Agency Audit Results, Systems, Controls, and Legal Compliance Systems, Controls, and Legal Compliance
Audit
Since the passage of the CFO Act of 1990, the federal financial community has made significant progress in financial accounting and reporting. As shown in Table 10, for FY 2017, 21 of the 24 CFO Act agencies obtained an opinion from the independent auditors on their financial statements.31 In addition, 45 auditor-identified material weaknesses were reported at the beginning of FY 2017 and 40 were reported at the end of the year. An increasing number of federal agencies have adopted and maintained disciplined financial reporting operations, implemented effective internal controls over financial reporting, and integrated transaction processing with accounting records. These efforts improved the results of financial statement audits. However, weaknesses in financial management practices continue to prevent three of the CFO Act agencies, and the Government as a whole, from achieving an audit opinion.
| Table 10: Audit Opinions and Auditor-Reported Material Weaknesses: FY 2017 | ||||||
|---|---|---|---|---|---|---|
| Agency | Audit Opinion | Beginning | New | Resolved | Consolidated | Ending |
| Department of Agriculture (USDA) | Unmodified/Not Audited | 2 | 0 | 0 | 0 | 2 |
| Department of Commerce (DOC) | Unmodified | 0 | 1 | 0 | 0 | 1 |
| Department of Defense (DOD) | Disclaimer | 13 | 0 | 0 | 0 | 13 |
| Department of Education (Education) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| Department of Energy (DOE)* | Pending | 0 | Pending | Pending | Pending | Pending |
| Department of Health and Human Services (HHS) | Unmodified | 1 | 0 | 0 | 0 | 1 |
| Department of Homeland Security (DHS) | Unmodified | 3 | 0 | 1 | 0 | 2 |
| Department of Housing and Urban Development (HUD) | Disclaimer | 11 | 1 | 1 | 2 | 9 |
| Department of the Interior (DOI) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| Department of Justice (DOJ) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| Department of Labor (DOL) | Unmodified | 2 | 1 | 2 | 0 | 1 |
| Department of State (State) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| Department of Transportation (DOT) | Unmodified | 2 | 0 | 2 | 0 | 0 |
| Department of the Treasury (Treasury) | Unmodified | 1 | 0 | 0 | 0 | 1 |
| Department of Veterans Affairs (VA) | Unmodified | 6 | 1 | 0 | 1 | 6 |
| Agency for International Development (USAID) | Unmodified | 1 | 0 | 0 | 0 | 1 |
| Environmental Protection Agency (EPA) | Unmodified | 2 | 0 | 0 | 0 | 2 |
| General Services Administration (GSA) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| National Aeronautics and Space Administration (NASA) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| National Science Foundation (NSF) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| Nuclear Regulatory Commission (NRC) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| Office of Personnel Management (OPM) | Unmodified | 1 | 0 | 0 | 0 | 1 |
| Small Business Administration (SBA) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| Social Security Administration (SSA) | Unmodified | 0 | 0 | 0 | 0 | 0 |
| Totals | 45 | 5 | 7 | 3 | 40 | |
| *Audit results for DOE were not available as of the issuance of this Financial Report. | ||||||
| Ending Total assumes DOE has zero material weaknesses as of September 30, 2017. | ||||||
Systems
Federal agencies improved, but continue to face challenges, in implementing financial management systems that meet federal requirements. The number of CFO Act agencies reporting lack of substantial compliance with one or more of the three Section 803(a) requirements of the Federal Financial Management Improvement Act (FFMIA) fell to eight in FY 2017 from nine in FY 2016, and the number of auditors reporting lack of substantial compliance with one or more of the three Section 803(a) FFMIA requirements fell to 10 in FY 2017 from 11 in FY 2016.32
Controls
Federal managers are responsible for developing and maintaining effective internal controls. Internal controls help to ensure effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations. The safeguarding of assets is a goal of each of these three objectives.
In response to major management challenges to achieving their mission and goals, agencies continue to recognize the utility of Enterprise Risk Management (ERM) as a tool to identify, assess, mitigate, manage and prepare for risk. ERM contributes to risk-informed decision-making, adopting a proactive rather than a reactive approach to risk, and fostering a risk-aware culture. Under ERM internal controls are not limited to compliance and financial reporting. Instead, internal controls are a means to address management challenges that cut across multiple agency functions. ERM is currently used in the private and public sectors in the U.S. and internationally, including by the governments of the United Kingdom, Canada, and Japan. OMB has promoted ERM as a management tool and the 2016 update to OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, explains ERM and the importance of integrating ERM with internal control processes.
OMB Circular No. A-123 implements the requirements of 31 U.S.C. 3512 (c), (d) (commonly known as the Federal Managers’ Financial Integrity Act or FMFIA). The Circular’s focus for internal controls is on providing agencies a framework for assessing and managing risks more strategically and effectively. The Circular reflects changes incorporated in GAO’s updated Standards for Internal Control in the Federal Government and contains multiple appendices that address one or more of the objectives of effective internal control, specifically:
- Appendix A provides a methodology for agency management to assess, document, test, and report on internal controls over financial reporting;
- Appendix B requires agencies to maintain internal controls that reduce the risk of fraud, waste, and error in government charge card programs;
- Appendix C implements the requirements for effective estimation and remediation of improper payments; and
- Appendix D defines new requirements for determining compliance with the FFMIA that are intended to reduce the cost, risk, and complexity of financial system modernizations.
As noted above, the total number of reported material weaknesses for the CFO Act agencies as of the issuance of this Financial Report was 4033 and 45 for FYs 2017 and 2016, respectively. Effective internal controls are a challenge at the agency level and at the governmentwide level, with GAO reporting that at the governmentwide level, material weaknesses resulted in ineffective internal control over financial reporting. While progress is being made at many agencies and across the Government in identifying and resolving internal control deficiencies, continued work is needed.
Legal Compliance
Federal agencies are required to comply with a wide range of laws and regulations, including appropriations, employment, health and safety, among others. Responsibility for compliance rests with agency management and compliance is addressed as part of agency financial statement audits. Agency auditors test for compliance with selected laws and regulations related to financial reporting and certain individual agency audit reports contain instances of noncompliance. None of these instances were material to the governmentwide financial statements; however, GAO reported that its work on compliance with laws and regulations was limited by the material weaknesses and scope limitations discussed in its report.
Footnotes
31 The 21 agencies include HHS, which received unmodified (“clean”) opinions on all statements except the SOSI and the SCSIA; DOL, which received clean opinions on all statements except the SCSIA; and USDA, which received a clean opinion only on its balance sheet. DOE expects to issue its audited AFR after the release of this Financial Report. For more information, see MD&A footnote #7. (Back to Content)
32 The FY 2017 results do not include the Department of Energy (DOE). For FY 2016, DOE and its auditor noted no lack of compliance with one or more of the three section 803(a) requirements of the FFMIA. The FY 2016 results include DOD, HUD, and NSF, which were pending when the FY 2016 FR was released; DOD, HUD, and their auditors noted lack of compliance with one or more of the FFMIA section 803(a) requirements for FY 2016. (Back to Content)
33 The FY 2017 reported results do not include DOE, which had no material weaknesses in FY 2016. As shown in Table 10, if the number of material weaknesses for DOE does not change between FY 2016 and FY 2017, the total for CFO Act agencies for FY 2017 will be 40. The FY 2016 results include DOD, HUD, and NSF, which were pending when the FY 2016 FR was released; HUD’s material weaknesses increased by two for 2016, which was not reflected in the FY 2016 FR. (Back to Content)