The Federal Managers' Financial Integrity Act (FMFIA) requires agencies to establish internal control and financial systems that provide reasonable assurance that the integrity of federal programs and operations are protected. It also requires that the head of the agency provide an annual Statement of Assurance on whether the agency has met this requirement.
The Department's Management Control Steering Committee (MCSC) oversees the Department's management (i.e., internal) controls program. The MCSC is chaired by the Chief Financial Officer, and is composed of eleven other Assistant Secretaries [including the Chief Information Officer and the Inspector General (non-voting)], the Deputy Chief Financial Officer, the Deputy Legal Adviser, the Deputy Assistant Secretary for Global Financial Services and the Director for the Office of Overseas Buildings Operations. Individual assurance statements from Ambassadors assigned overseas and Assistant Secretaries in Washington, D.C. serve as the primary basis for the Department's FMFIA assurance that management controls are adequate. The assurance statements are based on information gathered from various sources including the managers' personal knowledge of day-to-day operations and existing controls, management program reviews, and other management-initiated evaluations. In addition, the Office of Inspector General and the Government Accountability Office conduct reviews, audits, inspections, and investigations.
It is the Department's policy that any organization with a material weakness or reportable condition is required to submit a plan to correct the weakness to the MCSC or the senior assessment team (SAT) for review and approval (see description of the SAT's role in the Internal Control Over Financial Reporting section). The plan, combined with the individual assurance statements, provide the framework for monitoring and improving the Department's management controls on a continuous basis.
The Department evaluated its management controls and financial management systems for the fiscal year ending September 30, 2006. This evaluation provided reasonable assurance that as of September 30, 2006, the objectives of the FMFIA were achieved. As a result, the Secretary has provided an unqualified Statement of Assurance. In addition, there are no items specific to the Department on the Government Accountability Office's High Risk List, and there have not been any since 1995.
Federal Managers' Financial Integrity Act
The Department of State's management is responsible for establishing and maintaining effective internal control and financial management systems that meet the objectives of the Federal Managers' Financial Integrity Act (FMFIA). The Department conducted its assessment of the effectiveness of internal control over the efficiency and effectiveness of operation and compliance with applicable laws and regulations in accordance with OMB Circular A-123, Management's Responsibility for Internal Control. Based on the results of this evaluation, the Department can provide reasonable assurance that its internal control over the effectiveness and efficiency of operations and compliance with applicable laws and regulations and financial management systems meet the objectives of FMFIA as of September 30, 2006.
In addition, the Department of State's management is also responsible for establishing and maintaining effective internal control over financial reporting, which includes safeguarding of assets and compliance with applicable laws and regulations. The Department of State conducted its assessment of the effectiveness of the Department's internal control over financial reporting in accordance with Appendix A of OMB Circular A-123. Based on the results of this assessment, the Department of State is reporting material weaknesses concerning the accounting for personal property and real property in its internal control over financial reporting as of June 30, 2006. Deficiencies existed in the controls over accounting for contractor-held property, aircraft and vehicles and controls over accounting for real property - specifically Construction-in-Progress. However, corrective actions were taken, and the material weaknesses have been resolved as of September 30, 2006. Other than the exceptions noted, the internal controls were operating effectively and no other material weaknesses were found in the design or operation of the internal control over financial reporting.
Because of its inherent limitation, internal control over financial reporting, no matter how well designed, cannot provide absolute assurance of achieving financial reporting objectives and may not prevent or detect misstatements. Therefore, even if the internal control over financial reporting is determined to be effective, it can provide only reasonable assurance with respect to financial statement preparation and presentation. Projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with the policies or procedures may deteriorate.
In December 2004, OMB Circular A-123, Management's Responsibility for Internal Control, was revised in light of the internal control requirements for publicly-traded companies contained in the Sarbanes-Oxley Act of 2002. The Department's management control program expanded during 2006 to implement the new requirement for management's assessment of the effectiveness of internal control over financial reporting, contained in Appendix A of the revised OMB Circular A-123. A senior assessment team (SAT) was established in FY 2006 to oversee the implementation of Appendix A, as recommended in the revised Circular. The SAT reports to the Management Control Steering Committee and is comprised of 11 senior executives from bureaus that have significant responsibility over the Department's financial resources.
The Department performed the Appendix A implementation in three phases: planning, assessment and testing, and conclusion and reporting. The Department defined the scope of financial reporting as the Department-wide financial statements, identified thirteen significant financial processes, and determined the materiality threshold. The Department documented the key financial processes and controls as well as evaluated and tested the controls. The principal results from the Appendix A implementation are provided in the table below.
|Material Weaknesses Resolved as of September 30, 2006||Corrective Actions Taken|
|Accounting for Personal Property
As of June 30, 2006, deficiencies existed in the controls over accounting for personal property. Specifically, the Department did not have a system to identify and record property in the hands of contractors. The controls over accounting for aircraft, vehicles, and other personal property were not fully effective.
The Department implemented procedures to provide for the reporting of contractor-held property. It also tightened controls over the existing processes for accounting for aircraft, vehicles and other personal property.
|Accounting for Real Property - Construction-in-Progress
As of June 30, 2006, controls over accounting for real property - construction in progress were ineffective. Not all projects that should have been capitalized were capitalized, and there was a failure to report project completions on a timely basis.
Controls were implemented and/or strengthened to ensure the proper identification of capitalized projects in the accounting system and timely reporting of project completion.
1 The material weaknesses were downgraded to reportable conditions as of September 30, 2006. In accordance with Appendix A to OMB Circular A-123, a material weakness in internal control over financial reporting, is a reportable condition, or combination of reportable conditions, that results in a reasonable possibility that a material misstatement of the financial statements, or other significant financial reports, will not be prevented or detected. A reportable condition for financial reporting is a control deficiency, or combination of control deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report external financial data reliably in accordance with Generally Accepted Accounting Principles such that there is a reasonable possibility that a misstatement of the entity's financial statements, or other significant financial reports, that is more than inconsequential will not be prevented or detected. (back to text)
The Federal Financial Management Improvement Act of 1996 (FFMIA) requires that agencies' financial management systems provide reliable financial data in accordance with generally accepted accounting principles and standards. Under FFMIA, financial management systems must substantially comply with three requirements — Federal financial management system requirements, applicable Federal accounting standards, and the U.S. Government Standard General Ledger (SGL) at the transaction level.
The Department has made it a priority to meet the objectives of the FFMIA. In November 2004, the Department conducted a comprehensive OMB Circular A-127 assessment. The assessment included (among other things) a collection of the various background materials, reference documents, and supporting details that document how the Department meets the applicable A-127 requirements and OMB FFMIA implementation guidance. Based on the results of this assessment, along with information contained in the Department's FY 2005 FISMA Report and evaluations and assurances provided under FMFIA, the Department affirmed its determination of substantial compliance with FFMIA in its FY 2005 Management Representation Letter provided to the Independent Auditor. Further reinforcing FFMIA substantial compliance, the Department's Management Control Steering Committee voted in September 2006 to classify the Department's Financial and Accounting Systems as a financial system deficiency (versus reportable condition or material non-conformance). Since the financial management systems substantially comply with the requirements of the FFMIA, the Department has provided an unqualified assurance with regard to Section 4 of the Federal Manager's Financial Integrity Act.
The Department of State 2006 Federal Information Security Management Act (FISMA) and Privacy Management Report presented continued improvement in IT security, as well as a road map for 2007 initiatives. The Department is dedicated to protecting information and information systems with a comprehensive Information Security Program that continues to integrate operational security and information assurance programs monitored by performance metrics that are continually improving.
Over the past year, the Department streamlined processes, eliminated duplicative initiatives, focusing on its Agency-wide Information Security Program, Configuration Management, Risk Management, and Plans of Actions & Milestones (POA&Ms). To further accelerate the integration of IT security within the Department, the Under Secretary of Management officially established the Information Systems Security Committee (ISSC). This past year, the CIO reassigned governance of the Department's IT systems and applications inventory (Information Technology Asset Baseline - ITAB) to the Enterprise Architecture and Planning office that is charged with responsibility for eGovernment and Capital Planning, thus strengthening the connections between these essential business processes.
The recategorization of the unclassified systems in the Department's inventory was completed bringing the Department into full compliance with the FIPS 199 / NIST SP 800-60 standard. Furthermore, a comprehensive strategy to establish a methodology for compliance with FIPS Pub 200 by March 2007 will be instituted to ensure sustained compliance.
The Department, issued "The Plan to Capture Contractor Systems in the Department of State's Inventory of Information Systems" to the OIG and OMB with an implementation plan for ensuring the appropriate level of security of all contractor connections, extensions and systems. A Procurement Information Bulletin (PIB) concerning information security imposed upon contractor services and products was also finalized and issued.
There are no significant deficiencies under FISMA. In the 2006 audit of the Department's financial statements the Independent Auditor concluded that the information system security material weakness identified in the FY 2005 audit was considered resolved and downgraded to a reportable condition.
The Improper Payments Information Act of 2002 (IPIA), Public Law No. 107-300, requires agencies to annually review their programs and activities to identify those susceptible to significant improper payments. OMB Circular A-123, Appendix C, defines significant improper payments as annual improper payments in a program that exceed both 2.5 percent of program annual payments and $10 million. Once those highly susceptible programs and activities are identified, agencies are required to estimate and report the annual amount of improper payments. Generally, an improper payment is any payment that should not have been made or that was made in an incorrect amount under statutory, contractual, and administrative or other legally applicable requirement.
In early FY 2005, based on the results of prior reviews, the Department performed a reassessment of programs and determined that the only category of payments considered susceptible to significant improper payments was payments for Federal Financial Assistance. Accordingly, the Department sampled and tested three of its largest Federal Financial Assistance Programs (the Fullbright, Contributions to International Organizations and Peacekeeping, and Refugee Assistance Programs). In FY 2005, these programs had outlays of $2.7 billion out of the Department's total outlays of $4.9 billion for all Federal Financial Assistance programs. No improper payments were identified in these programs.
In FY 2006, a random sample of the detailed payment transaction data was selected for Federal Financial Assistance related to the International Narcotics and Law Enforcement (INL) - Law Enforcement, Eradication, Aviation and Support to the Military, and the International Information Program-U.S. Speaker and Specialist Program (IIP). In the table below, the FY 2006 test results found improper payments in both programs. In both cases, the projected values of improper payments fall well below the threshold described above.
|Number of Transactions||Total Dollars||Projected|
|Program||Population||Sample||Population||Sample||Error Rate||Improper Payments|
|International Narcotics and Law Enforcement||4,315||126||$313,078,592||$2,366,056||3.97%||$180,340|
|International Information Program- U.S. Speaker and Specialist Program||741||126||$28,822,489||$288,548||23.81%||$348,567|
|Calculation of error rate and payment amounts based on sample results.|
Future plans provide for expanding the IPIA program to include programs assessed as having a low susceptibility to significant improper payments. We do not expect to find significant improper payments in these programs; however, we will seek to identify opportunities to strengthen internal control.