FY 2018 Department of State Agency Financial Report: Section II: Financial Section

It is my sincere privilege to present the Fiscal Year (FY) 2018 Agency Financial Report (AFR), including this year’s audited Financial Statements. The Department of State is committed to delivering the highest standard of financial accountability and transparency to the American public. As noted in the Secretary’s Message, “this AFR, a key accountability document, is our principal publication and report to the President, Congress and the American people on our leadership in financial management and our stewardship of the public funds entrusted to us.” More than facts and figures, the AFR also represents the challenging work performed on a daily basis by dedicated professionals around the world, in some of the most difficult operating environments, to further the Department’s vital mission. Last year, in recognition of the exceptional quality of our 2017 AFR, the Association of Government Accountants awarded the Department the prestigious Certificate of Excellence in Accountability Reporting.

The scale and complexity of the Department’s global mission and operations, and corresponding financial activities, is the central setting and context for our financial performance and challenges. The Department operates in over 270 embassies and consulates, located in more than 180 countries around the world. We conduct business on a 24/7 basis in over 135 currencies; account for more than $100 billion in assets in over 500 separate fiscal accounts; maintain over 225 bank accounts around the world; and account for tens of thousands of real and personal property assets with historical costs of more than $34 billion. We provide the shared administrative operating platform for more than 45 other U.S. Government entities overseas; and pay more than 106,000 Foreign and Civil Service, overseas local employees, and Foreign Service annuitants. These financial activities support our ability to advance America’s interests on a broad range of foreign policy challenges and engagements that demand our attention.

In delivering our financial programs, the Bureau of the Comptroller and Global Financial Services (CGFS), the Department’s corporate finance bureau, is committed to providing world-class financial services. Our strong commitment to quality financial services is backed by our ISO-9001 certified operations and Capability Maturity Model Integration (CMMI) standard for financial systems development. These quality management systems allow us to continuously improve our services and drive new automation and efficiencies into our services and support. For example, we are working to leverage our highly documented ISO-9001 certified processes to conduct pilots of robotic process automation (RPA) to automate workflows for administrative work, and customer experience (CX) pilots to identify and implement improvements most important to our customers.

We continue to prioritize, manage, and implement vital investments in modern, transformative financial systems and operations. These investments facilitate standardized and cost-conscious enterprise-wide financial business processes and meet the large scope of audit and compliance requirements. They also improve accurate and timely financial data and reporting to the American public on how the Department spends their tax dollars. To that end, as required by the Digital Accountability and Transparency Act of 2014 (DATA Act), the Department reports financial and payment information on the Department’s spending to the public using USASpending.gov , and continues to work to achieve 100 percent accuracy of this data submitted from all around the world. There is no doubt that the advancement of data will profoundly impact how we conduct business. The use of data as a resource will be central to the Department’s transformational efforts and our ability to improve accountability, measure performance and enhance data-informed decision making. Our support of these efforts, together with our need to be responsible stewards of data, requires that we continuously assess and enhance the cybersecurity for our financial systems and data.

A strong and practiced commitment to effective internal controls is fundamental to our business. The Department maintains a robust system of internal controls that are validated by senior leadership. For FY 2018, no material weaknesses in internal controls were identified by senior leadership and no material weaknesses in internal controls over financial reporting were identified by the Senior Assessment Team or the Management Control Steering Committee. As a result, the Secretary was able to provide reasonable assurance on the effectiveness of the Department’s overall internal controls and the internal controls over financial reporting in accordance with the Federal Managers’ Financial Integrity Act (FMFIA). As highlighted in the AFR, the Department does not have any programs at risk for making significant improper payments, and we continue to leverage our payment risk assessments and recapture audit program, as well as verifications against Treasury’s Do Not Pay databases. In their annual assessment, the OIG found the Department’s improper payments program to be in compliance with Improper Payments Information Act (IPIA), as amended. For FY 2018, we continued to improve our internal controls program based upon recommendations by our Office of Inspector General. For example, our guidance included the expansion of requirements for assurances by all Department bureaus and posts regarding managing Federal financial assistance and performing program reviews.

The external annual audit process is another essential part of our commitment to strong corporate governance and effective internal controls. This year, I am pleased to report that the Department has received an unmodified (“clean”) audit opinion on its FY 2018 Financial Statements, with no material weaknesses in internal controls over financial reporting identified by the Independent Auditor. This result, and our audited Financial Statements herein, represent the culmination of a nearly year-round rigorous compliance march with our partners, the Office of the Inspector General (OIG) and the Independent Auditor, Kearney & Company. While we are pleased with this outcome for FY 2018, we remain fully cognizant of items noted in the AFR and the Independent Auditor’s Report that will require our continued attention and improvement. We may not always agree on all points with our audit partners, but we absolutely recognize and appreciate the importance of this annual practice. I would like to sincerely thank all parties for their collaborative and professional efforts throughout the audit process.

Going forward, we will provide effective programs, quality services, and also continue our transformation efforts that allow us to more efficiently and effectively deliver financial programs that support the Department’s vital mission. We will conduct many of these efforts in strong support of the priority areas of the President’s Management Agenda. Having been a part of the Department’s financial management team and financial audit process for more than two decades, I know there are new requirements, initiatives, issues, and opportunities for improvement right around the corner. This is particularly true given the global and complex nature of our financial operations and the daily uncertainty of the world in which we operate. I also know that the outstanding team of financial professionals around the world and in CGFS is up to the task of meeting these challenges. In closing, I would like to extend my sincere appreciation and thanks to the Department’s financial professionals, globally, who form the foundation for our success and strong financial stewardship. It is my honor and privilege to serve this great Nation and Department with you.

Sincerely,

Christopher H. Flaggs
Comptroller
November 15, 2018

OIG Transmittal

November 15, 2018

UNCLASSIFIED

INFORMATION MEMO FOR THE SECRETARY

FROM:	OIG – Steve A. Linick
SUBJECT:	Independent Auditor’s Report on the U.S. Department of State 2018 and 2017 Financial Statements (AUD-FM-19-03)

An independent external auditor, Kearney & Company, P.C., was engaged to audit the consolidated financial statements of the U.S. Department of State (Department) as of September 30, 2018 and 2017, and for the years then ended; to provide a report on internal control over financial reporting; to report on whether the Department’s financial management systems substantially complied with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA); and to report any reportable noncompliance with laws, regulations, contracts, and grant agreements it tested. The contract required that the audit be performed in accordance with U.S. generally accepted government auditing standards and Office of Management and Budget audit guidance.

In its audit of the Department’s 2018 and 2017 financial statements, Kearney & Company found

• the consolidated financial statements present fairly, in all material respects, the financial position of the Department as of September 30, 2018 and 2017, and its net cost of operations, changes in net position, and budgetary resources for the years then ended, in conformity with accounting principles generally accepted in the United States of America;
• no material weaknesses¹ in internal control over financial reporting;
• four significant deficiencies² in internal control, specifically in the areas of property and equipment, budgetary accounting, validity and accuracy of unliquidated obligations, and information technology; and
• three instances of reportable noncompliance with laws, regulations, contracts, and grant agreements tested, specifically the Antideficiency Act, the Prompt Payment Act, and FFMIA.

Kearney & Company is responsible for the attached auditor’s report, which includes the Independent Auditor’s Report, the Report on Internal Control Over Financial Reporting, and the Report on Compliance With Laws, Regulations, Contracts, and Grant Agreements, dated November 15, 2018, and the conclusions expressed in the report. The Office of Inspector General (OIG) does not express an opinion on the Department’s financial statements or conclusions on internal control over financial reporting and compliance with laws, regulations, contracts, and grant agreements, including whether the Department’s financial management systems substantially complied with FFMIA.

Comments on the auditor’s report from the Bureau of the Comptroller and Global Financial Services are attached to the report.

OIG appreciates the cooperation extended to it and Kearney & Company by Department managers and staff during the conduct of this audit.

Attachment: As stated

¹ A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. (back to text)

² A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance. (back to text)

Office of Inspector General | U.S. Department of State | 1700 North Moore Street | Arlington, Virginia 22209

www.stateoig.gov

UNCLASSIFIED

Report of Independent Auditors

INDEPENDENT AUDITOR’S REPORT
AUD-FM-19-03

To the Secretary of the U.S. Department of State and the Inspector General

Report on the Financial Statements

We have audited the accompanying consolidated financial statements of the U.S. Department of State (Department), which comprise the consolidated balance sheets as of September 30, 2018 and 2017, the related consolidated statements of net cost and changes in net position, the combined statements of budgetary resources for the years then ended, and the related notes to the consolidated financial statements (hereinafter referred to as the “consolidated financial statements”).

Management’s Responsibility for the Financial Statements

Management is responsible for the preparation and fair presentation of these consolidated financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of consolidated financial statements that are free from material misstatement, whether due to fraud or error.

Auditor’s Responsibility

Our responsibility is to express an opinion on these consolidated financial statements based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States of America; the standards applicable to financial audits contained in Government Auditing Standards, issued by the Comptroller General of the United States; and Office of Management and Budget (OMB) Bulletin No. 19-01, “Audit Requirements for Federal Financial Statements.” Those standards and OMB Bulletin No. 19-01 require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free from material misstatement.

An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate under the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Opinion on the Consolidated Financial Statements

In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of the Department as of September 30, 2018 and 2017, and its net cost of operations, changes in net position, and budgetary resources for the years then ended, in accordance with accounting principles generally accepted in the United States of America.

Other Matters

Required Supplementary Information

Accounting principles generally accepted in the United States of America require that the Management’s Discussion and Analysis, Combining Statement of Budgetary Resources, Condition of Heritage Assets, and Deferred Maintenance and Repairs (hereinafter referred to as “required supplementary information”) be presented to supplement the consolidated financial statements. Such information, although not a part of the consolidated financial statements, is required by OMB Circular A-136, “Financial Reporting Requirements,” and the Federal Accounting Standards Advisory Board, which consider the information to be an essential part of financial reporting for placing the consolidated financial statements in an appropriate operational, economic, or historical context. We have applied certain limited procedures to the required supplementary information in accordance with auditing standards generally accepted in the United States of America, which consisted of making inquiries of management about the methods of preparing the information and comparing the information for consistency with management’s responses to our inquiries, the consolidated financial statements, and other knowledge we obtained during our audits of the consolidated financial statements. We do not express an opinion or provide any assurance on the information because the limited procedures do not provide us with sufficient evidence to express an opinion or provide any assurance.

Other Information

Our audits were conducted for the purpose of forming an opinion on the consolidated financial statements as a whole. The information in the Introduction, Message from the Secretary, Message from the Comptroller, Section III: Other Information, and Appendices as listed in the Table of Contents of the Department’s Agency Financial Report, is presented for purposes of additional analysis and is not a required part of the consolidated financial statements. Such information has not been subjected to the auditing procedures applied in the audits of the consolidated financial statements, and accordingly, we do not express an opinion or provide any assurance on the information.

Other Reporting Required by Government Auditing Standards

In accordance with Government Auditing Standards and OMB Bulletin No. 19-01, we have also issued reports, dated November 15, 2018, on our consideration of the Department’s internal control over financial reporting and on our tests of the Department’s compliance with provisions of applicable laws, regulations, contracts, and grant agreements for the year ended September 30, 2018. The purpose of those reports is to describe the scope of our testing of internal control over financial reporting and compliance and the results of that testing and not to provide an opinion on internal control over financial reporting or on compliance. Those reports are an integral part of an audit performed in accordance with Government Auditing Standards and OMB Bulletin No. 19-01 and should be considered in assessing the results of our audits.

Alexandria, Virginia
November 15, 2018

Report on Internal Control Over Financial Reporting

INDEPENDENT AUDITOR’S REPORT ON INTERNAL CONTROL OVER
FINANCIAL REPORTING

To the Secretary of the U.S. Department of State and the Inspector General

We have audited the consolidated financial statements of the U.S. Department of State (Department) as of and for the year ended September 30, 2018, and have issued our report thereon dated November 15, 2018. We conducted our audit in accordance with auditing standards generally accepted in the United States of America; the standards applicable to financial audits contained in Government Auditing Standards, issued by the Comptroller General of the United States; and Office of Management and Budget (OMB) Bulletin No. 19-01, “Audit Requirements for Federal Financial Statements.”

Internal Control Over Financial Reporting

In planning and performing our audit of the consolidated financial statements, we considered the Department’s internal control over financial reporting (internal control) as a basis for designing audit procedures that are appropriate under the circumstances for the purpose of expressing our opinion on the consolidated financial statements but not for the purpose of expressing an opinion on the effectiveness of the Department’s internal control. Accordingly, we do not express an opinion on the effectiveness of the Department’s internal control. We limited our internal control testing to those controls necessary to achieve the objectives described in OMB Bulletin No. 19-01. We did not test all internal controls relevant to operating objectives as broadly defined by the Federal Managers’ Financial Integrity Act of 1982, such as those controls relevant to ensuring efficient operations.

A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A material weakness is a deficiency, or combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis.

Our consideration of internal control was for the limited purpose described in the first paragraph of this section and was not designed to identify all deficiencies in internal control that might be material weaknesses. Given these limitations, during our audit we did not identify any deficiencies in internal control that we consider to be material weaknesses. However, material weaknesses may exist that have not been identified.

Our audit was also not designed to identify deficiencies in internal control that might be significant. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance. We consider the following deficiencies in the Department’s internal control to be significant deficiencies.

Significant Deficiencies

I. Property and Equipment

The Department reported more than $24 billion in net property and equipment on its FY 2018 balance sheet. Real and leased property consisted primarily of facilities used for U.S. diplomatic missions abroad and capital improvements to these facilities. Personal property consisted of several asset categories, including aircraft, vehicles, security equipment, communication equipment, and software. Weaknesses in property and equipment were initially reported in the audit of the Department’s FY 2005 consolidated financial statements and subsequent audits. In FY 2018, the Department’s internal control structure continued to exhibit several deficiencies that negatively affected the Department’s ability to account for real and personal property in a complete, accurate, and timely manner. We concluded that the combination of property-related control deficiencies was a significant deficiency. The individual deficiencies we identified are summarized as follows:

• Accounting for Personal Property – The Department uses several non-integrated systems to track, manage, and record personal property transactions, which are periodically merged or reconciled with the financial management system to centrally account for the acquisition, disposal, and transfer of personal property. We noted a significant number of personal property transactions from prior years that were not recorded until the current year. In addition, we noted that the acquisition value for a number of selected items could not be supported and that the gain or loss on personal property disposals was not recorded properly for numerous items. We also tested the accuracy of the Department’s capital inventory records and identified assets with inaccurate physical locations, assets that could not be physically located, and assets that were physically observed but not recorded by the Department. The Department’s control structure did not ensure that personal property acquisitions, disposals, and transfers were recorded in a complete, timely, and accurate manner. In addition, the Department’s monitoring activities were not always effective to ensure proper financial reporting for personal property. The errors resulted in misstatements to the Department’s consolidated financial statements. The lack ofeffective control may result in the loss of accountability for asset custodianship, which could lead to undetected theft or waste.
• Accounting for Overseas Real Property – The Department operates at more than 270 posts in more than 180 countries around the world and is primarily responsible for acquiring and managing real property in foreign countries on behalf of the U.S. Government. We found several real property disposals that were not recorded by the Department in a timely manner. In addition, we tested real property acquisitions and identified deposits (that is, payments made prior to closing on the purchase of real property) in prior years that were not recorded as prepaid assets. Although the Department has implemented a periodic real property data call and project codes to identify prepayments, the controls did not ensure that all real property transactions were recorded in the proper fiscal year. The untimely processing of property disposals and the unrecorded acquisition prepayments resulted in misstatements in the Department’s asset balances.
• Accounting for Leases – The Department manages approximately 17,500 real property leases throughout the world. The majority of the Department’s leases are short-term operating leases. The Department must disclose the future minimum lease payments (FMLP) related to the Department’s operating lease obligations in the footnotes to the consolidated financial statements. We found numerous recorded lease terms that did not agree with supporting documentation as well as leases that were recorded in the system twice. We also found errors in the Department’s FMLP calculations. The Department’s processes to record lease information and to ensure the accuracy of FMLP calculations were not always effective. As a result of errors identified by our audit, the Department adjusted its financial statement footnote disclosure.
• Reporting of Software – Federal agencies use various types of software applications,called internal use software, to conduct business. Applications in the development phase are considered software in development (SID). Agencies are required to report software as general property in their financial statements. We identified numerous instances in which the data recorded for SID were inaccurate and additional instances in which software applications were inappropriately classified as SID. Although the Department performs a quarterly data call to obtain software costs from bureau project managers, this process was not sufficient because it relied on the responsiveness and understanding of individual project managers, not all of whom understand the accounting requirements for reporting SID. Additionally, the Department did not have an effective process to confirm that information provided by project managers was complete or accurate. Without an effective process to obtain information pertaining to software applications, the Department may continue to understate its property balances and overstate its expenses.

II. Budgetary Accounting

The Department lacked sufficient reliable funds control over its accounting and business processes to ensure budgetary transactions were properly recorded, monitored, and reported. Beginning in our report on the Department’s FY 2010 consolidated financial statements, we identified budgetary accounting as a significant deficiency. During FY 2018, the audit continued to identify control limitations and we concluded that the combination of control deficiencies remained a significant deficiency. The individual deficiencies we identified are summarized as follows:

• Support of Obligations – Obligations are definite commitments that create a legal liability of the Government for payment. The Department should record only legitimate obligations, which include a reasonable estimate of potential future outlays. We identified a large number of low-value obligations (that is, obligations that are $5 or less) for which the Department could not provide evidence of a binding agreement. The Department’s financial system was designed to reject payments for invoices without established obligations. Because allotment holders did not always record valid and accurate obligations prior to the receipt of goods and services, the Department established low-value obligations, which allowed invoices to be paid in compliance with the Prompt Payment Act; however, this effectively bypassed the controls in the financial system. The continued use of this practice could lead to a violation of the Antideficiency Act and increases the risk of fraud, misuse, and waste.
• Timeliness of Obligations – The Department should record an obligation in its financial management system when it enters into an agreement, such as a contract or a purchase order, to purchase goods and services. During our testing, we identified numerous obligations that were not recorded within the requisite 15 days of execution of the obligating document and obligations that were posted after the receipt of goods and services. We also identified obligations that were recorded in the financial management system prior to the formal execution of a contract. The Department did not have processes to ensure the accurate and timely creation and recording of obligations. Without an effective obligation process, controls to monitor funds and make timely payments may be compromised, which may lead to violations of the Antideficiency Act and the Prompt Payment Act.
• Capital Lease Obligations – The Department must obligate funds to cover the net present value of the Government’s total estimated legal obligation over the life of a capital lease contract. However, the Department annually obligates funds equal to 1 year of the capital lease cost rather than the entire amount of the lease agreement. The Department obligates leases on an annual basis rather than for the entire lease agreement period because that is the manner in which funds are budgeted and appropriated. Because of the unrecorded obligation, the Department’s consolidated financial statements were misstated.
• Effectiveness of Allotment Controls – Federal agencies use allotments to allocate funds in accordance with statutory authority. Allotments provide authority to agency officials to incur obligations as long as those obligations are within the scope and terms of the allotment authority. We identified systemic issues in the Department’s use of allotment overrides that allowed officials to exceed allotments. The Department did not have an automated control to prevent users from recording obligations that exceeded allotment amounts. Department management stated that such an automated control is not reasonable because of instances in which an allotment may need to be exceeded; however, the Department has not formally identified, documented, and communicated the circumstances under which an allotment override is acceptable. Overriding allotment controls could lead to a violation of the Antideficiency Act and increases the risk of fraud, misuse, and waste.

III. Validity and Accuracy of Unliquidated Obligations

Unliquidated obligations (ULO) represent the cumulative amount of orders, contracts, and other binding agreements for which the goods and services that were ordered have not been received or the goods and services have been received but for which payment has not yet been made. The Department’s policies and procedures provide guidance that requires allotment holders to perform at least monthly reviews, analyses, and validation of ULOs. Weaknesses in controls over ULOs were initially reported in the audit of the Department’s FY 1997 consolidated financial statements. During FY 2018, we continued to identify a significant number of invalid ULOs based on expired periods of performance, inactivity, lack of supporting documentation, or inability to support bona fide need. Although the Department took steps to improve its ULO validation efforts in FY 2018, for example it identified high-risk bureaus and expanded its reviews by obtaining and scrutinizing supporting documents to corroborate the responses provided by bureau officials, the internal control structure did not always ensure that invalid ULOs were identified and deobligated in a timely manner. As a result of invalid ULOs identified by our audit, the Department adjusted its financial statements. In addition, funds that could have been used for other purposes may have remained in unneeded obligations and the risk of duplicate or fraudulent payments because of the large number of invalid ULOs is increased.

IV. Information Technology

The Department’s information systems and electronic data depend on the confidentiality, integrity, and availability of the Department’s comprehensive and interconnected IT infrastructure using various technologies around the globe. Therefore, it is critical that the Department manage information security risks effectively throughout the organization. The Department uses several financial management systems to compile information for financial reporting purposes. The Department’s general support system, a component of its information security program, is the gateway for all the Department’s systems, including its financial management systems. Generally, control deficiencies noted in the information security program are inherited by the systems that reside in it.

In accordance with the Federal Information Security Modernization Act of 2014 (FISMA),¹ the Office of Inspector General (OIG) is responsible for the audit of the Department’s information security program. In the FY 2018 FISMA report,² OIG reported security weaknesses that significantly impacted the Department’s information security program. Specifically, OIG reported weaknesses in all eight FY 2018 Inspector General FISMA metric domains: risk management, configuration management, identity and access management, data protection and privacy, security training, information security continuous monitoring, incident response, and contingency planning. OIG reported:

The deficiencies identified within the information security program occurred for several reasons. For example, the CIO does not have proper authority to manage IT activities, as provided for in law. In addition, the Department has not completed the development and implementation of an information security risk management strategy or identified resources to support the implementation of a Department-wide information security risk management strategy. Furthermore, the Department has not maintained a complete and accurate organization-wide information system inventory.

Without an effective information security program, the Department remains vulnerable to IT-centered attacks and threats to its critical mission-related functions. Information security program weaknesses can affect the integrity of financial applications, which increases the risk that sensitive financial information could be accessed by unauthorized individuals or that financial transactions could be altered, either accidentally or intentionally. Information security program weaknesses increase the risk that the Department will be unable to report financial data accurately.

The weaknesses reported by OIG as a result of the FISMA audit are considered to be a significant deficiency within the scope of our financial statement audit. We have reported weaknesses in IT security controls as a significant deficiency in each audit since our audit of the Department’s FY 2009 financial statements.

During the audit, we noted certain additional matters involving internal control over financial reporting that we will report to Department management in a separate letter.

Status of Prior Year Findings

In the Independent Auditor’s Report on Internal Control Over Financial Reporting included in the audit report on the Department’s FY 2017 financial statements,³ we noted several issues that were related to internal control over financial reporting. The status of the FY 2017 internal control findings is summarized in Table 1.

Department’s Response to Findings

Department management has provided its response to our findings in a separate letter included in this report as Appendix A. We did not audit management’s response, and accordingly, we express no opinion on it.

Purpose of This Report

The purpose of this report is solely to describe the scope of our testing of internal control over financial reporting and the results of that testing and not to provide an opinion on the effectiveness of the Department’s internal control. This report is an integral part of an audit performed in accordance with auditing standards generally accepted in the United States of America, Government Auditing Standards, and OMB Bulletin No. 19-01 in considering the entity’s internal control over financial reporting. Accordingly, this report is not suitable for any other purpose.

Alexandria, Virginia
November 15, 2018

¹ Federal Information Security Modernization Act of 2014, Public L. No. 113-283, 128 STAT. 3079-3080 (December 18, 2014). (back to text)

² OIG, Audit of the Department of State Information Security Program (AUD-IT-19-08, October 2018). (back to text)

³ OIG, Independent Auditor’s Report on the U.S. Department of State 2017 and 2016 Financial Statements (AUD-FM-18-05, November 2017). (back to text)

Report on Compliance With Laws, Regulations, Contracts, and Grant Agreements

INDEPENDENT AUDITOR’S REPORT ON COMPLIANCE WITH LAWS,
REGULATIONS, CONTRACTS, AND GRANT AGREEMENTS

To the Secretary of the U.S. Department of State and the Inspector General

We have audited the consolidated financial statements of the U.S. Department of State (Department) as of and for the year ended September 30, 2018, and have issued our report thereon dated November 15, 2018. We conducted our audit in accordance with auditing standards generally accepted in the United States of America; the standards applicable to financial audits contained in Government Auditing Standards, issued by the Comptroller General of the United States; and Office of Management and Budget (OMB) Bulletin No. 19-01, “Audit Requirements for Federal Financial Statements.”

Compliance

As part of obtaining reasonable assurance about whether the Department’s consolidated financial statements are free from material misstatement, we performed tests of the Department’s compliance with provisions of applicable laws, regulations, contracts, and grant agreements, noncompliance with which could have a direct and material impact on the financial statement amounts, including the provisions referred to in Section 803(a) of the Federal Financial Management Improvement Act of 1996 (FFMIA)¹ that we determined were applicable. We limited our tests of compliance to these provisions and did not test compliance with all laws, regulations, contracts, and grant agreements applicable to the Department. However, providing an opinion on compliance with those provisions was not an objective of our audit, and accordingly, we do not express such an opinion.

The results of our tests, exclusive of those related to FFMIA, disclosed instances of noncompliance or potential noncompliance that are required to be reported under Government Auditing Standards and OMB Bulletin No. 19-01 and which are summarized as follows:

• Antideficiency Act.² This act prohibits the Department from (1) making or authorizing an expenditure from, or creating or authorizing an obligation under, any appropriation or fund in excess of the amount available in the appropriation or fund unless authorized by law, (2) involving the Government in any obligation to pay money before funds have been appropriated for that purpose, unless otherwise allowed by law, or (3) making obligations or expenditures in excess of an apportionment or reapportionment, or in excess of the amount permitted by agency regulations. Our audit procedures identified Department of the Treasury account fund symbols with negative balances that were potentially in violation of the Antideficiency Act. We also identified systemic issues in the Department’s use of allotment overrides to exceed available allotment authority. Establishing obligations that exceed available allotment authority increases the risk of noncompliance with the Antideficiency Act. Conditions impacting the Department’s compliance with the Antideficiency Act have been reported annually since our FY 2009 audit.
• Prompt Payment Act.³ This act requires Federal agencies to make payments in a timely manner, pay interest penalties when payments are late, and take discounts only when payments are made within the discount period. We found that the Department did not consistently calculate or pay interest penalties for overdue payments to overseas vendors or international organizations. The Department was unable to provide legal justification exempting the Department from paying interest penalties for payments to these types of entities. Conditions impacting the Department’s compliance with the Prompt Payment Act have been reported annually since our FY 2009 audit.

Under FFMIA, we are required to report whether the Department’s financial management systems substantially comply with Federal financial management systems requirements, applicable Federal accounting standards, and the U.S. Standard General Ledger (USSGL) at the transaction level. Although we did not identify any instances of substantial noncompliance with Federal accounting standards, we did identify instances, when combined, in which the Department’s financial management systems and related controls did not comply substantially with certain Federal financial management system requirements and the USSGL at the transaction level.

Federal Financial Management Systems Requirements

• The Department has long-standing weaknesses in its financial management systems regarding its capacity to account for and record financial information. For instance, the Department has significant deficiencies relating to property and equipment, budgetary accounting, and unliquidated obligations.
• During its annual evaluation of the Department’s information security program, as required by the Federal Information Security Modernization Act (FISMA), the Department’s Office of Inspector General reported control weaknesses in all eight FY 2018 Inspector General FISMA metric domains.⁴
• The Department did not maintain effective administrative control of funds. Specifically, obligations were not created in a timely manner or were recorded in advance of an executed obligating document. We identified systemic issues in the Department’s use of allotment overrides that allowed officials to exceed allotments.
• The Department did not always minimize waste, loss, unauthorized use, or misappropriation of Federal funds. For example, the Office of Inspector General reported a significant amount of questioned costs and funds that could be put to better use during FY 2018.
• In addition, the previously reported matters related to the Antideficiency Act and the Prompt Payment Act impact the Department’s compliance with FFMIA.

Standard General Ledger at the Transaction Level

• The Department’s financial management systems did not consistently post transactions to USSGL-compliant accounts or track proprietary and budgetary account attributes consistent with the USSGL.
• General ledger account balances could not always be traced to discrete transactions. Further, discrete transactions could not always be traced to source documents.

The Department had not implemented and enforced systematic financial management controls to ensure substantial compliance with FFMIA. The Department had not developed and executed remediation plans to address instances of noncompliance or validate compliance against criteria. The Department’s ability to meet Federal financial management system requirements and fully process transaction-level data in accordance with the USSGL was hindered by limitations in systems and processes. Since our FY 2009 audit, we have reported annually that the Department did not substantially comply with FFMIA.

During the audit, we noted certain additional matters involving compliance that we will report to Department management in a separate letter.

Department’s Response to Findings

Department management has provided its response to our findings in a separate letter included in this report as Appendix A. We did not audit management’s response, and accordingly, we express no opinion on it.

Purpose of This Report

The purpose of this report is solely to describe the scope of our testing of compliance and the results of that testing and not to provide an opinion on the effectiveness of the entity’s compliance. This report is an integral part of an audit performed in accordance with auditing standards generally accepted in the United States of America, Government Auditing Standards, and OMB Bulletin No. 19-01 in considering the entity’s compliance. Accordingly, this report is not suitable for any other purpose.

Alexandria, Virginia
November 15, 2018

¹ Federal Financial Management Improvement Act of 1996, Public L. No. 104-208, 110 STAT. 3009 (September 30, 1996). (back to text)

² Antideficiency Act, Public L. No. 97-258, 96 STAT. 923 (September 13, 1982). (back to text)

³ 31 United States Code Chapter 39, “Prompt Payment.” (back to text)

⁴ OIG, Audit of the Department of State Information Security Program (AUD-IT-19-08, October 2018). (back to text)

Comptroller Response to the OIG

November 14, 2018

UNCLASSIFIED

MEMORANDUM

To:	OIG – Steve A. Linick
FROM:	CGFS – Christopher H. Flaggs
SUBJECT:	Draft Report on the Department of State’s Fiscal Years 2018 and 2017 Financial Statements

This memo responds to your request for comments on the Draft Report of the Independent Auditor’s Report, Independent Auditor’s Report on Internal Control Over Financial Reporting, and Independent Auditor’s Report on Compliance With Applicable Provisions of Laws, Regulations, Contracts, and Grant Agreements.

The Department operates in over 180 countries and 135 currencies in some of the most challenging environments. The scale and complexity of Department activities and corresponding financial management operations and requirements are immense. We take this dynamic into account as we pursue an efficient, accountable, and transparent financial management platform that supports the Department’s and broader U.S. Government’s foreign affairs mission. An important element of our accountability is the fundamental discipline of the annual external financial statement audit process and the issuance of the Department’s audited financial statements. Few outside the financial community likely realize or appreciate the time and effort that go into producing the audit and the Agency Financial Report. It is a rigorous and exhaustive process, and this year was no exception. It has been a concerted and dedicated effort by all stakeholders.

We appreciate and extend our sincere thanks for the professionalism and commitment by all parties, including the Office of the Inspector General (OIG) and Kearney & Company, the independent external auditor. While we may not agree on every aspect of the process and findings, we acknowledge the importance of the process and the real benefits derived from the improvements that have been made over the last ten years, working together with the OIG and Kearney & Company throughout the annual audit cycles. We know that there will always be new challenges and concerns given our complex global operating environment and scope of compliance requirements. Even so, we believe the overall results of the audit reflect the continuous improvement we strive to achieve in the Bureau of the Comptroller and Global Financial Services and across the Department’s financial management community.

As expressed in the Independent Auditor’s Report, we are pleased that the Department has received an unmodified (“clean”) audit opinion on its FY 2018 and FY 2017 principal financial statements and with no material weaknesses in internal controls over financial reporting. We remain committed to strong corporate governance and internal controls as demonstrated by our dedicated system of internal controls overseen by our Management Control Steering Committee (MCSC), Senior Assessment Team (SAT), and supported by senior leadership. We appreciate the OIG’s participation and contributions in both the MCSC and SAT. We fully recognize that there is more to be done and that the items identified in the Draft Report will require our continued attention and improvement. We look forward to working with you and all stakeholders on addressing these issues.

Introducing the Principal Financial Statements

The Principal Financial Statements (Statements) have been prepared to report the financial position and results of operations of the U.S. Department of State (Department). The Statements have been prepared from the books and records of the Department in accordance with formats prescribed by the Office of Management and Budget (OMB) in OMB Circular A-136, Financial Reporting Requirements, revised. The Statements are in addition to financial reports prepared by the Department in accordance with OMB and U.S. Department of the Treasury (Treasury) directives to monitor and control the status and use of budgetary resources, which are prepared from the same books and records. The Statements should be read with the understanding that they are for a component of the U.S. Government, a sovereign entity. The Department has no authority to pay liabilities not covered by budgetary resources. Liquidation of such liabilities requires enactment of an appropriation. Comparative data for 2017 are included.

The Consolidated Balance Sheet provides information on assets, liabilities, and net position similar to balance sheets reported in the private sector. Intra-departmental balances have been eliminated from the amounts presented.

The Consolidated Statement of Net Cost reports the components of the net costs of the Department’s operations for the period. The net cost of operations consists of the gross cost incurred by the Department less any exchange (i.e., earned) revenue from our activities. Intra-departmental balances have been eliminated from the amounts presented.

The Consolidated Statement of Changes in Net Position reports the beginning net position, the transactions that affect net position for the period, and the ending net position. Intra-departmental transactions have been eliminated from the amounts presented.

The Combined Statement of Budgetary Resources provides information on how budgetary resources were made available and their status at the end of the year. Information in this statement is reported on the budgetary basis of accounting. Intra-departmental transactions have not been eliminated from the amounts presented.

Required Supplementary Information contains a Combining Statement of Budgetary Resources, the condition of heritage assets held by the Department, and information on deferred maintenance and repairs. The Combining Statement of Budgetary Resources provides additional information on amounts presented in the Combined Statement of Budgetary Resources.

Principal Financial Statements

The accompanying notes are an integral part of this financial statement.

The accompanying notes are an integral part of this financial statement.

The accompanying notes are an integral part of this financial statement.

The accompanying notes are an integral part of this financial statement.

Notes to Principal Financial Statements

Organization

Congress established the U.S. Department of State (Department of State or Department), the senior Executive Branch department of the United States Government in 1789. The Department advises the President in the formulation and execution of U.S. foreign policy. The head of the Department, the Secretary of State, is the President’s principal advisor on foreign affairs.

View the 19 notes to the principal financial statements.

Required Supplementary Information

Combining Statement of Budgetary Resources

Heritage Assets

The condition of the Department’s heritage assets is based on professional conservation standards. The Department performs periodic condition surveys to ensure heritage assets are documented and preserved for future generations. Once these objects are conserved, regular follow-up inspections and periodic maintenance treatments are essential for their preservation. The categories of condition are Poor, Good, and Excellent.

Deferred Maintenance and Repairs

Deferred Maintenance and Repairs (DM&R) are maintenance and repairs that were not performed when they should have been, that were scheduled and not performed, or that were delayed for a future period. Maintenance and repairs are activities directed towards keeping Property, Plant, and Equipment (PP&E) in acceptable operating condition. These activities include preventive maintenance, normal repairs, replacement of parts and structural components, and other activities needed to preserve the asset so that it can deliver acceptable performance and achieve its expected life. Maintenance and repairs exclude activities aimed at expanding the capacity of an asset or otherwise upgrading it to serve needs different from, or significantly greater, than those originally intended.

The Department occupies more than 3,000 government-owned or long-term leased real properties at more than 270 overseas locations, numerous domestic locations, and at the IBWC.

Deferred Maintenance and Repairs Policy – Measuring, Ranking and Prioritizing

The Department’s process to identify deferred maintenance for Overseas Real Property begins with an Annual Facility Condition Survey (AFCS) of all properties whether capitalized or not or fully depreciated. The facility manager at each post conducts the AFCS, examining all facilities, building systems, and equipment to determine if their current condition and capacity achieves their intended function. Deficient facilities or systems are identified, specifics about the deficiencies are documented, and recommendations for addressing the deficiencies and corresponding cost estimates for labor and materials are included in the survey. The facility manager obtains cost estimates of the maintenance.

These repair and improvement requests submitted by posts are reviewed by Area Management Officers and then evaluated using 14 factors to prioritize and assign the items a score based on life safety, security, functionality and business sense. An ensuing review is conducted by subject matter experts before they are included in the Repair & Improvement (R&I) spending plan, which is the first piece of the overall deferred maintenance calculation. If a requirement is not funded in the fiscal year in which it was originally scheduled, it becomes a “deferred maintenance requirement” and is rescheduled for remediation in a future year. Posts are also able to send maintenance requests at any point during the year in case of an emergency.

In addition to funding repair projects from the R&I account, the Department allots each post an amount of “routine maintenance and repair” funding each year. This is to accomplish preventive maintenance activities, repairs due to normal wear and tear, and recurring maintenance (e.g., painting and weather stripping) for work that does not require a review and which is exempt from permitting requirements. These are bulk allotments for routine maintenance activities described above that are not considered “projects” and therefore do not go through the prioritization process. These funds are adjusted for type of space (e.g., office vs. residential), condition of the facility (using the annual Facility Condition Index as the baseline), and overseas location.

The sum of each post’s calculated allocation is the total worldwide routine maintenance requirement. The difference between this global routine maintenance and repair funding requirement and the amount of the routine maintenance funding available in a given year is considered deferred maintenance.

Factors Considered in Determining Acceptable Condition

The Department’s PP&E mission is to provide secure, safe, functional, and sustainable facilities that represent the U.S. Government and provide the physical platform for U.S. Government employees at our embassies, consulates and domestic locations as they work to achieve U.S. foreign policy objectives. Domestic real property and equipment are maintained and managed in a safe and effective manner and required maintenance and repairs are adequately funded such that DM&R is insignificant.

Due to the widely varying conditions and strategic objectives of U.S. missions overseas, each post is essentially unique. The facility management of U.S. diplomatic and consular facilities overseas is a complex endeavor, in which the impact of the failure of facilities and infrastructure on human life, welfare, morale, safety, and the provision of essential operations and services is widely recognized. Also, facilities conditions have a large impact on the environment and on budgets, requiring a facility management approach that is neither reactive nor passive, but results in buildings and infrastructure that are efficient, reliable, cost effective, and sustainable over their life cycle. This occurs at facilities of varying age, configuration, and construction quality in every climate and culture in the world. Some posts have the task of keeping an aging or historic facility in good working order; others must operate a complex new building that may be the most technologically advanced in the country.

Fundamentally, the Department considers all of its overseas facilities to be in an “acceptable condition” in that they serve their required mission. Adopting standard criteria for a classification of acceptable condition is difficult due to the complex environment in which the Department operates.