Department of Homeland Security
Financial Management Challenges Gao ID: GAO-04-945T July 8, 2004The Homeland Security Act of 2002 brought together 22 agencies to create a new cabinet-level department focusing on reducing U.S. vulnerability to terrorist attacks, and minimizing damages and assisting in recovery from attacks that do occur. GAO has previously reported on the Department of Homeland Security's (DHS) financial management challenges and key elements necessary for reform. DHS continues to be faced with significant financial management challenges, including addressing existing internal control weaknesses and integrating redundant inherited financial management systems. Additionally, DHS is the largest entity in the federal government that is not subject to the Chief Financial Officers (CFO) Act of 1990 or the Federal Financial Management Improvement Act (FFMIA) of 1996. In light of these conditions, Congress asked GAO to testify on the financial management challenges facing DHS.
One of the challenges DHS faces is obtaining an unqualified financial statement audit opinion and fixing the previously identified internal control weaknesses that the department inherited from component agencies, as well as newly identified weaknesses. Component agencies took action to resolve 9 of the 30 internal control weaknesses DHS inherited, while 9 of the inherited weaknesses were combined and reported as material weaknesses in DHS's first Performance and Accountability Report and 5 were reported as reportable conditions. The remaining 7 inherited weaknesses were classified as observations and recommendations to management. In addition, improper payments, a significant and widespread challenge facing the federal government, can typically be traced to a lack of or breakdown in internal control. DHS would be remiss to not pay adequate attention to developing a strong internal control environment at the department. According to DHS officials, the department is in the early stages of acquiring a financial enterprise solution to consolidate and integrate its financial accounting and reporting systems. Similar projects have proven challenging and costly for other federal agencies. For example, efforts at the National Aeronautics and Space Administration failed to meet the needs of users and key stakeholders. To avoid similar problems, DHS must ensure commitment and extensive involvement from top management and users in the financial system development and integration. Currently, DHS is the only cabinet-level department in the federal government that is not subject to the CFO Act. As such, this department, with a fiscal year 2004 budget of nearly $40 billion and more than 180,000 employees, does not have a presidentially appointed CFO subject to Senate confirmation and is not required to comply with the requirements of FFMIA. DHS should not be the only cabinet-level department not covered by what is the cornerstone for pursuing and achieving the requisite financial management systems and capabilities in the federal government. S. 1567 would, among other things, amend the CFO Act to (1) add DHS as a CFO Act agency, and (2) require DHS to obtain an audit opinion on its internal controls. Enactment of this legislation will increase the likelihood that the financial management challenges at DHS will be overcome.
GAO-04-945T, Department of Homeland Security: Financial Management Challenges
This is the accessible text file for GAO report number GAO-04-945T
entitled 'Department of Homeland Security: Financial Management
Challenges' which was released on July 08, 2004.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
GAO:
Testimony:
Before the Subcommittee on Financial Management, the Budget, and
International Security, Committee on Governmental Affairs, U.S. Senate:
For Release on Delivery:
Expected at 10:30 a.m. EST Thursday, July 8, 2004:
DEPARTMENT OF HOMELAND SECURITY:
Financial Management Challenges:
Statement of McCoy Williams, Director:
Financial Management and Assurance:
GAO-04-945T:
GAO Highlights:
Highlights of GAO-04-945T, a testimony before the Subcommittee on
Financial Management, the Budget, and International Security,
Committee on Governmental Affairs, U.S. Senate
Why GAO Did This Study:
The Homeland Security Act of 2002 brought together 22 agencies to
create a new cabinet-level department focusing on reducing U.S.
vulnerability to terrorist attacks, and minimizing damages and
assisting in recovery from attacks that do occur. GAO has previously
reported on the Department of Homeland Security‘s (DHS) financial
management challenges and key elements necessary for reform.
DHS continues to be faced with significant financial management
challenges, including addressing existing internal control weaknesses
and integrating redundant inherited financial management systems.
Additionally, DHS is the largest entity in the federal government that
is not subject to the Chief Financial Officers (CFO) Act of 1990 or the
Federal Financial Management Improvement Act (FFMIA) of 1996.
In light of these conditions, the Subcommittee asked GAO to testify on
the financial management challenges facing DHS.
What GAO Found:
One of the challenges DHS faces is obtaining an unqualified financial
statement audit opinion and fixing the previously identified internal
control weaknesses that the department inherited from component
agencies, as well as newly identified weaknesses. Component agencies
took action to resolve 9 of the 30 internal control weaknesses DHS
inherited, while 9 of the inherited weaknesses were combined and
reported as material weaknesses in DHS‘s first Performance and
Accountability Report and 5 were reported as reportable conditions.
The remaining 7 inherited weaknesses were classified as observations
and recommendations to management. In addition, improper payments, a
significant and widespread challenge facing the federal government, can
typically be traced to a lack of or breakdown in internal control. DHS
would be remiss to not pay adequate attention to developing a strong
internal control environment at the department.
According to DHS officials, the department is in the early stages of
acquiring a financial enterprise solution to consolidate and integrate
its financial accounting and reporting systems. Similar projects have
proven challenging and costly for other federal agencies. For example,
efforts at the National Aeronautics and Space Administration failed to
meet the needs of users and key stakeholders. To avoid similar
problems, DHS must ensure commitment and extensive involvement from
top management and users in the financial system development and
integration.
Currently, DHS is the only cabinet-level department in the federal
government that is not subject to the CFO Act. As such, this
department, with a fiscal year 2004 budget of nearly $40 billion and
more than 180,000 employees, does not have a presidentially appointed
CFO subject to Senate confirmation and is not required to comply with
the requirements of FFMIA. DHS should not be the only cabinet-level
department not covered by what is the cornerstone for pursuing and
achieving the requisite financial management systems and capabilities
in the federal government. S. 1567 would, among other things, amend
the CFO Act to (1) add DHS as a CFO Act agency, and (2) require DHS to
obtain an audit opinion on its internal controls. Enactment of this
legislation will increase the likelihood that the financial management
challenges at DHS will be overcome.
www.gao.gov/cgi-bin/getrpt?GAO-04-945T.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact McCoy Williams at (202)
512-6906 or williamsm1@gao.gov.
[End of section]
Mr. Chairman and Members of the Subcommittee:
I am pleased to be here today to discuss financial management
challenges facing the Department of Homeland Security (DHS). When DHS
began operations in March 2003, it faced the daunting task of bringing
together 22 diverse agencies. Not since the creation of the Department
of Defense in the 1940s had the federal government undertaken a
transformation of this magnitude. Because of the challenges and risks
associated with the transformation and implementation of DHS, the sheer
size of the undertaking, and the prospect of serious consequences for
the nation should DHS fail to adequately address its management
challenges and risks, GAO designated the transformation and
implementation of DHS high-risk in January 2003.[Footnote 1] Our high-
risk program, established in 1990, has helped the executive branch and
the Congress to galvanize efforts to seek lasting solutions to high-
risk problems and challenges.
As we previously reported,[Footnote 2] DHS faces significant financial
management challenges, including (1) addressing the existing and newly
identified internal control weaknesses in the inherited components, and
(2) integrating a myriad of redundant financial management systems.
Enactment of the Department of Homeland Security Financial
Accountability Act (S. 1567) will enhance DHS's chances for overcoming
these challenges.
DHS, like other federal agencies, has a stewardship obligation to
prevent fraud, waste, and abuse; to use tax dollars appropriately; and
to ensure financial accountability to the President, the Congress, and
the American people. Management must establish effective internal
controls to safeguard assets, protect revenue, and make authorized
payments. Unfortunately, improper payments are a widespread and
significant problem receiving increased attention in the federal
government. Improper payments occur for many reasons including
insufficient oversight or monitoring, inadequate benefits eligibility
controls, and automated system deficiencies. However, based on our
previous work, one point is clear, the basic or root causes of improper
payments can typically be traced to a lack of or breakdown in internal
control. While DHS was not required to report improper payments for
fiscal year 2003, several of its inherited weaknesses clearly suggest
risk for improper payments and loss of revenue. DHS, as it addresses
inherited material weaknesses and integrates its business functions,
should pay close attention to implementing strong internal controls.
For the most part, DHS's component entities are using legacy financial
management systems that have a myriad of problems, such as disparate,
nonintegrated, outdated, and inefficient systems and processes. DHS
will need to focus on building future systems as part of its enterprise
architecture approach to ensure an overarching framework for the
agency's integrated financial management processes. Plans and standard
accounting policies and procedures must be developed and implemented to
integrate the various financial management environments under which
inherited agencies operate so that DHS can produce useful and timely
financial information.
Currently, DHS is the only cabinet-level department in the federal
government that is not subject to the Chief Financial Officers (CFO)
Act of 1990.[Footnote 3] As such, this department, with a fiscal year
2004 budget of nearly $40 billion and more than 180,000 employees, does
not have a presidentially appointed CFO subject to Senate confirmation
and is not required to comply with the requirements of the Federal
Financial Management Improvement Act of 1996 (FFMIA).[Footnote 4] The
goals of the CFO Act and related financial reform legislation, such as
FFMIA, are to provide the Congress and agency management with reliable
financial information for managing and making day-to-day decisions and
to improve financial management systems and controls to properly
safeguard the government's assets.
S. 1567, as passed by the Senate on November 21, 2003, would, among
other things, amend the CFO Act to (1) add DHS as a CFO Act agency, and
(2) require DHS to obtain an audit opinion on its internal controls.
While DHS's CFO has testified that the department complies with the
audit provisions of the CFO Act and will continue to do so, we believe
DHS should not be the only cabinet-level department not covered by what
is the cornerstone for pursuing and achieving the requisite financial
management systems and capabilities in the federal government. While
this administration has voluntarily complied with some provisions of
the CFO Act, making DHS subject to the CFO Act through enactment of S.
1567 would assist the department in facing and overcoming the financial
management challenges it faces and legislate future compliance with the
important provisions of the CFO Act and related legislation.
The perspectives we offer in this testimony are derived from work
completed by us, inspectors general, independent auditors, as well as
from executive guidance and testimony related to financial management
and DHS.
Addressing Internal Control Weaknesses:
DHS faces the challenge of correcting the previously identified
material weaknesses that the agencies brought with them to DHS, as well
as addressing newly identified weaknesses from DHS's first financial
statement audit and obtaining an unqualified or "clean" audit opinion.
I will first highlight the results of DHS's first financial statement
audit and then I will discuss some of DHS's internal control
weaknesses. Finally, as you requested, I will include in my statement
today a brief discussion of the growing governmentwide problem of
improper payments.
On its first financial statement audit, for the 7-month period from
March 1, 2003, to September 30, 2003, DHS received a qualified opinion
from its independent auditors on its consolidated balance sheet as of
September 30, 2003, due in part to the auditors' inability to determine
if certain asset balances reported by the U.S. Coast Guard were fairly
presented. In addition, auditors were unable to opine on the
consolidated statements of net costs and changes in net position,
combined statement of budgetary resources, and consolidated statement
of financing. The disclaimer on these statements was due to the
auditor's inability to observe certain inventory counts at Coast Guard,
among other things. In addition, the auditors reported numerous
internal control weaknesses, which I would now like to discuss.
Collectively, internal controls are an integral component of an
organization's management that provides reasonable assurance that the
organization achieves its objectives of (1) effective and efficient
operations, (2) reliable financial reporting, and (3) compliance with
laws and regulations. Internal controls are not one event, but a series
of actions and activities that occur throughout an entity's operations
and on an ongoing basis. When DHS was formed from 22 component
agencies, there were 30 identified internal control weaknesses that DHS
inherited. Component agencies took action to resolve 9 of these 30
weaknesses. These actions included reinstating procedures to accurately
estimate financial data, performing risk assessments of major systems,
and instituting processes to ensure accounts receivable and fixed
assets are properly recorded. Of the remaining 21 weaknesses,
* 9 were combined and reported as material weaknesses,[Footnote 5]
* 5 were combined and reported as reportable conditions,[Footnote 6]
and:
* 7 weaknesses were classified by the department's independent auditors
as observations and recommendations.[Footnote 7]
DHS's independent auditors reported 6 new internal control weaknesses
as of September 30, 2003, bringing the total number of DHS reportable
conditions to 14--7 of which are considered to be material weaknesses.
These weaknesses included the lack of procedures at DHS to verify the
accuracy and completeness of balances transferred on March 1, 2003, and
significant weaknesses with the number of qualified financial
management personnel employed by the department.
While DHS has taken steps to resolve some of the internal control
weaknesses it inherited from component agencies, continued focus on
resolving weaknesses and developing strong internal controls cannot be
understated. For example, increased attention has recently been paid to
the prevalence of improper payments in the federal government. Improper
payments occur for many reasons including insufficient oversight or
monitoring, inadequate eligibility controls, and automated system
deficiencies. However, based on our previous work, the basic or root
causes of improper payments can typically be traced to a lack of or
breakdown in internal control.
Improper payments include inadvertent errors, such as duplicate
payments and miscalculations; payments for unsupported or inadequately
supported claims; payments for services not rendered; payments to
ineligible beneficiaries; and payments resulting from outright fraud
and abuse by program participants and/or federal employees. In 2003,
the first year certain agencies were required by the Office of
Management and Budget to publicly report their improper payments, 15
agencies reported estimates of improper payments exceeding $35 billion.
We have included in appendix I, a summary of improper payment estimates
agencies reported in fiscal year 2003.
Additionally, I would like to highlight a few specific examples of
financial management challenges DHS faces.
Federal Emergency Management Agency (FEMA):
We recently performed a review of FEMA's property management. One of
our objectives was to determine whether controls were in place to
ensure that property acquired during the 5 months prior to FEMA
transferring its functions to DHS was properly accounted for in the
property management system.[Footnote 8] We found that FEMA continued to
lack the controls and key information necessary to ensure that personal
property is properly accounted for. For example, its property
management systems do not share common data identifiers such as serial
numbers or purchase order numbers. Without these data, we were unable
to perform certain tests to conclude whether or not FEMA properly
accounted for property it acquired prior to transferring to DHS.
Considering that FEMA reported approximately $355 million in property,
of which approximately 67 percent is considered sensitive and thus more
susceptible to theft or pilferage, strong internal controls over its
property systems are needed. Absent integrated or adequately interfaced
financial management systems with the key information necessary to
track and account for property, FEMA's property is vulnerable to loss
or misappropriation and there is an increased risk that property could
have been purchased and not recorded in FEMA's personal property
systems.
Customs:
Despite the former U.S. Customs Service's progress in implementing
recommendations we have made regarding the development of Customs'
planned import system, the Automated Commercial Environment
(ACE),[Footnote 9] numerous weaknesses remain. ACE is intended to
replace the current system used for collecting import-related data and
ensuring, among other things, that trade-related revenue is properly
collected and allocated. To ensure proper implementation of these
initiatives, DHS's management must continue to provide a sustained
level of commitment to its successful implementation. Until this system
is fully implemented, billions of dollars annually in trade-related
revenue will continue to be tracked by systems with inadequate
controls, leaving it increasingly susceptible to inaccurate reporting.
Coast Guard:
Concerns have been reported regarding the Coast Guard's Deepwater
Procurement Project (Deepwater), which began in 2002 and currently has
an estimated cost of $17 billion over 20 years--the largest in Coast
Guard's history.[Footnote 10] It is intended to replace or modernize by
2022 all assets used in missions that generally occur offshore.
However, it is already difficult to determine the degree to which the
Deepwater project is on track with regard to its original acquisition
schedule because the Coast Guard has not maintained and updated its
acquisition schedule. The absence of an up-to-date acquisition schedule
is a concern because it raises some question as to whether the
acquisition is being adequately managed and whether the government's
interests are being properly safeguarded. Further, a recent disclosure
that, just a few years into the acquisition, costs have risen by $2.2
billion indicates the need for a clear understanding of what assets are
being acquired, when they are being acquired, and at what cost. The
high cost and long-term needs of the Coast Guard coupled with the
absence of an up-to-date acquisition schedule early in the project
should make financial management of the Deepwater project a key
priority of DHS in order to prevent the project from greatly exceeding
cost estimates and ensure program goals are met.
Integrating Financial Systems:
Another significant challenge for DHS is developing a financial
management architecture with integrated systems and business processes.
According to DHS officials, the department is in the early stages of
acquiring a financial enterprise solution to consolidate and integrate
the department's financial accounting and reporting systems, including
budget, accounting and reporting, cost management, asset management,
and acquisition and grants functions. The project, which DHS has termed
"electronically Managing enterprise resources for government
effectiveness and efficiency" (eMerge2) was initiated in August 2003,
and DHS expects it to be completed in 2006 at a cost of approximately
$146 million.
While DHS is early in the process of acquiring an integrated financial
enterprise solution, similar projects have proven challenging and
costly for other federal agencies, such as the testimony on the
Department of Defense provided today by my colleague.[Footnote 11]
Additionally, we have reported on the efforts of National Aeronautics
and Space Administration[Footnote 12] (NASA) to acquire new information
systems. NASA is on its third attempt in 12 years to modernize its
financial management process and systems, and has spent about $180
million on its two prior failed efforts. One of the key impediments to
the success of integration efforts at NASA was the failure to involve
key stakeholders in the implementation or evaluation of system
improvements. As a result, new systems failed to meet the needs of key
stakeholders. To avoid similar problems, DHS must ensure commitment and
extensive involvement from top management and users in the financial
system development and integration.
Additionally, over the past year, DHS has reported that it has reduced
the number of its financial management service providers from the 19 at
the time DHS was formed to the 10 it currently uses. DHS has plans to
further consolidate to 7 providers. A DHS official estimated
approximately $5 million in savings through the reduction of the number
of financial management service centers.
Homeland Security Financial Accountability Act--S. 1567:
I would now like to talk about why we support the Homeland Security
Financial Accountability Act (S. 1567).[Footnote 13] S. 1567 as
introduced by you on August 1, 2003 and passed by the Senate on
November 21, 2003, would, among other things, amend the CFO Act to (1)
add DHS as a CFO Act agency and (2) require DHS to obtain an audit
opinion on its internal controls. Enactment of this legislation will
increase the likelihood that the challenges discussed earlier in my
testimony will be overcome.
Inclusion of DHS as a CFO Act Agency:
We strongly supported passage of the CFO Act in 1990 and continue to
strongly support its objectives of (1) giving the Congress and agency
decision makers reliable financial, cost, and performance information
both annually and, most important, as needed throughout the year to
assist in managing programs and making difficult spending decisions;
(2) dramatically improving financial management systems, controls, and
operations to eliminate fraud, waste, abuse, and mismanagement and
properly safeguard and manage the government's assets; and (3)
establishing effective financial organizational structures to provide
strong leadership. Achieving these goals is critical for establishing
effective management of any enterprise. We have seen unprecedented
progress in improving federal financial management that has resulted
since passage of the CFO Act and we strongly support amending the CFO
Act to include DHS.
The CFO Act requires the agency's CFO to develop and maintain an
integrated accounting and financial management system that provides for
complete, reliable, and timely financial information that facilitates
the systematic measurement of performance at the agency, the
development and reporting of cost information, and the integration of
accounting and budget information. The CFO is also responsible for all
financial management personnel and all financial management systems and
operations, which in the case of DHS would include the component CFOs
and their staff. The CFO is responsible for asset management as well.
The act also requires that the agency's CFO be qualified, appointed by
the President, approved by the Senate, and report to the head of the
agency. With the size and complexity of DHS and the many significant
financial management challenges it faces, it is important that DHS's
CFO is qualified for the position, displays leadership characteristics,
and is regarded as top management. Appointment of the CFO by the
President, subject to Senate confirmation, is one way to ensure that
the intent of the law is met. Currently, the CFO at DHS reports to the
Under Secretary for Management while directorate CFOs report to the
head of their respective directorates, not to DHS's CFO. Making DHS
subject to the CFO Act would assist the department in facing and
overcoming the financial management challenges inherent in its
formation and others that have come to light since its formation.
Under the Accountability of Tax Dollars Act of 2002,[Footnote 14] DHS,
as an executive branch agency with budget authority greater than $25
million, is required to obtain annual financial statement audits;
however, its auditors are not required to report on compliance with
FFMIA. FFMIA requires that CFO Act agencies implement and maintain
financial management systems that substantially comply with (1) federal
financial management systems requirements, (2) applicable federal
accounting standards, and (3) the U.S. Government Standard General
Ledger at the transaction level. The ability to produce the data
needed to efficiently and effectively manage the day-to-day operations
of the federal government and provide accountability to taxpayers has
been a long-standing challenge at most federal agencies.
Opinion on Internal Controls:
31 U.S.C. 3512(c), (d) (commonly known as the Federal Managers'
Financial Integrity Act of 1982 (FMFIA)) requires agencies to establish
internal controls that provide reasonable assurances that:
* obligations and costs are in compliance with applicable law,
* funds, property, and other assets are safeguarded against waste,
loss, unauthorized use, or misappropriation, and:
* revenues and expenditures applicable to agency operations are
properly recorded and accounted for to permit the preparation of
accounts and reliable financial and statistical reports and to maintain
accountability over the assets.
FMFIA requires the head of each agency to sign a statement as to
whether the agency's internal controls fully comply with the above
requirements or that they do not fully comply and the reasons why they
do not. In effect, this reporting is management assertion as to whether
the agency's internal controls are effective.
Current OMB guidance for audits of government agencies and
programs[Footnote 15] requires auditor reporting on internal control,
but not at the level of providing an opinion on internal control
effectiveness. We have long believed and the Comptroller General has
gone on record in congressional testimony[Footnote 16] that auditors
have an important role in providing an opinion on the effectiveness of
internal control over financial reporting and compliance with laws and
regulations in connection with major federal departments and agencies.
For a number of years, we have provided opinions on internal control
effectiveness for the federal entities that we audit because of the
importance of internal control in protecting the public's interest.
Specifically, we provide opinions on internal controls and compliance
with laws and regulations for our audits of the U.S. government's
consolidated financial statements, the financial statements of the
Internal Revenue Service and Federal Deposit Insurance Corporation, the
Schedules of Federal Debt managed by the Bureau of the Public Debt, and
numerous small entities' operations and funds. Our reports and related
efforts have engendered major improvements in internal control.
As part of the annual audit of GAO's own financial statements, we
practice what we recommend to others and contract with an independent
public accounting firm for both an opinion on our financial statements
and an opinion on the effectiveness of our internal control over
financial reporting and on compliance with laws and regulations. Our
goal is to lead the way in establishing the appropriate level of
auditor reporting on internal control for federal agencies, programs,
and entities receiving significant amounts of federal funding.
Additionally, three other agencies, the Social Security Administration
(SSA), General Services Administration (GSA), and the Nuclear
Regulatory Commission (NRC) voluntarily obtain separate opinions on
internal control effectiveness from their auditors, which is
commendable.
Also, publicly traded corporations recently were subjected to a
requirement to disclose management attestations on corporations'
internal controls and to obtain an audit opinion on those attestations.
A final rule issued by the Securities and Exchange Commission that took
effect in August 2003 and provides guidance for implementation of
Sections 302, 404, and 906 of the Sarbanes-Oxley Act of 2002,[Footnote
17] which requires publicly traded companies to establish and maintain
an adequate internal control structure and procedures for financial
reporting and include in the annual report a statement of management's
responsibility for and assessment of the effectiveness of those
controls and procedures in accordance with standards adopted by the
Securities and Exchange Commission.[Footnote 18] The final rule defines
this requirement and requires applicable companies to obtain a report
in which a registered public accounting firm issues an attestation on
management's assessment of the effectiveness of internal controls over
financial reporting.
Auditor reporting on internal control is a critical component of
monitoring the effectiveness of an organization's accountability. GAO
strongly believes that this is especially important for large, complex,
or challenged entities that use taxpayer dollars. By giving assurance
about internal control, auditors can better serve their clients and
other financial statement users and better protect the public interest
by having a greater role in providing assurances of the effectiveness
of internal control in deterring fraudulent financial reporting,
protecting assets, and providing an early warning of internal control
weaknesses. We believe auditor reporting on internal control is
appropriate and necessary for publicly traded companies and major
public entities alike. We also believe that such reporting is
appropriate in other cases where management assessment and auditor
examination and reporting on the effectiveness of internal control add
value and mitigate risk in a cost-beneficial manner.
We fully support having DHS, as well as all CFO Act agencies, obtain an
opinion on its internal control. If DHS is truly committed to becoming
a model federal agency, it should begin obtaining opinions on internal
control as soon as practical and set an example for other agencies to
follow and in keeping with the actions already taken by SSA, GSA, NRC,
and GAO.
In closing, the American people have increasingly demanded
accountability from government and the private sector. The Congress has
recognized, through legislation such as the CFO Act, that the federal
government must be held to the highest standards. We already know that
many of the larger agencies transferred to DHS have a history of poor
financial management systems and significant internal control
weaknesses. These known weaknesses provide further evidence that DHS's
systems and financial controls should be subject to the CFO Act and
thus FFMIA. We also strongly encourage DHS to become a model agency
and, as soon as practical, obtain an opinion on its internal controls
and report performance information in its accountability reports.
Mr. Chairman, this concludes my statement. I would be happy to answer
any questions you or other Members of the Subcommittee may have at this
time.
Contacts and Acknowledgments:
For information about this statement, please contact McCoy Williams,
Director, Financial Management and Assurance, at (202) 512-6906, or
Casey Keplinger, Assistant Director, at (202) 512-9323. You may also
reach them by e-mail at williamsm1@gao.gov or keplingerc@gao.gov.
Individuals who made key contributions to this testimony include Cary
Chappell, Heather Dunahoo, Saurav Prasad, and Scott Wrightson.
[End of section]
Appendix I: Table 1: Improper Payment Estimates Reported in Agency
Fiscal Year 2003 Performance and Accountability Reports.
Agency: 1. Department of Agriculture;
Program: 1. Food Stamps;
Reported amount of improper payments: $1,507,000,000.
Agency: 1. Department of Agriculture;
Program: 2. Commodity Loan Programs;
Reported amount of improper payments: $153,000,000.
Agency: 1. Department of Agriculture;
Program: 3. National School Lunch and Breakfast;
Reported amount of improper payments: $0.
Agency: 1. Department of Agriculture;
Program: 4. Women, Infants, and Children;
Reported amount of improper payments: $0.
Agency: 2. Department of Defense;
Program: 5. Military Retirement Fund;
Reported amount of improper payments: $33,087,000.
Agency: 2. Department of Defense;
Program: 6. Military Health Benefits;
Reported amount of improper payments: $53,484,000.
Agency: 3. Department of Education;
Program: 7. Student Financial Assistance--Pell Grants;
Reported amount of improper payments: $377,500,000;
Student Financial Assistance--non-program specific;
Reported amount of improper payments: $105,000,000.
Agency: 3. Department of Education;
Program: 8. Title I;
Reported amount of improper payments: $0.
Agency: 4. Department of Health and Human Services;
Program: 9. Medicaid;
Reported amount of improper payments: $0.
Agency: 4. Department of Health and Human Services;
Program: 10. Medicare;
Reported amount of improper payments: $11,600,000,000.
Agency: 4. Department of Health and Human Services;
Program: 11. Head Start;
Reported amount of improper payments: $0.
Agency: 4. Department of Health and Human Services;
Program: 12. Temporary Assistance for Needy Families;
Reported amount of improper payments: $0.
Agency: 4. Department of Health and Human Services;
Program: 13. Foster Care--Title IV-E;
Reported amount of improper payments: $0.
Agency: 4. Department of Health and Human Services;
Program: 14. State Children's Insurance Program;
Reported amount of improper payments: $0.
Agency: 4. Department of Health and Human Services;
Program: 15. Child Care and Development Fund;
Reported amount of improper payments: $0.
Agency: 5. Department of Housing and Urban Development;
Program: 16. Low Income Public Housing;
Reported amount of improper payments: $650,000,000.
Agency: 5. Department of Housing and Urban Development;
Program: 17. Section 8 Tenant Based;
Reported amount of improper payments: $1,215,000,000.
Agency: 5. Department of Housing and Urban Development;
Program: 18. Section 8 Project Based;
Reported amount of improper payments: $662,000,000.
Agency: 5. Department of Housing and Urban Development;
Program: 19. Community Development Block Grant (Entitlement Grants,
States/ Small Cities);
Reported amount of improper payments: $0.
Agency: 6. Department of Labor;
Program: 20. Unemployment Insurance;
Reported amount of improper payments: $4,225,000,000.
Agency: 6. Department of Labor;
Program: 21. Federal Employees' Compensation Act;
Reported amount of improper payments: $9,055,000.
Agency: 6. Department of Labor;
Program: 22. Workforce Investment Act;
Reported amount of improper payments: $3,066,075.
Agency: 7. Department of Treasury;
Program: 23. Earned Income Tax Credit;
Reported amount of improper payments: $10,500,000,000.
Agency: 8. Department of Transportation;
Program: 24. Airport Improvement Program;
Reported amount of improper payments: $14,000,000.
Agency: 8. Department of Transportation;
Program: 25. Highway Planning and Construction;
Reported amount of improper payments: $1,400,000.
Agency: 8. Department of Transportation;
Program: 26. Federal Transit--Capital Investment Grants;
Reported amount of improper payments: $32,000,000.
Agency: 8. Department of Transportation;
Program: 27. Federal Transit--Formula Grants;
Reported amount of improper payments: $64,000,000.
Agency: 9. Department of Veterans Affairs;
Program: 28. Compensation;
Reported amount of improper payments: $129,063,000.
Agency: 9. Department of Veterans Affairs;
Program: 29. Dependency and Indemnity Compensation;
Reported amount of improper payments: $0.
Agency: 9. Department of Veterans Affairs;
Program: 30. Pension;
Reported amount of improper payments: $250,535,000.
Agency: 9. Department of Veterans Affairs;
Program: 31. Insurance Programs;
Reported amount of improper payments: $261,000.
Agency: 10. Environmental Protection Agency;
Program: 32. Clean Water State Revolving Funds;
Reported amount of improper payments: $.13%;
Reported as a rate, no amount.
Agency: 10. Environmental Protection Agency;
Program: 33. Drinking Water State Revolving Funds;
Reported amount of improper payments: $.04%; Reported as a rate, no
amount.
Agency: 11. National Science Foundation;
Program: 34. Research and Education Grants and Cooperative Agreements;
Reported amount of improper payments: $0.
Agency: 12. Office of Personnel Management;
Program: 35. Retirement Program (Civil Service Retirement System and
Federal Employees Retirement System);
Reported amount of improper payments: $177,300,000.
Agency: 12. Office of Personnel Management;
Program: 36. Federal Employees Health Benefits Program;
Reported amount of improper payments: $28,200,000.
Agency: 12. Office of Personnel Management;
Program: 37. Federal Employees Group Life Insurance;
Reported amount of improper payments: $448,000.
Agency: 13. Railroad Retirement Board;
Program: 38. Retirement and Survivors Benefits;
Reported amount of improper payments: $168,327,370.
Agency: 13. Railroad Retirement Board;
Program: 39. Railroad Unemployment Insurance Benefits;
Reported amount of improper payments: $2,778,000.
Agency: 14. Small Business Administration;
Program: 40. 7(a) Business Loan Program;
Reported amount of improper payments: $13,000,000.
Agency: 14. Small Business Administration;
Program: 41. 504 Certified Development Companies;
Reported amount of improper payments: None.
Agency: 14. Small Business Administration;
Program: 42. Disaster Assistance;
Reported amount of improper payments: $0[A].
Agency: 14. Small Business Administration;
Program: 43. Small Business Investment Companies;
Reported amount of improper payments: $0[B].
Agency: 15. Social Security Administration;
Program: 44. Old Age and Survivors' Insurance;
Reported amount of improper payments: $600,000,000.
Agency: 15. Social Security Administration;
Program: 45. Disability Insurance;
Reported amount of improper payments: $340,000,000.
Agency: 15. Social Security Administration;
Program: 46. Supplemental Security Income Program;
Reported amount of improper payments: $2,740,000,000.
Total;
31 of 46 agency programs reported estimated amounts;
Reported amount of improper payments: $35,654,504,445.
Source: Agency fiscal year 2003 Performance and Accountability Reports
(data); GAO (analysis).
Note: An "0" indicates that the agency did not report amounts for the
program.
[A] SBA reported improper payment rates and amounts for certain
disaster loans; it did not provide a programwide estimate of improper
payments.
[B] SBA reported potential improper payment rates and amounts for
certain small business investment company transactions; it did not
provide a programwide estimate of improper payments.
[End of table]
Selected GAO Products Related DHS's Financial Management Challenges:
U.S. General Accounting Office, Department of Homeland Security:
Challenges and Steps in Establishing Sound Financial Management, GAO-
03-1134T (Washington, D.C.: Sept. 10, 2003).
U.S. General Accounting Office, Fiscal Year 2002 U.S. Government
Financial Statements: Sustained Leadership and Oversight Needed for
Effective Implementation of Financial Management Reform, GAO-03-572T
(Washington, D.C.: Apr. 8, 2003).
U.S. General Accounting Office, Customs Service Modernization:
Automated Commercial Environment Progressing, but Further Acquisition
Management Improvements Needed, GAO-03-406 (Washington, D.C.: Feb. 28,
2003).
U.S. General Accounting Office, Transportation Security
Administration: Actions and Plans to Build a Results-Oriented Culture,
GAO-03-190 (Washington, D.C.: Jan. 17, 2003).
U.S. General Accounting Office, High-Risk Series: An Update, GAO-03-119
(Washington, D.C.: January 2003).
U.S. General Accounting Office, Major Management Challenges and Program
Risks: Federal Emergency Management Agency, GAO-03-113 (Washington,
D.C.: January 2003).
U.S. General Accounting Office, Major Management Challenges and Program
Risks: Department of the Treasury, GAO-03-109 (Washington, D.C.:
January 2003).
U.S. General Accounting Office, Major Management Challenges and Program
Risks: Department of Justice, GAO-03-105 (Washington, D.C.: January
2003).
U.S. General Accounting Office, Major Management Challenges and Program
Risks: Department of Homeland Security, GAO-03-102 (Washington, D.C.:
January 2003).
U.S. General Accounting Office, Financial Management: FFMIA
Implementation Necessary to Achieve Accountability, GAO-03-31
(Washington, D.C.: Oct. 1, 2002).
U.S. General Accounting Office, Homeland Security: Critical Design and
Implementation Issues, GAO-02-957T (Washington, D.C.: July 17, 2002).
U.S. General Accounting Office, A Model of Strategic Human Capital
Management, GAO-02-373SP (Washington, D.C.: March 2002).
U.S. General Accounting Office, Executive Guide: Creating Value Through
World-class Financial Management, GAO/AMID-00-134 (Washington, D.C.:
April 2000).
(195046):
FOOTNOTES
[1] U.S. General Accounting Office, High-Risk Series: An Update, GAO-
03-119 (Washington, D.C.: January 2003).
[2] For example, see U.S. General Accounting Office, Major Management
Challenges and Program Risk: Department of Homeland Security, GAO-03-
102 (Washington, D.C.: January 2003) and Department of Homeland
Security: Challenges and Steps in Establishing Sound Financial
Management, GAO-03-1134T (Washington, D.C.: Sept. 10, 2003).
[3] Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990).
[4] FFMIA, Pub. L. No. 104-208, div. A, §101(f), title VIII, 110 stat.
3009, 3009-389 (Sept. 30, 1996). FFMIA requires the major departments
and agencies covered by the CFO Act to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards, and (3) the federal government's standard general ledger at
the transaction level.
[5] A material weakness is a condition that precludes the entity's
internal control from providing reasonable assurance that
misstatements, losses, or noncompliance material in relation to the
financial statements or to the stewardship information would be
prevented or detected on a timely basis.
[6] Reportable conditions are matters coming to auditor's attention
that, in their judgment, should be communicated because these represent
significant deficiencies in the design or operation of internal control
that could adversely affect the federal government's ability to meet
the internal control objectives.
[7] Observations and recommendations are weaknesses that do not meet
the criteria for reportable conditions that are typically communicated
from the auditor to the appropriate level of entity management in a
management letter.
[8] Prior to its transfer to DHS, FEMA was 1 of the 24 CFO Act
agencies.
[9] U.S. General Accounting Office, Customs Service Modernization:
Automated Commercial Environment Progressing, but Further Acquisition
Management Improvements Needed, GAO-03-406 (Washington D.C.: Feb. 28,
2003).
[10] U.S. General Accounting Office, Coast Guard: Deepwater Program
Acquisition Schedule Update Needed, GAO-04-695 (Washington D.C. June
14, 2004).
[11] U.S. General Accounting Office, Department of Defense: Financial
and Business Management Transformation Hindered by Long-standing
Problems, GAO-04-941T (Washington, D.C.: July 8, 2004).
[12] U.S. General Accounting Office, Information Technology:
Architecture Needed to Guide NASA's Financial Management Modernization,
GAO-04-43 (Washington, D.C.: Nov. 21, 2003) and U.S. General Accounting
Office, National Aeronautics and Space Administration: Significant
Actions Needed to Address Long-standing Financial Management Problems,
GAO-04-754T (Washington, D.C.: May 19, 2004).
[13] The U.S. House of Representatives is considering a related bill
with similar provisions, the Department of Homeland Security Financial
Accountability Act, H.R. 4259.
[14] Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002).
[15] Office of Management and Budget, Audit Requirements for Federal
Financial Statements, Bulletin 01-02 (Washington, D.C.: Oct. 16, 2000).
[16] U.S. General Accounting Office, Fiscal Year 2002 U.S. Government
Financial Statements: Sustained Leadership and Oversight Needed for
Effective Implementation of Financial Management Reform, GAO-03-572T
(Washington, D.C.: Apr. 8, 2003).
[17] Pub. L. No. 107-204, §§302, 404, 906 116 Stat. 745, 777, 789, 806
(July 30, 2002).
[18] The Securities and Exchange Commission approved the Public Company
Accounting Oversight Board's Auditing Standard Number 2, An Audit of
Internal Control Over Financial Reporting Performed in Conjunction With
an Audit of Financial Statements, on June 17, 2004. This guidance
provides standards and related performance guidance for independent
audits as they attest to, and report on, management's assessment of the
effectiveness of internal control over financial reporting under
Section 404 of the Sarbanes-Oxley Act of 2002.
