Released by the Bureau of Financial Management and Policy
October 2001
Table of Contents | |
I. Introduction | 1 |
II. Background | 1 |
III. Fiscal Years 2000 and 2001 Results | 2 |
IV. Achieving Substantial Compliance | 6 |
Appendixes | |
Appendix I – 1: Fixed Assets System: Phase II – Personal Property | 12 |
Appendix I – 2: Financial Reporting Software | 14 |
Appendix I – 3: Enhanced Interfaces | 16 |
Appendix I – 4: Central Financial Planning System (CFPS) | 17 |
Appendix I – 5: Regional Financial Management System (RFMS) | 20 |
Appendix I – 6: Business Continuity and Contingency Planning | 23 |
Figure 1: Projects Addressing FFMIA Substantial Non-Compliance
A. Timely and Useful Information/ B. Sole Source of Information
Central Financial Management System (CFMS) Enhancement Projects.
While CFMS contains State’s SGL, CFMS is not the sole source of information for financial statement preparation because CFMS does not account for all necessary elements of the financial statements. In limited instances, reliance is placed on manual compilation efforts, ad hoc programming, and analysis of data produced by mixed financial or subsidiary systems that are not integrated and require adjustments. For example, data and disclosures on personal property amounts do not reside in CFMS.
CFMS Enhancement Projects: Project Cost Accounting System.
CFMS Enhancement Projects: Fixed Assets System (Phase I – Real Property).
C. Systems Security
Mainframe Access Control Security Projects.
CFMS Security Improvements
As part of the audit of the FY 2000 Departmentwide Financial Statements, an internal vulnerability assessment of CFMS was conducted in February 2001. The review found that the specific security features associated with the CFMS application function correctly and are well managed. However, similar to the two independent penetration tests noted above, the review identified issues with the IT infrastructure that affords access to CFMS.
D. Business Continuity and Contingency Planning
CFMS and Paris FSC Mainframe Contingency Plan.
Other Areas of Improvement
In addition to the completion of the initiatives above, State has made other improvements to address inadequacies in the financial and accounting systems that have been cited in the Independent Auditor’s Report. The improvements are highlighted in the chart below.
IV.
There are now two fully operational mainframe computer facilities, the center located at the Harry S Truman Building (Washington, D.C.) and the Beltsville Information Management Center (Beltsville, Maryland). In the event of a disaster impacting one of these two facilities, critical mainframe operations (that CFMS operates on) could be moved to the other site, albeit at a diminished but workable capacity. Contingency plans have been developed with detailed recovery implementation plans for all logical partitions on the mainframes at both centers. As part of State’s Year 2000 (Y2K) activities, a contingency plan was developed to provide appropriate contingency relief and disaster recovery for the FSC Paris mainframe using the domestic mainframe computers. Mainframe contingency planning was closed as an FMFIA material weakness on December 14, 1999. This initiative successfully addressed the major contingency planning shortfalls of State’s mainframe computers located in Washington and FSC Paris.. With the help of a CPA firm, State improved CFMS security by establishing an effective security administration and operations program. As a result, new policies, procedures and security profiles were established. State developed and provided CFMS security awareness training to over 900 users of CFMS. These items comprise fundamental elements required for establishing and implementing a security program that is compliant with Federal requirements. Also, the CPA firm who assisted with these efforts provided a risk assessment evaluation workplan to be used in future evaluations of CFMS general controls. Through these documents and efforts, State has established a basis for conducting periodic risk assessments of CFMS. Mainframe security regarding access controls was enhanced enabling the State’s Management Control Steering Committee (MCSC) to vote for closure of the Federal Managers’ Financial Integrity Act (FMFIA) material weakness for Information Systems Security. The MCSC, with the concurrence of the Inspector General, approved the closure for the FY 2000 FMFIA Report. This was based on the fact that the processes, controls and administration of State’s information systems security program have been significantly enhanced since this problem was identified in 1997. However, whether these improvements prevent unauthorized access and abuse of the Department’s information systems network for domestic operations needed to be independently validated. The Department, working with the OIG and the General Accounting Office (GAO), completed two independent reviews of system security vulnerabilities. The reviews confirmed improvements, but also identified potential problems with information systems’ network access controls (versus mainframe access). Efforts to improve these controls are reported under a separate project – Information Systems Network Security. In FY 2000, State implemented the Fixed Assets System, an integrated module within CFMS, to account for the real property elements of land, buildings and structures. The Fixed Assets System module is part of the financial management software package of American Management Systems, Inc. This new capability allows these elements of the financial statements to be developed directly from State’s automated trial balance. Data from this new module automatically updates the SGL account for Property, Plant and Equipment, enhancing the reliability and timeliness of data maintained in CFMS. As a result of completing this project, the CFMS general ledger is the primary source of information on these elements for financial reporting.The Project Cost Accounting System (PCAS) was implemented to capture and report costs associated with capital improvements and construction projects. Under PCAS, transactions containing project codes that have been assigned to capital improvements and construction projects are capitalized and reported in State’s SGL. CFMS serves as the financial accounting and reporting system for all domestically-held allotments and as the central consolidating financial and reporting system for all the Department’s funds and assets. CFMS is based upon the Federal Financial System (FFS), a proprietary software package developed and marketed by American Management Systems, Inc. (AMS). Enhancements, modifications and interfaces to the off-the-shelf FFS package have been developed to meet State requirements. CFMS operates on the Department’s IBM mainframe in Main State (Harry S Truman Building), and has a non-windows user interface for data entry. In addition to on-line processing, CFMS depends on nightly and monthly batch processing cycles to record interface transactions and to perform monthly closing activities. CFMS serves over 1500 users and uses the SGL.BEFORE | NOW |
Substantial elements of the financial statements developed from sources other than the trial balance | Limited to personal property, capital leases and some minor amounts |
Unliquidated obligation balances not reconcilable with detail maintained in related databases | Balances are reconcilable with detail |
Audited financial statements not issued on a timely basis | Audited financial statements issued by March 1 due date |
State continues in its efforts to achieve substantial compliance. State's Deputy Chief Financial Officer has overall responsibility for ensuring that the corrective efforts are accomplished. Presented below is a brief description of those projects included in Figure 1 that remain to be completed to achieve substantial compliance. More detailed information for projects is provided at Appendix I where indicated.
A. Timely and Useful Information/ B. Sole Source of Information
While progress has been made in providing more timely, accurate, and useful information, additional work needs to be done. Described below are projects that will further enhance the financial systems capability in providing timely and useful information for decision making purposes. The SGL and related data will be accounted for in CFMS where appropriate.
CFMS Enhancement Projects: Fixed Assets System: Phase II – Personal Property.
Financial Reporting Software.
Enhanced Interfaces.
Central Financial Planning System (CFPS) Project.
CFPS will standardize worldwide in one system the annual budget call and the program plans of the missions and bureaus. The system will then receive data (both obligation and cost) from State’s accounting system to compare budget to actual, including the cost of doing business. Currently, the function code field of the Department’s accounting code structure is being reviewed and revised to eliminate duplication and provide a vehicle to crosswalk obligations and costs to State’s goals and objectives. The process will be similar to the International Cooperative Administrative Support Services (ICASS) system, and where appropriate, cost distribution pools (using function codes) will be established.
Functional and technical requirements analysis was completed in February 2001. The estimated target date for system development is October 2002. The systems implementation portion of the CFPS project is scheduled for completion by April 2003. The estimated total cost of this project is $4,300,000. See Appendix I - 4 for additional information.
Regional Financial Management System (RFMS) Project.
State is implementing the Regional Financial Management System (RFMS). RFMS is composed of (1) a custom developed disbursing component (no commercial off-the-shelf (COTS) solution is available for disbursing functionality due to the 130+ foreign currencies involved), and (2) a COTS solution for funds management, obligation, and voucher processing. Implementation of RFMS will occur at all FSCs. RFMS not only will support funds management, obligation and voucher processing, but also will change the frequency of the interface, level of detail, and the ‘477’ process between the FSCs and Washington. This will allow financial managers to have up-to-date fund status, revenue data, and specific obligation document status. It will also allow for the matching of payments made domestically against obligations made overseas. The general ledger module of this COTS package will be implemented at the FSC level to further improve management information for overseas financial activity and related fiscal reconciliations.
Development and implementation of RFMS, approved by State’s Information Technology Program Board in June 1998, supports State’s goal of integrating and standardizing worldwide financial and information systems and conforms with OMB Circular A-127 requirements to establish and maintain a single, integrated financial management system. RFMS will (1) reduce the number of overseas regional systems from two to one, (2) incorporate State’s standard account code structure, and (3) enable financial transactions to be standardized between RFMS and CFMS, which will result in the consistent processing and recording of financial data on a worldwide basis.
Target completion dates for implementation at all FSCs are the end of FY 2003. The estimated total cost for this project, allocated among FY 1999 through FY 2003, is $43,937,000. This estimate includes software, development, testing, data conversion, implementation, training, and support. See Appendix I - 5 for additional information.
Systems Security
Information Systems Network Security.
In addition to addressing issues identified in penetration tests, State is implementing a comprehensive framework and process for lifecycle management of IT security. The framework and process will provide for continual evaluation and improvement as displayed in Figure 2. Some of the many accomplishments to date include:
- Developed a Systems Security Program Plan (SSPP) that documents the Department’s security program in its entirety,
- Adopted of the National Security Telecommunications and Information Systems Security Instruction (NSTISSI), National Information Assurance Certification and Accreditation Program (NIACAP),
- Developed a Certification and Accreditation Document that establishes a standard process, set of activities, general tasks, and a management structure to certify and accredit systems,
- Established a 24X7 computer incident response team,
- Established an IT Configuration Control Board,
- Established Remediation Program Office,
- Established antivirus program and processes, and
- Implemented an ongoing penetration testing program.
D. Business Continuity and Contingency Planning Business Continuity and Contingency Plans. Business Continuity and Contingency Plans (BCCP) provide (1) procedures to protect information resources and minimize the risk of unplanned interruptions, and (2) a plan to recover critical operations should interruptions occur. To determine whether recovery plans will work as intended, they should be tested periodically in disaster simulation exercises. Requirements for these plans are outlined in GAO’s Federal Information System Controls Audit Manual (FISCAM). The existence and completeness of these plans is a subject of audits of the Department’s financial statements and computer security reviews. Several efforts are underway to establish BCCPs for our domestic and overseas financial environments. On the domestic front, additional steps undertaken by the Bureau of Information Resource Management (IRM) will ensure a seamless and transparent backup capability between its mainframe resources in the Harry S Truman Building and the Beltsville Information Management Center. Mainframe resources support CFMS and State’s American civilian payroll and Foreign Service retirement systems. For our FSCs in Charleston and Bangkok, a Continuity Risk Assessment was completed in September 2000 and is being used as a roadmap for Charleston and Bangkok to establish limited interim business continuity capabilities for critical financial operation activities, e.g., disbursing and Foreign Service National payroll. As part of the effort to 1) consolidate all FSC Paris financial operations into FSC Charleston and FSC Bangkok and 2) establish the new Regional Financial Management System in FSC Charleston and FSC Bangkok, a comprehensive BCCP will be established. FMP, in association with IRM as developer of several of FMP’s financial management systems, will begin an assessment of the contingency plans developed for the Year 2000 (Y2K) activities to determine our current situation. These plans will be assessed using the FISCAM requirements. Based on this assessment, a plan will be formulated for the development of BCCP documents in support of domestic and overseas operations. The plan will take into account the criticality and sensitivity of FMP business processes, current vulnerabilities, and current systems development efforts. It will be conducted by State IT staff and therefore have no funding requirements. As part of the Department’s efforts in certifying and accrediting all enterprise-wide systems in accordance with PDD 63, resources will verify that BCCPs exist and are tested on a periodic basis. Funding has been provided to establish this function in IRM. Additional funding will be required for the program bureaus to establish and test BCCPs. The development of Business Continuity and Contingency Plans will begin in FY 2002 with their development and testing estimated to be completed in FY 2003. Estimated costs for the development of business continuity plans and facilities are $1,000,000 in FY 2002 and $1,000,000 in FY 2003. This project is dependent on obtaining funding from State’s Information Technology Program Board. See Appendix I - 6 for additional information. In conclusion, State is aggressively working to bring its financial systems into substantial compliance with the FFMIA. State will continue to assess its progress and modify this Plan as appropriate. Of paramount importance is the goal of providing users with accurate, timely and useful information. This Plan provides a "roadmap" for achieving these objectives. Appendix I -1 Project Name: Project Manager: Total Estimated Cost: Project Description: The objective of this project is to extend accomplishments realized with implementation of a real property model, which accounts for land, buildings and structures, into the area of personal property. The initial focus will be on significant categories of personal property from a materiality perspective including security equipment and vehicles. The Department’s Standard General Ledger (SGL) is the primary source of information for financial statement preparation. However, it is not currently the sole source. Reliance has been placed on data produced by mixed financial systems that are not integrated and often require adjustments. DOS has implemented Momentum Fixed Assets System to account for real property previously maintained on supplemental spreadsheets. Data from the Fixed Assets System automatically updates the SGL accounts for property, plant, and equipment, enhancing the reliability and timeliness of data maintained in the SGL and making it the primary source for this information. Phase II of the Fixed Assets initiative focuses on improving the accounting for personal property using the Fixed Assets System above. Interfaces will be developed between the Fixed Assets System and the AVIS (vehicles), NEPA (personal property), and PAMS (security equipment) property systems that State uses to manage personal property. Logic will be developed to read text files via e-mail from AVIS, NEPA and PAMS posts and offices. A standard file format will be developed for use by the new interface to Momentum Fixed Assets. The interface will create transactions that update the CFMS General Ledger. The new interface will facilitate the reliability and timeliness of accounting for property by recording the acquisition cost of property, or net book value/fair market value for donated, transferred or surplus items. Momentum Fixed Assets will also calculate depreciation and gains and losses on sales of assets Momentum Fixed Assets will initially be populated with personal property data stored in the existing Access database. Conversion software will be developed to automate this process. Key Milestones: Appendix I – 2
Requirements Analysis | Complete |
Data Conversion | October 2001 |
Develop Momentum Personal Property to CFMS Interface | November 2001 |
Conduct Working Sessions | December 2001 |
Develop NEPA/PAMS/AVIS Standard Interface To Momentum/Fixed Assets System | December 2001 |
User Training and Procedures | January 2002 |
Production Simulation Testing | February 2002 |
Production Implementation | March 2002 |
Post Implementation Review | April 2002 |
Project Name:
Project Manager:
Total Estimated Cost:
Project Description:
The Department of State has procured a financial software application for mandated federal reporting requirements to the Department of the Treasury and the Office of Management and Budget (OMB). The Department of State is a Federal agency that must comply with the Chief Financial Officers Act (as amended), Government Performance and Results Act of 1993 (GPRA), the Government Management Reform Act of 1994 (GMRA), the Federal Financial Management Improvement Act of 1996, the Statements of Federal Financial Accounting Standards and OMB Circular A-34. To meet these requirements and Treasury mandated FACTS II reporting, the Department is acquiring two software products, Hyperion Enterprise and Hyperion Essbase, including installation, consulting support and user and systems administrator training courses.
Once implemented, the software will: (1) fulfill the FACTS II reporting requirements mandated by the Department of the Treasury; (2) provide the capability of transmitting an electronic file of financial and budgetary information to the Department of the Treasury and the Office of Management and Budget; (3) simplify the compilation, consolidation and reporting of financial statements; (4) improve the timeliness of the financial reporting process; (5) facilitate the production of annual and interim financial statements; and (6) enhance the Department’s financial analysis capabilities. Hyperion Enterprise will provide the capability for the Department to collect, consolidate and report it’s financial results and will enhance the Department’s analysis and planning capabilities. Hyperion Essbase provides the internal database structure to accept Hyperion Enterprise data and allow for the export of the Treasury required file formats to Treasury’s Federal Agencies Centralized Trial Balance System (FACTS II).
The project will consist of the following phases for both Hyperion Enterprise and Hyperion Essbase: planning and requirements analysis, installation, design, development, testing, implementation and post implementation review. The project will start in June 2001, and is scheduled for completion by November 2002.
Key Milestones:
Appendix I - 3
$825,000Troy ScapturaFinancial Reporting SoftwareHyperion Enterprise: | |
Planning and requirements analysis | Complete |
Installation | Complete |
Design – define reports, calculations, input formats and models | Complete |
Development | Complete |
Testing and acceptance | November 2001 |
Implementation | November 2001 |
Post-implementation review | January 2002 |
Hyperion Essbase: | |
Planning and requirements analysis | April 2002 |
Installation | April 2002 |
Design – define reports, calculations, input formats and models | May 2002 |
Development | June 2002 |
Testing and acceptance | August 2002 |
Implementation | October 2002 |
Post-implementation review | November 2002 |
Project Name:
Project Manager:
Total Estimated Cost:
Project Description:
To be compliant with the Federal Financial Management Improvement Act of 1996, State will enhance the interface between the overseas financial systems and CFMS to increase the frequency and level of detail. The current interface submits data at a summary level on a monthly basis, which resulted in abnormally high rejection rate. As a first step, the frequency of submission will be increased from monthly to weekly with the ability to move to daily submissions if the need arises. But the heart of the new re-engineered interface lies in the extraction of overseas transactions at the accounting line level of detail and the creation of transaction category documents in CFMS to record the accounting impact of the overseas transactions. The creation of a transaction at the accounting line level of detail for the overseas transactions enables the synchronization of available fund balances and standard general ledger accounts for overseas allotments in RFMS and CFMS. It also provides an adequate level of detail based on available information from the posts to provide assurance, track discrepancies, and meet internal and external reporting requirements
Key Milestones:
Appendix I -4
$1,435,000 Howard Crawford Enhanced InterfacesFunctional and technical requirement analysis | Complete |
System design | Complete |
System development | Complete |
Testing | October 2001 |
Initial Implementation | November 2001 |
Refinements to the interface | September 2002 |
Project Name:
Project Manager:
Total Estimated Cost:
Project Description:
The Department of State does not presently meet the full requirements of the Government Performance and Results Act (GPRA) to prepare, present and defend strategic, performance-based plans and budgets to the President and the Congress. Nor can the Department evaluate its success or failure in accomplishing its program goals and objectives based on quantitative and qualitative performance measures that link resources to program activities. While many of the ingredients necessary for performance management are available, such as strategic and performance plans and budgetary resources tracking to strategic goals, there is no single system that links performance goals to budgets and budgets to performance management and accountability. The Central Financial Planning System’s vision is to consolidate the strategic planning and budgeting processes for State bureaus and posts together with other foreign affairs agencies into a single system of management information.
A review of existing accounting processes and system requirements will enable management to attain a desired level of reporting for cost information and determine how expenditure information can be associated with strategic goals and specific program outputs. Once these elements are identified and system requirements defined, system functionality will be designed. System development, testing and implementation will follow. CFPS will allow for assignment of direct and indirect costs to arrive at total costs for the specific level defined by management consistent with the Statement of Federal Financial Accounting Standards Number 4, "Managerial Cost Accounting Concepts and Standards for the Federal Government."
Key Milestones:
$4,300,000Jim Millete/Alan EvansCentral Financial Planning SystemProject approval and initial funding | Complete |
Contract award for requirements and business model development | Complete |
Functional and technical requirements developed | Complete |
Develop business model concept | November 2001 |
Design data model | January 2002 |
Conduct gap analysis of requirements to existing systems | March 2002 |
Develop system | October 2002 |
Implement at test posts | December 2002 |
Implement worldwide | April 2003 |
Appendix I – 5
Analysis and Design | Complete |
Develop Disbursing Software | Complete |
Complete Disbursing IV&V | Complete |
Update RFMS Software, Documentation and Procedures | Complete |
Identify and Develop RFMS Software Components | Complete |
Perform IV&V Testing | Complete |
Implement RFMS/Disbursing | Complete |
Integration Testing | Complete |
Production Simulation | Complete |
Parallel Testing | October 2001 |
Implement Pilot Post (Embassy Lima) | November 2001 |
Implement FSC Paris - serviced post | May 2002 |
Implement worldwide | September 2003 |
Appendix I - 6
Project Name:
Project Manager:
Total Estimated Cost:
Project Description:
State must take steps to minimize the impact of crises on U.S. citizens both domestically and overseas, and our national interests. Within FMP, the readiness of FMP’s financial business processes and financial management systems must be ensured should any of our business centers be faced with such crises.
Business Continuity and Contingency Plans (BCCP) provide (1) procedures to protect information resources and minimize the risk of unplanned interruptions, and (2) a plan to recover critical operations should interruptions occur. To determine whether recovery plans will work as intended, they should be tested periodically in disaster simulation exercises. Requirements for these plans are outlined in GAO’s Federal Information System Controls Audit Manual (FISCAM). The existence and completeness of these plans is a subject of audits of the Department’s financial statements and computer security reviews.
Several efforts are underway to establish BCCPs for our domestic and overseas financial environments. On the domestic front, additional steps undertaken by the Bureau of Information Resource Management (IRM) will ensure a seamless and transparent backup capability between its mainframe resources in the Harry S Truman Building and the Beltsville Information Management Center. Mainframe resources support the State’s American civilian payroll, Foreign Service retirement, and core accounting systems.
For our Regional Financial Service Centers in Charleston and Bangkok, a Continuity Risk Assessment was completed in September 2000 and is being used as a roadmap for Charleston and Bangkok to establish limited business continuity capabilities for critical financial operation activities, e.g., payroll and disbursing. As part of the effort to 1) consolidate all FSC Paris financial operations into FSC Charleston and FSC Bangkok and 2) establish the new Regional Financial Management System in FSC Charleston and FSC Bangkok, a comprehensive BCCP will be established.
FMP, in association with IRM as developer of several of FMP’s financial management systems, will begin an assessment of the contingency plans developed for the Year 2000 (Y2K) activities to determine our current situation. These plans will be assessed using the FISCAM requirements. Based on this assessment, a plan will be formulated for the development of BCCP documents in support of domestic and overseas operations. The plan will take into account the criticality and sensitivity of FMP business processes, current vulnerabilities, and current systems development efforts. It will be conducted by
State IT staff and therefore have no funding requirements. As part of the Department’s efforts in certifying and accrediting all enterprise-wide systems in accordance with PDD 63, resources will validate that BCCPs exist and are tested on a periodic basis. Funding has been provided to establish this function in IRM. Additional funding will be required for the program bureaus to establish and test BCCPs.
The development of Business Continuity and Contingency Plans will begin in FY 2002 with their development and testing estimated to be completed in FY 2003. Estimated costs for the development of business continuity plans and facilities are $1,000,000 in FY 2002 and $1,000,000 in FY 2003.
Key Milestones:
[end]
$2,000,000System Contingency Plans - Alan EvansBusiness Operations Continuity Plans - TBDBusiness Continuity and Contingency Plans
100% Mainframe Backup capability between Truman Building and BIMC | Complete |
RFMS Contingency Plan | April 2002 |
FSN Payroll Contingency Plans | July 2002 |
Business Operations Continuity Plans – Developed as part of the consolidation of FSC Paris and Washington financial operations in FSC Charleston | September 2003 |
Project Name: Regional Financial Management System (RFMS)
Project Manager:
Total Estimated Cost:
Project Description:
RFMS will replace the two legacy overseas financial systems in operation at the Charleston, Bangkok, and Paris FSCs with one system that's compliant with applicable Joint Financial Management Improvement Program (JFMIP) core system requirements. FMP's long term financial management strategy calls for improvements in both business practices and systems with the ultimate goal being a single integrated financial system through data standardization, common business processes, and seamless exchange of information among the Department's financial management and administrative environments. The project consists of two large subprojects: (1) custom development of Disbursing, and (2) the integration of Disbursing and other DoS financial systems with American Management Systems' Momentum Financials, a COTS accounting system.
The project will implement the COTS package Momentum with minimal customization in conjunction with a custom developed Disbursing system to support State’s regional overseas financial business processes. In several areas, State will modify its business practices to match Momentum functionality. Strategically, RFMS will help State modernize a regional cross-servicing function that State has performed for USG overseas missions for nearly 40 years. This has evolved and been optimized over time from finance and disbursing at every post, to performing those functions at 23 large post-based Financial Management Centers, and currently to three (3) regional FSCs, and ultimately will be consolidated to two (2) FSCs. RFMS will support and facilitate this business process improvement and modernization.
The new platforms that RFMS will operate under will be faster and cheaper to operate. The desktop interface to RFMS will be more intuitive and easier to operate. With RFMS fully implemented, the FSCs will use a common system with common processes. Financial data will be compatible and consistent between the FSCs and the Central Financial Management System in Washington.
Key Milestones:
$43,937,000Alan Evans In response to the findings of two vulnerability reviews of State’s network infrastructure, the Department is planning the establishment of a Vulnerability Assessment Working Group that will be charged with analyzing the results of the reviews and developing a risk mitigation plan of action with appropriate milestones. Cost estimates for remediation of network vulnerabilities were not available at the time of release of this plan and their development will also be part of the Working Group’s responsibilities. State’s overseas financial management systems have a number of limitations that impact the (1) timely recognition of revenue, cash and budgetary resources, (2) carry-forward of prior-year funding (recoveries), (3) tracking of unliquidated obligations, and (4) reconciliation of fund balances with Treasury. These limitations and the interface weakness described above (see Enhanced Interfaces) impair State's ability to produce timely and accurate financial statements and information useful to management. CFPS will enable the timely and accurate reporting of spending and cost information, and associate that information with budget, strategic goals and program outputs. Implementation of CFPS will promote compliance with A-127 requirements by enhancing systems capability to support the legal and regulatory requirements of the Department, including the Government Performance and Results Act (GPRA) and Managerial Cost Accounting Standards. State’s Consolidated American Payroll Processing System (CAPPS) and CFMS interfaces to the overseas financial systems maintained by the Financial Service Centers (FSC) were designed many years ago. They contain domestically entered disbursements ("477" records) that need to be matched with obligations established in State’s overseas systems. The interfaces have a number of shortcomings that result in numerous rejections of transactions. Enhancements will focus on reducing transaction rejections to an insignificant level. In addition to the CAPPS and CFMS to overseas interfaces, the overseas interface to CFMS, which was designed in the late 1980s, submits accounting summary level data for overseas-held allotment transactions ("60" records) and detailed transactions for collections and disbursements for domestic-held allotments ("477" records) on a monthly basis. This is an untimely process and the reconciliation between disbursements and obligations results in high rejection rates. The interface between the overseas FSC and CFMS for the "60" records is being totally re-engineered to change the frequency and the level of detail. This will allow financial managers to have up-to-date fund status, revenue data, and obligation status. It will also allow for the matching of payments made domestically against obligations made overseas. Required corrections to systems and/or interfaces began in FY 2001 and will be completed in FY 2002. Estimated cost is $1,435,000. See Appendix I – 3for additional information. State has procured and is installing financial reporting software to: (1) fulfill the FACTS II reporting requirements mandated by the Department of the Treasury; (2) provide the capability of transmitting an electronic file of financial and budgetary information to the Department of the Treasury and the Office of Management and Budget; (3) facilitate the preparation, consolidation and reporting of interim and annual financial statements; (4) improve the timeliness of the financial reporting process; and (5) enhance the Department’s financial analysis capabilities. The projected completion date of this initiative is November 2002 at an estimated cost of $825,000. See Appendix I - 2 for additional information.Building on the success of Phase I, a Phase II to State’s asset initiatives focuses on accounting for personal property using the Fixed Assets System. Upon completion, personal property amounts will be reported directly from State’s general ledger. Estimated completion of this project is by April 2002 at an estimated cost of $744,000. See Appendix I – 1for additional information.A: Timely and Useful Information | B: Sole Source of Information | C: Systems Security | D: Business Continuity and Contingency Planning | Completion Date | Estimated Resources (in dollars) | |
Projects | 1. Unliquidated obligation balances | 1. SGL not source for financial statements | 1. Mainframe access controls vulnerabilities | 1. CFMS contingency plan not established | ||
Mainframe Access Controls Security Projects |
|
| X |
| Complete |
|
CFMS Security Improvements |
|
| X |
| Complete |
|
CFMS Mainframe Contingency Plan |
|
|
| X | Complete |
|
Paris FSC Mainframe Contingency Plan |
|
|
| X | Complete |
|
Unliquidated Obligation System and Procedures | X |
|
|
| Complete |
|
CFMS Enhancement Projects: |
|
|
|
|
|
|
1. Project Cost Accounting System |
| X |
|
| Complete |
|
2. Fixed Assets: Phase I – Real Property |
| X |
|
| Complete |
|
3. Fixed Assets: Phases II – Personal Property |
| X |
|
| April 2002 | $744,000 |
Financial reporting software | X | November 2002 | $825,000 | |||
Enhanced Interfaces | X | X | September 2002 | $1,435,000 | ||
Central Financial Planning System (CFPS) | X | X | April 2003 | $4,300,000 | ||
Regional Financial Management System (RFMS) | X | X | September 2003 | $43,937,000 | ||
Business Continuity Plans |
|
|
| X | September 2003 | $2,000,000 |
Information Systems Network Security |
|
| X |
| September 2003 | TBD |
I. Introduction
This Remediation Plan (Plan) fulfills the Department of State’s (State) statutory reporting requirement under the Federal Financial Management Improvement Act of 1996 (FFMIA). FFMIA requires an agency to submit a Remediation Plan when the agency’s financial systems are not in substantial compliance with Federal accounting standards, the United States Government Standard General Ledger (SGL) at the transaction level, or Federal financial management systems requirements. The audit of State’s FY 2000 Financial Statements issued by the Office of Inspector General and concurred with by State management, while free of material misstatements, found that State’s financial management systems were not in substantial compliance with applicable Federal financial management systems requirements. This Plan updates and amends State’s initial FFMIA Remediation Plan filed with OMB in March 2000 in response to State’s determination for fiscal years (FY) 1998 and 1999. As detailed in the Plan, State expects to bring its financial management systems into substantial compliance with the FFMIA by the end of FY 2003. Projects identified in this Plan have been integrated into State’s IT capital planning process. The Bureau of Financial Management and Policy (FMP) has overall responsibility for State’s financial management systems.
II.
BackgroundIn 1996, Congress enacted the FFMIA (Public Law 104-208). FFMIA is intended to improve Federal financial management by ensuring that Federal financial management systems provide reliable, consistent disclosure of financial data in accordance with generally accepted accounting principles and standards. FFMIA requires each agency to implement and maintain systems that comply substantially with (1) Federal accounting standards, (2) the SGL at the transaction level, and (3) Federal financial management systems requirements. FFMIA also requires that agencies determine, in coordination with the Independent Auditor’s Report, whether their systems substantially comply with FFMIA. Agencies that determine that their financial systems do not substantially comply are required to develop a remediation plan and submit the plan to the Office of Management and Budget (OMB).
On January 4, 2001, OMB issued Revised Implementation Guidance for the Federal Financial Management Improvement Act. In doing so, OMB established an overall "litmus" test of FFMIA compliance.
Agencies that can:
- Prepare financial statements and other required financial and budget reports using information generated by the financial management system(s);
- Provide reliable and timely financial information for managing current operations;
- Account for their assets reliably, so that they can be properly protected from loss, misappropriation, or destruction; and
- Do all of the above in a way that is consistent with Federal accounting standards and the Standard General Ledger
are substantially compliant with FFMIA.
III. Fiscal Years 2000 and 2001 Results
State continued to maintain substantial compliance with two of the three components of FFMIA – Federal accounting standards and the SGL at the transaction level. However, the audit of State’s FY 2000 Financial Statements issued by the Office of Inspector General and concurred with by State management, while free of material misstatements, found that State’s financial management systems were not in substantial compliance with applicable Federal financial management system requirements. To be in substantial compliance with this requirement, OMB implementation guidance indicates that State must substantially:
- meet Circular A-127 requirements, including the requirement to support management’s fiduciary role by providing complete, reliable, consistent, timely and useful financial management information,
- follow JFMIP’s Federal Financial Management Systems Requirements calling for core financial management systems to support program and financial managers and be able to provide financial information to support internal and external reporting requirements, and
- comply with Circular A-130, Appendix III, requiring an adequate level of security to assure systems operate effectively, with appropriate safeguards, and plans to assure continuity of operations.
State recognizes the significance of this substantial noncompliance and made considerable progress during FYs 2000 and 2001 to correct these problems., presents a matrix of the projects identified by State to achieve substantial compliance, the areas of substantial non-compliance they address, their planned completion date, and estimated resources. Presented below is a brief description of those projects included in Figure 1 that have been completed. The Items are presented by area of substantial non-compliance that they address.
Figure 1: Projects Addressing FFMIA System Substantial Non-Compliances
The Office of Electronic Information, Bureau of Public Affairs, manages this site as a portal for information from the U.S. State Department. External links to other Internet sites should not be construed as an endorsement of the views or privacy policies contained therein.