The Federal Managers' Financial Integrity Act (FMFIA) requires agencies to establish management control and financial systems that provide reasonable assurance that the integrity of federal programs and operations are protected. It also requires that the head of the agency, based on an evaluation, provide an annual Statement of Assurance on whether the agency has met this requirement.
The Secretary of State's unqualified Statement of Assurance for FY 2003 is included in the Secretary's letter at the beginning of this report. The Department evaluated its management control systems and financial management systems for the fiscal year ended September 30, 2003. This evaluation provided reasonable assurance that the objectives of the FMFIA were achieved in FY 2003, and formed the basis for the Secretary's Statement of Assurance.
| FMFIA MATERIAL WEAKNESS CRITERIA |
|
The Management Control Steering Committee (MCSC) oversees the Department's management control program. The MCSC is chaired by the Chief Financial Officer, and is composed of nine other Assistant Secretaries [including the Chief Information Officer and the Inspector General (non-voting)], the Deputy Chief Financial Officer, and the Deputy Legal Advisor. Individual assurance statements from Ambassadors assigned overseas and Assistant Secretaries in Washington, D.C. serve as the primary basis for the Department's assurance that management controls are adequate or that material weaknesses exist. The assurance statements are based on information gathered from various sources including the managers' personal knowledge of day-to-day operations and existing controls, management program reviews, and other management-initiated evaluations. In addition, the Office of the Inspector General and/or the General Accounting Office conduct reviews, audits, inspections, and investigations.
To be considered a material weakness in management control systems for FMFIA reporting purposes, the problem should be significant enough that it meets one or more of the FMFIA material weakness criteria. The chart above describes the criteria that the Department uses for the FMFIA review.
The MCSC voted in FY 2002 to close the Department's three remaining material weaknesses. That was the first time since the inception of the FMFIA that the Department had no open material weaknesses. No new material weaknesses were identified by the MCSC during FY 2002 and 2003. As a result, the Secretary has provided an unqualified Statement of Assurance for the second year in a row regarding the Department's systems of management control.
During the last five years, the Department made significant progress reducing the number of material weaknesses from 10 to zero, with the addition of two new weaknesses and the closing of 12 weaknesses. In addition, there are no items specific to the Department on the General Accounting Office's High Risk List, and there have not been any since 1995. The following tables show the Department's progress during the past five years with correcting and closing material weaknesses.
For financial systems, the MCSC voted to close in FY 2003 the Department's one remaining material nonconformance - Financial and Accounting Systems. This is the first time since the inception of the FMFIA that the Department has no open material nonconformances - a significant accomplishment. A summary of actions taken to correct and close the one previously reported material nonconformance is provided in the table below.
| Material Nonconformance | Corrective Actions | Strategic Goal |
|---|---|---|
|
Financial and Accounting Systems In 1983, the Department identified substantial weaknesses in its financial management systems. When first reported, the Department was burdened with managing six financial management systems worldwide, which support its domestic bureaus, overseas posts, and other overseas agencies. This nonconformance included the following five weaknesses: deficiencies in data quality, noncompliance with JFMIP core requirements, ineffective interfaces, inadequate documentation and audit trails, and inadequate support of mission performance. |
Significant progress has been made over the past few years to improve financial management systems worldwide. The Department has reduced the number of financial management systems from six to two; reduced the number of post-level financial systems from nine to two; and, re-centralized disbursing offices from 22 to two. Implementation of the new Regional Financial Management System (RFMS) was completed September 2003 and is operational in all overseas posts. The reengineered overseas interface is operational, providing detailed (transaction level) information. Continuity of Operations Plans have been developed for Financial Service Centers in Charleston, SC and Bangkok and for Washington headquarters operations. |
Management and Organizational Excellence |
The Federal Financial Management Improvement Act of 1996 (FFMIA) is designed to improve Federal financial management by requiring that financial management systems provide reliable, consistent disclosure of financial data in accordance with generally accepted accounting principles and standards. Under FFMIA, agencies' financial management systems must comply substantially with three requirements: (1) Federal financial management system requirements; (2) applicable Federal accounting standards and (3) the U.S. Government Standard General Ledger (SGL). FFMIA also requires that the Independent Auditor's Report indicate whether the agency's financial management systems comply with these requirements.
Since enactment, the Department's financial management systems have not been in substantial compliance with FFMIA. As required by the law, the Department, in consultation with OMB, developed a remediation plan (the Plan) that, if properly implemented, would result in substantial compliance with FFMIA and improved financial management systems. The Department has made significant progress implementing the Plan. To date, eleven of the twelve initiatives included in the Plan are complete and substantial progress has been made towards completing the twelfth initiative. This progress, along with other information such as the independent auditor's report, is evaluated when making a determination about whether the Department's financial management systems substantially comply with FFMIA. The Department's determination is included in the Assistant Secretary and Chief Financial Officer's message at the beginning of this report.
The first table below provides a summary of the three Plan initiatives that were completed on schedule during FY 2003. The second table describes progress made on the twelfth initiative, which is substantially (but not entirely) complete. As of September 30, 2003, the independent auditor considered the Department's corrective actions sufficiently advanced to reduce this previously reported material weakness in information systems security to a reportable condition.
| Initiatives | Strategic Goal | Description |
|---|---|---|
| Regional Financial Management System (RFMS) | Management and Organizational Excellence |
RFMS supports State's goal to establish and maintain a single, integrated financial management system. RFMS (1) replaces and reduces the number of overseas regional systems from two to one; (2) incorporates State's standard account code structure, and (3) standardizes financial transactions between RFMS and CFMS, which will result in consistent processing of financial data worldwide. |
| Business Continuity Plans | Management and Organizational Excellence |
State must always be prepared to deal with a broad range of crises, ranging from natural disasters to political instability to terrorist attacks. Financial processes and financial management systems must be safeguarded should any of our business centers be faced with a crisis. |
| Central Financial Planning System (CFPS) Statement of Net Cost Module | Management and Organizational Excellence |
As presented in the Department's updated FY 2004 OMB Exhibit-300 business case, CFPS is the implementation of five distinct modules that together enable more timely and accurate reporting on linking spending, costs, and budgeted resources to performance information. Specific to improving financial management systems and performance, the CFPS Statement of Net Cost Module provides the ability to: associate costs and revenues to strategic goal by organization; produce the Statement of Net Cost; and substantially comply with managerial cost accounting standards. |
| Initiative | Strategic Goal | Description |
|---|---|---|
| Information Systems Network Security | Management and Organizational Excellence |
State is implementing a comprehensive framework and process for lifecycle management of IT security. The framework and process will provide continual evaluation and improvement. A significant portion of this initiative is now complete including the following: developed a Systems Security Program Plan; adopted the National Institute of Standard Technology (NIST) Certification and Accreditation Program (NISTCAP); established a Configuration Control Board; and implemented an ongoing Certification & Accreditation program. |
The Government Management Reform Act (GMRA) of 1994 amended the requirements of the Chief Financial Officers (CFO) Act of 1990 by requiring an annual preparation and audit of agency-wide financial statements from the 24 major executive departments and agencies. The statements are to be audited by the Inspector General (IG), or an independent auditor at the direction of the IG. An audit report on the principal financial statements, internal controls, and compliance with laws and regulations is prepared after the audit is completed.
The Department's 2003 financial statements received an unqualified opinion — the best possible result of the audit process. This year marks the seventh consecutive year that the Department's financial statements have achieved such an opinion. The Department significantly accelerated the preparation and audit of its 2003 financial statements — about five weeks earlier than last year. This marks important progress towards our goal of providing more timely, accurate, and useful financial information.
In relation to internal control, the Independent Auditor's Report cites four reportable conditions: (1) information systems security for networks in domestic operations, (2) inadequacy of the Department's financial management systems, (3) management of unliquidated obligations, and (4) implementation of Managerial Cost Accounting Standards. Reportable conditions are significant deficiencies, though not material, in the design or operation of internal control that could adversely affect the Department's ability to record, process, summarize and report financial data consistent with the assertions of management in the financial statements. For each year since 1997, the Independent Auditor's report cited the first matter above relating to information systems security as a material weakness in internal control. The FY 2003 Independent Auditor's Report acknowledges that the Department's work towards correcting this deficiency is sufficiently advanced to reduce this weakness to a reportable condition. The Independent Auditor's Report also states that the Department's financial management systems are non-compliant with laws and regulations, including the FFMIA.
The table below and on the following page summarizes the weaknesses in internal control and compliance with laws and regulations cited in the FY 2003 Independent Auditor's Report, as well as the actions taken to resolve the problems.
| Reportable Condition | Corrective Actions | Target Correction Date | Strategic Goal |
|---|---|---|---|
|
Management of Unliquidated Obligations The Department's internal control process related to managing undelivered orders is inadequate. It lacks a structured process for reconciling and deobligating funds in a timely manner, which may result in the loss of those funds. |
As mentioned in the Independent Auditor's Report, the Department has made significant improvements in this area. The Unliquidated Obligation System was implemented in 2000. The system is updated periodically for detailed unliquidated obligation data and facilitates the reconciliation, monitoring, reporting and oversight of unliquidated obligations worldwide. Data in the system is analyzed to facilitate the review and management of open items. For example, instructions and reports were issued to offices to review over $2.9 billion in unliquidated obligations. We continue to develop reports and procedures to improve the management of unliquidated obligations. |
2004 | Management and Organizational Excellence |
|
Information System Network Security Information system networks for domestic operations are vulnerable to unauthorized access. Consequently, other systems, including the Department's financial management systems, which process data using these networks, may also be vulnerable. This weakness was first reported based on penetration tests performed by the General Accounting Office (GAO) and was also cited in the audit opinion on the 1997 financial statements. The auditor reported this matter as a material weakness in internal control each year since 1997. For 2003, the auditor considered the Department's corrective actions sufficiently advanced to reduce this deficiency to a reportable condition. |
Over the past year, we have taken considerable measures to improve our cyber security posture, to include:
In FY 2004, the Department plans to complete the authorization of the remaining two-thirds of the systems. |
2004 | Management and Organizational Excellence |
|
Compliance with Managerial Cost Accounting Standards (MCAS) While the Department complies with certain aspects of the Statement of Federal Financial Accounting Standards #4, it does not have an effective process to routinely collect managerial cost accounting information, establish outputs for each responsibility segment, or allocate all support costs. |
The Department is making progress in implementing MCAS. To address MCAS requirements the Department developed a Statement of Net Cost methodology (described in our FFMIA section of this report) that will enable timely and accurate reporting of cost information by responsibility segment and strategic goal. |
2004 | Management and Organizational Excellence |
|
Financial and Accounting Systems In 1983, the Department identified serious weaknesses in its financial management systems. When first reported, the Department was burdened with overseeing six financial management systems that support its domestic bureaus, overseas posts and other overseas agencies. The financial management systems nonconformance includes the following five weaknesses: deficiencies in data quality; noncompliance with JFMIP core requirements; ineffective interfaces; inadequate documentation and audit trails; and inadequate support of mission performance. |
Significant progress has been made over the past few years to improve financial management systems worldwide. The Department has reduced the number of financial systems from six to two; decreased the number of post-level financial systems from nine to two; and re-centralized disbursing offices from 22 to two. Implementation of the new Regional Financial Management System (RFMS) was completed September 2003 and is operational in all overseas posts. The reengineered overseas interface is operational, providing detailed (transaction level) information. Continuity of Operations Plans have been developed for Financial Service Centers in Charleston, SC and Bangkok and for Washington headquarters operations. The Department will continue its ongoing effort to enhance its financial systems in FY 2004. |
Management and Organizational Excellence | |
| Noncompliance with Laws and Regulations | Corrective Actions | Target Correction Date | Strategic Goal |
|
Financial and Accounting Systems See discussion above. |
See description above. | See above | Management and Organizational Excellence |
