Financial Management
Department of Homeland Security Faces Significant Financial Management Challenges Gao ID: GAO-04-774 July 19, 2004When the Department of Homeland Security (DHS) began operations in March 2003, it faced the daunting task of bringing together 22 diverse agencies. This transformation poses significant management and leadership challenges, including integrating a myriad of redundant financial management systems and addressing the existing weaknesses in the inherited components, as well as newly identified weaknesses. This review was performed to (1) identify the financial management systems' weaknesses DHS inherited from the 22 component agencies, (2) assess DHS's progress in addressing those weaknesses, (3) identify plans DHS has to integrate its financial management systems, and (4) review whether the planned systems DHS is developing will meet the requirements of relevant financial management improvement laws.
DHS inherited 30 reportable internal control weaknesses identified in prior component financial audits with 18 so severe they were considered material weaknesses. These weaknesses include insufficient internal controls, system security deficiencies, and incomplete policies and procedures necessary to complete basic financial information. Of the four inherited component agencies that had previously been subject to stand-alone audits, all four agencies' systems were found not to be in substantial compliance with the requirements of the Federal Financial Management Improvement Act (FFMIA), an indicator of whether a federal entity can produce reliable data for management and reporting purposes. Component agencies took varied actions to resolve 9 of the 30 inherited internal control weaknesses. The remaining 21 weaknesses were combined and reported as material weaknesses or reportable conditions in DHS's first Performance and Accountability Report, or were reclassified by independent auditors as lower-level observations and recommendations. Combining or reclassifying weaknesses does not resolve the underlying internal control weakness, or mean that challenges to address them are less than they would have been prior to the establishment of DHS. DHS is in the early stages of acquiring a financial enterprise solution to consolidate and integrate its business functions. Initiated in August 2003, DHS expects the financial enterprise solution to be fully deployed and operational in 2006 at an estimated cost of $146 million. Other agencies have failed in attempts to develop financial management systems with fewer diverse operations. Success will depend on a number of variables, including having an effective strategic management framework, sustained management oversight, and user acceptance of the efforts. It is too early to tell whether DHS's planned financial enterprise solution will be able to meet the requirements of relevant financial management improvement laws. As of June 2004, DHS is not subject to the CFO Act and thus FFMIA, which is applicable only to agencies subject to the CFO Act. While DHS is currently not required to report on compliance with FFMIA, its auditors disclosed systems deficiencies that would have likely resulted in noncompliance issues.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-04-774, Financial Management: Department of Homeland Security Faces Significant Financial Management Challenges
This is the accessible text file for GAO report number GAO-04-774
entitled 'Financial Management: Department of Homeland Security Faces
Significant Financial Management Challenges' which was released on July
29, 2004.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Ranking Minority Member, Committee on Governmental
Affairs, U.S. Senate:
July 2004:
FINANCIAL MANAGEMENT:
Department of Homeland Security Faces Significant Financial Management
Challenges:
GAO-04-774:
GAO Highlights:
Highlights of GAO-04-774, a report to The Honorable Joseph I.
Lieberman, Ranking Minority Member, Committee on Governmental Affairs,
U.S. Senate:
Why GAO Did This Study:
When the Department of Homeland Security (DHS) began operations in
March 2003, it faced the daunting task of bringing together 22 diverse
agencies. This transformation poses significant management and
leadership challenges, including integrating a myriad of redundant
financial management systems and addressing the existing weaknesses in
the inherited components, as well as newly identified weaknesses.
This review was performed to (1) identify the financial management
systems‘ weaknesses DHS inherited from the 22 component agencies, (2)
assess DHS‘s progress in addressing those weaknesses, (3) identify
plans DHS has to integrate its financial management systems, and (4)
review whether the planned systems DHS is developing will meet the
requirements of relevant financial management improvement laws.
What GAO Found:
DHS inherited 30 reportable internal control weaknesses identified in
prior component financial audits with 18 so severe they were considered
material weaknesses. These weaknesses include insufficient internal
controls, system security deficiencies, and incomplete policies and
procedures necessary to complete basic financial information. Of the
four inherited component agencies that had previously been subject to
stand-alone audits, all four agencies‘ systems were found not to be in
substantial compliance with the requirements of the Federal Financial
Management Improvement Act (FFMIA), an indicator of whether a federal
entity can produce reliable data for management and reporting purposes.
Component agencies took varied actions to resolve 9 of the 30 inherited
internal control weaknesses. The remaining 21 weaknesses were combined
and reported as material weaknesses or reportable conditions in DHS‘s
first Performance and Accountability Report, or were reclassified by
independent auditors as lower-level observations and recommendations.
Combining or reclassifying weaknesses does not resolve the underlying
internal control weakness, or mean that challenges to address them are
less than they would have been prior to the establishment of DHS. The
following table summarizes the current status of the weaknesses DHS
inherited from component agencies.
Status of 30 Inherited Weaknesses in 2003 Audit
[See PDF for image]
[End table]
DHS is in the early stages of acquiring a financial enterprise solution
to consolidate and integrate its business functions. Initiated in
August 2003, DHS expects the financial enterprise solution to be fully
deployed and operational in 2006 at an estimated cost of $146 million.
Other agencies have failed in attempts to develop financial management
systems with fewer diverse operations. Success will depend on a number
of variables, including having an effective strategic management
framework, sustained management oversight, and user acceptance of the
efforts.
It is too early to tell whether DHS‘s planned financial enterprise
solution will be able to meet the requirements of relevant financial
management improvement laws. As of June 2004, DHS is not subject to the
CFO Act and thus FFMIA, which is applicable only to agencies subject to
the CFO Act. While DHS is currently not required to report on
compliance with FFMIA, its auditors disclosed systems deficiencies that
would have likely resulted in noncompliance issues.
What GAO Recommends:
GAO is making eight recommendations to improve financial management at
DHS, including recommendations to give continued attention to resolving
all previously reported internal control weaknesses and adhere to FFMIA
requirements even though not statutorily required to do so. GAO also
believes Congress should enact legislation to designate DHS as a Chief
Financial Officers Act (CFO Act) agency. DHS generally agreed with the
overall findings and recommendations.
www.gao.gov/cgi-bin/getrpt?GAO-04-774.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact McCoy Williams at (202)
512-6906 or williamsm1@gao.gov.
[End section]
Contents:
Letter:
Results in Brief:
Background:
DHS Inherited Significant Weaknesses from Its Component Agencies:
Some Progress Made in Addressing Inherited Weaknesses:
DHS Is in the Early Stages of Integrating Its Financial Management
Systems:
It Is Not Known Whether DHS's Planned Financial Management Systems Will
Be Able to Meet the Requirements of Relevant Financial Management
Improvement Laws:
Conclusions:
Matter for Congressional Consideration:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendixes:
Appendix I: Scope and Methodology:
Appendix II: Material Weaknesses and Reportable Conditions at DHS for
Fiscal Year 2003:
Appendix III: Disposition of Reported Internal Control Weaknesses by
Component:
Appendix IV: Comments from the Department of Homeland Security:
Tables:
Table 1: Status of 30 Inherited Weaknesses in 2003 Audit:
Table 2: Decreases in Service Providers from March 2003 to May 2004:
Table 3: Key Financial Management Improvement Laws:
Figure:
Figure 1: Phase I Timeline:
Letter July 19, 2004:
The Honorable Joseph I. Lieberman:
Ranking Minority Member:
Committee on Governmental Affairs:
United States Senate:
Dear Senator Lieberman:
When the Department of Homeland Security (DHS) began operations in
March 2003, it faced the daunting task of bringing together 22 diverse
agencies. Not since the creation of the Department of Defense had the
federal government undertaken a transformation of this magnitude. As we
previously reported,[Footnote 1] such a consolidation poses significant
management and leadership challenges, including integrating a myriad of
redundant financial management systems and addressing the existing and
newly identified weaknesses in the inherited components.
You asked us to review DHS's progress in addressing financial
management weaknesses and integrating its financial systems. This
report (1) identifies the financial management systems' weaknesses DHS
inherited from the 22 component agencies, (2) assesses DHS's progress
in addressing those weaknesses, (3) identifies plans DHS has to
integrate its financial management systems, and (4) reviews whether the
planned systems DHS is developing will meet the requirements of
relevant financial management improvement laws.[Footnote 2]
Our work is based primarily on reviews of DHS's Performance and
Accountability Report for fiscal year 2003 and prior period component
agency annual financial reports, when available. We interviewed DHS
officials and obtained documents related to DHS's financial management
systems integration project. In addition, we reviewed our and Office of
Inspector General (OIG) previously issued reports and relevant laws and
regulations. A more detailed discussion of our scope and methodology
can be found in appendix I. We conducted our work from October 2003
through June 2004 in accordance with U.S. generally accepted government
auditing standards.
Results in Brief:
When DHS began operating in March 2003, it inherited 22 component
agencies, approximately 180,000 employees, about 100 resource
management systems, and 30 reportable internal control
conditions[Footnote 3] identified in prior component financial audits.
Of the 30 reportable conditions, 18 were so severe they were considered
material weaknesses.[Footnote 4] Among these weaknesses were
insufficient internal controls or processes to reliably report
financial information such as revenue, accounts receivable, and
accounts payable; significant system security deficiencies; financial
systems that required extensive manual processes to prepare financial
statements; and incomplete policies and procedures necessary to
complete basic financial management activities. Further, of the four
component agencies that had previously been subject to stand-alone
audits, all four agencies' systems were found not to be in substantial
compliance with the requirements of the Federal Financial Management
Improvement Act of 1996 (FFMIA),[Footnote 5] an indicator of whether a
federal entity can produce reliable data for management and reporting
purposes. Because most of the components that transferred to DHS were
comparatively small components of their former department, they had not
been subjected to significant financial statement audit scrutiny prior
to transfer. Thus, it was unknown at the time of transfer whether
additional internal control weaknesses existed in those components.
Component agencies took action to resolve 9 of the 30 internal control
weaknesses DHS inherited from component agencies. These actions
included reinstating procedures to accurately estimate financial data,
performing risk assessments of major systems, and instituting processes
to ensure accounts receivable and fixed assets are properly recorded.
Another 9 of the inherited weaknesses were combined and reported as
material weaknesses in DHS's first Performance and Accountability
Report, while 5 were combined and reported as reportable conditions.
Although combining or reclassifying weaknesses reduces the overall
number of weaknesses, it does not resolve the underlying internal
control weakness or reduce the level of effort that will be needed to
mitigate the weakness. The remaining 7 weaknesses were classified by
the department's independent auditors as observations and
recommendations.[Footnote 6] Finally, auditors reported 6 additional
weaknesses as of September 30, 2003, bringing the total number of DHS
reportable conditions to 14 for fiscal year 2003, 7 of which were
considered to be material weaknesses. DHS has developed or begun to
develop corrective action plans to address 10 of the 14 internal
control weaknesses identified in the 2003 financial audit. Sustained
attention must be given to resolving all previously reported
weaknesses, regardless of their current designation at DHS.
DHS is in the early stages of acquiring a financial enterprise solution
to consolidate and integrate the department's financial accounting and
reporting systems, including budget, accounting and reporting, cost
management, asset management, and acquisition and grants functions.
According to DHS, the department initiated a financial management
systems integration project in August 2003. The completed project is
expected to be fully deployed and operational in 2006 at an estimated
cost of approximately $146 million. Other agencies have failed in
attempts to develop financial management systems with fewer diverse
operations. An effective strategic management framework, sustained
management oversight, and user acceptance of the efforts, among other
things, will be keys to DHS's success. As an interim effort, DHS is
working to consolidate the number of legacy financial systems, and
reports that it has reduced the overall number of financial service
providers. We plan to monitor DHS's efforts as part of our consolidated
financial statement audit of the U.S. government.
It is too early to tell whether DHS's planned financial enterprise
solution will be able to meet the requirements of relevant financial
management improvement laws it is currently subject to. As of June
2004, DHS is not subject to the Chief Financial Officers Act of
1990[Footnote 7] (CFO Act) and thus is exempt from FFMIA, which is only
applicable to CFO Act agencies. The CFO Act requires major agencies to
have a qualified, presidentially appointed, Senate-confirmed Chief
Financial Officer (CFO) who reports to the head of the agency.
Currently, the CFO at DHS reports to the Under Secretary for Management
while directorate CFOs report to the head of their respective
directorates, not to DHS's CFO. In addition, while DHS is currently not
required to report on its systems' compliance with FFMIA, its auditors
disclosed systems deficiencies that indicate that DHS's systems would
not have been in substantial compliance with the requirements of FFMIA
during its first 7 months of operation.
We obtained written comments on a draft of this report from DHS's Chief
Financial Officer. In commenting on a draft of this report, DHS
generally agreed with the overall findings and recommendations. The
comments DHS provided to us are reprinted in appendix IV.
Background:
In the aftermath of the terrorist attacks of September 11, 2001,
responding to potential and real threats to homeland security became
one of the federal government's most significant challenges. To address
this challenge, the Congress passed, and the President signed, the
Homeland Security Act of 2002,[Footnote 8] which merged 22 federal
agencies and organizations into DHS, making it the department with the
third largest budget in the federal government, about $40 billion for
fiscal year 2005.[Footnote 9] In January 2003, we designated
implementation and transformation of the new Department of Homeland
Security as high risk based on three factors: (1) the implementation
and transformation of DHS is an enormous undertaking that will take
time to achieve in an effective and efficient manner, (2) components to
be merged into DHS already face a wide array of existing challenges,
and (3) failure to effectively carry out its mission would potentially
expose the nation to very serious consequences.[Footnote 10] As we
previously reported,[Footnote 11] one of the department's key
challenges is integrating the components' respective financial
management systems, many of which were outdated and had limited
functionality, as well as addressing weaknesses from the inherited
components.
The Homeland Security Act of 2002 states that DHS's missions include,
among other things, preventing terrorist attacks within the United
States, reducing America's vulnerability to terrorism, minimizing
subsequent damage, and assisting in the recovery from attacks that do
occur. To help accomplish this integrated homeland security mission,
the various mission areas and associated programs of 22 federal
agencies were merged, in whole or in part, into DHS. The department's
organizational structure consists of eight major components--the U.S.
Coast Guard (Coast Guard), the U.S. Secret Service, the Bureau of
Citizenship and Immigration Services (CIS), and five directorates, each
of which is headed by an Under Secretary: Information Analysis and
Infrastructure Protection, Science and Technology, Border and
Transportation Security, Emergency Preparedness and Response, and
Management. Within the Management Directorate is DHS's Office of the
Chief Financial Officer (OCFO), which is assigned primary
responsibility for functions, such as budget, finance and accounting,
strategic planning and evaluation, and financial systems for the
department. OCFO is also charged with ongoing integration of these
functions within the department.
The CFO Act requires the agency's CFO to develop and maintain an
integrated accounting and financial management system that provides for
complete, reliable, and timely financial information that facilitates
the systematic measurement of performance at the agency, the
development and reporting of cost information, and the integration of
accounting and budget information. The act also requires that the
agency's CFO be qualified, presidentially appointed, approved by the
Senate, and report to the head of the agency. FFMIA requires that CFO
Act agencies implement and maintain financial management systems that
substantially comply with federal financial management systems
requirements, applicable accounting standards, and the U.S. Government
Standard General Ledger at the transaction level. It also requires
auditors to report whether the agency's financial management systems
substantially comply with the three requirements of FFMIA. While not
required to comply with provisions of the CFO Act or FFMIA, the
Accountability of Tax Dollars Act of 2002,[Footnote 12] requires DHS to
prepare and have audited financial statements annually.[Footnote 13]
The Accountability of Tax Dollars Act of 2002, however, does not
require compliance with the CFO Act or FFMIA.
In identifying improved financial performance as one of its five
governmentwide initiatives, the President's Management Agenda
recognized that an unqualified financial audit opinion[Footnote 14] is
a basic prescription for any well-managed organization and that without
sound internal control and accurate and timely financial information,
it is not possible to accomplish the agenda and secure the best
performance and highest measure of accountability for the American
people. In addition, the Joint Financial Management Improvement Program
(JFMIP) Principals[Footnote 15] have defined certain measures, in
addition to receiving an unqualified financial statement opinion, for
achieving financial management success. These additional measures
include being able to routinely provide timely, accurate, and useful
financial and performance information, having neither material internal
control weaknesses nor material noncompliance with laws and
regulations, and meeting the requirements of FFMIA.
DHS obtained a consolidated financial audit for the 7-month period from
March 1, 2003, to September 30, 2003, and received a qualified opinion
from its independent auditors on its consolidated balance sheet as of
September 30, 2003, and the related statement of custodial activity for
the 7 months ending September 30, 2003. Auditors were unable to opine
on the consolidated statements of net costs and changes in net
position, combined statement of budgetary resources, and consolidated
statement of financing. The auditors reported 14 reportable conditions
on internal control, 7 of which were considered to be material
weaknesses.
DHS Inherited Significant Weaknesses from Its Component Agencies:
When DHS was created in March 2003 and merged with 22 diverse agencies,
there were many known financial management weaknesses and
vulnerabilities in the inherited agencies. For 5 of the agencies that
transferred to DHS--Customs Service (Customs), Transportation Security
Administration (TSA), Immigration and Naturalization Service (INS),
Federal Emergency Management Agency (FEMA), and Federal Law Enforcement
Training Center (FLETC)--auditors had reported 30 reportable
conditions, 18 of which were considered material internal control
weaknesses. Further, of the four component agencies--Customs, TSA, INS,
and FEMA--that had previously been subject to stand-alone audits, all
four agencies' systems were found not to be in substantial compliance
with the requirements of FFMIA.
Most of the 22 components that transferred to DHS had not been
subjected to significant financial statement audit scrutiny prior to
their transfer, so the extent to which additional significant internal
control deficiencies existed was unknown. For example, conditions at
the Coast Guard have surfaced because of its greater relative size and
increased audit scrutiny at DHS as compared to its former legacy
agency, the Department of Transportation (DOT). As part of DOT's
financial statement audit, the Coast Guard had no specifically
attributable reported weaknesses identified. However, newly identified
weaknesses related to the Coast Guard were one of the main reasons that
independent auditors issued a qualified opinion on DHS's consolidated
balance sheet and why they were unable to provide an opinion on other
financial statements for the 7 months ending September 30, 2003.
For fiscal year 2002 and prior to its transfer to DHS, Customs'
auditors reported[Footnote 16] nine internal control weaknesses,
including weaknesses in its ability to monitor the effectiveness of its
internal controls over entry duties and taxes, controls over drawback
claims,[Footnote 17] security issues in information technology (IT)
systems, and issues concerning the strength of its core financial
systems. These weaknesses can result in inaccurate reporting of certain
material elements of Customs' financial situation, system security
weaknesses that could leave Customs' information vulnerable to
unauthorized access, and the necessity of extensive manual procedures
and analyses to process routine transactions. Finally, these weaknesses
contributed to Customs' systems inability to substantially comply with
the requirements of FFMIA.
Although TSA is a relatively new agency formed after the September 11,
2001, terror attacks, its auditors reported six internal control
weaknesses, including weaknesses in the hiring of qualified personnel,
financial reporting and systems, property accounting and financial
reporting, financial management policies, administration of screener
contracts, and maintenance of adequate information in its personnel
files. These weaknesses can result in uncontrolled spending of taxpayer
dollars, misplaced or unaccounted for property, and challenges in
producing financial statements. In its first year audit ending
September 30, 2002, TSA obtained an unqualified audit opinion on its
financial statements. However, TSA's systems did not substantially
comply with the requirements of FFMIA.
INS's auditors reported four internal control weaknesses as of February
28, 2003,[Footnote 18] including weaknesses in the functionality of its
financial systems; recording accounts payable and related accruals;
financial reporting; and controls over its financial management system.
Weaknesses such as these have existed for several years and contribute
to INS's systems continuing inability to substantially comply with the
requirements of FFMIA. Although the weaknesses did not interfere with
the agency's ability to obtain an unqualified opinion on its financial
statement audit, they did result in the need for extensive manual
effort to prepare reliable financial information and record basic
financial transactions to aid management in decision making.
FEMA's auditors reported seven internal control weaknesses for fiscal
year 2002, including weaknesses in information security controls over
its financial systems environment; financial system functionality;
financial reporting process; real and personal property system
processes; account reconciliation processes; accounts receivable
processes; and the lack of a process to evaluate the accuracy of a new
claims estimation methodology. These weaknesses resulted in the need
for extensive manual effort to compile financial information because
FEMA's financial systems were unable to perform certain basic
accounting functions efficiently. Further, FEMA's systems were unable
to accurately track basic accounting information, such as real and
personal property and accounts receivable. Many of these weaknesses
specifically contributed to FEMA's systems' failure to substantially
comply with the requirements of FFMIA.
Finally, FLETC's auditors reported four internal control weaknesses for
fiscal year 2002. These weaknesses resulted from FLETC not having
adequate policies and procedures in place to ensure that funds
obligated were proper and that costs for construction in progress were
recorded properly. Further, auditors found that FLETC was not taking
the steps necessary to be in compliance with certain Office of
Management and Budget requirements. Many of these weaknesses lead to
FLETC's systems' inability to substantially comply with the
requirements of FFMIA.
Some Progress Made in Addressing Inherited Weaknesses:
DHS has made some progress in addressing the internal control
weaknesses it inherited from component agencies. Nine of the 30
internal control weaknesses identified in prior component financial
statement audits have been closed as of September 30, 2003. The
remaining 21 issues represent continuing weaknesses that have been
reported in DHS's first Performance and Accountability Report. Nine of
these were combined and reported as 3 material weaknesses, while 5 were
reported as reportable conditions. The department's independent
auditors classified the remaining 7 weaknesses as lower level
observations and recommendations. Table 1 summarizes the status of the
30 weaknesses DHS inherited from component agencies as of September 30,
2003.
Table 1: Status of 30 Inherited Weaknesses in 2003 Audit:
Closed: 9.
Classified as material weaknesses for 2003: 9.
Classified as reportable conditions for 2003: 5.
Classified as observation and recommendation for 2003: 7.
Total: 30.
Source: GAO based on DHS's fiscal year 2003 Performance and
Accountability Report.
[End of table]
Auditors reported 6 additional weaknesses as of September 30, 2003,
bringing the total number of reportable conditions for DHS to 14 for
fiscal year 2003, 7 of which were considered to be material weaknesses.
A description of these weaknesses can be found in appendix II. As
mentioned previously, several of the departmentwide weaknesses resulted
from combining previously identified weaknesses or reclassifying them,
rather than from resolving the underlying internal control weaknesses.
For example, in fiscal year 2003, DHS's auditors reported a
departmentwide material weakness related to financial systems
functionality and technology. This weakness resulted from combining
what accounted for 7 of the inherited weaknesses--3 from Customs, 2
from FEMA, 1 from INS, and 1 from TSA. Appendix III provides detailed
information on the status of each of the 30 inherited weaknesses,
including how they were reported in DHS's Performance and
Accountability Report.
Component agencies took various steps to resolve nine of the previously
identified weaknesses inherited from component agencies. For example,
Customs had a previously identified weakness related to the
effectiveness of its internal controls over accurate reporting of entry
duties and taxes. This weakness was resolved by reinstituting a program
that Customs had in place prior to the terrorist attacks of September
11, 2001, which allows for more accurate reporting of these taxes and
duties. Another weakness DHS inherited relates to FEMA's inability to
identify and record certain accounts receivable in a timely manner.
FEMA's accounts receivable processes were strengthened to ensure that
accounts receivable are determined and recorded on a timely basis. In
order to resolve several weaknesses at FLETC and TSA, various policies
and procedures were implemented at these components to ensure that
financial information was recorded and properly approved. Further, TSA
has hired additional staff, thereby resolving its weaknesses of not
having a sufficient number of qualified accounting personnel.
In addition to the 7 material weaknesses and 7 reportable conditions
reported in DHS's 2003 financial statement audit, DHS reported 12
additional weaknesses that affect the department's full compliance with
certain objectives of 31 U.S.C. 3512(c), (d) (commonly known as the
Federal Managers' Financial Integrity Act of 1982 (FMFIA)). FMFIA
requires that management ensure that it has an organizational structure
that supports the planning, directing, and controlling of operations to
meet agency objectives; clearly defines key areas of authority and
responsibility; and provides for appropriate lines of reporting. The
standards also define internal control as a key component necessary to
ensure that financial reporting information is reliable. Examples of
the FMFIA weaknesses reported by DHS included deficient controls over
laws and regulations regarding the border entry process, nonconformance
related to system security, and lack of oversight and administration of
major contracts at TSA.
Of the seven departmentwide material weaknesses reported by DHS's
auditors for fiscal year 2003, four were newly identified and
contributed to the auditors' inability to render an opinion on all of
DHS's financial statements. Newly identified weaknesses included the
lack of procedures at DHS to verify the accuracy and completeness of
balances transferred on March 1, 2003, and significant weaknesses with
the number of qualified financial management personnel employed by the
department. DHS's auditors also found significant deficiencies at the
Coast Guard and Secret Service, preventing them from being able to
express an opinion on certain financial statements.
In addition to the internal control weaknesses cited in its 2003
financial statement audit, there were other weaknesses that, while not
material to DHS on a departmentwide basis, are still important
weaknesses that need to be addressed. FEMA, Customs, and TSA each had
weaknesses at the time of their transfer to DHS. However, in the 2003
audit report, these weaknesses were classified as observations and
recommendations, a much less serious classification. Lower
classification within DHS does not mean that the issues are now somehow
less severe, it merely refers to the materiality of a component within
DHS. Considered against operations or assets of the stand-alone entity,
these issues by themselves were relatively more significant than when
considered in the context of the much larger consolidated operations of
DHS as a whole. Resolving all previously reported internal control
weaknesses, regardless of the current designation at DHS, is key to
DHS's ability to produce relevant and reliable financial information.
DHS's CFO testified that the department is committed to resolving the
remaining weaknesses and has developed a plan to do so. According to
the CFO's plans, corrective actions will be developed by each
applicable bureau or directorate and submitted to the OCFO. Currently,
DHS's OCFO has compiled a summary document with the corrective action
plans as submitted by the applicable bureau or directorate. According
to this document, corrective action plans of varying levels of detail
are in place to address 12 of the 14 internal control weaknesses, some
of which are scheduled to be completed by the end of fiscal year 2004.
However, 2 material internal control weaknesses--Financial Systems
Functionality and Technology and Transfer of Funds, Assets, and
Liabilities to DHS--do not currently have any planned corrective
actions in place.
Along with developing corrective action plans, the CFO testified that
DHS plans to implement a departmentwide tracking system to monitor the
status of corrective actions. DHS has begun working with a contractor
to design and implement a tracking system for outstanding weaknesses
identified during the department's independent financial audits. While
this system is still being developed by the OCFO, with assistance from
contractors, it is not yet fully functional and does not include
information on all reported weaknesses. Until such time that it does,
it will provide limited oversight and information on the status of
corrective actions to address weaknesses at DHS. While progress has
been made to address the known material weaknesses, much work still
remains. Follow-through with planned corrective actions is paramount.
The support of top officials at the department will be key in ensuring
that the necessary resources are available to address the weaknesses
and to ensure that they are resolved in a timely manner.
DHS Is in the Early Stages of Integrating Its Financial Management
Systems:
DHS intends to acquire and deploy an integrated financial enterprise
solution and reports that it has reduced the number of its legacy
financial systems. DHS has established the Resource Management
Transformation Office (RMTO) within the Management Directorate to
manage its financial enterprise solution project. However, the
acquisition is in the early stages, and continued focus and follow
through, among other things, will be necessary for it to be successful.
RMTO has termed its financial enterprise solution project
"electronically Managing enterprise resources for government
effectiveness and efficiency" (eMerge2), which according to the RMTO's
Strategic Framework, "establishes the strategic direction for
migration, modernization, and integration of DHS financial, accounting,
procurement, personnel, asset management and travel systems, processes,
and policies." DHS expects the acquisition and implementation of the
financial enterprise solution to take place over a 3-year time period
and cost approximately $146 million.
According to the strategic framework DHS provided to us, the
development of an integrated financial enterprise solution will be
accomplished in three phases. Phase I includes defining, acquiring, and
testing the planned solution. Phase II involves implementing the
solution throughout DHS, and Phase III is ongoing maintenance of the
solution. According to DHS, the eMerge2 initiative is currently in
Phase I, which is to be executed in three stages and is expected to be
completed in late 2004. Figure 1 represents the three stages of Phase I
and the timelines as of August 2003 and May 2004, according to the DHS
RMTO Strategic Frameworks provided to us.
Figure 1: Phase I Timeline:
[See PDF for image]
[End of figure]
According to plans DHS's RMTO developed early in Phase I, completion of
core requirements development was to have been completed between
September 2003 and mid-February 2004. However, in updated plans dated
May 2004, the core requirements development actually began in January
2004 and was to be completed in May 2004. The earlier plans' timeline
also called for requesting vendor solution proposals in October 2003,
with final vendor selection to occur in April or May of 2004. However,
vendor proposal requests were issued in June 2004 and selection is to
be completed in July 2004.
Concurrent with eMerge2, DHS has issued a request for quotation (RFQ)
for an interim project--the Business Automation Initiative--to be
developed by contractors during 2004. The RFQ requested system
proposals to automate purchase requests for the department and to
streamline the employee entry/exit process. Another interim initiative
was considered by the department to integrate data mining and
warehousing, improve grants visibility (beginning with first responder
grants), and streamline financial statement consolidation. However,
instead of pursuing this interim solution, DHS plans to include it in
the requirements of the eMerge2 initiative. Of key importance in the
development of any DHS system solution acquisition, interim or not, is
how the acquisition fits within the future overall plans of DHS as
outlined in its enterprise architecture, which is still being
developed. It would be duplicative and wasteful to implement a short-
term solution that is not part of the long-term integration plans at
DHS.
According to DHS officials, the RMTO recently completed the
requirements definition phase for the eMerge2 initiative and obtained
approval of the requirements from various high-level DHS officials.
Additionally, a request for proposal (RFP) was issued by DHS for the
eMerge2 initiative in June 2004. The RFP is scheduled to be open for
approximately 1 month and then a vendor will be chosen. DHS has
developed various planning documents for the eMerge2 initiative.
However, these documents were not provided to us until after we
completed our fieldwork. Thus, we are not providing description,
analysis, or evaluation of such information in this report, and we are
unable to determine if DHS, through the RMTO, is developing a financial
enterprise solution that will be in alignment with departmentwide
information technology plans, many of which are still under
development.
Nevertheless, we have found that similar projects have proven
challenging and costly for other federal agencies. For example, we have
reported on the efforts of National Aeronautics and Space
Administration[Footnote 19] (NASA), and the District of Columbia
Courts[Footnote 20] (DC Courts) to acquire new information systems.
NASA is on its third attempt in 12 years to modernize its financial
management process and systems, and has spent about $180 million on its
two prior failed efforts. DC Courts began its system acquisition in
1998 and has struggled in its implementation. One of the key
impediments to the success of integration efforts at NASA was the
failure to involve key stakeholders in the implementation or evaluation
of system improvements. As a result, new systems failed to meet the
needs of key stakeholders. DC Courts struggled in developing
requirements that contained the necessary specificity to ensure the
system developed would meet its users' needs. To avoid similar
problems, it is important, among other things, that DHS ensure
commitment and extensive involvement from top management and users in
eMerge2.
Over the past year, DHS has reported that it has reduced the number of
financial management service providers for the department from the 19
providers at the time DHS was formed to the 10 it currently uses. DHS
has plans to further consolidate to 7 providers. A DHS official
estimated approximately $5 million in savings through the reduction of
the number of financial management service centers. Table 2 shows the
decreases that have occurred in service providers from March 2003 to
May 2004.
Table 2: Decreases in Service Providers from March 2003 to May 2004:
Service provider type: Financial management service centers;
March 2003: 19;
May 2004: 10;
Decrease: 9.
Service provider type: Contracting offices;
March 2003: 13;
May 2004: 8;
Decrease: 5.
Service provider type: Human resource offices;
March 2003: 22;
May 2004: 7;
Decrease: 15.
Service provider type: Payroll offices;
March 2003: 7;
May 2004: 3;
Decrease: 4.
Service provider type: Property management offices;
March 2003: 22;
May 2004: 3;
Decrease: 19.
Service provider type: Total;
March 2003: 83;
May 2004: 31;
Decrease: 52.
Source: GAO based on DHS-provided information.
[End of table]
This continued focus on consolidation and integration of services and
service providers, if implemented properly, could aid the department in
realizing further savings and efficiencies in support of its overall
mission. Although we did not perform audit procedures to determine the
impact of these reductions, reduction of service providers prematurely,
without considering the provider's reliability, or without an overall
consolidation plan, could be negative if it interferes with the
enterprise approach or causes significant short-term inefficiencies for
agencies that must quickly adapt to other systems.
It Is Not Known Whether DHS's Planned Financial Management Systems Will
Be Able to Meet the Requirements of Relevant Financial Management
Improvement Laws:
It is too early to tell whether DHS's planned financial enterprise
solution will be able to meet the requirements of relevant financial
management improvement laws--those currently applicable to DHS (such as
FMFIA), as well as some not applicable that are subject to pending
legislation. DHS is currently subject to most financial management
improvement laws except for the CFO Act and FFMIA. The goals of the CFO
Act and FFMIA are to provide the Congress and agency management with
reliable financial information for managing and making day-to-day
decisions and to improve financial management systems and controls to
properly safeguard the government's assets. Further, the CFO Act
requires certain agencies to have a qualified, presidentially
appointed, Senate-confirmed CFO who reports to the head of the
agency.[Footnote 21]
FFMIA requires major departments and agencies covered by the CFO Act to
implement and maintain financial management systems that comply
substantially with (1) federal financial management systems
requirements, (2) applicable federal accounting standards, and (3) the
U.S. Government Standard General Ledger at the transaction level.
Although DHS is not currently subject to FFMIA, its auditors disclosed
systems deficiencies in its financial management information systems,
the application of accounting standards, and recording of financial
transactions, all of which relate to the requirements of FFMIA. Based
on these weaknesses it is likely that DHS's systems would not have been
in substantial compliance with the requirements of FFMIA. Table 3 lists
relevant financial management laws and describes their relationship to
DHS.
Table 3: Key Financial Management Improvement Laws:
Law: Chief Financial Officers Act of 1990;
DHS covered? No;
Requirement: Requires agencies to develop and maintain an integrated
accounting and financial management system that provides for (1)
complete, reliable, consistent, and timely information that is
responsive to the financial information of the agency and facilitates
the systematic measurement of performance;
(2) the development and reporting of cost management information;
(3) the integration of accounting and budget information;
and (4) requires that the agency's CFO be qualified, presidentially
appointed, approved by the Senate, and report to the head of the
agency;
Impact of legislation on DHS: H.R. 4259 and S. 1567, which are now
under consideration before the Congress, would make DHS a CFO Act
agency; The current CFO of DHS reports to the Under Secretary for
Management. Each directorate has separate CFOs who report to their
respective directorate head.
Law: Federal Financial Management Improvement Act of 1996;
DHS covered? No;
Requirement: Requires the major departments and agencies covered by the
CFO Act to implement and maintain financial management systems that
comply substantially with (1) federal financial management systems
requirements, (2) applicable federal accounting standards, and (3) the
U.S. Government Standard General Ledger at the transaction level.
Requires auditors to include in their CFO Act audit reports whether the
agency's financial management systems comply with FFMIA's requirements;
Impact of legislation on DHS: DHS is not currently required to comply
with FFMIA standards. Auditors did disclose systems deficiencies in its
financial management information systems, the application of accounting
standards, and recording of financial transactions, all of which relate
to the requirements of FFMIA.
Law: Accountability of Tax Dollars Act of 2002;
DHS covered? Yes;
Requirement: Requires non-CFO Act agencies to obtain annual financial
statement audits, unless specifically exempted by OMB or already
statutorily required to obtain an annual audit;
Impact of legislation on DHS: DHS obtained an audit for the 7 months
ending September 30, 2003.
Law: 31 U.S.C. 3512(c), (d) (commonly known as the Federal Managers'
Financial Integrity Act of 1982 (FMFIA));
DHS covered? Yes;
Requirement: Requires agency management to ensure that they have
effective control over, and accountability for, its assets. To ensure
compliance, it requires the agency head to establish internal
accounting and administrative controls and report whether the agency's
systems comply;
Impact of legislation on DHS: In its 2003 financial statement audit,
auditors reported 12 weaknesses that would affect DHS's full compliance
with FMFIA.
Law: Government Performance and Results Act of 1993;
DHS covered? Yes;
Requirement: Requires each agency to develop strategic plans covering a
period of at least 5 years. It also requires each agency to prepare an
annual performance plan that includes the performance indicators that
will be used to measure "the relevant outputs, service levels, and
outcomes of each program activity" in an agency's budget;
Impact of legislation on DHS: DHS has prepared a performance budget to
comply with this act.
Law: Clinger-Cohen Act of 1996;
DHS covered? Yes;
Requirement: Requires agencies to establish goals for improving
efficiency and effectiveness of their operations through the effective
use of IT. Performance measurements must be established that assess how
well IT supports agency programs. Where comparable processes and
organizations exist, agency heads must benchmark agency process
performance against comparable processes in terms of cost, speed,
productivity, and quality of outputs and outcomes. Agency heads must
clearly define agency missions and consider appropriate process changes
before making significant investments in IT. Agencies must also report
annually on operational improvements achieved through the effective use
of IT;
Impact of legislation on DHS: DHS is in the process of drafting an IT
strategic plan, which will be the driving force in establishing DHS's
strategic IT management framework. It will discuss how the department
plans to manage and use IT to achieve strategic mission goals.
According to the CIO, the department is still in the process of
completing the IT strategic plan and expects to make it final in mid-
2004.
Law: Federal Information Security Management Act (FISMA) of 2002;
DHS covered? Yes;
Requirement: FISMA requires the designation and establishment of
specific responsibilities for an agency senior information officer,
implementation of minimum information security requirements for agency
information systems, and required agency reporting to the Congress;
Impact of legislation on DHS: DHS has created the office of the Chief
Information Officer and the Chief Information Security Officer. The
September 2003 FISMA Report issued by DHS OIG indicates that DHS has
performed reviews of FISMA IT security and has created positions for
component information security officers to ensure that information
security is coordinated at all levels of the agency.
Source: GAO.
[End of table]
DHS is currently required to have annual audits under the
Accountability of Tax Dollars Act and to report on its internal
controls under FMFIA. Although DHS's CFO has testified that DHS
complies with the audit provisions of the CFO Act and will continue to
do so, we believe DHS should be a CFO Act agency and be subject to the
requirements of FFMIA. DHS should not be the only cabinet-level
department not covered by what is the cornerstone for pursuing and
achieving the requisite financial management systems and capabilities
in the federal government.[Footnote 22]
Given its early implementation, it is too early to tell whether DHS's
planned financial enterprise solution will meet the requirements of
financial management laws it is currently not subject to. While DHS
systems must meet the requirements of laws they are currently subject
to, it is also important that DHS be proactive and incorporate the
requirements of the CFO Act and FFMIA. It would certainly make good
business sense to do so given DHS's size and mission.
DHS has implemented a commercial-off-the-shelf tool called Dynamic
Object Oriented Requirements System (DOORS) to track the requirements
of various laws, regulations, and circulars place on the development of
an integrated financial system. DOORS is intended to be DHS's
repository of all applicable system, process, technological, data, or
other requirements. DHS estimated that several thousand compliance
requirements will be tracked using DOORS once analysis is completed.
After the repository is complete, requirements reports are to be
printed directly from DOORS and attached to future RFPs to ensure that
contractors are aware of the legislative requirements of the systems to
be developed. A system to record, track, and link all legislative
requirements as a financial management system is being developed is
important. Also important is that DHS be statutorily required to comply
with the CFO Act and FFMIA and that the systems DHS acquires are
capable of meeting the requirements of those laws, as well as ones
currently applicable. Meeting these financial management improvement
requirements will help produce timely and useful financial and business
information.
Conclusions:
Since its inception in March 2003, DHS has been faced with many
challenges, including how to integrate its financial management
processes and systems. Steps have been taken to address the 30 internal
control weaknesses it inherited from its component agencies. However,
to ensure financial accountability and establish an effective financial
environment, DHS must address all outstanding inherited weaknesses, as
well as address the newly identified department-level weaknesses.
Through the eMerge2 initiative, DHS has plans to integrate and
consolidate its financial and business systems. But without such things
as continued active oversight from top-level management and systematic
approaches to this integration, DHS could find itself in the same
position as other federal departments--producing an ineffective and
costly financial management system that does not provide the
information needed by management or meet the requirements of financial
management laws. Finally, we believe that it is of critical importance
that DHS be statutorily required to comply with the important financial
management reforms legislated in the CFO Act and FFMIA. The financial
management improvements of FFMIA build on the CFO Act by emphasizing
the need for agencies to have systems that can generate reliable,
useful, and timely information with which to make fully informed
decisions and to ensure accountability on an ongoing basis. This issue
is still of foremost importance, especially as DHS continues its
financial management system integration and development.
Matter for Congressional Consideration:
In view of the size of DHS and the importance of the CFO Act and FFMIA
in improving financial management and its applicability to all other
cabinet departments, the Congress may wish to consider the following
action:
* Enact legislation to designate DHS as a CFO Act agency.
Recommendations for Executive Action:
We are making eight recommendations for executive action at DHS that
will improve financial management at the department. Specifically, we
recommend that the Secretary of Homeland Security direct the Under
Secretary for Management to do the following:
* Continue to maintain strong involvement of key stakeholders and top
management throughout the acquisition and implementation of the eMerge2
initiative.
* Assess the impact of further reduction in financial service providers
on DHS staff and their ability to produce timely financial information.
* Adhere to FFMIA requirements, including JFMIP requirements, even
though the department is not statutorily required to do so.
* Have independent auditors report annually on compliance with FFMIA.
* Continue to give sustained attention to addressing previously
reported material weaknesses, reportable conditions, and observations
and recommendations.
* Complete development of corrective action plans for all material
weaknesses, reportable conditions, and observations and
recommendations.
* Ensure that internal control weaknesses are addressed at the
component level if they were combined or reclassified at the
departmentwide level.
* Maintain a tracking system of all auditor-identified and management-
identified control weaknesses.
Agency Comments and Our Evaluation:
We obtained written comments on a draft of this report from DHS's Chief
Financial Officer. The comments DHS provided to us are reprinted in
appendix IV.
In commenting on a draft of this report, DHS generally agreed with the
overall findings and recommendations. However, in response to our
recommendation to incorporate all internal control weaknesses in the
tracking system DHS is currently developing, DHS felt the
recommendation was too broad and suggested that we change the language
to reflect tracking of all auditor-identified and management-identified
internal control weaknesses. The original intent of our recommendation
was to encourage DHS to track and resolve all auditor reported material
weaknesses, reportable conditions, and observations and
recommendations, similar to those discussed throughout this report. We
fully support DHS including all management-identified control
weaknesses as well, and have updated our recommendation accordingly.
Additionally, DHS commented on its commitment to full adherence to the
CFO Act and FFMIA. We applaud the current leadership at DHS for
voluntarily complying with some audit provisions of the CFO Act,
however, we continue to strongly support passage of legislation that
would statutorily make DHS a CFO Act agency, and thus guarantee future
requirements to adhere to important financial management legislation.
As arranged with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after the date of this letter. At that time, we will send copies of
this report to interested congressional committees and subcommittees.
We will also make copies available to others on request. In addition,
the report will be available at no charge on GAO's Web site at
[Hyperlink, http://www.gao.gov].
If you or your staff have any questions about this report or wish to
discuss it further, please contact me at (202) 512-6906 or Casey
Keplinger, Assistant Director, at (202) 512-9323. In addition, Heather
Dunahoo and Scott Wrightson made key contributions to this report.
Sincerely yours,
Signed by:
McCoy Williams:
Director, Financial Management and Assurance:
[End of section]
Appendixes:
Appendix I: Scope and Methodology:
To identify what were the existing weaknesses in the Department of
Homeland Security's (DHS) component agencies' financial management
systems, we reviewed relevant DHS Office of Inspector General (OIG)
reports and our January 2003 report on major management challenges at
DHS and looked at how such challenges are being addressed. We also
reviewed DHS's Performance and Accountability Report for the 7 months
ending September 30, 2003. We reviewed prior-period component agency
annual financial statement audit reports when available; Immigration
and Naturalization Service's (INS) financial statement audit report for
the 5 months ending February 28, 2003; and Performance and
Accountability Reports for the Federal Emergency Management Agency
(FEMA) and the Departments of Transportation, Justice, and Treasury. We
reviewed testimony of DHS's current and former Chief Financial Officer
(CFO) and DHS's OIG reports related to financial management at the
department. Finally, we interviewed officials from the OIG and the
Office of the Chief Financial Officer (OCFO).
To determine whether DHS was addressing the problems that existed in
the financial management systems DHS acquired from its component
agencies, we met with officials from the OCFO's Office of Financial
Management and OIG staff. In addition to items already mentioned, we
reviewed planned corrective actions developed by the department to
address its fiscal years 2002 and 2003 material weaknesses and
reportable conditions. We also reviewed testimony of DHS's CFO related
to this issue. Further, we conducted a walk-through to review the
system DHS is developing to track planned corrective actions.
To determine what plans DHS has to integrate its financial management
systems, we met with the Director of the Resource Management
Transformation Office (RMTO) and other staff in this office. We also
reviewed testimony of DHS's current and former CFO and DHS's OIG
related to financial management at the department. We reviewed
documentation detailing the reduction of financial service providers,
but we did not complete audit procedures to determine if these
reductions were positive or negative for the department. Finally, we
reviewed the RMTO's strategic framework. However, substantial
documentation related to the eMerge2 initiative was not provided to us
until after we completed our fieldwork. Thus, we did not include
analysis or evaluation of such information in this report.
To determine whether the planned systems that DHS is developing will be
able to meet the requirements of relevant financial management
improvement laws, we reviewed relevant laws and regulations, and
relevant guidance related to financial management, financial reporting,
systems implementation, and requirements. We also interviewed the
Director of the RMTO and other officials. Further, we reviewed
testimony relevant to this issue by DHS's current and former CFO and
DHS's OIG. We have not reviewed system requirements or other recently
developed plans because these were completed and obtained after our
fieldwork was completed.
We requested comments on this report from the Secretary of Homeland
Security or his designee. Written comments were received from the
department's Chief Financial Officer and are reprinted in appendix IV.
We performed our review from October 2003 through June 2004 in
Washington, D.C., in accordance with U.S. generally accepted government
auditing standards.
Appendix II: Material Weaknesses and Reportable Conditions at DHS for
Fiscal Year 2003:
Number: 1; Material weakness: Financial management and personnel: DHS's
OCFO needs to establish financial reporting roles and responsibilities,
assess critical needs, and establish standard operating procedures
(SOP) for the department. These conditions were not unexpected for a
newly created organization, especially one as large and complex as DHS.
The Coast Guard and the Strategic National Stockpile had weaknesses in
financial oversight that have led to reporting problems.
Number: 2; Material weakness: Financial reporting: Key controls to
ensure reporting integrity were not in place, and inefficiencies made
the process more error prone. At the Coast Guard, the financial
reporting process was complex and labor-intensive. Several DHS bureaus
lacked clearly documented procedures, making them vulnerable if key
people leave the organization.
Number: 3; Material weakness: Financial systems functionality and
technology: The auditors found weaknesses across DHS in its entitywide
security program management and in controls over system access,
application software development, system software, segregation of
duties, and service continuity. Many bureau systems lacked certain
functionality to support the financial reporting requirements.
Number: 4; Material weakness: Property, plant, and equipment (PP&E):
The Coast Guard was unable to support the recorded value of $2.9
billion in PP&E due to insufficient documentation provided prior to the
completion of audit procedures, including documentation to support its
estimation methodology. The Transportation Security Administration
(TSA) lacked a comprehensive property management system and adequate
policies and procedures to ensure the accuracy of its PP&E records.
Number: 5; Material weakness: Operating materials and supplies (OM&S):
Internal controls over physical counts of OM&S were not effective at
the Coast Guard. As a result, the auditors were unable to verify the
recorded value of $497 million in OM&S. The Coast Guard also had not
recently reviewed its OM&S capitalization policy, leading to a material
adjustment to its records when an analysis was performed.
Number: 6; Material weakness: Actuarial liabilities: The Secret Service
did not record the pension liability for certain of its employees and
retirees, and when corrected, the auditors had insufficient time to
audit the amount recorded. The Coast Guard also was unable to provide,
prior to the completion of audit procedures, sufficient documentation
to support the recorded value of $201 million in post-service benefit
liabilities.
Number: 7; Material weakness: Transfers of funds, assets, and
liabilities to DHS: DHS lacked controls to verify that monthly
financial reports and transferred balances from legacy agencies were
accurate and complete.
Source: GAO based on DHS Performance and Accountability Report and
congressional testimony.
[End of table]
Number: 1; Reportable condition: Drawback claims on duties, taxes, and
fees: The Bureau of Customs and Border Protection's (CBP) accounting
system lacked automated controls to detect and prevent excessive
drawback claims and payments.
Number: 2; Reportable condition: Import entry in-bond: CBP did not have
a reliable process of monitoring the movement of "in-bond" shipments--
i.e., merchandise traveling through the U.S. that is not subject to
duties, taxes, and fees until it reaches a port of destination. CBP
lacked an effective compliance measurement program to compute an
estimate of underpayment of related duties, taxes, and fees.
Number: 3; Reportable condition: Acceptance and adjudication of
immigration and naturalization applications: The Bureau of Citizenship
and Immigration Services' (CIS) process for tracking and reporting the
status of applications and related information was inconsistent and
inefficient. Also, CIS did not perform cycle counts of its work in
process that would facilitate the accurate calculation of deferred
revenue and reporting of related operational information.
Number: 4; Reportable condition: Fund balance with Treasury (FBWT): The
Coast Guard did not perform required reconciliations for FBWT accounts
and lacked written standard operating procedures (SOP) to guide the
process, primarily as the result of a new financial system that
substantially increased the number of reconciling differences.
Number: 5; Reportable condition: Intragovernmental balances: Several
large DHS bureaus had not developed and adopted effective SOPs or
established systems to track, confirm, and reconcile intragovernmental
balances and transactions with their trading partners.
Number: 6; Reportable condition: Strategic National Stockpile (SNS):
The SNS accounting process was fragmented and disconnected, largely due
to operational challenges caused by the laws governing SNS. A $485
million upwards adjustment had to be made to value SNS in DHS's records
properly.
Number: 7; Reportable condition: Accounts payable and undelivered
orders: CIS and the Bureau of Immigration and Customs Enforcement
(ICE), TSA, and the Coast Guard had weaknesses in their processes for
accruing accounts payable or reporting accurate balances for
undelivered orders.
Source: GAO based on DHS Performance and Accountability Report and
congressional testimony.
[End of table]
Appendix III: Disposition of Reported Internal Control Weaknesses by
Component:
Agency and Condition Reported in 2002: U.S. Customs Service:
Material Weaknesses:
1. Entry Duties and Taxes;
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: U.S. Customs Service:
Material Weaknesses:
2. Drawback Claims on Duties and Taxes;
2003 Status and Disposition: Reportable Condition (Drawback Claims on
Duties, Taxes, and Fees).
Agency and Condition Reported in 2002: U.S. Customs Service:
Material Weaknesses:
3. Financial Systems Security;
2003 Status and Disposition: Material Weakness (Financial Systems
Functionality and Technology).
Agency and Condition Reported in 2002: U.S. Customs Service:
Material Weaknesses:
4. Financial Systems Integration;
2003 Status and Disposition: Material Weakness (Financial Systems
Functionality and Technology).
Agency and Condition Reported in 2002: U.S. Customs Service:
Reportable Conditions:
5. Bonded Warehouse and Foreign Trade Zones;
2003 Status and Disposition: Observation & Recommendations to
Management.
Agency and Condition Reported in 2002: U.S. Customs Service:
Reportable Conditions:
6. In-bond Movements;
2003 Status and Disposition: Reportable Condition (In-bond Movement of
Imported Goods).
Agency and Condition Reported in 2002: U.S. Customs Service:
Reportable Conditions:
7. Drawback in New York and Newark;
2003 Status and Disposition: Observation & Recommendations to
Management.
Agency and Condition Reported in 2002: U.S. Customs Service:
Reportable Conditions:
8. Financial Systems Entity-wide Security;
2003 Status and Disposition: Material Weakness (Financial Systems
Functionality and Technology).
Agency and Condition Reported in 2002: U.S. Customs Service:
Reportable Conditions:
9. Internal Control over Laws and Regulations;
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: Immigration and
Naturalization Service (as of February 28, 2003): Material Weaknesses:
10. Financial Systems Functionality;
2003 Status and Disposition: Reportable Condition (Acceptance and
Adjudication of Immigration and Naturalization Applications).
Agency and Condition Reported in 2002: Immigration and
Naturalization Service (as of February 28, 2003): Material Weaknesses:
11. Accounts Payable;
2003 Status and Disposition: Reportable Condition (Accounts Payable
and Undelivered Orders).
Agency and Condition Reported in 2002: Immigration and
Naturalization Service (as of February 28, 2003): Material Weaknesses:
12. Financial Reporting;
2003 Status and Disposition: Observation & Recommendations to
Management.
Agency and Condition Reported in 2002: Immigration and
Naturalization Service (as of February 28, 2003): Reportable
Conditions:
13. Information Systems;
2003 Status and Disposition: Material Weakness (Financial Systems
Functionality and Technology).
Agency and Condition Reported in 2002: Federal Emergency
Management Agency: Material Weaknesses:
14. Information Security;
2003 Status and Disposition: Material Weakness (Financial Systems
Functionality and Technology).
Agency and Condition Reported in 2002: Federal Emergency
Management Agency: Material Weaknesses:
15. Financial Systems Functionality;
2003 Status and Disposition: Material Weakness (Financial Systems
Functionality and Technology).
Agency and Condition Reported in 2002: Federal Emergency
Management Agency: Material Weaknesses:
16. Financial Reporting;
2003 Status and Disposition: Material Weakness (Financial Reporting).
Agency and Condition Reported in 2002: Federal Emergency
Management Agency: Material Weaknesses:
17. Real and Personal Property;
2003 Status and Disposition: Observation & Recommendations to
Management.
Agency and Condition Reported in 2002: Federal Emergency
Management Agency: Material Weaknesses:
18. Account Reconciliation;
2003 Status and Disposition: Reportable Condition (Intragovernmental
Balances).
Agency and Condition Reported in 2002: Federal Emergency
Management Agency: Material Weaknesses:
19. Accounts Receivable;
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: Federal Emergency
Management Agency: Reportable Conditions:
20. Cerro Grande;
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: Federal Law Enforcement
Training Center: Reportable Conditions:
21. Policies and Procedures;
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: Federal Law Enforcement
Training Center: Reportable Conditions:
22. Laws and Regulations (OMB Circular A-127);
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: Federal Law Enforcement
Training Center: Reportable Conditions:
23. Real Property Accounting;
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: Federal Law Enforcement
Training Center: Reportable Conditions:
24. Laws and Regulations (OMB Circular A-11);
2003 Status and Disposition: Observation & Recommendations to
Management.
Agency and Condition Reported in 2002: Transportation Security
Administration: Material Weaknesses:
25. Human Resources;
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: Transportation Security
Administration: Material Weaknesses:
26. Financial Reporting and Systems;
2003 Status and Disposition: Material Weaknesses (Financial Reporting;
Financial Systems Functionality and Technology).
Agency and Condition Reported in 2002: Transportation Security
Administration: Material Weaknesses:
27. Property, Plant, and Equipment;
2003 Status and Disposition: Material Weakness (Property, Plant, and
Equipment).
Agency and Condition Reported in 2002: Transportation Security
Administration: Material Weaknesses:
28. Financial Management Policies;
2003 Status and Disposition: Observation & Recommendations to
Management.
Agency and Condition Reported in 2002: Transportation Security
Administration: Material Weaknesses:
29. Administration of Screener Contracts;
2003 Status and Disposition: Closed.
Agency and Condition Reported in 2002: Transportation Security
Administration: Reportable Conditions:
30. Personnel Files;
2003 Status and Disposition: Observation & Recommendations to
Management.
Source: GAO based on DHS Performance and Accountability Report.
[End of table]
Appendix IV: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security
Washington, DC 20528:
Homeland Security:
July 13, 2004:
Mr. McCoy Williams:
Director, Financial Management and Assurance:
U.S. General Accounting Office:
Washington, DC 20548:
RE: Draft GAO-04-774, FINANCIAL MANAGEMENT. Department of Homeland
Security Faces Significant Financial Management Challenges, GAO
Engagement 195026:
Thank you for the opportunity to review the draft report GAO-04-774,
FINANCIAL MANAGEMENT: Department of Homeland Security Faces Significant
Financial Management Challenges. The Department of Homeland Security
generally agrees with GAO's recommendations. DHS is in the early phase
of amalgamating redundant financial management systems associated with
22 discrete entities into an enterprise wide financial system, eMerge2,
that will be implemented in 2005 and 2006. eMerge2 is the Department's
financial enterprise solution program "electronically Managing
enterprise resources for government effectiveness and efficiency."
This project establishes the strategic direction for migration,
modernization, and integration of DHS financial, accounting,
procurement, personnel, asset management and travel systems, and
processes. Under the Secretary's leadership, key stakeholder and top
management support of eMerge2 has been evident throughout the past year
and we have every expectation of their sustained interest through the
acquisition and implementation stages. During the interim, we have
established processes to ensure that the Department addresses and
resolves both identified weaknesses and internal control deficiencies
in our legacy financial systems as well as deterring and curtailing
future deficiencies.
Additionally, DHS wants to provide an update regarding the eMerge2
program. Since the GAO team completed its field work for this GAO
review, the eMerge2 final requirements analysis has been completed. The
specifications for the eMerge2 system includes adherence to all federal
financial system requirements: FFMIA, JFMIP, USSGL, OMB Circulars,
etc., indicating our commitment to full adherence to the CFO Act and
FFMIA.
We also want to take this opportunity to reaffirm the Department's
commitment to resolving all identified weaknesses through the
development of plans to implement corrective actions. For the most
part, we concur with the report's recommendations. However, we suggest
a modification to recommendation #8. Currently, the recommendation asks
DHS to "Incorporate all types of internal control weaknesses in the
tracking system being developed." We believe the recommendation, as
written, is overly broad. We suggest that it be changed to read:
"Maintain a tracking system of all auditor-identified and
management-identified control weaknesses."
In conclusion, we thank you for a well balanced report that provides us
with an analytical assessment appropriate to the stage we are at in the
process of organizational consolidation and moving forward to a unified
financial management system.
Sincerely,
Signed by:
Andrew B. Maner
Chief Financial Officer
Department of Homeland Security:
(195026):
FOOTNOTES
[1] For example, see U.S. General Accounting Office, Major Management
Challenges and Program Risk: Department of Homeland Security, GAO-03-
102 (Washington, D.C.: January 2003) and Department of Homeland
Security: Challenges and Steps in Establishing Sound Financial
Management, GAO-03-1134T (Washington, D.C.: Sept. 10, 2003).
[2] Relevant laws include those currently applicable to DHS as well as
some not currently applicable that are the subject of pending
legislation.
[3] Under standards issued by the American Institute of Certified
Public Accountants, "reportable conditions" are matters coming to the
auditors' attention relating to significant deficiencies in the design
or operation of internal controls that, in the auditors' judgment,
could adversely affect the department's ability to record, process,
summarize, and report financial data consistent with the assertions of
management in the financial statements.
[4] Material weaknesses are reportable conditions in which the design
or operation of one or more of the internal control components does not
reduce to a relatively low level the risk that misstatements in amounts
that would be material in relation to the financial statements being
audited may occur and not be detected within a timely period by
employees in the normal course of performing their assigned functions.
[5] Division A, Section 101(f), Title VIII of Public Law 104-208 is
entitled the Federal Financial Management Improvement Act of 1996.
FFMIA requires the major departments and agencies covered by the CFO
Act to implement and maintain financial management systems that comply
substantially with (1) federal financial management systems
requirements, (2) applicable federal accounting standards, and (3) the
U.S. Government Standard General Ledger at the transaction level.
[6] Observations and recommendations are weaknesses that do not meet
the criteria for reportable conditions and are typically communicated
from the auditor to the appropriate level of entity management in a
management letter.
[7] Pub. L. No. 101-576, 104 Stat. 2838 (Nov. 15, 1990).
[8] Pub. L. 107-296, 116 Stat. 2135 (Nov. 25, 2002).
[9] U.S. Department of Homeland Security, Budget in Brief: Fiscal Year
2005.
[10] See GAO-03-102.
[11] See GAO-03-1134T.
[12] Pub. L. No. 107-289, 116 Stat. 2049 (Nov. 7, 2002).
[13] An audit includes examining, on a test basis, evidence supporting
the amounts and disclosures in the financial statements, assessing the
accounting principles used and significant estimates made by
management, and evaluating the overall consolidated financial statement
presentation.
[14] An unqualified audit opinion indicates that the balances in the
financial statements are free of significant errors known as material
misstatements.
[15] The JFMIP Principals are the Secretary of the Treasury, the
Directors of the Office of Management and Budget (OMB) and the Office
of Personnel Management (OPM), and the Comptroller General of the
United States.
[16] Customs' auditors performed an internal control review, not a full
scope financial statement audit.
[17] Drawback is a remittance, in whole or in part, of duties, taxes,
or fees previously paid by an importer. Drawback typically occurs when
the imported goods on which duties, taxes, or fees that have previously
been paid are subsequently exported from the United States or destroyed
prior to entering the commerce of the U.S. Depending on the type of
claim, the claimant has up to 8 years from the date of importation to
file for drawback.
[18] INS obtained an independent financial statement audit for the 5
month period October 1, 2002, to February 28, 2003-prior to its
transfer to DHS.
[19] U.S. General Accounting Office, Information Technology:
Architecture Needed to Guide NASA's Financial Management Modernization,
GAO-04-43 (Washington, D.C.: Nov. 21, 2003) and National Aeronautics
and Space Administration: Significant Actions Needed to Address Long-
standing Financial Management Problems, GAO-04-754T (Washington, D.C.:
May 19, 2004).
[20] U.S. General Accounting Office, DC Courts: Disciplined Processes
Critical to Successful System Acquisition, GAO-02-316 (Washington,
D.C.: Feb. 28, 2002).
[21] Currently, the CFO at DHS reports to the Under Secretary for
Management while directorate CFO's report to the head of the respective
directorates, not to DHS's CFO.
[22] See GAO-03-1134T.
GAO's Mission:
The Government Accountability Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office
441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director,
NelliganJ@gao.gov
(202) 512-4800
U.S. Government Accountability Office,
441 G Street NW, Room 7149
Washington, D.C. 20548:
