printable banner

U.S. Department of State - Great Seal

U.S. Department of State

Diplomacy in Action

Management Controls, Financial Management Systems and Compliance with Laws and Regulations

FY 2004 Performance and Accountability Report
Bureau of Resource Management
November 2004


The Federal Managers' Financial Integrity Act (FMFIA) requires agencies to establish management control and financial systems that provide reasonable assurance that the integrity of federal programs and operations are protected. It also requires that the head of the agency, based on an evaluation, provide an annual Statement of Assurance on whether the agency has met this requirement.

The Secretary of State's unqualified Statement of Assurance for FY 2004 is included in the Message from the Secretary located at the beginning of this Report. The Department evaluated its management control systems and financial management systems for the fiscal year ended September 30, 2004. This evaluation provided reasonable assurance that the objectives of the FMFIA were achieved in FY 2004, and formed the basis for the Secretary's Statement of Assurance.

Management Control Program

The Management Control Steering Committee (MCSC) oversees the Department's management control program. The MCSC is chaired by the Chief Financial Officer, and is composed of nine other Assistant Secretaries [including the Chief Information Officer and the Inspector General (non-voting)], the Deputy Chief Financial Officer, and the Deputy Legal Advisor. Individual assurance statements from Ambassadors assigned overseas and Assistant Secretaries in Washington, D.C. serve as the primary basis for the Department's assurance that management controls are adequate. The assurance statements are based on information gathered from various sources including the managers' personal knowledge of day-to-day operations and existing controls, management program reviews, and other management-initiated evaluations. In addition, the Office of Inspector General and the Government Accountability Office conduct reviews, audits, inspections, and investigations.


Diagram showing the three principal steps involving the issuance by the Secretary of State of the FMFIA Annual Statement of Assurance.D


To be considered a material weakness in management control systems for FMFIA reporting purposes, the problem should be significant enough that it meets one or more of the FMFIA material weakness criteria. The chart below describes the criteria that the Department uses for the FMFIA review.


  • Significantly impairs the fulfillment of the Department's mission.
  • Deprives the public of needed services.
  • Significantly weakens established safeguards against waste, loss, unauthorized use or misappropriation of funds, property, other assets, or conflicts of interest.
  • Merits the attention of the Secretary, the President, or a relevant Congressional oversight committee.
  • Is of a nature that omission from the report could reflect adversely on the Department's management integrity.


Status of Management Controls

During the last five years, the Department made significant progress by correcting all outstanding material weaknesses. In addition, there are no items specific to the Department on the Government Accountability Office's High Risk List, and there have not been any since 1995. The following table shows the Department's progress during the past five years with correcting and closing material weaknesses.



Fiscal Year Number at Beginning
of Fiscal Year
Number Corrected Number Added Number Remaining
at End of Fiscal Year
2000 3 2 2Read Footnote 11 3
2001 3 0 0 3
2002 3 3 0 0
2003 0 0 0 0
2004 0 0 0 0

Note 1: Reported by the Department of State as a result of the merger with the United States Information Agency.(back to text)


Status of Financial Management Systems

For financial systems, the MCSC voted to close in FY 2003 the Department's one remaining material nonconformance - Financial and Accounting Systems. This was the first time since the inception of the FMFIA that the Department had no open material nonconformances - a significant accomplishment. No new material nonconformances were identified by the MCSC during FY 2004. As a result, the Secretary has provided an unqualified Statement of Assurance for the second year in a row regarding the Department's financial management systems. A summary of actions taken to correct and close the one previously reported material nonconformance is provided in the table below.



Material Nonconformance Corrective Actions Strategic Goal

Financial and Accounting Systems

In 1983, the Department identified substantial weaknesses in its financial management systems. When first reported, the Department was burdened with managing six financial management systems worldwide, which support its domestic bureaus, overseas posts, and other overseas agencies. This nonconformance included deficiencies in data quality, noncompliance with JFMIP core requirements, ineffective interfaces, inadequate documentation and audit trails.

Significant progress has been made over the past few years to improve financial management systems worldwide. The Department has reduced the number of financial management systems from six to two; reduced the number of post-level financial systems from nine to two; and, re-centralized disbursing offices from 22 to two. Implementation of the new Regional Financial Management System (RFMS) was completed September 2003 and is operational in all overseas posts. The reengineered overseas interface is operational, providing detailed (transaction level) information. Continuity of Operations Plans have been developed for Financial Service Centers in Charleston, SC and Bangkok and for Washington headquarters operations.

Management and Organizational Excellence



The Federal Financial Management Improvement Act of 1996 (FFMIA) requires that agencies' financial management systems provide reliable financial data in accordance with generally accepted accounting principles and standards. Under FFMIA, financial management systems must substantially comply with three requirements — Federal financial management system requirements, applicable Federal accounting standards, and the U.S. Government Standard General Ledger (SGL). In addition, agencies must determine annually whether their systems meet these requirements. This determination is to be made no later than 120 days after the earlier of (a) the date of receipt of the agencywide audited financial statement, or (b) the last day of the fiscal year following the year covered by such statement.

To assess conformance with FFMIA, the Department uses OMB Circular A-127 survey results, FFMIA implementation guidance issued by OMB, results of OIG and GAO audit reports, annual financial statement audits, the Department's annual Federal Information Security Management Act (FISMA) Report, and other relevant information. The Department's assessment also relies a great deal upon evaluations and assurances under the FMFIA, with particular importance attached to any reported material weaknesses and material noncomformances.

The Department has made it a priority to meet the objectives of the FFMIA. In December 2003, the Department determined that its financial systems comply substantially with the requirements of the FFMIA. This determination was made after considering (1) the audited financial statement results as of September 30, 2003, whereby the material weakness on Information Systems Security was reduced to a reportable condition, (2) the approval of the Management Control Steering Committee to close the longstanding FMFIA material noncomformance for our Financial and Accounting Systems, and (3) systems efforts completed in FY 2003 along with additional improvements to our financial systems in the first quarter of FY 2004.

The Department will make its FY 2004 FFMIA determination no later than March 2005 based upon receipt of the FY 2004 Independent Auditor's Report in November 2004.



The Federal Information Security Management Act of 2002 (FISMA) directs federal agencies to conduct annual evaluations of information security programs and practices. It provides a comprehensive framework for establishing and ensuring the effectiveness of security controls for information and information systems that support federal assets and operations. OMB provides annual guidance for agencies to report on the status of their respective programs. In accordance with FISMA, the CIO is responsible for the vision, implementation and status reporting of the information security program for the Department, while the Inspector General provides an independent evaluation. The Department of State also has substantial information security responsibilities under the Omnibus Diplomatic Security and Counterterrorism Act of 1986.

Under the direction of the Under Secretary for Management, the bureaus of Information Resource Management (IRM) and Diplomatic Security (DS) implement information security responsibilities jointly. In compliance with FISMA, the senior agency information security official, reporting to the CIO, manages the enterprise-wide information security program while operational program elements are dispersed between the two bureaus and across the Department.

The Department's FISMA Report for FY 2004, dated October 6, 2004, highlights significant accomplishments and also identifies areas of focus for program maturity. The Department's senior management remains committed to performance measures that illustrate continued and consistent improvement in all cyber security program elements.

Significant accomplishments for FY 2004 include increased risk management by fully authorizing over 90% of major operational systems, enhanced performance measures, effective information security management procedures, improved security awareness, online security training, increased participation in security role-based training, acknowledgement of security professionals in incentive programs and upgrades in technology deployment, public key infrastructure and biometrics.

The area of focus for FY 2005 is the comprehensive coordination of cyber security program management plan. The Department's strategic goals require managing operational and technical cyber security program elements across its worldwide infrastructure. These elements include, enhancing the inventory of technology assets and developing meaningful policies and training for their usage, budgeting for security, balancing dynamic technology risk with business requirements, planning and providing for secure continuity of operations and designing security architecture based on complexities of the future.



The Government Management Reform Act (GMRA) of 1994 amended the requirements of the Chief Financial Officers (CFO) Act of 1990 by requiring an annual preparation and audit of agency-wide financial statements from the 24 major executive departments and agencies. The statements are to be audited by the Inspector General (IG), or an independent auditor at the direction of the IG. An audit report on the principal financial statements, internal controls, and compliance with laws and regulations is prepared after the audit is completed.

The Department's 2004 financial statements received an unqualified opinion - the best possible result of the audit process. This year marks the eighth consecutive year that the Department's financial statements have achieved such an opinion. The Department significantly accelerated the preparation and audit of its 2004 financial statements and met OMB's November 15 due date - 45 days after the close of the fiscal year. This marks significant progress towards our goal of providing more timely, accurate, and useful financial information.

In relation to internal control, the Independent Auditor's Report cites four reportable conditions: (1) information systems security for networks in domestic operations, (2) inadequacy of the Department's financial management systems, (3) management of unliquidated obligations, and (4) implementation of Managerial Cost Accounting Standards. Reportable conditions are significant deficiencies, though not material, in the design or operation of internal control that could adversely affect the Department's ability to record, process, summarize and report financial data consistent with the assertions of management in the financial statements. For each year since 1997, the Independent Auditor's Report cited the first matter above relating to information systems security as a material weakness in internal control. The FY 2003 Independent Auditor's Report acknowledged that the Department's work towards correcting this deficiency was sufficiently advanced to reduce this weakness to a reportable condition. However, the Independent Auditor's Report states that the Department's financial management systems are not in substantial compliance with FFMIA.

The table below summarizes the weaknesses in internal control and compliance with laws and regulations cited in the FY 2004 Independent Auditor's Report, as well as the actions taken to resolve the problems.


(Refer to Independent Auditor's Report Section)

Reportable Condition Corrective Actions Target Correction Date Strategic Goal

Information System Security

Information system networks for domestic operations are vulnerable to unauthorized access. Consequently, other systems, including the Department's financial management systems, which process data using these networks, may also be vulnerable. This weakness was first reported based on penetration tests performed by the General Accounting Office (GAO) and was also cited in the audit opinion of the 1997 financial statements. The auditor reported this matter as a material weakness in internal control each year since 1997. For 2003, the auditor considered the Department's corrective actions sufficiently advanced to reduce this deficiency to a reportable condition.

The Department has implemented a comprehensive framework and process for lifecycle management of IT security. The framework and process allows for continual evaluation and improvement. Some of the major accomplishments include:

  • Established and maintains a baseline inventory of applications.
  • Developed and maintains a Departmentwide plan of action and milestones (POA&M) to track corrective actions in mitigating security weaknesses.
  • Deployed a layered Intrusion Detection System that enables Department security analysts to monitor and audit network and host information systems and detect inappropriate, incorrect on anomalous activity and issue warnings and alerts for possible unauthorized access to networks and systems worldwide.
  • Implemented an effective risk management process of systems authorization, also known as Certification and Accreditation (C&A), and authorized 92% (163) of 178 major applications, minor applications, and general support systems.
  • In FY 2004, delivered Web-based cyber security awareness training to nearly 49,000 users, approximately 99% of the Department's full-time employees, Foreign Service Nationals and contractors.
2005 Management and Organizational Excellence

Management of Unliquidated Obligations

The Department's internal control process related to managing undelivered orders is inadequate. It lacks a structured process for reconciling and deobligating funds in a timely manner, which may result in the loss of those funds.

As mentioned in the Independent Auditor's Report, the Department has made significant improvements in this area. The Unliquidated Obligation System was implemented in 2000. This system is updated periodically with detailed unliquidated obligations data and facilitates the monitoring, reporting and oversight of unliquidated obligations worldwide. In FY 2004, new capabilities to enhance the management of unliquidated obligations were installed in the Department's Central Financial Management System. The new capabilities can automatically deobligate unliquidated obligations based on a wide range of criteria (e.g., age, object class, dollar amount). In 2004, instructions and reports were issued to offices to review the billions of dollars in unliquidated obligations reported by the Department. The Department will continue to develop reports and procedures to improve the management of unliquidated obligations.

2005 Management and Organizational Excellence

Compliance with Managerial Cost Accounting Standards

While the Department complies with certain aspects of the Statement of Federal Financial Accounting Standards #4, it does not have an effective process to routinely collect managerial cost accounting information, establish outputs for each responsibility segment, or allocate all support costs.

The Department is making reasonable progress in implementing MCAS, but acknowledges that additional work is needed to fully comply with these standards. To address MCAS requirements, the Department developed an automated Statement of Net Cost that enables timely and accurate reporting of cost information by strategic goal and responsibility center including the allocation of support costs. In FY 2005, the Department will define significant outputs for each responsibility center, and support the reporting on significant efficiency measures established for programs in coordination with the Program Assessment Rating Tool (PART) process.

2005 Management and Organizational Excellence

Financial and Accounting Systems

See discussion under "Noncompliance with Laws and Regulations" below.

See discussion below.

2005 Management and Organizational Excellence
Noncompliance with Laws and Regulations Corrective Actions Target Correction Date Diplomacy Activity

Financial and Accounting Systems

The Department has identified and acknowledged serious weaknesses in its financial management systems. When first reported, the Department was charged with overseeing six financial management systems that support its domestic bureaus, overseas posts and other overseas agencies. The financial management systems nonconformance includes the following five weaknesses: deficiencies in data quality; noncompliance with JFMIP core requirements; ineffective interfaces; inadequate documentation and audit trails; and inadequate support of mission performance.

Significant progress has been made over the past few years to improve financial management systems worldwide. The Department has reduced the number of financial systems from six to two; decreased the number of post-level financial systems from nine to two; and re-centralized disbursing offices from 22 to two. In FY 2003, the Department's Management Control Steering Committee voted to close the material nonconformance for financial and accounting systems. In 2004, the two existing overseas accounting databases were merged into one database residing at the Charleston Financial Service Center — all overseas accounting transactions for both the Department of State and our serviced agencies are now recorded in a single database, and many operational/system activities (e.g., software upgrades, annual close outs) are performed only in one place.

2005 Management and Organizational Excellence



Narrative Summary of Implementation Efforts for FY 2004 and Agency Plans for FY 2005 - FY 2007

The Improper Payments Information Act of 2002 (IPIA), Public Law No.107-300, requires agencies to annually review their programs and activities to identify those susceptible to significant improper payments. Significant improper payments are defined as annual improper payments in a program that exceed both 2.5% of program annual payments and $10 million. Once those highly susceptible programs and activities are identified, agencies are required to estimate and report the annual amount of improper payments. Generally, an improper payment is any payment that should not have been made or that was made in an incorrect amount under statutory, contractual, and administrative or other legally applicable requirement.

OMB Memorandum M-03-13, Improper Payments Information Act, requires agencies to report annually the estimated amount of improper payments and progress toward reducing them in their Performance and Accountability Reports beginning in FY 2004. This marks the first year for which the Department is reporting on our IPIA implementation efforts. In fulfilling this reporting responsibility, the Department followed OMB Memorandum M-04-20, FY 2004 Performance and Accountability Reports and Reporting Requirements for the Financial Report of the United States Government, which requires a brief summary of actual and planned accomplishments in the Management's Discussion and Analysis section of this Report. It also requires more detailed information relating to the Department's IPIA implementation efforts to be presented, which is located in the Financial Section of this Report.

The Department is fully committed to achieving the objectives of the IPIA. Our program is a continuous process focused on strengthening internal controls aimed at preventing improper payments as well as identifying and determining the amount of significant improper payments.

Our identification and determination of significant improper payments focused on the $15.3 billion expended by the Department during FY 2004, which is less than 1 percent of the projected $2.2 trillion expenditures for the entire federal government for the same time period. The Department's $15 billion is paid to thousands of employees, vendors and recipients of federal financial assistance to support the programs and activities of the Department. As a result of our risk assessments, the following programs were considered high-risk for FY 2004.

Federal Financial Assistance Area

  • International Information Program (IIP)-U.S. Speaker and Specialist Program
  • International Narcotic and Law Enforcement Affairs (INL)-Narcotics Program

Vendor Pay Area

  • Other Contractual Services

We performed statistical sampling of payments made from each of these programs. The actual error rate was low for these programs with the exception of the IIP - U.S Speaker and Specialist Program. This program sends out nearly a thousand speakers annually to discuss with foreign audiences issues identified by U.S. embassies. Participants in this program have not been required to complete and submit vouchers at the completion of their travel, making most travel reimbursement payments "improper" under IPIA. The total amount of annual expenditures under this program are relatively low (i.e., approximately $30 million for the nine-months ended June 30, 2004) and the estimated improper payments of $1.4 million is significantly less than the $10 million statutory and regulatory definition of significant improper payments. The Department plans to strengthen controls over travel reimbursements in this program.

Another aspect of the Department's IPIA program is recovering amounts paid in error. The Department has established a contingency-based fee contract for recovery audit services. The contractor is paid based on a percentage of the amount of payments identified and successfully collected. A work plan detailing the scope of this effort is currently being developed with audit recovery work to be performed in FY 2005.

In future years, the Department will expand the IPIA program to include programs assessed as having a moderate and low susceptibility to significant improper payments. We do not expect to find significant improper payments in these programs; however, we will seek to identify opportunities to strengthen internal control. In addition, the Department is implementing routine processes aimed at improving the efficiency and timeliness of improper payment reporting. Updated guidance has been issued for performing program reviews and risk assessments. Payment and debt management programs policies and practices will be strengthened to improve detection, referral and recovery efforts.


< Go to Previous Page        Go to Next Page >



Back to Top

Do you already have an account on one of these sites? Click the logo to sign in and create your own customized State Department page. Want to learn more? Check out our FAQ!

OpenID is a service that allows you to sign in to many different websites using a single identity. Find out more about OpenID and how to get an OpenID-enabled account.