Report of Independent Auditors
To the Secretary, Department of State:
We have audited the Department of State's (Department) Consolidated Balance Sheet, Consolidated Statement of Net Cost, Consolidated Statement of Changes in Net Position, Combined Statement of Budgetary Resources, and Combined Statement of Financing as of, and for the years ended, September 30, 2003 and 2002 (collectively the Principal Financial Statements); we have examined internal control over financial reporting in place as of September 30, 2003; and we have examined compliance with laws and regulations.
In our opinion, the Department's 2003 and 2002 Principal Financial Statements are presented fairly in all material respects.
Each of these conclusions is discussed in more detail below. This report also discusses the scope of our work.
PRINCIPAL FINANCIAL STATEMENTS
In our opinion, the Department's 2003 and 2002 Consolidated Balance Sheets, Consolidated Statements of Net Cost, Consolidated Statements of Changes in Net Position, Combined Statements of Budgetary Resources, and Combined Statements of Financing, including the notes thereto, present fairly, in all material respects, the Department's financial position as of September 30, 2003 and 2002, and the net cost of operations, the changes in net position, the use of budgetary resources, and the use of financing, for the years then ended, in conformity with accounting principles generally accepted in the United States of America.
In 2003 and 2002, the Department implemented revised financial statement reporting requirements and Statements of Federal Financial Accounting Standards that became effective for those years. The details of these changes are presented in Note 2 to the Principal Financial Statements. The Department also changed its method for estimating domestic accounts payable in 2003. Details regarding this change are presented in Note 1 to the Principal Financial Statements.
We considered the Department's internal control over financial reporting in order to determine our auditing procedures for the purpose of expressing our opinion on the Principal Financial Statements. We limited our internal control testing to those controls necessary to achieve the objectives described in the Office of Management and Budget's (OMB) Bulletin 01- 02, Audit Requirements for Federal Financial Statements. We did not test all internal controls relevant to operating objectives as broadly defined by the Federal Managers' Financial Integrity Act of 1982, such as those controls relevant to ensuring efficient operations. The objective of our audit was not to provide assurance on internal control. Consequently, we do not provide an opinion on internal control.
The objectives of internal control are to provide management with reasonable, but not absolute, assurance that the following objectives are met:
Our consideration of the internal control over financial reporting would not necessarily disclose all matters of internal control over financial reporting that might be reportable conditions. Under standards issued by the American Institute of Certified Public Accountants, reportable conditions are matters coming to our attention relating to significant deficiencies in the design or operation of internal control that, in our judgment, could adversely affect the Department's ability to record, process, summarize, and report financial data consistent with the assertions of management in the financial statements. Material weaknesses are reportable conditions in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that errors or irregularities in amounts, which would be material in relation to the financial statements being audited, may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.
We noted four matters, discussed in the following paragraphs, involving internal control that we consider to be reportable conditions.
This condition had been reported as a material weakness in our audits of the Department's 1997 Principal Financial Statements and subsequent audits. The Department's work toward correcting this deficiency is now considered to be sufficiently advanced to reduce this deficiency to a reportable condition.
The above two reportable conditions were cited in our audits of the Department's 1997 Principal Financial Statements and subsequent audits.
These deficiencies in internal control may adversely affect any decision by management that is based, in whole or in part, on information that is inaccurate because of the deficiencies. Unaudited financial information reported by the Department, including budget information, also may contain misstatements resulting from these deficiencies.
We are not aware of any other known but uncorrected material findings or recommendations from prior audits that affect the current audit objectives.
In addition, we considered the Department's internal control over Required Supplementary Stewardship Information and Required Supplementary Information by obtaining an understanding of the Department's internal control, determining whether controls had been placed in operation, assessing control risk, and performing tests of controls as required by OMB Bulletin 01-02, and not to provide assurance on those internal controls. Accordingly, we do not provide an opinion on those controls.
Finally, with respect to internal control related to performance measures reported in Management's Discussion and Analysis, we obtained an understanding of the design of significant controls relating to the existence and completeness assertions and determined whether those controls had been placed in operation as required by OMB Bulletin 01-02. Our procedures were not designed to provide assurance on internal control over reported performance measures, and, accordingly, we do not provide an opinion on such controls.
We noted certain other internal control issues that we have reported to the Department's management in a separate letter dated December 24, 2003.
COMPLIANCE WITH LAWS AND REGULATIONS
The Department's management is responsible for complying with laws and regulations applicable to the Department. As part of obtaining reasonable assurance about whether the financial statements are free of material misstatement, we performed tests of the Department's compliance with certain provisions of laws and regulations, noncompliance with which could have a direct and material effect on the determination of financial statement amounts, and certain other laws and regulations specified in OMB Bulletin 01-02, including the requirements referred to in FFMIA. We limited our tests of compliance to these provisions, and we did not test compliance with all laws and regulations applicable to the Department. The objective of our audit of the Principal Financial Statements, including our tests of compliance with selected provisions of applicable laws and regulations, was not to provide an opinion on overall compliance with such provisions. Accordingly, we do not express such an opinion.
Material instances of noncompliance are failures to follow requirements, or violations of prohibitions in statutes and regulations, that cause us to conclude that the aggregation of the misstatements resulting from those failures or violations is material to the financial statements or that sensitivity warrants disclosure thereof.
The results of our tests of compliance with the laws and regulations described in the preceding paragraph, exclusive of FFMIA, disclosed the following instances of noncompliance with laws and regulations that are required to be reported under Government Auditing Standards issued by the Comptroller General of the United States and OMB Bulletin 01-02.
Overall, we found that the Department's financial management system did not comply with a number of laws and regulations, as follows:
The above areas of noncompliance were cited in our audits of the Department's 1997 Principal Financial Statements and subsequent audits.
The results of our tests of compliance with other laws and regulations disclosed no material instances of noncompliance. Compliance with FFMIA is discussed below.
Under FFMIA, we are required to report whether the Department's financial management systems substantially comply with federal financial management system requirements, applicable accounting standards, and the U.S. Standard General Ledger at the transaction level. To meet this requirement, we performed tests of compliance, using the implementation guidance for FFMIA issued by OMB on January 4, 2001.
The results of our tests disclosed instances, described below, where the Department's financial management systems did not substantially comply with the requirement to follow the federal financial management system requirements. OMB implementation guidance states that, to be in substantial compliance with this requirement, the Department must meet specific requirements of OMB Circular A-127, including the computer security controls required by OMB Circular A-130, Management of Federal Information Resources. We found instances of substantial noncompliance with these two requirements.
The Department's Bureau of Resource Management (RM) has overall responsibility for the Department's financial management systems. The foregoing noncompliance has its roots in the lack of organization and integration of the Department's financial management systems. This issue has been highlighted since 1983 in the Department's annual report, required by the Federal Managers' Financial Integrity Act. In our audits of the Department's Principal Financial Statements since 1997, we observed that the Department's financial management systems were not in compliance with FFMIA and recommended, in connection with our audits of the Department's 1997 and 1998 Principal Financial Statements, that a remediation plan be prepared. RM submitted its plan to remediate noncompliance with FFMIA to OMB on March 16, 2000. The plan initially projected achieving substantial compliance with FFMIA during FY 2003. RM currently expects to achieve this goal in 2004. Although RM has completed several significant phases of its plan, the plan needs to specifically address systems security and management of grants and other types of federal assistance.
We noted certain other instances of noncompliance that we reported to the Department's management in a separate letter dated December 24, 2003.
RESPONSIBILITIES AND METHODOLOGY
Department management has the responsibility for:
Our responsibility is to express an opinion on the Principal Financial Statements based on our audit. Auditing standards generally accepted in the United States of America require that we plan and perform the audit to obtain reasonable assurance about whether the Principal Financial Statements are free of material misrepresentation and presented fairly in accordance with accounting principles generally accepted in the United States of America. We considered the Department's internal control for the purpose of expressing our opinion on the Principal Financial Statements referred to above and not to provide an opinion on internal control. We are also responsible for testing compliance with selected provisions of applicable laws and regulations that may materially affect the financial statements.
In order to fulfill these responsibilities, we:
Our audits were conducted in accordance with auditing standards generally accepted in the United States of America, the standards applicable to financial audits contained in Government Auditing Standards and OMB Bulletin 01-02. We believe that our audits provide a reasonable basis for our opinion.
The Management's Discussion and Analysis, Required Supplementary Stewardship Information, and Required Supplementary Information are not a required part of the Principal Financial Statements, but are supplementary information required by OMB Bulletin 01-09, Form and Content of Agency Financial Statements, and the Federal Accounting Standards Advisory Board. We have applied certain limited procedures, which consisted principally of inquiries of management regarding the methods of measurement and presentation of the supplementary information. However, we did not audit the information and express no opinion on it.
This report is intended for the information of the Inspector General of the U.S. Department of State, the Department's management, the Office of Management and Budget, and the Congress. This restriction is not intended to limit the distribution of this report, which is a matter of public record.
Comments by the Department's management on this report are presented as Appendix A.
Leonard G. Birnbaum and Company, LLP