Management Controls, Financial Management Systems and Compliance with Laws and Regulations
FEDERAL MANAGERS' FINANCIAL INTEGRITY ACT
The Federal Managers' Financial Integrity Act (FMFIA) requires agencies to establish management control and financial systems that provide reasonable assurance that the integrity of federal programs and operations are protected. It also requires that the head of the agency, based on an evaluation, provide an annual Statement of Assurance on whether the agency has met this requirement.
The Department evaluated its management control systems and financial management systems for the fiscal year ended September 30, 2005. This evaluation provided reasonable assurance that the objectives of the FMFIA were achieved in FY 2005, and formed the basis for the Secretary's Statement of Assurance. The Secretary of State's unqualified Statement of Assurance for FY 2005 is included in the Message from the Secretary located at the beginning of this Report.
Management Control Program
The Management Control Steering Committee (MCSC) oversees the Department's management control program. The MCSC is chaired by the Chief Financial Officer, and is composed of nine other Assistant Secretaries [including the Chief Information Officer and the Inspector General (non-voting)], the Deputy Chief Financial Officer, and the Deputy Legal Advisor. Individual assurance statements from Ambassadors assigned overseas and Assistant Secretaries in Washington, D.C. serve as the primary basis for the Department's assurance that management controls are adequate. The assurance statements are based on information gathered from various sources including the managers' personal knowledge of day-to-day operations and existing controls, management program reviews, and other management-initiated evaluations. In addition, the Office of Inspector General and the Government Accountability Office conduct reviews, audits, inspections, and investigations.
To be considered a material weakness in management control for FMFIA reporting purposes, the problem should be significant enough that it meets one or more of the FMFIA material weakness criteria. The accompanying chart describes the criteria that the Department uses for the FMFIA review.
Status of Management Controls and Financial Manaagement Systems
During the last five years, the Department made significant progress by correcting all outstanding material weaknesses. In addition, there are no items specific to the Department on the Government Accountability Office's High Risk List, and there have not been any since 1995. The following table show the Department's progress during the past five years with correcting and closing material weaknesses.
|Fiscal Year||Number at Beginning
of Fiscal Year
|Number Corrected||Number Added||Number Remaining |
at End of Fiscal Year
For financial systems, the MCSC voted to close in FY 2003 the Department's one remaining material nonconformance - Financial and Accounting Systems. This was the first time since the inception of the FMFIA that the Department had no open material nonconformances - a significant accomplishment. No new material nonconformances were identified by the MCSC during FY 2004 and FY 2005. As a result, the Secretary has provided an unqualified Statement of Assurance regarding the Department's financial management systems.
In FY 2005, OMB revised Circular A-123, Management's Responsibility for Internal Control, which implements FMFIA, to include a new requirement for agency management to provide an annual assessment of internal control over financial reporting beginning for FY 2006. The Department began implementing the revised Circular during FY 2005 and is well-positioned for full implementation in FY 2006.
FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT
The Federal Financial Management Improvement Act of 1996 (FFMIA) requires that agencies' financial management systems provide reliable financial data in accordance with generally accepted accounting principles and standards. Under FFMIA, financial management systems must substantially comply with three requirements — Federal financial management system requirements, applicable Federal accounting standards, and the U.S. Government Standard General Ledger (SGL).
To assess conformance with FFMIA, the Department uses OMB Circular A-127 survey results, FFMIA implementation guidance issued by OMB (January 2001 Memorandum to Executive Department Heads, Chief Financial Officers, and Inspectors General), results of OIG and GAO audit reports, annual financial statement audits, the Department's annual Federal Information Security Management Act (FISMA) Report, and other relevant information. The Department's assessment also relies a great deal upon evaluations and assurances under the FMFIA, with particular importance attached to any reported material weaknesses and material nonconformances.
The Department has made it a priority to meet the objectives of the FFMIA. In December 2003, the Department initially determined that its financial systems comply substantially with the requirements of the FFMIA. This determination was made after considering (1) the audited financial statement results as of September 30, 2003, whereby the material weakness on Information Systems Security was reduced to a reportable condition, (2) the approval of the Management Control Steering Committee to close the longstanding FMFIA material noncomformance for our Financial and Accounting Systems, and (3) systems efforts completed in FY 2003 along with additional improvements to our financial systems during early FY 2004.
In November 2004, the Department conducted a comprehensive OMB Circular A-127 assessment. The assessment included (among other things) a collection of the various background materials, reference documents, and supporting details that document how the Department meets the applicable A-127 requirements and OMB FFMIA implementation guidance. Based on the results of this assessment, along with information contained in the Department's FY 2005 FISMA Report and evaluations and assurances provided under FMFIA, the Department reaffirmed its determination of substantial compliance with FFMIA in its FY 2005 Management Representation Letter provided to the Independent Auditor. The Department will reassess this determination based upon receipt of the FY 2005 Independent Auditor's Report.
FEDERAL INFORMATION SECURITY MANAGEMENT ACT
The Department's Federal Information Security Management Act (FISMA) and Privacy Management Report for FY 2005 shows considerable improvement over previous reports. The Department remains acutely aware of the value and sensitivity of its information and information systems and is dedicated to the vigilance required to ensure their adequate protection. A wide range of measures is used to assess the Department's performance in information security. The 2005 FISMA report presents major accomplishments, as well as the specific metrics upon which performance is assessed. There is commitment at all levels to continually maintain and enhance the Department of State information security posture.
Over the past year, the Department made considerable strides in the following areas, while maintaining steady improvement across the Information Security Program in automating its IT asset inventory, systems authorization, professionalizing the cyber security workforce, integrating information security costs with IT investments, implementing information security into acquisitions, automating configuration management, enhancing incident reporting, information security policy development, and awareness, training, and education.
The Information Security Program focus areas for FY 2006 include improved contractor oversight, continued enhancements and refinements to the Department's IT asset baseline, implementing Personnel Identity Verification, and increased support for Information Systems Security Line of Business. The Program goal for FY 2006 will continue the development and implementation of improved metrics for managing and reporting on the performance of the Program. Information security costs will be fully integrated into the IT investment process. The Information Security Program will accelerate the use of the internal bureau scorecard, which highlights each quarter all bureau achievements and needed improvements in the areas of Systems Authorization, Role Based Training, Patch Management, and Plans of Actions and Milestones (POA&Ms).
GOVERNMENT MANAGEMENT REFORM ACT - AUDITED FINANCIAL STATEMENTS
The Government Management Reform Act (GMRA) of 1994 amended the requirements of the Chief Financial Officers (CFO) Act of 1990 by requiring an annual preparation and audit of agency-wide financial statements from the 24 major executive departments and agencies. The statements are to be audited by the Inspector General (IG), or an independent auditor at the direction of the IG. An audit report on the principal financial statements, internal controls, and compliance with laws and regulations is prepared after the audit is completed.
The Department has a proud tradition of unqualified opinions on our annual financial statements from our independent auditors for the better part of the last decade. However, late in FY 2005, the Department became aware of potentially material amounts of Department-owned personal property held by host countries and contractors, including aircraft and spare parts inventories, which had not been reflected in our financial statements. Due to the need for a complete and thorough analysis, the complexity of the matters involved, and the accelerated financial reporting requirements, the Department was unable to satisfy our independent auditors with regard to the presentation of personal property by November 15, 2005.
As a result, and as more fully explained in the Independent Auditor's Report, the independent auditors issued a qualified opinion on our FY 2005 and FY 2004 financial statements released on November 15, 2005. Since then, the independent auditors satisfied themselves about the amounts presented as personal property in the Department's FY 2005 and FY 2004 financial statements, and issued an unqualified opinion thereon, dated December 14, 2005, which has cleared the way for updating this Report.
The definition of material weaknesses previously discussed in the FMFIA section differs from the definition that the independent auditors use to assess and report on internal controls in their audits. Under standards issued by the American Institute of Certified Public Accountants, material weaknesses in internal control are defined as reportable conditions in which the design or operation of the internal control does not reduce to a relatively low level the risk that errors or irregularities in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.
Reportable conditions are significant deficiencies, though not material, in the design or operation of internal control that could adversely affect the Department's ability to record, process, summarize and report financial data consistent with the assertions of management in the financial statements.
The table below summarizes the weaknesses in internal control and compliance with laws and regulations cited in the FY 2005 Independent Auditor's Report, as well as the actions taken or planned to resolve the problems.
|Material Weakness||Corrective Actions||Target Correction Date||Strategic Goal|
Information System Security
Information system networks for domestic operations are vulnerable to unauthorized access. Consequently, systems, including the Department's financial management system, that process data using these networks may also be vulnerable. These deficiencies were cited as material weaknesses in the Department's 1997 Principal Financial Statements and subsequent audits through 2002. In response, the Department initiated a program to assess its information systems security on a comprehensive and continuing basis. As a result, the Independent Auditor downgraded these deficiencies to a reportable condition in connection with the audit of the Department's 2003 Principal Financial Statements. Their review of information system security in connection with the audit of the Department's 2005 Principal Financial Statements disclosed that the Department is no longer assessing information system security to the same extent as it was during 2003 and 2004. Consequently, the Independent Auditor reclassified this deficiency to a material weakness.
The Department remains acutely aware of the value and sensitivity of its information and information systems and is dedicated to the vigilance required to ensure their adequate protection. The 2005 FISMA Report presents major accomplishments, as well as specific metrics upon which performance is assessed.
For FY 2006, the Information Security Program (ISP) will focus on addressing any identified shortfalls in assessing information system security, along with improved contractor oversight, implementing Personnel Identity Verification, and integrating information security costs into the IT investment process. In addition, the Department will accelerate the use of an internal bureau scorecard, which highlights each bureau's needed improvements in the areas of systems authorization, role based training, patch management, and Plans of Actions and Milestones (POA&Ms).
|2005||Management and Organizational Excellence|
|Recording of Personal Property
The Department does not have a system of controls to identify and record property in the hands of contractors. Further, the Department's controls over aircraft, vehicles and other personal property are ineffective. Audit work disclosed significant discrepancies between inventories of property reported by posts and bureaus and those maintained centrally and used as a source for reporting for financial statement purposes, posts not submitting inventories of property with no investigation by responsible Department officials, property not reported by posts and/or bureaus, significant unreported vehicle armoring costs, and errors in depreciation resulting from incorrect in-service dates.
|In recognition of the deficiencies with respect to personal property, the Department's Management Control Steering Committee (MCSC) created in October 2005 a subcommittee to address these weaknesses. The subcommittee is charged with developing recommendations for the MCSC's approval in December 2005 regarding the scope and severity of identified deficiencies along with corrective actions needed to address these issues Department-wide. Each of the matters identified in the Independent Auditor's Report will be addressed as well as additional deficiencies noted during the audit process.||2006||Management and Organizational Excellence|
|Reportable Condition||Corrective Actions||Target Correction Date||Strategic Goal|
Management of Unliquidated Obligations
The Department's internal control process related to managing undelivered orders is inadequate. It lacks a structured process for reconciling and deobligating funds in a timely manner, which may result in the loss of those funds.
Strengthening the management of unliquidated obligations (UDOs) is an important financial management initiative, and the Independent Auditor's Report notes that there have been improvements in this area. In 2004, new capabilities were installed in the Department's Central Financial Management System that allow for the automatic deobligation of UDOs based on a wide range of criteria (e.g., age, object class, dollar amount). In 2005, the UDO database was analyzed by a variety of criteria to identify potentially invalid items. In some instances, meetings were held with bureaus to assist with identifying questionable obligations, understand unique bureau issues for their aged obligations, raise their awareness of their older obligations, and stress the requirement for the bureau to review and deobligate invalid UDOs. Based on these reviews, the new capabilities were used to deobligate 37,000 UDOs for over $220 million.
As part of the President's Management Agenda Initiative for Improved Financial Performance, the Department prepares quarterly reports for OMB and senior management. The March 2005 report, and all subsequent reports, includes a chart that identifies by bureau the percentage of UDOs with no activity for the past 12 months. This analysis is used to focus improvement efforts on those bureaus with the higher percentages of no activity.
Overall, the Independent Auditor's FY 2005 tests identified over $340 million that should have been deobligated. However, this amount is $184 million (35%) lower than the $524 million reported for FY 2004, and takes on added significance when considering the $1 billion increase in UDO balances in FY 2005. The Department will continue to develop reports and processes to improve the management of UDOs.
|2006||Management and Organizational Excellence|
Compliance with Managerial Cost Accounting Standards
While the Department complies with certain aspects of the Statement of Federal Financial Accounting Standards #4, it does not have an effective process to routinely collect managerial cost accounting information, establish outputs for each responsibility segment, or allocate all support costs.
To address MCAS requirements, the Department developed an automated Statement of Net Cost that enables reporting of cost information by strategic objects and goals, along with responsibility center. It also allows for the allocation of support costs. In FY 2005, the Department established a project team, which includes consultants with experience implementing Cost Accounting Systems. A project plan (Plan) has been developed that includes developing survey instruments to identify outputs and assess each bureaus' need for managerial cost information, preparing a detailed Concept Paper and implementing managerial cost data for pilot bureau(s) by the end of FY 2006. Implementation will be expanded during FY 2007. The Plan includes reviewing the current Statement of Net Cost to improve the gathering and reporting of cost data by strategic goal and responsibility center, including the allocation of indirect or support costs.
|2007||Management and Organizational Excellence|
Financial and Accounting Systems
(See Nonconformance below)
See discussion below.
|2007||Management and Organizational Excellence|
|Nonconformance with Laws and Regulations||Corrective Actions||Target Correction Date||Strategic Goal|
Financial and Accounting Systems
The Department has identified and acknowledged serious weaknesses in its financial management systems. When first reported, the Department was charged with overseeing six financial management systems that support its domestic bureaus, overseas posts and other overseas agencies. The financial management systems nonconformance includes the following five weaknesses: deficiencies in data quality; noncompliance with JFMIP core requirements; ineffective interfaces; inadequate documentation and audit trails; and inadequate support of mission performance.
Significant progress has been made over the past few years to improve financial management systems worldwide. The Department has reduced the number of financial systems from six to two; decreased the number of post-level financial systems from nine to two; and re-centralized disbursing offices from 22 to two. In FY 2003, the Department's Management Control Steering Committee voted to close the material nonconformance for financial and accounting systems. In 2004, the two existing overseas accounting databases were merged into one database residing at the Charleston Financial Service Center — all overseas accounting transactions for both the Department of State and our serviced agencies are now recorded in a single database, and many operational/system activities (e.g., software upgrades, annual close outs) are performed only in one place.
In 2005, the overseas Regional Financial Management System was upgraded to the most current version of commercial off-the-shelf (COTS) software used by this system. The Department also expanded the number of on-line overseas users, added and/or enhanced a number of interfaces, and deployed improved reporting capabilities.
|2007||Management and Organizational Excellence|
IMPROPER PAYMENTS INFORMATION ACT
Narrative Summary of Implementation Efforts for FY 2005 And Agency Plans for FY 2006 - FY 2008
The Improper Payments Information Act of 2002 (IPIA), Public Law No. 107-300, requires agencies to annually review their programs and activities to identify those susceptible to significant improper payments. Significant improper payments are defined as annual improper payments in a program that exceed both 2.5 percent of program annual payments and $10 million. Once those highly susceptible programs and activities are identified, agencies are required to estimate and report the annual amount of improper payments. Generally, an improper payment is any payment that should not have been made or that was made in an incorrect amount under statutory, contractual, and administrative or other legally applicable requirements.
Summarized below are the Department's IPIA accomplishments and future plans for identifying improper payments as prescribed by OMB Circular A-136, Financial Reporting Requirements. Additional IPIA reporting details are provided in the Financial Section of this Report.
Summary IPIA accomplishments
In FY 2004, the Department focused on reviewing programs with a high risk of being susceptible to significant improper payments. Federal Financial Assistance and Vendor Pay were the two categories of payments considered to be susceptible to significant improper payments. The results of the three program reviews completed in FY 2004 are reflected in the table on the following pages. Only the U.S. Speaker and Specialist program actual error rate was high at 81.18%, although the estimated amount of improper payments was low. This high actual error rate reflects misuse of invitational travel rather than grants for participant transportation. With implementation of a revised "Grants Policy Directive" on October 1, 2005, the error rate is expected to be lower in FY 2006.
In FY 2005, the Department reviewed the high-risk programs that were not reviewed in FY 2004 and performed a reassessment of risk for all payment categories (i.e., Federal Financial Assistance, Vendor Pay and Employee Pay). The results, reflected in the table on the following page, show that the programs reviewed were of moderate risk of being susceptible to significant improper payments. No new high-risk programs were identified in FY 2005.
Future plans provide for expanding the IPIA program to include programs assessed as having a low susceptibility to significant improper payments. We do not expect to find significant improper payments in these programs; however, we will seek to identify opportunities to strengthen internal control.
|Outlays for First Nine Months of FY 2004||Outlays for Last Quarter FY 2004 and First Three Quarters of FY 2005||Initial Risk||Task||Status and Results||Error Rate||Revised Risk|
|Year Reviewed: 2005|
|Federal Financial Assistance|
|Population, Refugee and Migration (PRM) - Refugee Assistance||$ —||$ 682||Moderate||Performed reassessment of risk, selected statistical sample, and reviewed program for improper payments||No improper payments were identified and no further reviews are planned for this program.||0%||Low|
|Educational and Cultural Affairs (ECA) - Fulbright Program||$ —||$ 169||Moderate||Performed reassessment of risk, selected statistical sample, and reviewed program for improper payments||No improper payments were identified and no further reviews are planned for this program.||0%||Low|
|International Narcotics and Law Enforcement (INL) - Law Enforcement, Eradication, Aviation Support and Support to the Military Program||$ —||$ —||Moderate||Performed reassessment of risk, selected statistical sample, and reviewed program for improper payments||The review for this program was started in FY 2005 and will be completed in FY 2006 and reported in the FY 2006 PAR.||N/A||N/A|
|International Organizations (IO) -Voluntary Contributions and Peacekeeping||$ —||$ 1,891||Moderate||No improper payments were identified and no further reviews are planned for this program.||0%||Low|
|Structures and Equipment||$ 671||$ —||High||Review was started in FY 2004 for first nine months of FY 2004 and was completed in FY 2005||The error rate was a result of isolated incidents caused by human error. This program will not be reviewed for improper payments in the future unless new information becomes available that might increase the risk. The projected error rate for the last quarter of FY 2004 and the first three quarters of FY 2005 < 1%.||3.97%||Low|
|Year Reviewed: 2004|
|Federal Financial Assistance|
|INL - Narcotics Program||$ 313||$ —||High||Followed-up on corrective action taken in FY 2005 to reduce improper payment error rate reported in FY 2004||Due to the low error rate, no further reviews are planned.||0.87%||Low|
|International Information Program (IIP) -- U.S. Speaker and Specialist Program||$ 30||$ 41||High||Followed-up on corrective action taken in FY 2005 to reduce improper payment error rate reported in FY 2004, resulting from the mis-designation of participants as invitational travelers rather than grantees||The high error rate was due to travel vouchers not being submitted at the completion of travel due to the incorrect use of invitational travel forms rather than grant forms. However, with the issuance of revised "Grants Policy Directive 1O" on October 1, 2005, participants will be properly designated as grantees and use the appropriate form. This will reduce errors beginning in FY 2006. No review was conducted in FY 2005. The next planned review is in FY 2006.||81.18%||High|
|Other Contractual Services||$ 1,534||$ 3,299||High||Followed-up on corrective action taken in FY 2005 to reduce improper payment error rate reported in FY 2004||Due to the low error rate, no further reviews are planned.||2%||Low|