPM), and the 
Comptroller General of the United States. 

[9] GAO-02-791T. 

[10] In providing negative assurance, auditors are stating that nothing 
came to their attention indicating that an agency's financial 
management systems do not meet FFMIA requirements.

[11] The same six types of problems were cited by auditors in their 
audit reports for fiscal years 2000 and 2001.

[12] Auditors may not have reported these problems as specific reasons 
for lack of substantial compliance with FFMIA. 

[13] Federal financial system requirements define an integrated 
financial system as one that coordinates a number of previously 
unconnected functions to improve overall efficiency and control. 
Characteristics of such a system include (1) standard data 
classifications for recording financial events, (2) common processes 
for processing similar transactions, (3) consistent control over data 
entry, transaction processing, and reporting, and (4) a system design 
that eliminates unnecessary duplication of transaction entry. 

[14] DOT is implementing a COTS-based core financial system called 
Delphi. DOT management projects that the implementation will be 
complete in fiscal year 2004.

[15] Office of Inspector General, Department of Transportation, 
Consolidated Financial Statements for Fiscal Years 2002 and 2001, FI-
2003-018 (Jan. 27, 2003). 

[16] U.S. General Accounting Office, Department of Defense: Status of 
Financial Management Weaknesses and Progress Toward Reform, GAO-03-931T 
(Washington, D.C.: June 25, 2003).

[17] Department of Defense, Performance and Accountability Report, 
Fiscal Year 2002 (Jan. 31, 2003). 

[18] Office of Inspector General, Independent Auditor's Report on 
Financial Statements, A-17-02-0001, Fiscal Year 2002 Performance and 
Accountability Report, U.S. Department of Health and Human Services. 

[19] Agencies record their budget spending authorizations in their fund 
balance with Treasury accounts. Agencies increase or decrease these 
accounts as they collect or disburse funds. 

[20] GAO-03-931T.

[21] U.S. General Accounting Office, Fiscal Year 2002 U.S. Government 
Financial Statements: Sustained Leadership and Oversight Needed for 
Effective Implementation of Financial Management Reform, GAO-03-572T 
(Washington, D.C.: Apr. 8, 2003).

[22] Trading partners are U.S. government agencies, departments, or 
other components that do business with each other. 

[23] In our October 2002 FFMIA report, we stated that auditors had 
discussed the lack of accurate and timely recording of transactions at 
12 agencies. As part of our analysis of most recent agency audit 
reports, it became apparent that these problems were reported in prior 
years for 2 additional agencies, but the earlier audit reports did not 
include sufficient detail to make these assessments. 

[24] PricewaterhouseCoopers, Report of Independent Accountants, 
January 15, 2003, FY 2002 Performance & Accountability Report, U.S. 
Department of Justice. 

[25] To help address deficiencies with its legacy general ledger 
system, as a first step in upgrading its overall financial management 
system, FHA implemented the general ledger module of a COTS software 
package on October 1, 2002. This module automates the monthly interface 
of summary-level balances with HUD's Central Accounting and Program 
System (HUDCAPS). 

[26] U.S. General Accounting Office, Department of Housing and Urban 
Development: Status of Efforts to Implement an Integrated Financial 
Management System, GAO-03-447R (Washington, D.C.: Apr. 9, 2003). 

[27] FAA has efforts underway to implement a cost accounting system as 
required by the Federal Aviation Reauthorization Act of 1996 (Pub. L. 
No. 104-264, 110 Stat. 3213, 3248 (1996)). The U.S. Coast Guard has a 
cost accounting system used for determining vessel documentation user 
fees. 

[28] The other four crosscutting initiatives are improved financial 
performance, strategic human capital management, competitive sourcing, 
and expanded electronic government. 

[29] GAO-03-931T.

[30] U.S. General Accounting Office, Information Security: Progress 
Made, But Challenges Remain to Protect Federal Systems and the Nation's 
Critical Infrastructures, GAO-03-564T (Washington, D.C.: Apr. 8, 2003). 


[31] These are the Departments of Agriculture, Commerce, Defense, 
Education, Energy, Health and Human Services, Housing and Urban 
Development, Interior, Justice, Labor, State, Transportation, 
Treasury, and Veterans Affairs, the Environmental Protection Agency, 
Federal Emergency Management Agency, General Services Administration, 
Office of Personnel Management, National Aeronautics and Space 
Administration, National Science Foundation, Nuclear Regulatory 
Commission, Small Business Administration, Social Security 
Administration, and U.S. Agency for International Development.

[32] U.S. General Accounting Office, High-Risk Series: An Update, GAO-
01-263 (Washington, D.C.: January 2001). 

[33] These provisions are part of the Floyd D. Spence National Defense 
Authorization Act for Fiscal Year 2001, Pub. L. No. 106-398, 114 Stat. 
1654, 1654A-266 (2000). 

[34] Office of Management and Budget, FY 2002 Report to Congress on 
Federal Government Information Security Reform (May 16, 2003).

[35] U.S. General Accounting Office, Information Security: Continued 
Efforts Needed to Fully Implement Statutory Requirements, GAO-03-852T 
(Washington, D.C.: June 24, 2003).

[36] Pub. L. No. 107-347, title III, 116 Stat. 2899, 2946 (2002).

[37] 44 U.S.C. 3544(c)(3).

[38] U.S. General Accounting Office, Core Financial Systems at the 24 
Chief Financial Officers Act Agencies, GAO-03-903R (Washington, D.C.: 
June 27, 2003).

[39] Core financial systems, as defined by JFMIP, include managing 
general ledger, funding, payments, receivables, and certain basic cost 
functions. Core financial systems receive data from other financial and 
feeder systems--such as acquisition, grant, and human resource and 
payroll systems--as well as from direct user input, and provide data 
for financial performance measurement and analysis and for financial 
statement preparation.

[40] The Program Management Office, which is managed by JFMIP's 
Executive Director with funds provided by the CFO Council agencies, 
tests vendor COTS packages and certifies those that meet certain 
financial management system requirements for core financial systems.

[41] Examples of administrative systems are those common to all 
agencies such as budget, acquisition, travel, property, and payroll.

[42] Programmatic systems are those needed to carry out an agency's 
mission. For example, HHS needs a grants management system to carry out 
its mission.

[43] Justice plans a staggered implementation of its new core financial 
system in its component agencies with target completion dates ranging 
from October 2004 to October 2007.

[44] NSF's core financial system was implemented in 1992. The 
maintenance needed to migrate the system to a client-server platform 
was completed in April 2001.

[45] Although Treasury does not have an agencywide core financial 
system, it does utilize automated tools and a central data warehouse 
for analysis and reporting.

[46] In order to have timely, reliable and useful information OMB has 
required agencies to prepare financial statements closer to the end of 
the reporting period. Under the accelerated reporting requirements, 
agency performance and accountability reports for fiscal year 2004 are 
due to OMB by November 15, 2004, just 45 days after the close of the 
fiscal year.

[47] U.S. General Accounting Office, Business Modernization: 
Improvements Needed in Management of NASA's Integrated Financial 
Management Program, GAO-03-507 (Washington, D.C.: Apr. 2003).

[48] The Standish Group is a well-known research advisory firm that 
focuses on mission-critical software applications, management 
techniques, and technologies.

[49] The Standish Group's research is done through focus groups, in-
depth surveys, and extensive interviews with Fortune 500 companies.

[50] Other includes small milestones, proper planning, competent staff, 
and ownership.

[51] Successful implementation is defined as a project that is 
completed on time, on budget, and with all the features and functions 
originally specified.

[52] U.S. General Accounting Office, Executive Guide: Creating Value 
Through World-class Financial Management, GAO/AIMD-00-134 (Washington, 
D.C.: April 2000).

[53] Pub. L. No. 107-289, 116 Stat. 2049 (2002).

[54] These success measures include financial management systems that 
routinely provide timely, reliable, and useful financial information 
and no material control weaknesses or material noncompliance with laws 
and regulations as well as FFMIA.