Failing Grades Given Most Agencies on System Upgrades
Failing Grades Given Most Agencies on System Upgrades
Rep. Stephen Horn
By Kerry Gildea, Contributing Writer
The federal government has made barely a dent in its effort to overhaul its legacy financial management computer systems and comply with congressionally mandated standards set in the early 1990s, according to government officials and lawmakers.
"We must upgrade, modify or scrap hundreds of systems while still doing the job of the government," Joshua Gotbaum, executive associate director and controller at the Office of Management and Budget, told the House Government Reform subcommittee on government management, information and technology at a June 6 hearing. "This is a very difficult challenge."
However, government agencies are trying to develop better accounting and system standards, he told the panel.
"Agency after agency has decided to undertake either a systems modernization or installation of an entirely new enterprise or financial management system," he said.
Federal agencies operate more than 700 financial systems, most of which are custom designed for a particular agency or bureau. These systems cost about $2 billion annually to maintain and operate, and almost 80 percent of the systems are in the process of being upgraded or replaced, or will be, Gotbaum said.
At present, the General Services Administration, the Transportation Department and the U.S. Customs Service are installing new systems for their agencies, typically phasing them in over several years, he said. And the departments of Education, the Interior and Veterans Affairs, among others, are considering designing or bidding out new core and related financial systems.
Three of the 24 agency chief financial offices, as designated in congressional legislation, have achieved reliable integrated financial systems, Gotbaum said. But he stressed there is a long road ahead to modernize legacy computer systems that cannot communicate with each other or handle increasing requirements.
These systems, he said, originally were built to track cash outlays under budget appropriations law, not accrual-based financial accounting or generally accepted accounting principles.
"Now, for the first time, we are asking these systems to do both," Gotbaum said.
Lawmakers, led by subcommittee chairman Rep. Stephen Horn, R-Calif., have sought a status report on the agencies' progress to determine if they are meeting changes enacted in 1996 with the Federal Financial Management Improvement Act (FFMIA) and the earlier Chief Financial Officers Act of 1990.
"As of today, we know that 20 of the 24 agencies included in the Chief Financial Officers Act do not have financial management systems that comply with [FFMIA]," Horn said at the hearing. "That number might rise to 21 agencies when the Department of State finally issues its 1999 financial audit report, which was due on March 31."
Horn said the State Department's failure to meet the deadline is a separate problem that is compounded by its failure to meet FFMIA requirements in both 1997 and 1998.
Horn said he has received repeated poor reports on the status of agency fixes. According to Horn, for example, on March 31, U.S. Comptroller General David Walker reported that agency financial systems overall are in poor condition and cannot provide reliable financial information for managing day-to-day government operations and holding managers accountable.
FFMIA required noncompliant agencies to prepare remediation plans to bring their financial management systems into substantial compliance with the act within three years, he noted.
"We recognize that federal departments and agencies face enormous challenges in correcting long-standing financial management systems problems," Horn said. "We also recognize that these challenges could take significant time and resources. However, we want to ensure that the intent of this act is taken seriously and that necessary changes are being made."
The few agencies already deemed FFMIA compliant are the National Science Foundation, NASA and the Energy Department. But they are relatively small and less organizationally complex than the other agencies, Gotbaum told lawmakers.
"Every large agency faces daunting structural obstacles to developing integrated financial systems," he said.
Even when an agency does comply with FFMIA standards, the challenge of modernizing systems will remain substantial, Gotbaum said. For example, NASA is still devoting substantial resources to develop and install an integrated financial system.
While Gotbaum reported steady progress, Jeffrey Steinhoff, assistant comptroller general for the General Accounting Office's accounting and information management division, presented a somewhat bleaker picture.
"Although the number of agencies receiving 'clean' or 'unqualified' audit opinions is increasing, the financial management systems of most agencies continue to be noncompliant with FFMIA's requirements and, therefore, fall short of the CFO Act and FFMIA goal to provide reliable, useful and timely information to assist in day-to-day management," he reported.
Steinhoff said any real progress must come through stronger direction from the very top levels in government.
"The federal government's size and complexity and the discipline needed to overhaul or replace its financial management systems present a significant challenge ? not simply a challenge to overcome a technical glitch, but a demanding management challenge that requires attention from the highest levels of government," he said.
Among several problem areas, Steinhoff pointed to information security weaknesses as one of the primary causes of noncompliance with FFMIA and a huge concern for the agencies and the public.
The most serious information security problem is inadequately restricted access to agency data, including sensitive data such as taxpayer records, personal medical information and law enforcement data, Steinhoff said.
Other information security weaknesses, he said, include:
Shortcomings in segregating personnel duties to help ensure that people do not conduct unauthorized actions without being detected.
Preventing unauthorized software from being installed.
Reducing the number of unplanned interruptions in computer service and recovering from those interruptions.