This is the accessible text file for GAO report number GAO-04-209T entitled 'Financial Management: Recurring Financial Systems Problems Hinder FFMIA Compliance' which was released on October 29, 2003. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Subcommittee on Government Efficiency and Financial Management, Committee on Government Reform, House of Representatives: For Release on Delivery Expected at 2:30 p.m. EST Wednesday, October 29, 2003: FINANCIAL MANAGEMENT: Recurring Financial Systems Problems Hinder FFMIA Compliance: Statement of Sally E. Thompson Director, Financial Management and Assurance: GAO-04-209T: GAO Highlights: Highlights of GAO-04-209T, a testimony before the Subcommittee on Government Efficiency and Financial Management, Committee on Government Reform, House of Representatives Why GAO Did This Study: The Federal Financial Management Improvement Act of 1996 (FFMIA) requires Chief Financial Officers (CFO) Act agencies to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) federal accounting standards, and (3) the U.S. Government Standard General Ledger. Most federal agencies face long-standing challenges, which are discussed in greater detail in our mandated September 2003 report, Sustained Efforts Needed to Achieve FFMIA Accountability (GAO-03-1062). In light of these circumstances, the Subcommittee asked GAO to testify about recurring financial management systems problems and agencies’ efforts to upgrade their systems. What GAO Found: The results of the fiscal year 2002 FFMIA assessments performed by agency inspectors general or their contract auditors again show that the same types of problems continue to plague the financial management systems used by the CFO Act agencies. While much more severe at some agencies than others, the nature and severity of the problems indicate that overall, agency management lacks the full range of information needed for accountability, performance reporting, and decision making. As shown in the figure below, audit reports highlight six recurring problems that have been consistently reported for those agencies whose auditors reported noncompliant systems. Problems Reported by Auditors for Fiscal Years 2000 through 2002 [See PDF for image] [End of figure] Agencies have recognized the seriousness of the financial systems weaknesses, and have many efforts underway to implement or upgrade financial systems to alleviate long-standing problems. As of September 30, 2002, 17 CFO Act agencies advised us they were planning to or were in the process of implementing a new core financial system. It is imperative that agencies adopt leading practices, such as top management commitment and business process reengineering, to ensure successful systems implementation and to avoid complicating factors, such as poor communication and inadequate project planning, that have hampered some agencies’ efforts in the past. Congressional oversight, the Joint Financial Management Improvement Program Principals, and the President’s Management Agenda are driving forces behind several governmentwide efforts now underway to improve federal financial management. Continued attention by these key drivers is critical to sustaining agencies efforts to improve their financial management systems. What GAO Recommends: GAO is not making new recommendations in this testimony, but in a past report has made specific recommendations aimed at addressing the problems hindering agencies’ compliance with FFMIA. www.gao.gov/cgi-bin/getrpt?GAO-04-209T. To view the full product, including the scope and methodology, click on the link above. For more information, contact Sally Thompson, (202) 512-9450, thompsons@gao.gov. [End of section] Mr. Chairman and Members of the Subcommittee: I am pleased to be here to discuss the challenges most of the federal departments and agencies still face in meeting the primary goals of the Congress in enacting the Federal Financial Management Improvement Act of 1996 (FFMIA).[Footnote 1] As you requested, our testimony today addresses the recurring financial management systems problems that agencies are facing and the status of their efforts to implement systems that substantially comply with FFMIA. As you know, FFMIA builds on the foundation laid by the Chief Financial Officers (CFO) Act of 1990[Footnote 2] by reflecting the need for agencies to have financial management systems that can generate timely, accurate, and useful information with which to make informed decisions and to ensure accountability on an ongoing basis. FFMIA requires the major departments and agencies covered by the CFO Act[Footnote 3] to implement and maintain financial management systems that comply substantially with the (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) U.S. Government Standard General Ledger (SGL) at the transaction level. Further, FFMIA requires auditors to report in their CFO Act financial statement audit reports whether the agencies' financial management systems comply with FFMIA's requirements. We are also required to report annually on the implementation of the act. As discussed in our recently issued annual report on FFMIA,[Footnote 4] the results of the fiscal year 2002 FFMIA assessments performed by agency inspectors general (IG) or their contract auditors again show that the same types of problems still plague the financial management systems used by the CFO Act agencies. While much more severe at some agencies than others, the nature and severity of the problems indicate that overall, agency management lacks the full range of information needed for accountability, performance reporting, and decision making. While the CFO Act agencies have obtained more clean or unqualified audit opinions on their financial statements, often through extraordinary, labor-intensive measures, there is little evidence of marked improvements in agencies' capacities to create the full range of information needed to manage day-to-day operations. As we have previously testified[Footnote 5] before this Subcommittee, if agencies continue year after year to rely on significant costly and time- intensive manual efforts to achieve or maintain unqualified opinions without improving underlying financial management systems, it can mislead the public about the true status of the agencies' financial management capabilities. Agencies have recognized the seriousness of the financial systems weaknesses, and have many efforts underway to implement or upgrade financial systems to alleviate long-standing problems. As of September 30, 2002, 17 CFO Act agencies advised us they were planning to or were in the process of implementing a new core financial system. Under the Office of Management and Budget's (OMB) Circular A-127, Financial Management Systems, agencies are required to purchase commercial off- the-shelf (COTS) packages sold by vendors whose core financial systems software has been certified.[Footnote 6] Some of the key factors that affect FFMIA compliance of an implemented COTS package include how the software works in the agency's environment, whether any customizations or modifications[Footnote 7] have been made to the software, and the success of converting data from legacy systems to new systems. Successful implementation efforts of financial management systems are supported by the presence of several key characteristics, which apply to both the public and private sectors. These characteristics include, among others, (1) involvement by the users, (2) support of executive management, (3) leadership provided by experienced project managers, (4) clear definition and management of project requirements, (5) proper planning, and (6) realistic expectations. Conversely, financial systems implementation projects are often hindered by the lack of executive support, poor communication between managers and stakeholders, poor estimations and planning, and poor documentation and updating of user requirements. To provide impetus for upgrading financial management systems that provide reliable, timely, and useful data, congressional oversight, the Joint Financial Management Improvement Program (JFMIP) Principals,[Footnote 8] and the President's Management Agenda (PMA) are driving forces behind several governmentwide efforts now underway to improve federal financial management. The Congress has demonstrated leadership in improving federal financial management by enacting financial management reform laws and through oversight hearings, such as this one today. The JFMIP Principals have continued the series of regular deliberative meetings that focus on key financial management reform issues. The PMA, being implemented by the administration as an agenda for improving the management and performance of the federal government, includes five crosscutting initiatives, including improved financial performance. Continued attention by these key drivers is critical to sustaining agencies' efforts to improve their financial management systems. My statement today will focus on these issues and discuss (1) auditors' determinations of FFMIA compliance for fiscal year 2002, (2) problems that affect agency systems' compliance with FFMIA, (3) agency efforts to implement new core financial systems, (4) key characteristics of successful systems implementation and the challenges federal agencies face, and (5) the status of governmentwide financial management improvement efforts. Auditors' Assessments of FFMIA Compliance for Fiscal Year 2002: For fiscal year 2002, Inspectors General and their contract auditors reported that the systems for 19 of the 24 CFO Act agencies did not comply substantially with at least one of the FFMIA requirements-- federal financial management systems requirements, applicable federal accounting standards, or the SGL. Auditors' assessments of financial systems' compliance with FFMIA for 3 agencies--the Department of Labor (DOL), Environmental Protection Agency (EPA), and the National Science Foundation (NSF)--changed from fiscal years 2001 to 2002. For fiscal year 2002, the auditors for DOL concluded that its systems were not in substantial compliance with the managerial cost standard and thus were not in compliance with FFMIA. Auditors for EPA and NSF found the agencies' respective systems to be in substantial compliance, a change from the fiscal year 2001 assessments. As we have testified previously,[Footnote 9] while the number of agencies receiving clean opinions increased over the past 6 years from 11 in fiscal year 1997 to 21 for fiscal year 2002, the number of agencies reported to have systems that lacked substantial compliance with FFMIA has remained steady. While the increase in unqualified opinions is noteworthy, a more important barometer of financial systems' capability and reliability is that the number of agencies for which auditors provided negative assurance[Footnote 10] of FFMIA compliance has remained relatively constant throughout this same period. In our view, this has led to an expectation gap. When more agencies receive clean opinions, expectations are raised that the government has sound financial management and can produce reliable, useful, and timely information on demand throughout the year, whereas FFMIA assessments offer a different perspective. For agencies equipped with modern, fully integrated financial management systems, preparation of financial statements would be more routine and much less costly. Auditors for the remaining five agencies--the Department of Energy, EPA, the General Services Administration (GSA), NSF, and the Social Security Administration (SSA)--provided negative assurance in reporting on FFMIA compliance for fiscal year 2002. In their respective reports, they included language stating that while they did not opine as to FFMIA compliance, nothing came to their attention during the course of their planned procedures indicating that these agencies' financial management systems did not meet FFMIA requirements. If readers do not understand the concept of negative assurance, they may have gained an incorrect impression that these systems have been fully tested by the auditors and found to be substantially compliant. Because the act requires auditors to "report whether" agency systems are substantially compliant, we believe the auditor needs to provide positive assurance, which would be a definitive statement as to whether agency financial management systems substantially comply with FFMIA, as required under the statute. This is what we will do for the financial statement audits we perform when reporting that an entity's financial management systems were in substantial compliance. To provide positive assurance, auditors need to consider many other aspects of financial management systems than those applicable to the purposes of rendering an opinion on the financial statements. Widespread Systems Problems Affect FFMIA Compliance: Based on our review of the fiscal year 2002 audit reports for the 19 agencies reported to have systems not in substantial compliance with one or more of FFMIA's three requirements, we identified six primary problems[Footnote 11] affecting FFMIA noncompliance: * nonintegrated financial management systems, * inadequate reconciliation procedures, * lack of accurate and timely recording of financial information, * noncompliance with the SGL, * lack of adherence to federal accounting standards, and: * weak security controls over information systems. The relative frequency of these problems[Footnote 12] at the 19 agencies reported as having noncompliant systems is shown in figure 1. In addition, we caution that the occurrence of problems in a particular category may be even greater than auditors' reports of FFMIA noncompliance would suggest because auditors may not have included all problems in their reports. FFMIA testing may not be comprehensive and other problems may exist that were not identified and reported. For example, at some agencies, the problems are so serious and well known that the auditor can readily determine that the systems are not substantially compliant without examining every facet of FFMIA compliance. Figure 1: Problems Reported by Auditors for Fiscal Years 2000 through 2002: [See PDF for image] [End of figure] Nonintegrated Financial Management Systems: The CFO Act calls for agencies to develop and maintain an integrated accounting and financial management system[Footnote 13] that complies with federal systems requirements and provides for (1) complete, reliable, consistent, and timely information that is responsive to the financial information needs of the agency and facilitates the systematic measurement of performance, (2) the development and reporting of cost management information, and (3) the integration of accounting and budgeting information. In this regard, OMB Circular A- 127, Financial Management Systems, requires agencies to establish and maintain a single integrated financial management system that conforms with functional requirements published by JFMIP. An integrated financial system coordinates a number of functions to improve overall efficiency and control. For example, integrated financial management systems are designed to avoid unnecessary duplication of transaction entry and greatly lessen reconciliation issues. With integrated systems, transactions are entered only once and are available for multiple purposes or functions. Moreover, with an integrated financial management system, an agency is more likely to have reliable, useful, and timely financial information for day-to-day decision making as well as external reporting. Agencies that do not have integrated financial management systems typically must expend major effort and resources, including in some cases hiring external consultants, to develop information that their systems should be able to provide on a daily or recurring basis. In addition, opportunities for errors are increased when agencies' systems are not integrated. Agencies with nonintegrated financial systems are more likely to be required to devote more resources to collecting information than those with integrated systems. Auditors frequently mentioned the lack of modern, integrated financial management systems in their fiscal year 2002 audit reports. As shown in figure 1, auditors for 12 of the 19 agencies with noncompliant systems reported this as a problem. For example, auditors for the Department of Transportation (DOT) reported that its major agencies still use the Departmental Accounting and Financial Information System (DAFIS), the existing departmentwide accounting system[Footnote 14] and cannot produce auditable financial statements based on the information in DAFIS. For example, DOT's IG reported that DOT made about 860 adjustments outside of DAFIS totaling $51 billion in order to prepare the financial statements.[Footnote 15] DOT's IG also reported that there were problems linking some information between DAFIS and the Federal Highway Administration's Fiscal Management Information System (FMIS). DOT uses FMIS to record initial obligations for federal aid grants to states. However, due to problems resulting from upgrades and changes made to the FMIS system, all obligations are not electronically transferred from FMIS to DAFIS. As of September 30, 2002, valid obligations of about $388 million were understated. Moreover, problems linking information also existed between Delphi, DOT's new financial management system, and the Federal Transit Administration's (FTA) financial feeder systems that prevented FTA from electronically processing about $350 million in payments related to its Electronic Clearing House Operation. These transactions had to be manually processed into Delphi. What is important here is that the information developed to prepare auditable annual financial statements is not available on an ongoing basis for day-to-day management of DOT's programs and operations. As we have reported,[Footnote 16] cultural resistance to change, military service parochialism, and stovepiped operations have played a significant role in impeding previous attempts to implement broad-based reforms at the Department of Defense (DOD). The department's stovepiped approach is most evident in its current financial management systems environment, which DOD recently estimated to include approximately 2,300 systems and systems development projects--many of which were developed in piecemeal fashion and evolved to accommodate different organizations, each with its own policies and procedures. As DOD management has acknowledged,[Footnote 17] the department's current financial environment is comprised of many discrete systems characterized by poor integration and minimal data standardization and prevents managers from making more timely and cost-effective decisions. Inadequate Reconciliation Procedures: A reconciliation process, even if performed manually, is a valuable part of a sound financial management system. In fact, the less integrated the financial management system, the greater the need for adequate reconciliations because data are accumulated from various sources. For example, the Department of Health and Human Services (HHS) IG reported[Footnote 18] that the department's lack of an integrated financial management system continues to impair the ability of certain operating divisions to prepare timely information. Moreover, certain reconciliation processes were not adequately performed to ensure that differences were properly identified, researched, and resolved in a timely manner and that account balances were complete and accurate. Reconciliations are needed to ensure that data have been recorded properly between the various systems and manual records. The Comptroller General's Standards for Internal Control in the Federal Government highlights reconciliation as a key control activity. As shown in figure 1, auditors for 11 of the 19 agencies with noncompliant systems reported that the agencies had reconciliation problems, including difficulty reconciling their fund balance with Treasury accounts[Footnote 19] with Treasury's records. Treasury policy requires agencies to reconcile their accounting records with Treasury records monthly, which is comparable to individuals reconciling their checkbooks to their monthly bank statements. As we recently testified,[Footnote 20] DOD had at least $7.5 billion in unexplained differences between Treasury and DOD fund activity records. Many of these differences represent disbursements made and reported to Treasury that had not yet been properly matched to obligations and recorded in DOD accounting records. In addition to these unreconciled amounts, DOD identified and reported an additional $3.6 billion in payment recording errors. These include disbursements that DOD has specifically identified as containing erroneous or missing information and that cannot be properly recorded and charged against the correct, valid fund account. DOD records many of these payment problems in suspense accounts. While DOD made $1.6 billion in unsupported adjustments to its fund balances at the end of fiscal year 2002 to account for a portion of these payment recording errors, these adjustments did not resolve the related errors. Inadequate reconciliation procedures also complicate the identification and elimination of intragovernmental activity and balances, which is one of the principal reasons we continue to disclaim on the government's consolidated financial statements. As we testified in April 2003,[Footnote 21] agencies had not reconciled intragovernmental activity and balances with their trading partners[Footnote 22] and, as a result, information reported to Treasury is not reliable. For several years, OMB and Treasury have required CFO Act agencies to reconcile selected intragovernmental activity and balances with their trading partners. However, a substantial number of CFO Act agencies did not perform such reconciliations for fiscal years 2002 and 2001, citing such reasons as (1) trading partners not providing needed data, (2) limitations and incompatibility of agency and trading partner systems, and (3) human resource issues. For both of these years, amounts reported for federal trading partners for certain intragovernmental accounts were significantly out of balance. Actions are being taken governmentwide under OMB's leadership to address problems associated with intragovernmental activity and balances. Lack of Accurate and Timely Recording of Financial Information: Auditors for 17 agencies reported the lack of accurate and timely recording of financial information for fiscal year 2002 compared to the 14 agencies[Footnote 23] for which auditors noted similar problems in their 2001 reports. Accurate and timely recording of financial information is key to successful financial management. Timely recording of transactions can facilitate accurate reporting in agencies' financial reports and other management reports that are used to guide managerial decision making. The Comptroller General's Standards for Internal Control in the Federal Government states that transactions should be promptly recorded to maintain their relevance and value to management in controlling operations and making decisions. Untimely recording of transactions during the fiscal year can result in agencies making substantial efforts at fiscal year-end to perform extensive manual financial statement preparation efforts that are susceptible to error and increase the risk of misstatements. Gathering financial data only at year-end does not provide adequate time to analyze transactions or account balances. Further, it impedes management's ability throughout the year to have timely and useful information for decision making. For example, auditors reported[Footnote 24] that, for fiscal year 2002, Department of Justice (Justice) components did not adjust the status of obligations on a quarterly basis as required, and as a result, extensive manual efforts had to be performed at year-end to correct the status of obligation records. This process of reviewing the status of obligations only at the end of the year increases the risk that errors will go undetected, does not provide managers with accurate information during the year for decision making, and results in misstatements in the financial statements. Noncompliance with the SGL: Implementing the SGL at the transaction level is one of the specific requirements of FFMIA. However, as shown in figure 1, auditors for 9 of the 19 noncompliant agencies reported that the agencies' systems did not comply with SGL requirements. The SGL promotes consistency in financial transaction processing and reporting by providing a uniform chart of accounts and pro forma transactions. Use of the SGL also provides a basis for comparison at agency and governmentwide levels. These defined accounts and pro forma transactions are used to standardize the accumulation of agency financial information, as well as enhance financial control and support financial statement preparation and other external reporting. By not implementing the SGL, agencies are challenged to provide consistent financial information across their components and functions. As in previous years, the Department of Housing and Urban Development's (HUD) auditors reported that the Federal Housing Administration's (FHA) systems were noncompliant with the SGL for fiscal year 2002 because FHA must use several manual processing steps to convert its commercial accounts to SGL accounts.[Footnote 25] FHA's 19 legacy insurance systems, which fed transactions to its commercial general ledger system, lacked the capabilities to process transactions in the SGL format. Therefore, FHA provided only consolidated summary-level data to HUD's Central Accounting and Program System (HUDCAPS). As we reported,[Footnote 26] FHA used several manual processing steps to provide summary-level data, including the use of personal-computer- based software to convert the summary-level commercial accounts to government SGL, and transfer the balances to HUDCAPS. This process did not comply with JFMIP requirements that the core financial system provide for automated month-and year-end closing of SGL accounts and the roll-over of the SGL account balances. Lack of Adherence to Federal Accounting Standards: One of FFMIA's requirements is that agencies' financial management systems account for transactions in accordance with federal accounting standards. Agencies face significant challenges implementing these standards. As shown in figure 1, auditors for 13 of the 19 agencies with noncompliant systems reported that these agencies had problems complying with one or more federal accounting standards. Auditors reported that agencies are having problems implementing standards that have been in effect for some time, as well as standards that have been promulgated in the last few years. For example, auditors for three agencies--DOD, Justice, and the Federal Emergency Management Agency (FEMA)--reported weaknesses in compliance with Statement of Federal Financial Accounting Standards (SFFAS) No. 6, Accounting for Property, Plant, and Equipment, which became effective for fiscal year 1998. Auditors for DOD reported that DOD did not capture the correct acquisition date and cost of its property, plant, and equipment, due to system limitations. Therefore, DOD could not provide reliable information for reporting account balances and computing depreciation. Auditors for two agencies- -HUD and Justice--reported weaknesses in compliance with SFFAS No. 7, Revenue and Other Financing Sources, which also became effective for fiscal year 1998. For example, auditors reported a material weakness for FHA's budget execution and fund control. According to the auditors, FHA's financial systems and processes are not capable of fully monitoring and controlling budgetary resources. Finally, auditors for three agencies--the Agency for International Development (AID), the National Aeronautics and Space Administration (NASA), and the Nuclear Regulatory Commission (NRC)--reported trouble with implementing SFFAS No. 10, Accounting for Internal Use Software, which became effective at the beginning of fiscal year 2001. For example, auditors reported that NASA's policies and procedures do not specifically address purchasing software as part of a package of products and services. In their testing, NASA's auditors identified errors for costs that were originally recorded as expenses, but instead should have been capitalized as assets. Managerial cost information is required by the CFO Act of 1990, and since 1998 by a federal accounting standard. Auditors for five agencies reported problems implementing SFFAS No. 4, Managerial Cost Accounting Concepts and Standards. For example, auditors for DOL reported that the department has not developed the capability to routinely report the cost of outputs used to manage program operations at the operating program and activity levels. Moreover, DOL does not use managerial cost information for purposes of performance measurement, planning, budgeting, or forecasting. At DOT, auditors stated that its agencies, other than the Federal Aviation Administration (FAA) and the U.S. Coast Guard,[Footnote 27] have begun to identify requirements for implementing cost accounting systems. DOT's existing accounting system, DAFIS, does not have the capability to capture full costs, including direct and indirect costs assigned to DOT programs. The Secretary recently advised OMB that as the remaining DOT agencies migrate to Delphi, DOT's new core financial system, Delphi will provide them with enhanced cost accounting capabilities. Managerial cost information is critical for implementing the PMA. According to the PMA, the accomplishment of the other four crosscutting initiatives[Footnote 28] will matter little without the integration of agency budgets with performance. Although the lack of a consistent information and reporting framework for performance, budgeting, and accounting may obscure how well government programs are performing as well as inhibit comparisons, no one presentation can meet all users' needs. Any framework should support an understanding of the links between performance, budgeting, and accounting information measured and reported for different purposes. However, even the most meaningful links between performance results and resources consumed are only as good as the underlying data. Moreover, this link between resources consumed and performance results is necessary to make public-private competition decisions as part of competitive sourcing. Therefore, agencies must address long-standing problems within their financial systems. As agencies implement and upgrade their financial management systems, opportunities exist for developing cost management information as an integral part of these systems to provide important information that is timely, reliable, and useful. As we recently reported,[Footnote 29] DOD's continuing inability to capture and report the full cost of its programs represents one of the most significant impediments facing the department. DOD does not have the systems and processes in place to capture the required cost information from the hundreds of millions of transactions it processes each year. Lacking complete and accurate overall life-cycle cost information for weapons systems impairs DOD's and congressional decisionmakers' ability to make fully informed decisions about which weapons, or how many, to buy. DOD has acknowledged that the lack of a cost accounting system is its largest impediment to controlling and managing weapon systems costs. Weak Security Controls over Information Systems: Information security weaknesses are one of the frequently cited reasons for noncompliance with FFMIA and are a major concern for federal agencies and the general public. These weaknesses are placing enormous amounts of government assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure, and critical operations at risk of disruption. Auditors for all 19 of the agencies reported as noncompliant with FFMIA identified weaknesses in security controls over information systems. Unresolved information security weaknesses could adversely affect the ability of agencies to produce accurate data for decision making and financial reporting because such weaknesses could compromise the reliability and availability of data that are recorded in or transmitted by an agency's financial management system. General controls are the policies, procedures, and technical controls that apply to all or a large segment of an entity's information systems and help ensure their proper operation. The six major areas are (1) security program management, which provides the framework for ensuring that risks are understood and that effective controls are selected and properly implemented, (2) access controls, which ensure that only authorized individuals can read, alter, or delete data, (3) software development and change controls, which ensure that only authorized software programs are implemented, (4) segregation of duties, which reduces the risk that one individual can independently perform inappropriate actions without detection, (5) operating systems controls, which protect sensitive programs that support multiple applications from tampering and misuse, and (6) service continuity, which ensures that computer-dependent operations experience no significant disruption. As we discussed in our April 2003 testimony,[Footnote 30] our analyses of audit reports issued from October 2001 through October 2002 for 24 of the largest federal agencies[Footnote 31] continued to show significant weaknesses in federal computer systems that put critical operations and assets at risk. Weaknesses continued to be reported in each of the 24 agencies included in our review, and they covered all six major areas of general controls. Although our analyses showed that most agencies had significant weaknesses in these six control areas, weaknesses were most often cited for access controls and security program management. Since 1997, GAO has considered information security a governmentwide high-risk area.[Footnote 32] As shown by our work and work performed by the IGs, security program management continues to be a widespread problem. Concerned with reports of significant weaknesses in federal computer systems that make them vulnerable to attack, the Congress enacted Government Information Security Reform provisions[Footnote 33] (commonly known as GISRA) to reduce these risks and provide more effective oversight of federal information security. GISRA required agencies to implement an information security program that is founded on a continuing risk management cycle and largely incorporates existing security policies found in OMB Circular A-130, Management of Federal Information Resources. GISRA provided an overall framework for managing information security and established new annual review, independent evaluation, and reporting requirements to help ensure agency implementation and both OMB and congressional oversight. In its required fiscal year 2002 GISRA report to the Congress, OMB stated that the federal government had made significant strides in addressing serious and pervasive information technology security problems, but that more needed to be done, particularly to address both the governmentwide weaknesses identified in its fiscal year 2001 report to the Congress and new challenges.[Footnote 34] Also, OMB reported significant progress in agencies' information technology security performance, primarily as indicated by quantitative governmentwide performance measures that OMB required agencies to disclose beginning with their fiscal year 2002 reports. These include measures such as the number of systems that have been assessed for risk, have an up-to-date security plan, and for which security controls have been tested. As discussed in our June 2003 testimony,[Footnote 35] the governmentwide weaknesses identified by OMB, as well as the limited progress in implementing key information security requirements, continue to emphasize that, overall, agencies are not effectively implementing and managing their information security programs. For example, of the 24 large federal agencies we reviewed, 11 reported that they had assessed risk for 90 to 100 percent of their systems for fiscal year 2002, but 8 reported that they had assessed risk for less than half of their systems. The information security program, evaluation, and reporting requirements established by GISRA have been permanently authorized and strengthened through the recently enacted Federal Information Security Management Act of 2002 (FISMA).[Footnote 36] In addition, FISMA provisions establish additional requirements that can assist the agencies in implementing effective information security programs, help ensure that agency systems incorporate appropriate controls, and provide information for administration and congressional oversight. These requirements include the designation and establishment of specific responsibilities for an agency senior information security officer, implementation of minimum information security requirements for agency information and information systems, and required agency reporting to the Congress. Agencies' fiscal year 2003 FISMA reports, due to OMB in September 2003, should provide additional information on the status of agencies' efforts to implement federal information security requirements. In addition, FISMA requires each agency to report any significant deficiency in an information security policy, procedure, or practice relating to financial management systems as an instance of a lack of substantial compliance under FFMIA.[Footnote 37] Agency Efforts to Implement New Core Financial Systems: The continuing trend of noncompliance with FFMIA indicates the overall long-standing poor condition of agency financial systems. Correcting the systems problems is a difficult challenge for agencies because of the age and poor condition of their critical financial systems. Some of the federal government's computer systems were originally designed and developed years ago and do not meet current systems requirements. These legacy systems cannot provide reliable financial information for key governmentwide initiatives, such as integrating budget and performance information. Across government, agencies have many efforts underway to implement or upgrade financial systems to alleviate long-standing weaknesses in financial management. As we recently reported,[Footnote 38] as of September 30, 2002, 17 agencies advised us that they were planning to or were in the process of implementing a new core financial system.[Footnote 39] Of these 17 agencies, 11 had selected certified[Footnote 40] software. The other 6 agencies have not reached the software selection phase of their acquisition process. Implementing a core financial system that has been certified does not guarantee that these agencies will have financial systems that are compliant with FFMIA. Certification of core financial systems and testing vendor COTS packages help ensure that financial management system requirements and the vendor software remain aligned. One critical factor affecting FFMIA compliance is the integration of the core financial system with the agency's administrative[Footnote 41] and programmatic[Footnote 42] systems and the validity and completeness of data from these systems. Other factors affecting a COTS core financial system's ability to comply with FFMIA include how the software package works in the agency's environment, whether any modifications or customizations have been made to the software, and the success of converting data from legacy systems to new systems. As of September 30, 2002, target implementation dates for 16 of the 17 agencies planning to implement new core financial systems ranged from fiscal years 2003 to 2008. One agency--DOD--had not yet determined its target date for full implementation. As shown in figure 2, 3 of the 16 agencies-- Agriculture, GSA, and NASA--planned to complete implementation in fiscal year 2003. Three other agencies--SSA, Commerce, and DOT--planned to complete their implementations in fiscal year 2004. The Department of Energy established fiscal year 2005 as its target implementation date and 3 agencies--the departments of State and Veterans Affairs and AID--have targeted fiscal year 2006 for completion. Moreover, as shown in figure 2, 4 agencies--DOL, HHS, EPA, and HUD--have set fiscal year 2007 as their implementation target date. Finally, 2 agencies--the Departments of the Interior and Justice[Footnote 43]--projected fiscal year 2008 for completion of their core financial systems implementation. Figure 2: Agency Target Dates for Implementation of Core Financial Systems as of September 30, 2002: [See PDF for image] - graphic text: [End of figure] The remaining 7 of the 24 CFO Act agencies that advised us that they had no plans to implement a new system had either recently implemented a new core financial system in the last several years or were not planning to implement an agencywide core financial system. Five of the 7 agencies had fully implemented new core financial systems since the beginning of fiscal year 2001--including the Department of Education, NSF,[Footnote 44] NRC, the Small Business Administration (SBA), and OPM. FEMA had implemented a new system prior to fiscal year 2001. The remaining agency, Treasury,[Footnote 45] is not planning to implement an agencywide core financial system, but several of its subcomponent agencies--including the Internal Revenue Service and the Office of the Comptroller of the Currency--are in the process of implementing core financial system software packages. In their performance and accountability reports, management for some agencies stated that full implementation of these new systems will address their systems' substantial noncompliance with FFMIA. However, as previously mentioned, implementation of a new core financial system may not resolve all of an agency's financial management weaknesses because of the myriad of problems affecting agencies beyond their core financial systems. Nevertheless, it is imperative that agencies adopt leading practices to help ensure successful systems implementation. Successful Implementation of Financial Management Systems Is Key for Improved Financial Reporting: Implementing new financial management systems provides a foundation for improved financial management, including enhanced financial reporting capabilities that will help financial managers meet OMB's accelerated reporting deadlines[Footnote 46] and make better financial management decisions due to more timely information. Successful implementation of financial management systems has been a continuous challenge for both federal agencies and private sector entities. In the past, federal agencies have experienced setbacks and delays in their implementation processes. These delays were caused by various factors, including a lack of executive-level involvement, poor communication between managers and users, and inadequate project planning. For example, our work at NASA has shown the need for consistent executive support, communication with all stakeholders, full identification of user requirements, and adequate planning. Recent work at NASA illustrates some of the specific problems agencies are encountering in implementing JFMIP-certified financial systems. In April 2000, NASA began its Integrated Financial Management Program (IFMP), its third attempt in recent years at modernizing financial processes and systems. NASA's previous two efforts were eventually abandoned after a total of 12 years and a reported $180 million in spending. As part of this third effort, NASA recently implemented a new core financial module that was expected to provide financial and program managers with timely, consistent, and reliable cost and performance information for management decisions. However, earlier this year we reported[Footnote 47] that NASA's core financial module was not being implemented to accommodate the information needed by program managers, cost estimators, and the Congress. The need for ongoing communication between project managers and systems users is crucial to any successful systems implementation project. Project managers need to understand the basic requirements of users, while users should be involved in the project's planning process. NASA's program officials chose to defer the development of some functions and related user requirements in order to expedite the systems implementation process. As a result, the new system will not meet the needs of some key users who will continue to rely on information from nonintegrated programs outside of the core financial module, or use other labor-intensive means, to capture the data they need to manage programs. NASA has also not followed certain other best practices for acquiring and implementing its new financial management system. NASA's implementation plan calls for the system to be constructed using commercial components; however, NASA has not analyzed the interdependencies of the various subsystems. When constructing a system from commercial components, it is essential to understand the features and characteristics of each component in order to select compatible systems that can be integrated without having to build and maintain expensive interfaces. By acquiring components without first understanding their relationships, NASA has increased its risks of implementing a system that will not optimize mission performance, and that will cost more and take longer to implement than necessary. Private sector entities have also encountered a number of challenges and setbacks when implementing new systems. These challenges have included competition between internal organizational units, user resistance to the new systems, and frequent changes in management and to underlying corporate strategy. Entities are overcoming their challenges because better tools have been created to monitor and control progress and skilled project managers with better management processes are being used. The Standish Group International, Inc.[Footnote 48] (Standish Group) has reported that the number of successful systems implementation projects in the private sector is increasing. From 1994 to 2000, successful projects increased from 28,000 to 78,000. The Standish Group, through its research,[Footnote 49] has identified 10 project success factors. These factors include user involvement, executive support, experienced project managers, firm basic requirements, clear business objectives, minimized scope, standard software infrastructure, formal methodology, reliable estimates, and other.[Footnote 50] Also, according to the Standish Group, although no project requires all 10 factors to be successful,[Footnote 51] the more factors that are present in the project strategy, the higher the chance of a successful implementation. As discussed above, many of these factors have been challenges for both private sector and federal entities. By its very nature, the implementation of a new financial management system is a risky proposition. Therefore, it is crucial that federal departments and agencies follow accepted best practices and embrace as many of the key characteristics for successful implementation projects as possible to help minimize the risk of failed projects and result in systems that provide the necessary data for management's needs. Our executive guide[Footnote 52] on creating value through world-class financial management describes 11 practices critical for establishing and maintaining sound financial operations. These practices include reengineering processes in conjunction with new technology. As a result, using commercial components such as COTS packages may require significant changes in the way federal departments conduct their business. According to the leading finance organizations that formed the basis for our executive guide, a key to successful implementation of COTS systems is reengineering business processes to fit the new software applications that are based on best practices. Moreover, OMB's former Associate Director for Information Technology and e-Government has stated that "IT will not solve management problems--re-engineering processes will.": The conversion of data from an old system to a new system is also critical. In December 2002, JFMIP issued its White Paper: Financial Systems Data Conversion - Considerations. The purpose of this JFMIP document is to raise awareness of financial systems data conversion considerations to be addressed by financial management executives and project managers when planning or implementing a new financial management system. The JFMIP paper addresses (1) key considerations regarding data conversion and cutover to the new system, (2) best approaches for completing the data conversion and cutover, and (3) ways to reduce the risks associated with these approaches. Status of Governmentwide Financial Management Improvement Efforts: As we have discussed, the goal of FFMIA is for agencies to have timely, reliable, and accurate information with which to make informed decisions and to ensure accountability on an ongoing basis. Figure 3 shows the three levels of the pyramid that result in the end goal, accountability and useful management information. The bottom level of the pyramid is the legislative framework that underpins the improvement of the general and financial management of the federal government. The second level shows the drivers that build on the legislative requirements and influence agency actions to meet these requirements. The three drivers are (1) congressional and other oversight, (2) the activities of the JFMIP Principals, and (3) the PMA. The third level of the pyramid represents the key success factors for accountability and meaningful management information--integrating core and feeder financial systems, producing reliable financial and performance data for reporting, and ensuring effective internal control. The result of these three levels, as shown at the top of the pyramid, is accountability and meaningful management information needed to assess and improve the government's effectiveness, financial condition, and operating performance. Figure 3: Pyramid to Accountability and Useful Management Information Congressional Oversight: [See PDF for image] [End of figure] Congressional Oversight: The leadership demonstrated by the Congress has been an important catalyst to reforming financial management in the federal government. As previously discussed, the legislative framework provided by the CFO Act and FFMIA, among others, produced a solid foundation to stimulate needed change. For example, in November 2002, the Congress enacted the Accountability of Tax Dollars Act of 2002[Footnote 53] to extend the financial statement audit requirements for CFO Act agencies to most executive branch agencies. In addition, there is value in sustained congressional interest in these issues, as demonstrated by hearings on federal financial management and reform held over the past several years. It will be key that the appropriations, budget, authorizing, and oversight committees hold agency top management accountable for resolving these problems and that they support improvement efforts. The continued attention by the Congress to these issues will be critical to sustaining momentum for financial management reform. JFMIP Principals: Starting in August 2001, the JFMIP Principals have been meeting regularly to deliberate and reach agreements focused on financial management reform issues including (1) defining success measures for financial performance that go far beyond an unqualified audit opinion,[Footnote 54] (2) significantly accelerating financial statement reporting to improve timeliness for decision making, and (3) addressing difficult accounting and reporting issues, including impediments to an audit opinion on the federal government's consolidated financial statements. This forum has provided an opportunity to reach decisions on key issues and undertake strategic activities that reinforce the effectiveness of groups such as the CFO Council in making progress toward federal financial management. In fiscal year 2002, the JFMIP Principals continued the series of these deliberative meetings. Continued personal involvement of the JFMIP Principals is critical to the full and successful implementation of federal financial management reform and to providing greater transparency and accountability in managing federal programs and resources. President's Management Agenda and the Executive Branch Management Scorecard: The PMA,being implemented by the administration as an agenda for improving the management and performance of the federal government, targets the most apparent deficiencies where the opportunity to improve performance is the greatest. While FFMIA implementation relates directly to the improved financial performance initiative, development and maintenance of FFMIA-compliant systems will also affect the implementation of the other four initiatives. Furthermore, the modernization of agency financial management systems, as envisioned by FFMIA, is critical to the success of all of these initiatives. Notably, OMB is developing a federal enterprise architecture that will affect the government's ability to make significant progress across the PMA. For example, as part of the e-gov initiative, the number of federal payroll providers is being consolidated. Numerous agencies had targeted their payroll operations for costly modernization efforts. According to OMB, millions of dollars will be saved through shared resources and processes and by modernizing on a cross-agency and governmentwide basis. The administration's implementation of its Program Assessment Rating Tool (PART) relates specifically to the PMA initiative of integration of budget and performance information. Reliable cost data, so crucial to effective FFMIA implementation, is critical not only for the improved financial performance and budget and performance integration initiatives, but also for competitive sourcing. For effective management, this cost information must not only be timely and reliable, but also both useful and used. The administration is using the Executive Branch Management Scorecard, based on governmentwide standards for success, to highlight agencies' progress in achieving the improvements embodied in the PMA. OMB uses a grading system of red, yellow, and green to indicate agencies' status in achieving the standards for success for each of the five crosscutting initiatives. It also assesses and reports progress using a similar "stoplight" system. The focus that the administration's scorecard approach brings to improving management and performance, including financial management performance, is certainly a step in the right direction. The value of the scorecard is not in the scoring per se, but the degree to which the scores lead to sustained focus and demonstrable improvements. This will depend on continued efforts to assess progress and maintain accountability to ensure that the agencies are able to, in fact, improve their performance. It will be important that there be continuous rigor in the scoring process for this approach to be credible and effective in providing incentives that produce lasting results. Also, it is important to recognize that many of the challenges the federal government faces, such as improving financial management, are long-standing and complex, and will require sustained attention. Closing Comments: The primary purpose of FFMIA is to ensure that agency financial management systems routinely provide reliable, useful, and timely financial information so that government leaders will be better positioned to invest resources, reduce costs, oversee programs, and hold agency managers accountable for the way they run programs. While many agencies are receiving unqualified opinions on their financial statements, auditor determinations of FFMIA compliance are lagging behind. To achieve the financial management improvements envisioned by the CFO Act, FFMIA, and more recently, the President's Management Agenda, agencies need to modernize their financial systems to generate reliable, useful, and timely financial information throughout the year and at year-end. However, as we have discussed today, agencies are facing significant challenges in implementing new financial management systems. We are seeing a strong commitment from the President, the JFMIP Principals, and the Secretaries of major departments to ensure that these needed modernizations come to fruition. This commitment is critical to the success of the efforts under way as well as those still in a formative stage, and must be sustained. Finally, Mr. Chairman, the leadership demonstrated by you and the members of this Subcommittee is an important catalyst to reforming financial management in the federal government. Continued attention to these issues will be critical to sustaining momentum on financial management reforms. Mr. Chairman, this concludes my statement. I would be pleased to answer any questions you or other members of the Subcommittee may have at this time. Contacts and Acknowledgments: For further information about this statement, please contact Kay L. Daly at (202) 512-9312. Other key contributors to this testimony include Sandra S. Silzer and Bridget A. Skjoldal. (193052): FOOTNOTES [1] Pub. L. No. 104-208, sec.101(f)(title VIII), 110 Stat. 3009-389. [2] Pub. L. No. 101-576, 104 Stat. 2838 (1990). [3] There were initially 24 CFO Act agencies (see footnote 2 above). The Federal Emergency Management Agency (FEMA), one of the 24 CFO Act agencies, was subsequently transferred to the new Department of Homeland Security (DHS) effective March 1, 2003. With this transfer, FEMA will no longer be statutorily required to prepare audited stand- alone financial statements. We included FEMA in our review because FEMA was a CFO Act agency as of September 30, 2002. DHS must prepare audited financial statements under the Accountability of Tax Dollars Act of 2002, because it is a "covered executive agency" for purposes of 31 U.S.C. 3515. However, DHS was not established as a CFO Act agency and therefore is not statutorily subject to FFMIA. Consideration is now being given to making DHS a CFO Act agency and therefore subject to FFMIA in the Department of Homeland Security Financial Accountability Act, H.R. 2886, 108TH Congress. [4] U.S. General Accounting Office, Financial Management: Sustained Efforts Needed to Achieve FFMIA Accountability, GAO-03-1062 (Washington, D.C.: Sept. 30, 2003). [5] U.S. General Accounting Office, Financial Management: Effective Implementation of FFMIA is Key to Providing Reliable, Useful, and Timely Data, GAO-02-791T (Washington, D.C.: June 6, 2002) and Financial Management: Agencies Face Many Challenges in Meeting the Goals of the Federal Financial Management Improvement Act, GAO/T-AIMD-00-178 (Washington, D.C.: June 6, 2000). [6] The Program Management Office, managed by the Executive Director of the Joint Financial Management Improvement Program (JFMIP), with funds provided by the CFO Council agencies, tests vendor COTS packages and certifies that they meet certain federal financial management systems requirements for core financial systems. [7] Customization is the process of setting parameters within an application to make it operate in accordance with the entity's business rules. Customizations are normally supported by vendors in subsequent upgrades. Modification is the process of writing or changing code and modifications are not supported by vendors in subsequent upgrades. [8] The JFMIP Principals are the Secretary of the Treasury, the Directors of OMB and the Office of Personnel Management (OPM), and the Comptroller General of the United States. [9] GAO-02-791T. [10] In providing negative assurance, auditors are stating that nothing came to their attention indicating that an agency's financial management systems do not meet FFMIA requirements. [11] The same six types of problems were cited by auditors in their audit reports for fiscal years 2000 and 2001. [12] Auditors may not have reported these problems as specific reasons for lack of substantial compliance with FFMIA. [13] Federal financial system requirements define an integrated financial system as one that coordinates a number of previously unconnected functions to improve overall efficiency and control. Characteristics of such a system include (1) standard data classifications for recording financial events, (2) common processes for processing similar transactions, (3) consistent control over data entry, transaction processing, and reporting, and (4) a system design that eliminates unnecessary duplication of transaction entry. [14] DOT is implementing a COTS-based core financial system called Delphi. DOT management projects that the implementation will be complete in fiscal year 2004. [15] Office of Inspector General, Department of Transportation, Consolidated Financial Statements for Fiscal Years 2002 and 2001, FI- 2003-018 (Jan. 27, 2003). [16] U.S. General Accounting Office, Department of Defense: Status of Financial Management Weaknesses and Progress Toward Reform, GAO-03-931T (Washington, D.C.: June 25, 2003). [17] Department of Defense, Performance and Accountability Report, Fiscal Year 2002 (Jan. 31, 2003). [18] Office of Inspector General, Independent Auditor's Report on Financial Statements, A-17-02-0001, Fiscal Year 2002 Performance and Accountability Report, U.S. Department of Health and Human Services. [19] Agencies record their budget spending authorizations in their fund balance with Treasury accounts. Agencies increase or decrease these accounts as they collect or disburse funds. [20] GAO-03-931T. [21] U.S. General Accounting Office, Fiscal Year 2002 U.S. Government Financial Statements: Sustained Leadership and Oversight Needed for Effective Implementation of Financial Management Reform, GAO-03-572T (Washington, D.C.: Apr. 8, 2003). [22] Trading partners are U.S. government agencies, departments, or other components that do business with each other. [23] In our October 2002 FFMIA report, we stated that auditors had discussed the lack of accurate and timely recording of transactions at 12 agencies. As part of our analysis of most recent agency audit reports, it became apparent that these problems were reported in prior years for 2 additional agencies, but the earlier audit reports did not include sufficient detail to make these assessments. [24] PricewaterhouseCoopers, Report of Independent Accountants, January 15, 2003, FY 2002 Performance & Accountability Report, U.S. Department of Justice. [25] To help address deficiencies with its legacy general ledger system, as a first step in upgrading its overall financial management system, FHA implemented the general ledger module of a COTS software package on October 1, 2002. This module automates the monthly interface of summary-level balances with HUD's Central Accounting and Program System (HUDCAPS). [26] U.S. General Accounting Office, Department of Housing and Urban Development: Status of Efforts to Implement an Integrated Financial Management System, GAO-03-447R (Washington, D.C.: Apr. 9, 2003). [27] FAA has efforts underway to implement a cost accounting system as required by the Federal Aviation Reauthorization Act of 1996 (Pub. L. No. 104-264, 110 Stat. 3213, 3248 (1996)). The U.S. Coast Guard has a cost accounting system used for determining vessel documentation user fees. [28] The other four crosscutting initiatives are improved financial performance, strategic human capital management, competitive sourcing, and expanded electronic government. [29] GAO-03-931T. [30] U.S. General Accounting Office, Information Security: Progress Made, But Challenges Remain to Protect Federal Systems and the Nation's Critical Infrastructures, GAO-03-564T (Washington, D.C.: Apr. 8, 2003). [31] These are the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Housing and Urban Development, Interior, Justice, Labor, State, Transportation, Treasury, and Veterans Affairs, the Environmental Protection Agency, Federal Emergency Management Agency, General Services Administration, Office of Personnel Management, National Aeronautics and Space Administration, National Science Foundation, Nuclear Regulatory Commission, Small Business Administration, Social Security Administration, and U.S. Agency for International Development. [32] U.S. General Accounting Office, High-Risk Series: An Update, GAO- 01-263 (Washington, D.C.: January 2001). [33] These provisions are part of the Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001, Pub. L. No. 106-398, 114 Stat. 1654, 1654A-266 (2000). [34] Office of Management and Budget, FY 2002 Report to Congress on Federal Government Information Security Reform (May 16, 2003). [35] U.S. General Accounting Office, Information Security: Continued Efforts Needed to Fully Implement Statutory Requirements, GAO-03-852T (Washington, D.C.: June 24, 2003). [36] Pub. L. No. 107-347, title III, 116 Stat. 2899, 2946 (2002). [37] 44 U.S.C. 3544(c)(3). [38] U.S. General Accounting Office, Core Financial Systems at the 24 Chief Financial Officers Act Agencies, GAO-03-903R (Washington, D.C.: June 27, 2003). [39] Core financial systems, as defined by JFMIP, include managing general ledger, funding, payments, receivables, and certain basic cost functions. Core financial systems receive data from other financial and feeder systems--such as acquisition, grant, and human resource and payroll systems--as well as from direct user input, and provide data for financial performance measurement and analysis and for financial statement preparation. [40] The Program Management Office, which is managed by JFMIP's Executive Director with funds provided by the CFO Council agencies, tests vendor COTS packages and certifies those that meet certain financial management system requirements for core financial systems. [41] Examples of administrative systems are those common to all agencies such as budget, acquisition, travel, property, and payroll. [42] Programmatic systems are those needed to carry out an agency's mission. For example, HHS needs a grants management system to carry out its mission. [43] Justice plans a staggered implementation of its new core financial system in its component agencies with target completion dates ranging from October 2004 to October 2007. [44] NSF's core financial system was implemented in 1992. The maintenance needed to migrate the system to a client-server platform was completed in April 2001. [45] Although Treasury does not have an agencywide core financial system, it does utilize automated tools and a central data warehouse for analysis and reporting. [46] In order to have timely, reliable and useful information OMB has required agencies to prepare financial statements closer to the end of the reporting period. Under the accelerated reporting requirements, agency performance and accountability reports for fiscal year 2004 are due to OMB by November 15, 2004, just 45 days after the close of the fiscal year. [47] U.S. General Accounting Office, Business Modernization: Improvements Needed in Management of NASA's Integrated Financial Management Program, GAO-03-507 (Washington, D.C.: Apr. 2003). [48] The Standish Group is a well-known research advisory firm that focuses on mission-critical software applications, management techniques, and technologies. [49] The Standish Group's research is done through focus groups, in- depth surveys, and extensive interviews with Fortune 500 companies. [50] Other includes small milestones, proper planning, competent staff, and ownership. [51] Successful implementation is defined as a project that is completed on time, on budget, and with all the features and functions originally specified. [52] U.S. General Accounting Office, Executive Guide: Creating Value Through World-class Financial Management, GAO/AIMD-00-134 (Washington, D.C.: April 2000). [53] Pub. L. No. 107-289, 116 Stat. 2049 (2002). [54] These success measures include financial management systems that routinely provide timely, reliable, and useful financial information and no material control weaknesses or material noncompliance with laws and regulations as well as FFMIA.