GSA Management and Internal Control Program
Federal Managers’ Financial Integrity Act (FMFIA) Section 2
FMFIA requires agencies to establish internal control and financial systems that provide reasonable assurance that the three objectives of internal control are achieved:
- Effectiveness and efficiency of operations:
- Compliance with applicable laws and regulations: and
- Reliability of Financial Reporting
FMFIA requires that the head of the agency, based upon an evaluation, provide an annual Statement of Assurance on whether the agency has met these requirements. OMB Circular No. A-123 Management’s Responsibility for Enterprise Risk Management and Internal Control, implements FMFIA and defines management’s responsibility for internal control in federal agencies. FMFIA also requires agencies to establish internal controls over their programs, financial reporting, and financial management systems. GSA internal control reviews are conducted for agency program components. The goals of these reviews are to identify and mitigate significant risks in a timely manner. The reviews results are briefed to the Management Control Oversight Council (MCOC) chaired by the Deputy Administrator. The MCOC also leads the GSA efforts to address financial management audit findings in a timely manner and oversees the development and execution of the corrective action plans. GSA evaluates assurance on effectiveness of internal controls over operations, management systems, and financial reporting for FY 2016 with consideration to all internal and external reviews of the agency. The “Summary of GSA’s Financial Statement Audit in the Management Assurances” table is provided in the “Other Information” section of this report.
In FY 2016, GSA continued to strengthen management practices and internal controls to assure the integrity of its programs, operations, business and financial management systems. This effort increased focus on risk management and risk analysis of all its programs. GSA completed an initial fraud risk assessment, and established an enterprise risk management working group. GSA successfully completed all the requirements of OMB Circular No. A-123 and the Office Federal Procurement Policy’s Memorandum entitled Conducting Acquisition Assessments under OMB Circular No. A-123, the FMFIA, compliance with Federal Financial Management Improvement Act (FFMIA), and the Federal Information Security Management Act (FISMA) as the foundation of effective management operations and internal controls.
In FY 2016, the Procurement Management Review (PMR) Division of the Procurement Management Division reporting directly to the GSA Senior Procurement Executive in the Office of Acquisition Policy, Office of Government-wide Policy and the OCFO A-123 Internal Control Review team conducted parallel financial and acquisition reviews across the agency. PMR reviews assessed the effectiveness of internal controls over procurement management. By analyzing activities from both an acquisition and financial perspective, GSA addressed control issues that involved financial and acquisition functions. Any identified control deficiencies are tracked through a database application and monitored for timely and accurate implementation of corrective actions.
Overall the internal control program at GSA is functioning soundly and can provide reasonable assurance that its internal control over financial reporting is operating effectively and with no material weaknesses related to the design or operation of internal controls over financial reporting.
Federal Managers’ Financial Integrity Act Section 4
GSA evaluates its financial management systems annually for compliance with federal financial system requirements, applicable federal accounting standards and USSGL recording and reporting requirements. In FY 2016, GSA transferred its core accounting system, Pegasys, to its shared service provider the United States Department of Agriculture (USDA). Per OMB Circular No. A-123, GSA continues to be responsible for evaluating internal controls over financial management information processed by USDA. GSA worked with USDA to define roles and responsibilities for processing financial management transactions, evaluate financial management system controls and compliance with certification and accreditation reviews, conduct OMB Circular No. A-123 reviews, and evaluate risk indicators contained in the FFMIA Compliance Risk Model.
GSA also reviewed pertinent audit reports issued in FY 2016, and discussed the details of pertinent systems-related control issues with senior managers and auditors.
In assessing compliance with FFMIA, GSA adheres to the implementation guidance provided by OMB and considers the results of GSA OIG and Government Accountability Office audit reports, annual financial statement audits, FISMA compliance reviews, risk assessments, and other systems-related review and monitoring activities. Based on all information assessed, the administrator has determined that GSA financial management systems are in substantial compliance with FFMIA requirements for FY 2016.
Federal Information Security Management Act
FISMA requires federal agencies to implement a mandatory set of processes and system controls designed to ensure the confidentiality, integrity, and availability of system-related information. The processes and systems controls in each federal agency must follow established Federal Information Processing Standards, National Institute of Standards and Technology standards (NIST), and other legislative requirements pertaining to federal information systems, such as the Privacy Act of 1974.
To facilitate FISMA compliance, GSA maintains a formal program for information security management focused on FISMA requirements, protecting GSA IT resources, and supporting the GSA mission. This program consists of policies, procedures, and processes to mitigate new threats and anticipate risks posed by new technologies. Designated GSA information system security managers and information system security officers implement information security requirements in accordance with FISMA requirements and GSA policies.
GSA continues to address weaknesses identified in its Plan of Action and Milestones. GSA annually provides security and privacy awareness training for over 15,000 employees and contractors. Privacy Impact Assessments were completed on all applicable systems. GSA continues to implement and mature a continuous monitoring program in accordance with NIST, Department of Homeland Security (DHS), and OMB direction.
Information and Financial Management Systems Framework
The Chief Financial Officers Act assigns responsibilities for planning, developing, maintaining, and integrating financial management systems within federal agencies.
GSA currently maintains E-Payroll applications; portions of its legacy core accounting system, and general support systems, which operate on a variety of hosting platforms to support various feeder applications.
In FY 2016, GSA continued its progress in financial systems modernization and improvement in support of this financial management systems framework. To achieve its strategic goals GSA will continue efforts to:
- Streamline, consolidate, and modernize financially oriented general support systems
- Complete the transfer of financial system ownership to USDA
These strategies support GSA financial management system goals of reducing financial system operating and maintenance costs, and enhancing compliance and IT security controls.