printable banner

U.S. Department of State - Great Seal

U.S. Department of State

Diplomacy in Action

Management Controls, Systems and Compliance with Laws and Regulations


FY 2003 Performance and Accountability Report
Bureau of Resource Management
December 2003
Report
Share

Federal Managers' Financial Integrity Act

The Federal Managers' Financial Integrity Act (FMFIA) requires agencies to establish management control and financial systems that provide reasonable assurance that the integrity of federal programs and operations are protected. It also requires that the head of the agency, based on an evaluation, provide an annual Statement of Assurance on whether the agency has met this requirement.

The Secretary of State's unqualified Statement of Assurance for FY 2003 is included in the Secretary's letter at the beginning of this report. The Department evaluated its management control systems and financial management systems for the fiscal year ended September 30, 2003. This evaluation provided reasonable assurance that the objectives of the FMFIA were achieved in FY 2003, and formed the basis for the Secretary's Statement of Assurance.

Management Control Program

FMFIA MATERIAL WEAKNESS CRITERIA
  • Significantly impairs the fulfillment of the Department's mission.
  • Deprives the public of needed services.
  • Significantly weakens established safeguards against waste, loss, unauthorized use or misappropriation of funds, property, other assets, or conflicts of interest.
  • Merits the attention of the Secretary, the President, or a relevant Congressional oversight committee.
  • Is of a nature that omission from the report could reflect adversely on the Department's management integrity.

The Management Control Steering Committee (MCSC) oversees the Department's management control program. The MCSC is chaired by the Chief Financial Officer, and is composed of nine other Assistant Secretaries [including the Chief Information Officer and the Inspector General (non-voting)], the Deputy Chief Financial Officer, and the Deputy Legal Advisor. Individual assurance statements from Ambassadors assigned overseas and Assistant Secretaries in Washington, D.C. serve as the primary basis for the Department's assurance that management controls are adequate or that material weaknesses exist. The assurance statements are based on information gathered from various sources including the managers' personal knowledge of day-to-day operations and existing controls, management program reviews, and other management-initiated evaluations. In addition, the Office of the Inspector General and/or the General Accounting Office conduct reviews, audits, inspections, and investigations.

To be considered a material weakness in management control systems for FMFIA reporting purposes, the problem should be significant enough that it meets one or more of the FMFIA material weakness criteria. The chart above describes the criteria that the Department uses for the FMFIA review.

Status of Management Controls

The MCSC voted in FY 2002 to close the Department's three remaining material weaknesses. That was the first time since the inception of the FMFIA that the Department had no open material weaknesses. No new material weaknesses were identified by the MCSC during FY 2002 and 2003. As a result, the Secretary has provided an unqualified Statement of Assurance for the second year in a row regarding the Department's systems of management control.

During the last five years, the Department made significant progress reducing the number of material weaknesses from 10 to zero, with the addition of two new weaknesses and the closing of 12 weaknesses. In addition, there are no items specific to the Department on the General Accounting Office's High Risk List, and there have not been any since 1995. The following tables show the Department's progress during the past five years with correcting and closing material weaknesses.

NUMBER OF MATERIAL WEAKNESSES BY FISCAL YEAR
Fiscal Year Number at Beginning
of Fiscal Year
Number Corrected Number Added Number Remaining
at End of Fiscal Year
1999 10 7 - 3
2000 3 2 2[1] 3
2001 3 - - 3
2002 3 3 - 0
2003 0 - - 0

Note 1: Reported by the Department of State as a result of the merger with the United States Information Agency.

Status of Financial Systems

For financial systems, the MCSC voted to close in FY 2003 the Department's one remaining material nonconformance - Financial and Accounting Systems. This is the first time since the inception of the FMFIA that the Department has no open material nonconformances - a significant accomplishment. A summary of actions taken to correct and close the one previously reported material nonconformance is provided in the table below.

SUMMARY OF FMFIA MATERIAL NONCONFORMANCE CLOSED IN FY 2003
Material Nonconformance Corrective Actions Strategic Goal

Financial and Accounting Systems

In 1983, the Department identified substantial weaknesses in its financial management systems. When first reported, the Department was burdened with managing six financial management systems worldwide, which support its domestic bureaus, overseas posts, and other overseas agencies. This nonconformance included the following five weaknesses: deficiencies in data quality, noncompliance with JFMIP core requirements, ineffective interfaces, inadequate documentation and audit trails, and inadequate support of mission performance.

Significant progress has been made over the past few years to improve financial management systems worldwide. The Department has reduced the number of financial management systems from six to two; reduced the number of post-level financial systems from nine to two; and, re-centralized disbursing offices from 22 to two. Implementation of the new Regional Financial Management System (RFMS) was completed September 2003 and is operational in all overseas posts. The reengineered overseas interface is operational, providing detailed (transaction level) information. Continuity of Operations Plans have been developed for Financial Service Centers in Charleston, SC and Bangkok and for Washington headquarters operations.

Management and Organizational Excellence

Federal Financial Management Improvement Act

The Federal Financial Management Improvement Act of 1996 (FFMIA) is designed to improve Federal financial management by requiring that financial management systems provide reliable, consistent disclosure of financial data in accordance with generally accepted accounting principles and standards. Under FFMIA, agencies' financial management systems must comply substantially with three requirements: (1) Federal financial management system requirements; (2) applicable Federal accounting standards and (3) the U.S. Government Standard General Ledger (SGL). FFMIA also requires that the Independent Auditor's Report indicate whether the agency's financial management systems comply with these requirements.

Since enactment, the Department's financial management systems have not been in substantial compliance with FFMIA. As required by the law, the Department, in consultation with OMB, developed a remediation plan (the Plan) that, if properly implemented, would result in substantial compliance with FFMIA and improved financial management systems. The Department has made significant progress implementing the Plan. To date, eleven of the twelve initiatives included in the Plan are complete and substantial progress has been made towards completing the twelfth initiative. This progress, along with other information such as the independent auditor's report, is evaluated when making a determination about whether the Department's financial management systems substantially comply with FFMIA. The Department's determination is included in the Assistant Secretary and Chief Financial Officer's message at the beginning of this report.

The first table below provides a summary of the three Plan initiatives that were completed on schedule during FY 2003. The second table describes progress made on the twelfth initiative, which is substantially (but not entirely) complete. As of September 30, 2003, the independent auditor considered the Department's corrective actions sufficiently advanced to reduce this previously reported material weakness in information systems security to a reportable condition.

PLAN INITIATIVES COMPLETED IN FY 2003
Initiatives Strategic Goal Description
Regional Financial Management System (RFMS) Management and Organizational Excellence

RFMS supports State's goal to establish and maintain a single, integrated financial management system. RFMS (1) replaces and reduces the number of overseas regional systems from two to one; (2) incorporates State's standard account code structure, and (3) standardizes financial transactions between RFMS and CFMS, which will result in consistent processing of financial data worldwide.

Business Continuity Plans Management and Organizational Excellence

State must always be prepared to deal with a broad range of crises, ranging from natural disasters to political instability to terrorist attacks. Financial processes and financial management systems must be safeguarded should any of our business centers be faced with a crisis.

Central Financial Planning System (CFPS) Statement of Net Cost Module Management and Organizational Excellence

As presented in the Department's updated FY 2004 OMB Exhibit-300 business case, CFPS is the implementation of five distinct modules that together enable more timely and accurate reporting on linking spending, costs, and budgeted resources to performance information. Specific to improving financial management systems and performance, the CFPS Statement of Net Cost Module provides the ability to: associate costs and revenues to strategic goal by organization; produce the Statement of Net Cost; and substantially comply with managerial cost accounting standards.

 

PLAN INITIATIVE SUBSTANTIALLY COMPLETED IN FY 2003
Initiative Strategic Goal Description
Information Systems Network Security Management and Organizational Excellence

State is implementing a comprehensive framework and process for lifecycle management of IT security. The framework and process will provide continual evaluation and improvement. A significant portion of this initiative is now complete including the following: developed a Systems Security Program Plan; adopted the National Institute of Standard Technology (NIST) Certification and Accreditation Program (NISTCAP); established a Configuration Control Board; and implemented an ongoing Certification & Accreditation program.

Government Management Reform Act - Audited Financial Statements

The Government Management Reform Act (GMRA) of 1994 amended the requirements of the Chief Financial Officers (CFO) Act of 1990 by requiring an annual preparation and audit of agency-wide financial statements from the 24 major executive departments and agencies. The statements are to be audited by the Inspector General (IG), or an independent auditor at the direction of the IG. An audit report on the principal financial statements, internal controls, and compliance with laws and regulations is prepared after the audit is completed.

The Department's 2003 financial statements received an unqualified opinion — the best possible result of the audit process. This year marks the seventh consecutive year that the Department's financial statements have achieved such an opinion. The Department significantly accelerated the preparation and audit of its 2003 financial statements — about five weeks earlier than last year. This marks important progress towards our goal of providing more timely, accurate, and useful financial information.

In relation to internal control, the Independent Auditor's Report cites four reportable conditions: (1) information systems security for networks in domestic operations, (2) inadequacy of the Department's financial management systems, (3) management of unliquidated obligations, and (4) implementation of Managerial Cost Accounting Standards. Reportable conditions are significant deficiencies, though not material, in the design or operation of internal control that could adversely affect the Department's ability to record, process, summarize and report financial data consistent with the assertions of management in the financial statements. For each year since 1997, the Independent Auditor's report cited the first matter above relating to information systems security as a material weakness in internal control. The FY 2003 Independent Auditor's Report acknowledges that the Department's work towards correcting this deficiency is sufficiently advanced to reduce this weakness to a reportable condition. The Independent Auditor's Report also states that the Department's financial management systems are non-compliant with laws and regulations, including the FFMIA.

The table below and on the following page summarizes the weaknesses in internal control and compliance with laws and regulations cited in the FY 2003 Independent Auditor's Report, as well as the actions taken to resolve the problems.

SUMMARY OF INDEPENDENT AUDITOR'S REPORT FINDINGS
(Refer to Independent Auditor's Report Section)
Reportable Condition Corrective Actions Target Correction Date Strategic Goal

Management of Unliquidated Obligations

The Department's internal control process related to managing undelivered orders is inadequate. It lacks a structured process for reconciling and deobligating funds in a timely manner, which may result in the loss of those funds.

As mentioned in the Independent Auditor's Report, the Department has made significant improvements in this area. The Unliquidated Obligation System was implemented in 2000. The system is updated periodically for detailed unliquidated obligation data and facilitates the reconciliation, monitoring, reporting and oversight of unliquidated obligations worldwide. Data in the system is analyzed to facilitate the review and management of open items. For example, instructions and reports were issued to offices to review over $2.9 billion in unliquidated obligations. We continue to develop reports and procedures to improve the management of unliquidated obligations.

2004 Management and Organizational Excellence

Information System Network Security

Information system networks for domestic operations are vulnerable to unauthorized access. Consequently, other systems, including the Department's financial management systems, which process data using these networks, may also be vulnerable. This weakness was first reported based on penetration tests performed by the General Accounting Office (GAO) and was also cited in the audit opinion on the 1997 financial statements. The auditor reported this matter as a material weakness in internal control each year since 1997. For 2003, the auditor considered the Department's corrective actions sufficiently advanced to reduce this deficiency to a reportable condition.

Over the past year, we have taken considerable measures to improve our cyber security posture, to include:

  • Establishing a baseline inventory of applications
  • Developing and implementing a systems/sites authorization project and meeting the first goal of authorizing one-third of systems by August 2003
  • Developing and Implementing a Department- wide process to track corrective action in mitigating security weaknesses
  • Completing the Information Assurance role- based curriculum with the addition of courses for managers at different levels and a web- based security awareness briefing
  • Revising Department cyber security roles and responsibilities, and developing a draft cyber security program management plan
  • Maintaining a strong perimeter defense and incident response

In FY 2004, the Department plans to complete the authorization of the remaining two-thirds of the systems.

2004 Management and Organizational Excellence

Compliance with Managerial Cost Accounting Standards (MCAS)

While the Department complies with certain aspects of the Statement of Federal Financial Accounting Standards #4, it does not have an effective process to routinely collect managerial cost accounting information, establish outputs for each responsibility segment, or allocate all support costs.

The Department is making progress in implementing MCAS. To address MCAS requirements the Department developed a Statement of Net Cost methodology (described in our FFMIA section of this report) that will enable timely and accurate reporting of cost information by responsibility segment and strategic goal.

2004 Management and Organizational Excellence

Financial and Accounting Systems

In 1983, the Department identified serious weaknesses in its financial management systems. When first reported, the Department was burdened with overseeing six financial management systems that support its domestic bureaus, overseas posts and other overseas agencies. The financial management systems nonconformance includes the following five weaknesses: deficiencies in data quality; noncompliance with JFMIP core requirements; ineffective interfaces; inadequate documentation and audit trails; and inadequate support of mission performance.

Significant progress has been made over the past few years to improve financial management systems worldwide. The Department has reduced the number of financial systems from six to two; decreased the number of post-level financial systems from nine to two; and re-centralized disbursing offices from 22 to two. Implementation of the new Regional Financial Management System (RFMS) was completed September 2003 and is operational in all overseas posts. The reengineered overseas interface is operational, providing detailed (transaction level) information. Continuity of Operations Plans have been developed for Financial Service Centers in Charleston, SC and Bangkok and for Washington headquarters operations. The Department will continue its ongoing effort to enhance its financial systems in FY 2004.

  Management and Organizational Excellence
Noncompliance with Laws and Regulations Corrective Actions Target Correction Date Strategic Goal

Financial and Accounting Systems

See discussion above.

See description above. See above Management and Organizational Excellence



Back to Top
Sign-in

Do you already have an account on one of these sites? Click the logo to sign in and create your own customized State Department page. Want to learn more? Check out our FAQ!

OpenID is a service that allows you to sign in to many different websites using a single identity. Find out more about OpenID and how to get an OpenID-enabled account.