GSA Management and Internal Control Program
Federal Managers’ Financial Integrity Act Section 2
The Federal Managers’ Financial Integrity Act (FMFIA) requires agencies to establish internal control and financial systems that provide reasonable assurance that the three objectives of internal control are achieved:
- Effectiveness and efficiency of operations;
- Compliance with applicable laws and regulations; and
- Reliability of financial reporting.
FMFIA requires that the head of the agency, based on evaluation, provide an annual Statement of Assurance on whether the agency has met these requirements. The Office of Management and Budget (OMB) Circular A-123, Management’s Responsibility for Internal Control, implements the FMFIA and defines management’s responsibility for internal control in federal agencies. FMFIA also requires agencies to establish internal controls over their programs, financial reporting, and financial management systems. GSA internal control reviews are conducted for agency program components to ensure that all significant risks are identified, tested, evaluated, and mitigated timely and effectively. These reviews also ensure that audit findings are responded to in a timely and effective manner and corrective action plans are implemented. GSA provides assurance on the effectiveness of the internal control over operations, management systems, and financial reporting for FY 2013 with consideration to all internal and external reviews of the agency except as noted below. The “Summary of GSA’s Financial Statement Audit and Management Assurances” table is provided in the Other Information section of this report.
In FY 2013, GSA continued to strengthen management practices and internal controls to assure the integrity of its programs, operations, and business and financial management systems. This effort included an increased focus on risk management and risk analysis on all programs. GSA successfully completed all the requirements of OMB Circular A-123; the Office of Federal Procurement Policy’s (OFPP) Memorandum entitled, “Conducting Acquisition Assessments under OMB Circular A-123”; the FMFIA; OMB Circular A-127 Financial Management Systems; the Federal Financial Management Improvement Act (FFMIA); and the Federal Information Security Management Act (FISMA) as the foundation of effective management operations and internal controls.
In FY 2013, the Procurement Management Review (PMR) team collaborated with the Office of the Chief Financial Officer A-123 Internal Control Review team to jointly conduct financial and acquisition reviews in several regions. By analyzing activities from both an acquisition and financial perspective, GSA addressed control issues that involved financial and acquisition functions. As these reviews are completed, all review results are presented to management through the GSA Management Control and Oversight Council as the basis for determining the state of management assurances.
Based on the results of Internal Control Program reviews and assurance statement questionnaires, GSA identified no material weakness in its internal control over the effectiveness and efficiency of operations and compliance with applicable laws and regulations as of September 30, 2013. Although not identified as a material weakness, GSA management recognizes that challenges exist in GSA’s entity-level controls environment that need to be strengthened to promote standardization of business processes, consistent application of business rules, and effective communications across the agency.
GSA conducted its assessment of the effectiveness of internal control over financial reporting, which includes safeguarding of assets and compliance with applicable laws and regulations, in accordance with the requirements of Appendix A of OMB Circular A-123. As part of the evaluation, Appendix A requires agencies to develop a process to identify changes in the internal control environment that could potentially impact management’s assessed effectiveness of internal control over financial reporting, including identification of material weaknesses resulting from reviews and audits that were not detected during the Appendix A assessment. The external auditor identified one material weakness related to financial reporting. One major component of the material weakness was related to estimation methodology for asbestos liability, which was not properly supported for the first two quarters of FY 2013, and resulted in an inaccurate preparation and reporting in the quarterly financial statements.
Remediation efforts were undertaken throughout the fiscal year. GSA implemented procedures to correct key elements of the material error prior to the final presentation of financial statements as provided below.
Asbestos Liabilities Estimation Methodology
- GSA implemented procedures to develop a reasonable methodology in Q3 and Q4 for estimating asbestos liability that uses cost factors derived from third-party contractor’s estimates per square footage, linear feet and units of each which were normalized to Washington, DC locality. The cost factors were calculated against 100 percent of gross square footage for the owned building inventory built prior to calendar year 2000 and escalated to present value. Furthermore, Marshall & Swift locality rates were applied based upon building locations.
- GSA established an Asbestos Working Team which included representatives from PBS Design and Construction, PBS Portfolio Management, PBS Property Disposal, OGC, PBS Facilities Management and OCFO to address implementation of this new accounting standard.
- PBS Senior Management and OCFO met on a weekly basis to discuss various methods of estimating asbestos liabilities to consider if the resulting accounting estimate is consistent with the operational plans of the entity.
- PBS Senior Management and OCFO reviewed all sources of factors used in calculating the estimate, including the sensitivity analysis.
While GSA implemented key components of the corrective action plans in fiscal year 2013, residual issues associated with this material weakness will continue to be addressed in fiscal year 2014. These include, but are not limited to:
- Refine the asbestos liability estimation methodology.
- Issue and communicate final accounting policies to the affected stakeholders.
- Revisit the financial reporting process related to lease footnote disclosures.
Federal Managers’ Financial Integrity Act Section 4
GSA evaluates its financial management systems annually for compliance with federal financial management systems requirements, applicable federal accounting standards, and U.S. Standard General Ledger (USSGL) recording and reporting requirements. In FY 2013, GSA evaluated its financial management systems controls and compliance by completing independent systems certification and accreditation reviews as part of the billing and accounts receivable phase 2 implementation, submitting Senior Agency Information Security Officer (SAISO) reports, conducting OMB Circular A-123 reviews, and evaluating risk indicators contained in the FFMIA Compliance Risk Model. GSA also reviewed pertinent audit reports issued in FY 2013, remediated all prior year SSAE16 audit recommendations, and discussed the details of pertinent systems-related control issues with senior managers and auditors.
In FY 2013, improvements were made to strengthen GSA IT systems controls in the areas of user recertification, audit logging and monitoring controls.
In assessing compliance with FFMIA, GSA adheres to the revised implementation guidance provided by OMB and considers the results of GSA Office of the Inspector General and U.S. Government Accountability Office audit reports, annual financial statement audits, FISMA compliance reviews, risk assessments, and other systems-related review and monitoring activities. Based on all information assessed, the administrator has determined that GSA financial management systems are in substantial compliance with FFMIA requirements for FY 2013.
Federal Information Security Management Act
FISMA requires federal agencies to implement a mandatory set of processes and system controls designed to ensure the confidentiality, integrity, and availability of system-related information. The processes and systems controls in each federal agency must follow established Federal Information Processing Standards, National Institute of Standards and Technology standards (NIST), and other legislative requirements pertaining to federal information systems, such as the Privacy Act of 1974.
To facilitate FISMA compliance, GSA maintains a formal program for information security management focused on FISMA requirements, protecting GSA IT resources, and supporting the GSA mission. This program consists of policies, procedures, and processes to mitigate new threats and anticipate risks posed by new technologies.
Designated GSA information system security managers and information system security officers implement information security requirements in accordance with FISMA requirements and GSA policies.
GSA continues to address weaknesses identified in its Plan of Action and Milestones. GSA annually provides security and privacy awareness training for over 16,000 employees and contractors. Privacy Impact Assessments were completed on all applicable systems. GSA continues to implement and mature a continuous monitoring program in accordance with NIST, Department of Homeland Security (DHS), and OMB direction.
Financial Management Systems Framework
The Chief Financial Officers Act assigns responsibilities for planning, developing, maintaining, and integrating financial management systems within federal agencies.
As depicted on the Financial Management Systems Framework chart below, GSA currently maintains a core accounting system, Pegasys; E-Payroll applications; portions of its legacy core accounting system, National Electronic and Accounting Reporting (NEAR); and general support systems, which operate, on a variety of hosting platforms to support various feeder applications.
In FY 2013, GSA continued its progress in financial systems modernization and improvement in support of this financial management systems framework. To achieve its strategic goals GSA will continue efforts to:
- Retire NEAR by transferring billing and accounts receivable and other remaining functionality to Pegasys; and
- Streamline, consolidate, and modernize financially oriented general support systems.
These strategies support GSA financial management system goals of reducing financial system operating and maintenance costs, and enhancing compliance and IT security controls.