printable banner

U.S. Department of State - Great Seal

U.S. Department of State

Diplomacy in Action

Management Controls, Systems and Compliance With Laws and Regulations


Share

FEDERAL MANAGERS' FINANCIAL INTEGRITY ACT

The Federal Managers' Financial Integrity Act (FMFIA) requires that agencies establish management control and financial systems that protect the integrity of federal programs and operations. It also requires that the head of the agency provide an Annual Assurance Statement on whether the agency has met this requirement. The Secretary of State's 2002 Annual Assurance Statement is provided in the Secretary's letter at the beginning of this report.

Management Control Program

The Management Control Steering Committee (MCSC) oversees the Department's management control program. The MCSC is chaired by the Chief Financial Officer, and is composed of nine other Assistant Secretaries [including the Chief Information Officer and the Inspector General (non-voting)], the Deputy Chief Financial Officer, and the Deputy Legal Advisor. Individual assurance statements from Ambassadors assigned overseas and Assistant Secretaries in Washington, D.C. serve as the primary basis for the epartment's assurance that management controls are adequate. The assurance statements are based on information gathered from various sources including the managers' personal knowledge of day-to-day operations and existing controls, management program reviews, and other management-initiated evaluations. In addition, the Office of the Inspector General and/or the General Accounting Office conduct reviews, audits, inspections, and investigations.

To be considered a material weakness in management control systems for FMFIA reporting purposes, the problem should be significant enough that it meets one or more of the FMFIA Material Weakness Criteria. The chart to the right describes the criteria that the Department uses for the FMFIA review.

Each year, Department organizations with material weaknesses are required to submit plans to correct those weaknesses to the MCSC for review and approval. These plans, combined with the individual assurance statements, provide the framework for monitoring and improving the Department's management controls on an on-going basis.

FMFIA Material Weakness Criteria

  • Significantly impairs the fulfillment of the Department's mission.
  • Deprives the public of needed services.
  • Significantly weakens established safeguards against waste, loss, unauthorized use or misappropriation of funds, property, other assets, or conflicts of interest.
  • Merits the attention of the Secretary, the President, or a relevant Congressional oversight committee.
  • Is of a nature that omission from the report could reflect adversely on the Department's management integrity.

Status of Management Controls and Report on Material Weaknesses and Nonconformance

The Department evaluated its management controls and financial management systems for the fiscal year ending September 30, 2002. This evaluation provided reasonable assurance that the objectives of the FMFIA were achieved in FY 2002.

The MCSC voted to close the Department's three remaining material weaknesses - Inadequate Administrative Staffing Overseas, Integration of Grants-Tracking Systems, and Exchange Visitor Information System (EVIS). Since there are no outstanding material weaknesses, the Secretary has provided an unqualified Statement of Assurance for FY 2002 regarding
the Department's systems of management control.

During the last five years, the Department has made significant progress by reducing the number of material weaknesses from 12 to zero, including the closure of 14 and the addition of two. This is the first time since the inception of the FMFIA that the Department has no outstanding material weaknesses - a significant accomplishment. In addition, there are no items specific to the Department on the General Accounting Office's High Risk List, and there has not been any since 1995. The following
table shows the Department's success during the past five years with correcting and closing its material weaknesses.


Number Of Material Weaknesses By Fiscal Year
Fiscal Year
Number at beginning of fiscal year
Number Corrected
Number Added
Number Reamining at end of fiscal year
1998
12
2
-
10
1999
10
7
-
3
2000
3
2
2*
3
2001
3
-
-
3
2002
3
3
-
0
*Reported by the Department of State as a result of the merger with USIA.

The actions taken to correct and close the three previously reported material weaknesses are provided in the table below.

SUMMARY OF FMFIA MATERIAL WEAKNESSES CLOSED IN FY2002
Material Weakness Corrective Actions Target Correction Date Diplomatic Activity

Inadequate Administrative Staffing Overseas The Department suffers from an acute shortage of skilled Foreign Service administrative staff overseas. This shortage is especially critical due to the increased staffing levels of other foreign affairs agencies, which rely on the Department for administrative support without a proportionate increase in Departmental administrative support levels. The shortage of administrative personnel is believed to be a root cause of other weaknesses in administrative areas.

.

 

An Overseas Staffing Model (OSM) has been developed to identify the criteria for determining administrative staffing levels by post. The OSM sets forth a base level of administrative staffing, and provides additional positions to meet special needs. To ensure that adequate resources are available, a direct link is established between the administrative requirements and each agency's proportional cost for the support.

During FY 2002, the Department hired above attrition to meet the requirements identified in the Diplomatic Readiness Initiative. Administrative requirements are being met in part by instituting programs that allow Foreign Service specialists, Civil Service employees, and eligible American family members to compete for specific administrative positions overseas.

Closed 2002 Diplomatic Activities - Human Resources
Integration of Grants Tracking Systems Multiple systems that track grant awards in support of international educational and cultural exchange programs are not fully integrated or linked to the Central Financial Management System. Integration would eliminate redundant record keeping, simplify coordination, and provide accurate and consistent data on grant costs and recipients An integrated system has been developed to track grant-funded exchange projects and their participants from beginning to end. There are three components. The program office grants-tracking system is being expanded to cover all offices in the bureau. The Grants Management Information System was installed in November 2002. The Commitment system is fully implemented. These three applications share data with one another through a single, common database. Closed 2002 Mutual Understanding
Exchange Visitor Information System (EVIS) Data discrepancies were found in EVIS. EVIS contains information on the organizations designated by the Department that conduct educational and cultural exchange programs and on the Foreign Nationals who have participated as exchange visitors in these programs. A pilot program has been developed and tested. The Department has been working in full cooperation with the Immigration and Naturalization Service and the Department of Education to develop and implement a National system. The system uses electronic forms to capture and report data collected and will enable the Department to acquire complete data on exchange visitor program participants. The National system will be implemented in 2003. Closed 2002 Mutual Understanding


For financial systems, the Department is in substantial compliance with applicable Federal accounting standards and the U.S. Government Standard General Ledger at the transaction level. However, the Department does not substantially comply with the Federal financial management systems requirements, and reports this area as a material nonconformance. Therefore, the Secretary is unable to certify that our financial systems fully comply with requirements of the FMFIA at this time. The Department has developed a remediation plan to resolve this issue by Fiscal Year 2004. Further information on this remediation plan can be found in the Federal Financial Management Improvement Act section below.

The table below provides the Department's corrective action plan for addressing the one remaining material nonconformance and the targeted correction date.

SUMMARY OF OPEN FMFIA NONCONFORMANCE
Material Nonconformance
Corrective Actions
Target Correction Date
Diplomatic Activity
Financial and Accounting Systems The Department has identified substantial weaknesses in its financial management systems. When first reported, the Department was burdened with managing six financial management systems worldwide, which support its domestic bureaus, overseas posts, and other overseas agencies. The financial management systems' nonconformance includes the following five weaknesses: deficiencies in data quality, noncompliance with JFMIP core requirements, ineffective interfaces, inadequate documentation and audit trails, and inadequate support of mission performance. Significant progress has been made over the past few years to improve financial management systems worldwide. The Department has reduced the number of financial systems from six to three; reduced the number of post-level financial systems from nine to two; decreased regional level systems from three to two; defined a standard account code structure that is applicable across all financial and feeder systems; and, re-centralized disbursing offices from 21 to three. The new Regional Financial Management System is operational in 44 overseas posts as of October 1, 2002 and is scheduled for full implementation by the end of FY 2003. Attaining substantial compliance with Federal financial management systems requirements is the focus of the Department's Remediation Plan, which was established with OMB. For more detail on financial systems improvements and compliance with the Federal Financial Management Improvement Act of 1996, see the following section. September 2003 Diplomatic Activities - Infrastructure and Operations

FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT

The Federal Financial Management Improvement Act of 1996 (FFMIA) is designed to improve Federal financial management by requiring that financial management systems provide reliable, consistent disclosure of financial data in accordance with generally accepted accounting principles and standards. Under FFMIA, agencies' financial management systems must comply substantially with three requirements: (1) Federal financial management system requirements; (2) applicable Federal accounting standards; and (3) the U.S. Government Standard General Ledger (SGL). FFMIA also requires that the Independent Auditor's Report on the agency's annual financial statements report whether the agency's financial management systems comply with the three requirements.

In 2002, the Department continued to maintain substantial compliance with the SGL and Federal accounting standards. However, as indicated in the Independent Auditor's Report and as agreed by State management, State is not in substantial compliance with the following Federal financial management systems requirements: timely and useful information; systems security; and business continuity/contingency planning. Finally, the SGL is not the source of information for certain elements
of the financial statements.

If an agency's financial systems do not comply with FFMIA requirements, the agency (in consultation with OMB) must establish a remediation plan. The Department established its initial Remediation Plan (Plan) with OMB in March 2000 in response to the Independent Auditor's Report on the 1999 financial statements. The Department submitted an updated Plan to OMB in November 2001 in response to the Independent Auditor's Report on the 2000 financial statements. The November 2001 Plan, consistent with the March 2000 submission, identifies twelve initiatives to be accomplished by Fiscal Year 2004
that would result in substantial compliance.

During 2002, the Department continued to make significant progress towards implementing the Plan. The Independent Auditor's Report shows that the Department has reduced the overall degree of noncompliance. The Department has completed eight of the twelve initiatives the Department identified to achieve FFMIA compliance, and completing the remaining four initiatives in the Plan is a top priority.

The cornerstone of the Plan is implementation of the Regional Financial Management System (RFMS). Development and implementation of RFMS, approved by State's Information Technology Program Board in June 1998, will support State's goal of integrating and standardizing worldwide financial and information systems, and conforms with OMB Circular A-127 requirements to establish a single, integrated financial management system. RFMS (1) reduces the number of overseas financial systems from two to one; (2) incorporates State's standard account code structure; and (3) standardizes financial transactions to enable budget and performance integration between RFMS and State's Central Financial Management System (CFMS), which will result in consistent processing and recording of financial data worldwide.

RFMS is on-schedule for implementation worldwide by the end of FY 2003. RFMS is comprised of a custom-developed disbursing system and an off-the-shelf accounting system. A major milestone was achieved on October 31, 2001 when the first pilot post (Embassy Lima) began offering the full range of financial services under RFMS. By September 30, 2002, the new RFMS was operational in 44 overseas posts.

[Text version of a photo: Machine for printing checks, with balloons and U.S. flag in background; Bureau of Resource Management, U.S. Department of State photo. Caption reads: "The first checks are printed from the new RFMS disbursing system."]

[Text version of a photo: Two men holding papers/printouts; Bureau of Resource Management, U.S. Department of State photo. Caption reads: "Richard Ivy, United States Disbursing Officer, presents checks for approval to Keith Koehler, FSN Payroll Unit Chief."]

The following table provides a summary of the Plan, encompassing the eight initiatives that have been completed to-date, which includes the three initiatives completed on schedule during FY 2002. The second table provides the status on the four open initiatives remaining to be completed under the remediation plan.

COMPLETED INITIATIVES TO ACHIEVE FFMIA COMPLIANCE
Initiatives
Diplomatic Activity
Status
Desription
Initiatives Mainframe Access Controls Security Diplomatic Activities - Infrastructure and Operations Complete Mainframe security for access controls was enhanced, enabling the MCSC, with the concurrence of the IG, to vote for closure of the FMFIA material weakness for Information Systems Security. The processes, controls, and administration of State's information systems security program have been significantly improved since this problem was identified in 1997.
CFMS Security Improvements Diplomatic Activities - Infrastructure and Operations Complete New policies, procedures, and security profiles were established. CFMS security awareness training was developed and provided to over 900 users of CFMS.
CFMS Mainframe Contingency Plan Diplomatic Activities - Infrastructure and Operations Complete Two fully operational mainframe computer facilities have been established: the center in the Harry S Truman Building in Washington, D.C., and the Beltsville Information Management Center in Beltsville, MD. If a disaster strikes one of these two facilities, critical mainframe operations could be moved to the other site, in a diminished but workable capacity.
Paris FSC Mainframe Contingency Plan Diplomatic Activities - Infrastructure and Operations Complete A contingency plan was developed to provide appropriate contingency relief and disaster recovery for the FSC Paris mainframe using the domestic mainframe computers.
Unliquidated Obligation System and Procedures Diplomatic Activities - Infrastructure and Operations Complete The Unliquidated Obligation System facilitates the reconciliation, monitoring, reporting and oversight of unliquidated obligations worldwide. Data in the system is analyzed in various strata, and reports are produced to review and manage open items.
CFMS Enhancements:
1. Project Cost Accounting System
Diplomatic Activities - Infrastructure and Operations Complete The Project Cost Accounting System (PCAS) captures costs associated with capital improvements and construction projects, and reports these costs in State's SGL
2. Fixed Assets: Phase I - Real Property Diplomatic Activities - Infrastructure and Operations Complete State implemented the Fixed Assets System, an integrated module within CFMS, to account for the real property elements of land, buildings and structures. Data from this new module automatically updates the SGL account for Property, Plant and Equipment. The CFMS general ledger is now the primary source of information on these elements for financial reporting.
3. Fixed Assets: Phase II - Personal Property Diplomatic Activities - Infrastructure and Operations Complete State implemented an automated process to capture the financial aspects of personal property assets. This process involves receiving data from several property systems, updating the Fixed Assets System subsidiary, and computing and reporting depreciation. This information is interfaced and recorded into CFMS.
Enhanced Interfaces Diplomatic Activities - Infrastructure and Operations Complete The overseas to CFMS interface was reengineered as part of the RFMS project. The new re-engineered interface provides overseas transactions on a daily basis at the accounting line level of detail and the creation of transaction category documents in CFMS to record the accounting impact of the overseas transactions. The creation of a transaction at the accounting line level of detail for the overseas transactions enables the synchronization of available fund balances and standard general ledger accounts for overseas allotments in RFMS and CFMS. It also provides for daily reporting of funds status and an adequate level of detail based on available information from the posts to provide assurance, track discrepancies, and meet internal and external reporting requirements.
Financial Reporting Software Diplomatic Activities - Infrastructure and Operations Complete The Financial Reporting Software fulfills the FACTS II reporting requirements mandated by Treasury and streamlines the compilation, consolidation and reporting for financial statements.

REMAINING INITIATIVES TO ACHIEVE FFMIA COMPLIANCE
Initiatives
Diplomatic Activity
Completion Date
Description
Status 9/30/2002
Regional Financial Management System (RFMS) Diplomatic Activities - Infrastructure and Operations September 2003 RFMS supports State's goal to establish and maintain a single, integrated financial management system. RFMS will (1) replace and reduce the number of overseas regional systems from two to one, (2) incorporate State's standard account code structure, and (3) standardize financial transactions between RFMS and CFMS, which will result in consistent processing and recording of financial data worldwide.

On schedule. Completed disbursing module IV&V and RFMS; finished updates to RFMS software documentation and procedures, and production simulation. Implemented in 44 posts by September 30, 2002.
Business Continuity Plans Diplomatic Activities - Infrastructure and Operations September 2003 State must always be prepared to deal with a broad range of crises, ranging from natural disasters to political instability to terrorist attacks. Financial processes and financial management systems must be safeguarded should any of our business centers be faced with a crisis. On schedule. RFMS Contingency and Continuity Plan under development
Information Systems Network Security Diplomatic Activities - Infrastructure and Operations September 2003 State is implementing a comprehensive framework and process for lifecycle management of IT security. The framework and process will provide continual evaluation and improvement. On schedule. Developed a Systems Security Program Plan; adopted the National Information Assurance Certification and Accreditation Program (NIACAP); established a Configuration Control Board; and implemented an ongoing penetration testing program.
Central Financial Planning System (CFPS) Statement of Net Cost Module Diplomatic Activities - Infrastructure and Operations September 2003
Statement of Net Cost Module
As presented in the Department's updated FY 2004 OMB A-300 business case, CFPS is the implementation of five distinct development modules that will together enable more timely and accurate reporting on linking spending, costs, and budgeted resources to performance information. Specific to improving financial management systems and performance, the CFPS Statement of Net Cost Module will provide the ability to associate costs and revenues to strategic goal by organization, be used to produce the Statement of Net Cost, and allow for substantial compliance with managerial cost accounting standards.

On schedule. The Department has successfully completed the first three activities of the CFPS project: 1) Functional & Technical Requirements; 2) Business Model Concept; and 3) Mission Performance Plan Module (Release 1).

In FY 2003, the Department will focus on completing the Statement of Net Cost Module.


GOVERNMENT MANAGEMENT REFORM ACT - AUDITED FINANCIAL STATEMENTS

The Government Management Reform Act (GMRA) of 1994 amended the requirements of the Chief Financial Officers (CFO) Act of 1990 by requiring an annual preparation and audit of agency-wide financial statements from the 24 major executive departments and agencies. The statements are to be audited by the Inspector General (IG), or an independent auditor at the direction of the IG. An audit report on the principal financial statements, internal controls, and compliance with laws and regulations is prepared after the audit is completed.

The Department's 2002 financial statements received an unqualified opinion - the best possible result of the audit process. This year marks the sixth consecutive year that the Department's financial statements have achieved such an opinion. However, in relation to internal control, the Independent Auditor's Report cites as a material weakness the Department's information systems security for networks in domestic operations. In addition, the Report found three reportable conditions:
(1) inadequacy of the Department's financial management systems, (2) management of unliquidated obligations, and (3) implementation of Managerial Cost Accounting Standards. The Independent Auditor's Report also states that the Department's financial management systems are non-compliant with laws and regulations, including the FFMIA.

The definition of material weaknesses previously discussed in the FMFIA section differs from the definition that the independent auditors use to assess and report on internal controls in their audits. Under standards issued by the American Institute of Certified Public Accountants,material weaknesses in internal control are defined as reportable conditions in which the design or operation of the internal control does not reduce to a relatively low level the risk that errors or irregularities in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.

Reportable conditions are significant, though not material, deficiencies, in the design or operation of internal control that could adversely affect the Department's ability to record, process, summarize, and report financial data consistent with the assertions of management in the financial statements.

The table on the folloiwng pages summarizes the weaknesses in internal control and compliance with laws and regulations cited in the FY 2002 Independent Auditor's Report, as well as the actions taken to resolve the problems. The Department has continued to address aggressively the Information System Network Security material weakness and believes that this weakness will be resolved in Fiscal Year 2003.


SUMMARY OF INTERNAL CONTROL WEAKNESSES AND NONCOMPLIANCE WITH LAWS AND REGULATIONS
(Refer to Independent Auditor's Report Section — Pages 179 to 188)
Material Weakness
Corrective Actions
Target Correction Date
Diplomatic Activity
Information System Network Security Information system networks for domestic operations are vulnerable to unauthorized access. Consequently, other systems, including the Department's financial management systems, which process data using these networks, may also be vulnerable. This weakness was first reported based on penetration tests performed by the General Accounting Office (GAO) and was also cited in the audit opinion of the 1997 financial statements. Mainframe security for access controls was enhanced, enabling the MCSC to close the FMFIA material weakness for Information Systems Security. The processes, controls, and administration of State's information systems security program have been significantly enhanced since this problem was first identified in 1997. The Department has created a strong perimeter defense — through firewalls, virus protection, and intrusion detection — and has sound personnel procedures to ensure cleared and trained personnel at all levels. In response to two vulnerability reviews of State's network infrastructure, the Department established a Vulnerability Assessment Working Group. The Group is charged with analyzing the reviews and developing a risk mitigation plan of action with appropriate milestones. In addition to addressing the issues identified in penetration tests, State is developing a comprehensive framework and process for lifecycle management of IT security. The framework and process will allow for continual evaluation and improvement. The Chief Information Officer is reassessing the Certification and Accreditation (C&A) Program plan with the goal of completing accreditation of general support systems and major applications by FY 2004. September 2003 Diplomatic Activities - Information Resources
SUMMARY OF INTERNAL CONTROL WEAKNESSES AND NONCOMPLIANCE WITH LAWS AND REGULATIONS
(Refer to Independent Auditor's Report Section — Pages 179 to 188)
Reportable Conditions
Corrective Actions
Target Correction Date
Diplomatic Activity
Management of Unliquidated Obligations

The Department's internal control process related to managing undelivered orders is inadequate. It lacks a structured process for reconciling and deobligating funds in a timely manner, which may result in the loss of those funds.

Compliance with Managerial Cost Accounting Standards (MCAS)

While the Department complies with certain aspects of the Statement of Federal Financial Accounting Standards #4, it does not have an effective process to routinely collect managerial cost accounting information, establish outputs for each responsibility segment, or allocate all support costs.


The Department has made significant improvements in this area. The Unliquidated Obligation System was implemented in 2000. The system is updated periodically for detailed unliquidated obligation data and facilitates the reconciliation, monitoring, reporting, and oversight of unliquidated obligations worldwide. Data in the system is analyzed to facilitate the review and management of open items. Using this analysis and review, new software routines will be implemented in FY 2003 to remove unliquidated obligations where appropriate.


The Department is making reasonable progress in implementing MCAS, but acknowledges that additional work is needed to fully comply with these standards. To substantially address MCAS requirements, the Department is developing the Central Financial Planning System which is included in the FFMIA Remediation Plan (pages 31-34).
September 2003

Diplomatic Activities - Infrastructure and Operations





Diplomatic Activities - Infrastructure and Operations

Financial and Accounting Systems See discussion below. See description below. September 2003 Diplomatic Activities - Infrastructure and Operations
Material Noncompliance with Laws and Regulations
Corrective Actions
Target Correction Date
Diplomatic Activity
Financial and Accounting Systems

The Department has identified and acknowledged serious weaknesses in its financial management systems. When first reported, the Department was charged with overseeing six financial management systems that support its domestic bureaus, overseas posts, and other overseas agencies. The financial management systems nonconformance includes the following five weaknesses: deficiencies in data quality; noncompliance with JFMIP core requirements; ineffective interfaces; inadequate documentation and audit trails; and inadequate support of mission performance.

Significant progress has been made over the past few years to improve financial management systems worldwide. For more detail on the Financial and Accounting Systems corrective actions, refer to summary of open FMFIA nonconformance on page 31; and Federal Financial Management Improvement Act on pages 31-34.

September 2003

Diplomatic Activities - Infrastructure and Operations

Contents



Back to Top
Sign-in

Do you already have an account on one of these sites? Click the logo to sign in and create your own customized State Department page. Want to learn more? Check out our FAQ!

OpenID is a service that allows you to sign in to many different websites using a single identity. Find out more about OpenID and how to get an OpenID-enabled account.