Fiscal Year 2001 Accountability Report
Report of Independent Accountants on Internal Control
|
|
|
Pricewaterhouse Coopers
LLP
Suite 800W
1301 K St., N.W.
Washington DC 20005-3333
|
REPORT OF INDEPENDENT
ACCOUNTANTS ON INTERNAL CONTROL
United States Attorney General and
The Office of the Inspector General
United States Department of Justice
We have audited the accompanying consolidated
balance sheets of the U.S. Department of Justice and its components as of September
30, 2001 and 2000, and the related consolidated statements of net cost, changes
in net position and custodial activity, and its combined statements of budgetary
resources and financing, for the years then ended, and have issued our report
thereon dated February 14, 2002. Except as explained in that report, we conducted
our audits in accordance with auditing standards generally accepted in the United
States of America; the standards applicable to financial audits contained in
Government Auditing Standards, issued by the Comptroller General of the
United States; and Office of Management and Budget (OMB) Bulletin No. 01-02,
Audit Requirements for Federal Financial Statements.
We did not audit the financial statements of certain
components of the Department, including the Office of Justice Programs (OJP),
Drug Enforcement Administration (DEA), Federal Bureau of Investigation (FBI),
Immigration and Naturalization Service (INS), U.S. Marshals Service (USMS),
Bureau of Prisons (BOP), and Federal Prison Industries, Inc. (FPI), which statements
reflect total combined assets of $23.4 and $21.2 billion, and total combined
net costs of $16.7 and $16.9 billion, as of and for the years ended September
30, 2001 and 2000, respectively. Those statements were audited by other auditors
whose reports thereon have been furnished to us, and our report on the Department’s
internal control herein, insofar as it relates to these components, is based
solely on the reports of the other auditors.
Management of the Department is responsible for
establishing and maintaining accounting systems and internal control. In fulfilling
this responsibility, estimates and judgments are required to assess the expected
benefits and related costs of internal control policies and procedures. The
objectives of internal control are to provide management with reasonable, but
not absolute, assurance that: (1) transactions are properly recorded, processed,
and summarized to permit the preparation of reliable financial statements in
accordance with accounting principles generally accepted in the United States
of America, and to safeguard assets against loss from unauthorized acquisition,
use or disposition; (2) transactions are executed in compliance with laws governing
the use of budget authority and other laws and regulations that could have a
direct and material effect on the financial statements, and any other laws,
regulations and government-wide policies identified in Appendix C of OMB Bulletin
No. 01-02; and (3) transactions and other data that support reported performance
measures are properly recorded, processed, and summarized to permit the preparation
of performance information in accordance with criteria stated by management.
Because of inherent limitations in any internal control, errors or fraud may
nevertheless occur and not be detected. Also, projection of any evaluation
of internal control to future periods is subject to the risk that procedures
may become inadequate because of changes in conditions or that the effectiveness
of the design and operation of policies and procedures may deteriorate.
In planning and performing our audits of the Department’s
financial statements, we obtained an understanding of the design of significant
internal controls and whether they had been placed in operation, tested certain
controls and assessed control risks in order to determine our auditing procedures
for the purpose of expressing an opinion on the financial statements. We limited
our internal control testing to those controls necessary to achieve the objectives
described above, and we did not test all controls relevant to operating objectives
as broadly defined by the Federal Managers' Financial Integrity Act of 1982.
Our purpose was not to provide an opinion on the Department’s internal controls.
Accordingly, we do not express such an opinion.
With respect to internal control relevant to data
that support reported performance measures, we obtained an understanding of
the design of significant internal controls relating to the existence and completeness
assertions, as required by OMB Bulletin No. 01-02. Our procedures were not
designed to provide assurance on internal control over reported performance
measures. Accordingly, we do not provide an opinion on such controls.
We noted, and the reports of other auditors identified,
certain matters in the Department's internal control that we consider to be
reportable conditions under standards established by the American Institute
of Certified Public Accountants. Reportable conditions involve matters coming
to the auditors' attention relating to significant deficiencies in the design
or operation of internal control that, in their judgment, could adversely affect
the Department's ability to meet the internal control objectives described in
the third paragraph. Material weaknesses are reportable conditions in which
the design or operation of one or more of the internal control elements does
not reduce to a relatively low level the risk that errors or fraud in amounts
that would be material in relation to the financial statements being audited
or material to a performance measure or aggregation of related performance measures
may occur and not be detected within a timely period by employees in the normal
course of performing their assigned functions. The auditors' consideration
of internal control would not necessarily disclose all matters in internal control
that might be reportable conditions and, accordingly, would not necessarily
disclose all reportable conditions that are also considered to be material weaknesses
as defined above.
Overview of Material Weaknesses and Reportable
Conditions
Table 1 summarizes the 13 material weaknesses
and 12 reportable conditions identified by components’ auditors. We analyzed
the reportable conditions identified by the components’ auditors to determine
their effect on the Department’s internal control over financial reporting and
identified three Department-wide reportable conditions that were also considered
to be material weaknesses. All three conditions were identified in our fiscal
year 2000 report on the Department’s internal control.
Table 1: Department-wide Material Weaknesses
(M) and Reportable Conditions (R)
Department (DOJ)
Condition in Fiscal Year 2001 |
DOJ
|
OBD
|
AFF
|
FBI
|
DEA
|
OJP
|
INS
|
USM
|
BOP
|
FPI
|
WCF
|
Improvements are needed in the Department's
components’ recordation of financial transactions in accordance with generally
accepted accounting principles.
|
M
|
R
|
-
|
MR |
MMR |
R
|
MR |
R
|
-
|
MM |
-
|
Improvements are needed in the Department’s
components' general and application controls over financial management
systems.
|
M
|
-
|
-
|
M
|
M
|
R
|
MM |
M
|
-
|
R
|
-
|
Improvements are needed in the Department’s
financial statement preparation controls and the components’ compliance
with the Department’s Financial Statement Requirements and Preparation
Guide.
|
M
|
R
|
-
|
M |
M
|
R
|
-
|
R
|
-
|
R
|
-
|
Total Material Weaknesses Reported by components’
auditors
|
FY2001
|
13
|
0
|
0
|
3
|
4
|
0
|
3
|
1
|
0
|
2
|
0
|
FY2000
|
15
|
0
|
0
|
2
|
4
|
0
|
3
|
1
|
0
|
5
|
0
|
Total Reportable Conditions Reported by
components’ auditors
|
FY2001
|
12
|
2
|
0
|
1
|
1
|
3
|
1
|
2
|
0
|
2
|
0
|
FY2000
|
23
|
2
|
2
|
1
|
2
|
3
|
3
|
3
|
3
|
1
|
3
|
Offices, Boards and Divisions (OBD); Assets
Forfeiture Fund and Seized Asset Deposit Fund (AFF); Working Capital Fund
(WCF); U.S. Marshals Service (USM).
Note: For fiscal year 2000, two reportable
conditions were identified at the Department's data centers that are not
included in the table above. There were no material weaknesses reported
for the Department’s data centers in fiscal year 2001.
|
The remainder of this report discusses these material
weaknesses in greater detail. Because of the frequency with which these conditions
were found within the ten components, we recommend Department-wide corrective
actions.
Improvements are needed in the Department's components’
recordation of financial transactions in accordance with generally accepted accounting
principles.
Seven of the components' auditors reported the
following deficiencies in the components' recording of financial transactions
in accordance with the Statements of Federal Financial Accounting Standards
(SFFAS) prescribed by the Federal Accounting Standards Advisory Board:
SFFAS No. 5, Accounting for Liabilities of
the Federal Government: Auditors of the DEA, the OBDs, the INS, and the
FBI reported that components’ processes to estimate accounts payable were not
adequate or were not completed timely. Specifically, auditors of the DEA reported
that the methodology used by the DEA to estimate accounts payable was not well
supported; auditors of the INS reported that due to limitations in the design
and operation of its financial management system, the INS does not record accounts
payable at the transaction level throughout the year. Auditors reported that
revisions are needed in the FBI’s estimation process to allow for timely inclusion
in interim and year-end financial statements, and we reported that the OBDs
did not always properly record the status of delivered and undelivered obligations.
We also identified that the OBDs’ Office of Community Oriented Policing Services
used some non-current information in the calculation of accrued grant expenses.
SFFAS No. 7, Accounting for Revenue and Other
Financing Sources: Auditors of the INS, the USMS, the FPI, and the OBDs
reported that improvements are needed in the components accounting for earned
and deferred revenue. The auditors of the INS reported that the INS does not
have a reliable system that can provide regular, timely data on the number and
value of immigration applications and petitions received, completed and pending,
which is necessary to support general ledger entries for recording earned revenues
when the applications are completed. Auditors of the USMS reported that its
core financial management system does not contain a subsidiary system to record
accounts receivable transactions at the customer level. The auditors of the
FPI reported that management did not effectively manage its accounts receivable
division and did not consistently or adequately perform collection efforts on
its intra-governmental accounts receivable and debt with the public. We reported
that the OBDs do not always “invoice” their customers in a timely manner, including
services performed for other Department components.
SFFAS No 6, Accounting for Property, Plant
and Equipment: Auditors reported that improvements are needed in the components’
procedures related to the timely processing, reconciliation, and recording of
capitalized property. Auditors of the FBI reported that a restatement of $11
million to the FBI’s fiscal year 2000 financial statements was required because
management in the procurement and contract units did not follow FBI’s Property
Management Manual. Auditors of the OJP reported that physical inventories were
not performed in the last two years; and auditors reported that the USMS has
not implemented adequate procedures to ensure capitalized property and improvements
are identified and properly recorded.
SFFAS No 3, Accounting for Inventory and Related
Property: Auditors of the FPI reported that financial accounting system
deficiencies continue to exist in the capture, processing, reporting, and utilization
of inventory data. The FPI did not have effective costing procedures in place
to reasonably estimate manufacturing overhead rates, and did not have adequate
accountability over the Finished Goods at Customer account. In addition, FPI
has not fully developed adequate business processes to ensure that all finished
goods inventory items are consistently valued based on transaction processing
methods. Finally, the auditors reported that one processing factory did not
perform periodic and systematic counts of its perpetual inventory records as
required by policy.
SFFAS No. 1, Accounting for Selected Assets
and Liabilities: Auditors of the FBI reported that the payment of interest
and penalties as required by the Prompt Pay Act has doubled in each of
the last two year because of inefficient vendor invoice approval and payment
processes. This also contributed to the under-reporting of FBI’s accounts payable
and added to the accounts payable estimation workload at year-end. Auditors
reported that the DEA continues to have significant unreconciled differences
between the collections and disbursements recorded in its accounting records
and those recorded by the U.S. Treasury, and that controls over imprest fund
replenishments need to be strengthened.
Recommendation
We recommend that the Chief Financial Officer:
- Require the Department’s reporting components
follow the Department's Financial Statement Preparation and Requirements
Guide, and other financial management policies and procedures currently
in place. The Department's Justice Management Division (JMD) should monitor
components’ compliance with the Department’s policies and procedures, and
require that corrective action plans be submitted that document the timeline
for completing critical tasks and the tasks that must be completed.
Management Response: Concur. JMD will
require corrective action plans, including time lines, by March 22, 2002, addressing
the conditions identified in the consolidated and component audit Reports on
Internal Controls. JMD will further emphasize its accounting standards and
policies through the financial statements working group meetings, training,
and management monitoring. JMD will also monitor component compliance with
Department and federal standards through component corrective action plans and
advise the CFO on non-compliance with the time line completion dates.
Improvements are needed in the Department’s components'
general and application controls over financial management systems.
In support of the fiscal year 2001 financial statement
audits, we and other component auditors relied on the general controls work
performed on select Department financial management information systems as part
of the Government Information Security Reform Act (GISRA) review. The
FBI’s auditors performed similar work on the FBI’s information systems. Our
GISRA review was performed, exclusive of the FBI, at the Department’s data centers,
the DEA, the BOP, and the Executive Offices of the United States Attorney (EOUSA).
In addition to the GISRA review, we and other auditors performed testing on
the general and application controls over components’ financial management information
systems.
Our GISRA review at the Department’s data centers,
the DEA, the BOP and the EOUSA did not identify weaknesses in financial management
systems’ general controls that were deemed to be material weaknesses as defined
by the AICPA. The FBI’s auditors reported their findings to the OIG in a separate
limited distribution report.
Component auditors identified weaknesses in six
components’ general and application controls over components’ financial management
information systems that increase the risk programs and data processed on these
systems are not adequately protected from unauthorized access or service disruption.
Table 2 outlines the more significant weaknesses identified by the auditors.
Following the table, we summarized some of the specific conditions reported
by the components’ auditors.
Table 2: Components financial
information system weaknesses
Condition in Fiscal Year 2001
|
FBI
|
DEA
|
OJP
|
INS
|
USM
|
FPI
|
Entity-wide Security
|
X
|
X
|
|
X
|
X
|
X
|
Access Controls
|
X
|
X
|
X
|
X
|
X
|
X
|
Application Software Development and Change
Controls
|
X
|
X
|
|
X
|
X
|
X
|
Service Continuity
|
X
|
|
|
X
|
X
|
|
Segregation of Duties
|
X
|
X
|
|
X
|
|
|
System Software
|
X
|
|
|
|
|
|
FBI - Auditors
reported that individually or collectively, the weaknesses identified in Table
2 could compromise the agency’s ability to ensure security over sensitive programmatic
or financial data, the reliability of its financial reporting, and compliance
with applicable laws and regulations.
DEA - Auditors reported that several of
DEA’s data processing systems: (a) have an expired certification/accreditation;
(b) cannot track personnel who are granted access to the system or whose access
should be terminated; (c) do not have documented procedures for handling software
changes; and (d) cannot trace data entries to source documents. In addition,
the auditors reported that inactive administrator accounts are not removed timely
and that security administrator training should be improved, and that the security
administrator’s duties should be appropriately segregated.
OJP – Auditors reported that user authentication
options have not been configured to provide optimal password protection and
that several of OJP’s servers have not been optimally configured to monitor
actual or attempted unauthorized, unusual, or sensitive access.
INS - Auditors reported that although its
financial management system of record has been in development for almost five
years, the implementation is not complete, requiring the majority of INS’s transactions
to be entered into its legacy system. Auditors reported that the legacy system,
which has many inherent control weaknesses, now serves as a feeder system to
the financial management system of record. Auditors reported that collectively,
the conditions noted above present significant risks to the continued operation
of INS’s financial management system as a whole. Without adequate controls
over its financial management system, the INS could experience a loss or manipulation
of data, expensive efforts to recover the system (and data), as well as financial
losses.
USMS - Auditors reported that significant
weaknesses in the USMS's general control environment continue to exist, mainly
due to staffing constraints that prevent the implementation of corrective actions
to ensure continued reliable operation of the information management system.
Security plans have not been completed for two financial management applications,
and contingency plans were either outdated or incomplete.
FPI - Auditors reported that vulnerabilities
were identified during their internal and external penetration testing, and
that the FPI's security plan for the general network needs refinement. The
auditors also reported that the financial accounting system databases lacked
the required encryption of information deemed sensitive by the Computer Security
Act of 1987 and the Department’s information system policies.
In performing our procedures at the Department’s
data centers and on the components’ financial management information systems,
we and other component auditors considered the General Accounting Office’s,
Federal Information System Controls Audit Manual; OMB Circular A-130,
Appendix III, Automated Information Security Programs; the Computer Security
Act of 1987; the Department’s Order No. 2640.2C, Telecommunications and Automated
Information Systems Security and the National Institute of Standards and
Technology’s Publications.
Recommendations
We recommend that the Chief Financial Officer:
- Require the components’ Chief Information
Officers to submit corrective action plans to the Department’s Chief Financial
Officer that address the weaknesses identified above. The action plans should
focus on correcting deficiencies in entity-wide security, access controls,
application software development and change controls, service continuity,
segregation of duties, system software, and other specific application control
weaknesses discussed in the components’ auditors reports on internal control.
The corrective action plans should include a timeline that establishes when
major events must be completed, and the CIO should monitor components' efforts
to correct deficiencies and hold them accountable for meeting the action plan
timelines.
Management Response: Concur. JMD will
require by March 22, 2002, that components’ Chief Information Officers (CIO)
submit a corrective action plan, including a time line, to the Chief Financial
Officer which addresses the cited weaknesses in financial systems and application
controls. The CFO will monitor components’ efforts to correct deficiencies
and hold them accountable for meeting the action plan time lines.
- Implement the recommendations made in (a)
our GISRA reports, (b) the FBI’s auditors’ report on the FBI’s information
systems control, and (c) the specific recommendations made in the components’
auditors’ reports on the components’ financial management information systems.
Management Response: Concur. The Department
will implement the recommendations outlined in the limited distribution reports.
Improvements are needed in the Department’s financial
statement preparation controls and the components’ compliance with the Department’s
Financial Statement Requirements and Preparation Guide.
The Government Management Reform Act requires
federal agencies to submit audited agency-wide financial statements to the OMB
by March 1 of each year. To fulfill this requirement, the Department's ten
reporting components prepare separate financial statements that are independently
audited and consolidated into the Department's agency-wide financial statements.
The consolidation is performed by the JMD, which has primary responsibility
for ensuring the Department's consolidated financial statements are compliant
with OMB Bulletin No. 97-01, Form and Content of Agency Financial Statements,
as amended.
In prior reports on the Department’s internal
control, we recommended that the Department implement a strategic plan for financial
reporting that addresses the need for consistent reporting among components
and the need to involve senior financial and program managers in the financial
statement preparation process. In response to this recommendation, JMD issued
a number of Department-wide policies and held periodic meetings with the Department's
components where the Department’s accounting and financial reporting requirements
were discussed.
A key product of JMD’s efforts was the issuance
of the Financial Statement Requirements and Preparation Guide. The guide
provided instructions for preparing components’ financial statements, including
the form and content of the statements, and the deadlines for completing and
submitting them to JMD for consolidation. Although we believe JMD’s efforts
provided a solid foundation for improved financial reporting in fiscal year
2001, we and other auditors continue to identify weaknesses in the Department’s
and components’ financial statement preparation controls:
- Components’ draft financial statements
and Managements’ Discussion and Analysis (MD&A) were incomplete and contained
clerical errors. Auditors of the USMS and the FPI reported that management
had not performed adequate reviews of draft financial statements submitted
for audit, resulting in mathematical errors, incomplete disclosures, and inconsistencies
in the financial statements and note disclosures. Auditors of the OJP reported
that the MD&A was incomplete and the information contained therein was
not reliable.
- Components’ accrual-based financial transaction
processing is not performed on an on-going basis, resulting in substantial
efforts at year-end to obtain and analyze financial data necessary for financial
statement preparation. Auditors of the DEA and the OBDs reported that
these components must improve their financial statement preparation processes
to include performing more procedures throughout the fiscal year, as opposed
to the intensive year-end efforts performed in this fiscal year. In addition,
these components must improve the coordination and involvement of program
offices in the gathering and analyzing of financial data necessary to prepare
the components’ financial statements. The financial statement preparation
effort must be a component-wide effort, involving all program, budget, and
administrative offices, not just a finance office task. Gathering financial
data only at year-end does not provide sufficient time to analyze transactions
or account balances, and could result in misstated or unsupported financial
statement account balances.
- Components’ information systems that process
financial data are not configured to support financial statement preparation
and on-going financial management. Auditors of the FPI reported that
the accounting system of record cannot fully generate data relating to intra-governmental
accounts payable, costs, accounts receivable, revenues related to On-line
Payment and Collections billings and charge backs, and revenues related to
reimbursable and miscellaneous sales. We reported that some of the OBDs program
management systems that provide financial data necessary for the preparation
of the financial statements are not integrated with its core financial accounting
system, requiring redundant data entry and extensive year-end manual reconciliations.
- The FBI’s financial management component
lacks adequate staff to perform the many tasks needed to produce annual financial
statements. Auditors reported that inadequate staffing for the financial
statement preparation process resulted in the financial statements not being
prepared in accordance with the Department’s requirements. In addition, there
is an increased risk that future financial statements will not be prepared
in a timely manner because of the limited number of individuals dedicated
to this task and the accelerated financial reporting deadlines of the Department
and the OMB.
- Improvements are needed in the Department's
recordation of elimination entries. Components did not consistently follow
the Department's requirements to accumulate and report elimination entries;
specifically, timelines were not met, data was not provided in required formats,
and not all financial activity among the Department’s components was confirmed.
Delays in finalizing components’ financial statements in accordance with the
Department’s requirements, and performing elimination entry procedures only
at the end of the fiscal year, contribute to the conditions identified in
the Department’s elimination process.
- The reconciliation of intra-governmental
transactions with other federal agencies was not fully completed. Department
management reported that they were unable to fully complete the reconciliation
of non-fiduciary Federal Intra-governmental Activity and Balances because
(a) not all of the Department’s trading partners responded to the confirmations
sent by the Department, (b) confirmations received from the Department’s trading
partners did not provide sufficient detail to identify the Department components
that initiated the transaction, and (c) the Department’s information systems
are not fully capable of providing sufficient information to allow for timely
reconciliation with trading partners. Accordingly, extensive manual efforts
were attempted, but were not adequate, to complete a full reconciliation of
all amounts with the Department’s trading partners.
- Improvements are needed in the preparation
of the Department’s MD&A. We noted that some of the information in
the Department’s draft MD&A was not supported by consistent information
presented in the components’ MD&A. Revisions were made to the Department’s
final MD&A to correct the inconsistencies; however, improvements are needed
in controls to ensure components prepare their MD&As in accordance with
the Department’s requirements. We also noted that the MD&A lacked detailed
discussions on the funding aspects of program performance or the outcomes
of program missions.
The Department and its components corrected material
errors and inconsistencies only after JMD, the OIG, or the independent auditors
had identified them. In many cases, the components' financial statements had
already been submitted to JMD for consolidation in the Department's financial
statements, thus requiring adjustment to the components' financial statements
before final auditors' reports on the components' financial statements could
be released. It is essential that all components follow the Department's Financial
Statement Preparation and Requirements Guide and other accounting policies
to ensure consistency in the Department's consolidated financial statements.
Components' financial managers must perform reviews of financial data to ensure
the Department’s requirements are being met, and the components’ must eliminate
their dependency on accumulating and reporting financial data only once a year.
Financial management and reporting must be performed
throughout the fiscal year and must be complete (e.g. apply full accrual-based
accounting). This will eliminate the need to perform extensive manual financial
statement preparation efforts at the end of the fiscal year that are susceptible
to error and increase the risk of misstatement in the Department's and components’
financial statements. This is especially important given the new financial
reporting requirements of the OMB. Beginning with fiscal year 2002, the Department
will have to prepare interim financial statements at March 31, and in fiscal
year 2003, quarterly financial statements. In addition to these multiple reporting
dates, the deadlines for the year-end financial statements are being accelerated,
approximately one month earlier than the Department was able to fully complete
its financial statements in this fiscal year. Without improvements or fundamental
changes to the way components manage their accrual-based financial activities,
there is a serious risk that the Department’s fiscal year 2002 financial statements
will not be able to be completed and audited in accordance with required deadlines,
possibly resulting in modifications to the auditors’ reports on the Department’s
financial statements, internal control, or compliance with laws and regulations.
Recommendations
We recommend that the Chief Financial Officer:
- Require the Department’s reporting components
follow the Department's Financial Statement Preparation and Requirements
Guide. The Guide should be revised to include:
- new accounting and reporting requirements
of the OMB and/or the FASAB,
- accelerated financial statement submission
deadlines,
- requirements to prepare and submit interim
financial statements,
- requirements to perform accrual-based
accounting throughout the fiscal year, instead of the current dependency
to perform accruals at the end of the fiscal year, and
- improved controls over the Department’s
elimination entry process, its intra-governmental trading partner reconciliation,
and preparation and reporting in the MD&A.
JMD should monitor compliance with the Department’s guide and report to
the Chief Financial Officer any component that does not meet Department
requirements.
Management Response: Concur. The Financial
Statements Guide has already been substantially updated to address the new accounting,
reporting, and due date requirements for FY 2002, as amended by OMB, FASAB and
the Department. The Guide contains a time line which identifies critical milestones
in completing FY 2002 requirements, including interim financial statements and
intra-governmental trading partner reconciliations. The Guide has been distributed
for comment and a final version is expected to be issued to components by approximately
March 15, 2002. JMD will continue to monitor components’ efforts to ensure
that financial statements are prepared in accordance with the Guide.
- Assess the viability of centralizing components’
information systems that capture redundant financial data, or consider standardizing
the accumulation and recording of financial transactions in accordance with
the Department’s requirements. For example, information systems that process
redundant data entry could be centralized (e.g. inventory and property management)
to reduce redundant data entry and the resources needed to account for and
monitor data that is similar among components.
As an alternative to centralizing information
systems, the Department could standardize its processing of financial transactions
on the budgetary and accrual basis of accounting. This would increase assurance
that components perform consistent financial accounting and reporting.
All changes to information systems or financial
transaction processing must consider the handling and reporting of classified
or other sensitive financial data, and appropriate access controls must
be developed to ensure components have access only to their own financial
data.
Management Response: Concur. The Department
recognizes that its financial statement preparation and consolidation functions
would be improved with more consistent and standardized practices and systems.
The Financial Statements Guide revisions for FY 2002 statements are designed
to significantly improve the consistency of information submitted by components
for the consolidated statements. As noted above, the FY 2002 Guide will be
issued on or about March 15, 2002. Plans are underway to acquire a Unified
Financial Management System that is compliant with JFMIP requirements, and that
system will form the Department’s single core financial management system application.
As a result of the unified system project, the Department will realize improved
consistency of processing and data standardization across the components, an
improvement which will aid in the preparation of the consolidated financial
statements. The project will be a multi-year effort, with implementation beginning
with noncompliant legacy systems.
STATUS OF PRIOR YEAR'S FINDINGS AND RECOMMENDATIONS
As required by Government Auditing Standards
and OMB Bulletin No. 01-02, Audit Requirements for Federal Financial
Statements, we have reviewed the status of the Department’s corrective actions
with respect to the findings and recommendations from our previous reports on
the Department’s internal controls. The following analysis provides our assessment
of the progress the Department has made in correcting the material weaknesses
and reportable conditions identified in these reports. We also provide the
Office of the Inspector General report number that remains open for audit follow-up,
our recommendations for improvement, and the status of the condition as of September
30, 2001:
Report
|
Reportable Condition
|
Status
|
00-06
(1999) |
Material Weakness: The Department’s
components did not have policies or procedures in place or were not following
them to ensure that financial transactions were recorded in accordance
with generally accepted accounting principles.
Recommendations: Emphasize the proper
processing and recording of financial transactions in accordance with
generally accepted accounting principles.
|
In
Process |
98-07A
(1997) |
Material Weakness: The Department
must perform key reconciliations. In fiscal year 1997, this was reworded
to emphasize reconciliation of fund balance with Treasury, and was downgraded
to a reportable condition in fiscal year 1998.
Recommendations: Perform reconciliations
and resolve all differences on a timely basis.
|
In
Process
(a) |
00-06
(1999) |
Material Weakness: Weaknesses exist
in components' financial management systems and improvements are needed
in the general controls at the Department's data centers.
Recommendations: Implement corrective
actions identified in data center reports and correct control deficiencies
at the component level.
|
In
Process |
00-06
(1999) |
Material Weakness: Financial statement
preparation processes were not effective to ensure financial statements
were completed timely and in conformance with the requirements of the
Government Management Reform Act, OMB Bulletin No. 97-01, Form and
Content of Agency Financial Statements, as amended, and the Department's
policies.
Recommendations: Require components
to submit audited financial statements to the Justice Management Division
that are timely and consistent with the Department's requirements.
|
In
Process |
(a) Reworded and combined
with the first material weakness in this report.
As required by OMB Bulletin No. 01-02, we have
compared the material weaknesses and material nonconformances reported by management
in the Department’s Federal Managers’ Financial Integrity Act (FMFIA) Report
to our report on the Department’s internal control. We determined that the
third material weakness in our report was not reported in the Department’s FMFIA
report; however, we do not believe that the failure to report this material
weakness constitutes a separate reportable condition or material weakness because
there are different criteria used to determine material weaknesses for both
reports and management has reported, in general terms, some of the material
weaknesses relating to components’ financial accounting and reporting processes.
However, management did not specifically identify financial statement preparation
as a material weakness in their fiscal year 2001 FMFIA certification.
Components' auditors identified other reportable
conditions that we considered not to be reportable conditions in relation to
the Department’s consolidated financial statements. A summarization of these
and other less significant issues will be addressed to the Department’s management
in a separate consolidated management letter dated February 14, 2002. In addition,
components' auditors provided separate management letters to components' management
with respect to less significant control issues that were identified during
the components' audits.
This report is intended solely for the information
of the Attorney General and management of the Department, the Office of the
Inspector General, the OMB, and Congress. This report is not intended to be
and should not be used by anyone other than these specified parties.
February 14, 2002
Washington, DC
Return to the Top
|
|
|