Skip Navigation

 

Frequent Questions

Font Size Reduce Text SizeEnlarge Text Size     Print Send this page to printer     Download Reader  Download PDF readerHHS Home|About HHS|Contact Us

AFR Home > FY 2007 Section I: Management’s Discussion & Analysis > Systems, Controls, and Legal Compliance

AFR Home

FY 2007 Introduction

FY 2007 Message from the Secretary

FY 2007 Section I: Management’s Discussion & Analysis

Mission & Organizational Structure

Strategic Goals

Strategic Goal Highlights

President’s Management Agenda

Analysis of Financial Statements & Stewardship Information

Systems, Controls, and Legal Compliance

Other Management Information, Initiatives, and Issues

Looking Ahead to FY 2008 – Department Management Challenges & High Risk Areas

FY 2007 Section II: Financial Report

FY 2007 Section III: Other Accompanying Information

Glossary

Systems, Legal Compliance, And Controls

Topics on This Page

 

The Department’s overall goals for its financial management systems focus on ensuring effective internal controls, systems integration, and the ability to produce timely and reliable financial and performance data for reporting.  One of management’s immediate priorities is to address weaknesses that are identified in audits, evaluations, and assessments of it financial management controls, systems, and processes.

Systems

A cornerstone to improving our management practices is our ability to maintain management systems, processes, and controls that ensure financial accountability; provide useful management information; and meet requirements of Federal laws, regulations, and guidance.  We seek to comply with a variety of Federal financial management systems requirements, including those articulated by the Federal Managers’ Financial Integrity Act, the Chief Financial Officers Act, the Government Management Reform Act, the Federal Financial Management Improvement Act of 1996 (“Clinger-Cohen Act”), the Federal Information Security Management Act of 2002, the Federal Financial Management Improvement Act, and the Office of Management and Budget Circular A-127, Financial Management Systems.  This section includes an overview of our current key systems and our implementation of a Unified Financial Management System.

System Goals and Strategies

Our financial system is a web-based, commercial, off-the-shelf product that serves as the foundation for integrated financial management across the Department.  The system provides a unified approach for enhancing financial management performance by eliminating duplication, streamlining processes, and establishing a common information technology infrastructure across the enterprise. 

A fully implemented financial system meets the standards for success in receiving a green status rating under the President’s Management Agenda initiative “Improved Financial Performance.”  Once the Unified Financial Management System (UFMS) and related systems projects are fully implemented, our financial management systems framework will be as depicted below:

HHS End State Architecture Framework: acquisition management, asset management, e-travel, human resources, grants management, payment management.

The financial system will replace five legacy accounting systems with one modern accounting system with three components:  The Healthcare Integrated General Ledger Accounting System, National Institutes of Health Business System and UFMS Global.  The Healthcare Integrated General Ledger Accounting System supports the Centers for Medicare and Medicaid Services and the Medicare contractors; National Institutes of Health Business System and UFMS Global will serve the rest of the Department, both hosted on a single platform with shared services around system administration and database administrative support.  UFMS has successfully replaced three out of five legacy accounting systems through the end of FY 2007. The UFMS Global implementation was partially completed in FY 2007, with full implementation in the first quarter of FY 2008.  The National Institutes of Health implementation was completed in June 2007.  The Centers for Medicare & Medicaid Services implementation will be fully operational by 2011.

Back to Top

Statement of Auditing Standards (SAS) 70 Systems Reviews

Independent examinations of HHS internal controls are completed annually.  The auditors’ examinations for the Department’s service providers for FY 2007 were completed under the guidelines of the American Institute of Certified Public Accountants Statement of Auditing Standards (SAS) Number 70, Service Organizations, as amended.  The annual examination is a “Type 2” report providing an opinion on the internal controls placed in operation and includes tests of operating effectiveness.  During FY 2007, SAS-70 examinations were performed for the Program Support Center’s Payment Management System, Enterprise Support Services, and the National Institutes of Health Information Technology service organizations for periods from October 1, 2006 to June 30, 2007.  In the examiner’s opinion, the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during that period, with the exception of logical and physical access controls noted by the examiners.  The Department is in the process of developing and/or implementing plans and systems to address deficiencies identified in these examinations.

Legal Compliance

Anti-Deficiency Act

As discussed in our prior year report, the Department discovered violations of the Anti-Deficiency Act in a program managed by one of its operating divisions.  These violations occurred over a period of several prior fiscal years and any amounts relating to these violations would not be material to any year’s financial statements.  The Department is continuing to investigate and is committed to appropriately resolving these matters and complying with all aspects of the Anti-Deficiency Act.

Back to Top

Controls

Department-wide Assurance Statement

The Department of Health and Human Services’ (HHS) management is responsible for establishing and maintaining effective internal control and financial management systems that meet the objectives of the Federal Managers’ Financial Integrity Act (FMFIA) and Office of Management and Budget Circular A-123, Management’s Responsibility for Internal Control, dated December 21, 2004.  These objectives are to ensure: 1) effective and efficient operations; 2) compliance with applicable laws and regulations; and 3) reliable financial reporting.

As required by Office of Management and Budget Circular A-123, Management’s Responsibility for Internal Control, HHS has evaluated its internal controls and financial management systems to determine whether these objectives are being met. Accordingly, HHS provides a qualified statement of reasonable assurance that its internal controls and financial systems meet the objectives of FMFIA.  This statement is qualified due to the following two material weaknesses (noted in Table I) which also constitute non-conformances under Section 4 of FMFIA:

  1. Financial Systems and Processes
  2. Oversight and Management of Information System Controls

Assurance for Internal Control over Operations and Compliance

HHS conducted its assessment of internal control over the effectiveness and efficiency of operations and compliance with applicable laws and regulations in accordance with Office of Management and Budget Circular A-123, Management’s Responsibility for Internal Control.  Based on the results of this evaluation, HHS identified one material weakness in its internal control over the effectiveness and efficiency of operations under Section 2 of FMFIA relating to the oversight and management of the Department’s information system controls, which also constitutes a non-conformance under Section 4 of FMFIA as of September 30, 2007.  Other  than the exception noted above and described in Table I, the Department provides reasonable assurance that internal controls over operations and compliance with applicable laws and regulations as of September  30, 2007, were operating effectively and no other material weaknesses were found in the design or operation of these internal controls.

Assurance for Internal Control over Financial Reporting

HHS conducted its assessment of the effectiveness of internal control over financial reporting, which includes safeguarding of assets and compliance with applicable laws and regulations, in accordance with the requirements of Appendix A of Office of Management and Budget Circular A-123,  Management’s Responsibility for Internal Control.  Based on the results of this assessment, HHS identified one material weakness in its internal control over financial reporting as of June 30, 2007, relating to the Department’s financial systems and processes, which also constitutes a non-conformance under Section 4 of FMFIA.  Other than the exception noted above and described in Table I, the internal controls over financial reporting as of June 30, 2007, were operating effectively and no other material weaknesses were found in the design or operation of the internal control over financial reporting.

 

/Michael O. Leavitt/

November 15, 2007


Back to Top

Table I

Summary of Material Weaknesses and System Non-conformances 

Control Area

FMFIA Section 2

FMFIA Section 4

Operations
(As of 9/30/2007)

Compliance
(As of 9/30/2007)

Financial Reporting
(As of 6/30/2007)

Non-Conformance

Financial  Systems and Processes

-

-

X

X

Oversight and Management of Information System Controls

X

-

-

X



Financial Systems and Processes

HHS’ financial management systems are not in substantial compliance with the requirements of the Federal Financial Management Improvement Act (FFMIA) of 1996 because they do not fully comply with the Federal financial management systems requirements of Office of Management and Budget Circular A-127, Financial Management Systems,  and the United States Government Standard General Ledger at the transaction level.

As in prior years, HHS continues to have internal control weaknesses in its financial management systems and processes for producing financial statements.  While significant progress has been made in FY 2007, continuing our phased deployment of FFMIA compliant systems throughout the Department, the lack of completion of the fully integrated financial management system, and weaknesses in internal controls make it difficult for HHS to prepare timely and reliable financial statements.  Substantial manual reporting processes, continuing adjustments to reported balances, and processes performed outside the general ledger system are needed to produce the financial statements.

Back to Top

Oversight and Management of Information System Controls

Weaknesses in the oversight and management of information system controls were detected in key financial management systems.  The primary findings included access controls, which can compromise the integrity of Department data and increase the risk that the Department’s data may be inappropriately used or disclosed.  The pervasive nature of these and other findings leads management to conclude that the findings warrant classification as a material weakness.  In addition, the financial management systems are not currently in conformance with legal and regulatory guidelines as established by the appropriate governing bodies.

Table II

Corrective Action Plan and Impact of Material Weakness

The following table lists the corrective actions for the control weaknesses, the related corrective action dates, and the impact of the material weakness on the Financial Statements.


Material Weakness and Corrective Action Plan

Corrective Action Date

Impact of Material Weakness on Financial Statements

(1)   Financial Systems and Processes

FY 2009

Through significant manual effort and controls, the risk of misstating the Financial Statements is mitigated.

(2)   Oversight and Management of Information System Controls

FY 2009

Sufficient compensating controls exist through manual efforts that the risk of misstating the Financial Statements is mitigated.



Back to Top

Date of Report: November 15, 2007

AFR Section I Links:


horizontal line

Home | Frequent Questions | Contacting HHS | Accessibility | Privacy Policy | FOIA | Disclaimer | Helping America's Youth | HHS Archive

U.S. Department of Health & Human Services · 200 Independence Avenue, S.W. · Washington, D.C. 20201