Home » Management Discussion and Analysis » Performance Section » Financial Section » Appendices »
	Mission and Values Our Organization Management Initiatives Business Transformation USAID and Dept. of State PMA How We Manage and Measure Performance Performance Management Mission Performance Plans Current System, Future Plans How We Assess Performance Performance Summary and Highlights Top Achievements Performance Rating System Summary of Performance Results Illustrative Examples Major Management and Performance Challenges Performance Challenges Management Challenges Impact of FY 2004 "Below Target" Results Management Controls Possible Future Effects Government Management Reform Act Financial Highlights
	Advanced search... Search USAID Personnel... Search USAID Documents...

Management Controls, Systems, and Compliance with Laws and Regulations

Federal Manager's Financial Integrity Act (FMFIA)

FMFIA requires agencies to establish management controls and financial systems which provide reasonable assurance that the integrity of federal programs and operations are protected. It also requires that the head of the Agency, based on an evaluation, provide an annual Statement of Assurance on whether the Agency has met this requirement.

An unqualified Statement of Assurance for FY 2005 is included in the Administrator's letter at the beginning of this report. The Agency evaluated its management control and financial management systems for the fiscal year ending September 30, 2005. This evaluation provided reasonable assurance that the objectives of the FMFIA were achieved, and forms the basis for the Administrator's Statement of Assurance.

Management Control Program

The Management Control Review Committee (MCRC) oversees the Agency's Management Control Program. The MCRC is chaired by the Deputy Administrator, and is composed of senior-level managers, including the ten bureau Assistant Administrators (AA), the Chief Financial Officer (CFO), the Chief Information Officer (CIO), General Counsel, IG (non-voting), Executive Secretariat, Procurement Executive, Independent Office Directors, and Management Bureau Office Directors. Individual annual certification statements from Mission Directors located overseas and AAs in Washington, D.C. serve as the primary basis for the Agency's certification that management controls are adequate or that control deficiencies exist. The certification statements are based on information gathered from various sources, including the managers' personal knowledge of day-to-day operations and existing controls, program reviews, and other management-initiated evaluations. In addition, OIG and the Government Accountability Office (GAO) conduct reviews, audits, inspections, and investigations.

A control deficiency occurs when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect vulnerabilities on a timely basis. Specifically, a design deficiency exists when a control necessary to meet the control objective is missing or an existing control is not properly designed, so that even if the control operates as designed, the control objective is not always met. An operation deficiency exists when a properly designed control does not operate as designed or when the person performing the control is not qualified or properly skilled to perform the control effectively. A reportable condition exists when there is a control deficiency or combination of deficiencies that management determines should be communicated because they represent significant weaknesses in the design or operation of internal control that could adversely affect the organization's ability to meet its internal control objectives. Reportable conditions that the USAID Administrator determines are significant enough to report outside of the Agency are categorized as material weaknesses. The chart below describes the criteria that the Agency uses for FMFIA reviews.

Status of Management Controls

FMFIA Reportable Conditions

As an Agency-wide accomplishment in FY 2005, USAID managers successfully completed management control reviews of the Agency's financial, program, and administrative policies, procedures, and operations. After the results from operating units were consolidated, one new reportable condition was disclosed. USAID is voluntarily reporting the following issues:

Inadequate physical security in USAID's overseas buildings and operations. USAID cannot implement appropriate actions alone to comply with federal physical security standards for all employees serving overseas. Although USAID complies with the Secure Embassy Construction and Counterterrorism Act of 1999 (SECCA) and the provisions of the implementing security standards, more needs to be done to safeguard USAID employees overseas. A GAO report on embassy construction indicates that following the 1998 bombings of two U.S. embassies in Africa, the Department of State launched a multibillion-dollar, multi-year program to build new, secure facilities on compounds at posts around the world. The SECCA of 1999 requires that U.S. agencies, including USAID, co-locate offices within the newly constructed compounds. This report discusses how the Department of State is incorporating office space for USAID into the construction of new embassy compounds and the cost and security implications of its approach. GAO recommended that the Secretary of State: (1) achieve concurrent construction of USAID facilities to the maximum extent possible, and (2) consider, in coordination with the USAID Administrator, incorporating USAID space into single office buildings in future compounds, where appropriate. GAO also suggested that if the new cost-sharing proposal was not implemented in FY 2005, the Congress may wish to consider exploring other means by which to support concurrent construction. Another recent GAO report indicates that the Department of State has proposed a $17.5 billion program to build secure new embassies and consulates around the world. The administration has proposed the Capital Security Cost-Sharing Program, under which all agencies with staff assigned to overseas diplomatic missions would share in construction costs. GAO has found that the proposed cost-sharing formula (based on a headcount) could result in funds to accelerate embassy construction and encourage Agency rightsizing of overseas staff levels. Under the currently proposed program, the Department of State would build 150 new embassies by 2018, or 12 years sooner than the earlier projected completion date of 2030. The Department of State would pay nearly two-thirds of the annual amount needed, and non- Department of State agencies would pay a one-third share. At the same time, USAID believes that co-location is not always practical. If USAID is required to move onto embassy compounds without adequate resources for separate non-classified facilities, this would result in the inability to co-locate with the Agency's foreign national and contractor staffs. USAID must weigh these issues carefully and determine how to proceed. In the meantime, actions continue to re-locate USAID staff to more secure facilities. Since 1998, there have been 32 USAID mission relocations to interim office buildings and eight mission relocations to new secure office buildings overseas.

Implementation and activity monitoring of programs in ANE region (most notably, Afghanistan, Iraq, West Bank/Gaza, and Yemen). Security restrictions inhibit travel to project sites and it is difficult to attract and retain highly qualified staff for missions in these countries. This restricts the missions' ability to effectively implement and monitor programs, and in some cases, inhibits the start up of new programs. The missions continually strive to make prudent management decisions through approval of travel to project sites when advisable, expanded use of contractors, and making recruitment to fill vacancies a top priority. Improved stability and security that are beyond the manageable interests of the missions are viewed as the only long-term solutions available. As this occurs, missions will take advantage of the new conditions and normalize operations. Over the last year, through aggressive and diligent efforts of the missions, there have been some improvements noted.

Lack of effective systems to manage field support. The intent of the field support system is to provide missions easy and flexible access to a wide variety of technical services provided by centrally-managed contract and grant agreements, in a manner that meets the changing needs, priorities, and approaches of missions' development portfolios, with minimal mission management burden. The current operating procedures and processes in place are excessively labor-intensive, and therefore it is increasingly difficult to meet missions' needs. USAID recognizes field support as a viable component of the Agency architecture and as a component of the required Agency Executive Information System (EIS). Efforts are underway to develop both an improved field support system, and a viable EIS.

Information Technology (IT) governance issues. Based on discussions with OIG staff and other stakeholders several deficiencies have been noted that pertain to lowering risk and increasing efficiency in the following key IT practice areas: IT Strategic Planning, Enterprise Architecture (EA), IT Policy and Practice Standardization, and the full establishment of the Program Management Office (PMO). A common thread among these four issues is a lack of recognized funding for their proper implementation at USAID.

There is general agreement between the CIO and OIG that funding these areas so that they are corrected and maintained as a process of continuous improvement is in the best interest of the Agency. Each of these areas is required to be performed to meet government standards for best practice IT governance. OIG will be addressing these and other issues with an audit report of their findings. OIG discussions and other internal assessments have pointed out that: (1) the CIO needs sufficient resources to provide effective IT governance, and (2) that these identified weaknesses are primarily attributed to the CIO's lack of adequate resources to support these priorities. This lack of adequate budget for contractor staffing for the CIO's organization is the major factor why these issues continue to exist.

The following synopsizes the issues that have been raised by the most recent OIG initiated discussions:

• IT Strategic Planning: USAID needs to update and maintain its IT Strategic Plan concurrent with the Agency's Strategic Plan.
  
• EA: USAID needs to staff, document, and maintain an EA functional capability and EA documentation that reflect the Agency's "As Is" and "To Be" IT EA states. The EA function needs to maintain data reference models, business reference models, technical reference models, service component reference models, and performance reference models for these "As Is" and "To Be" states.
  
• IT Policy and Practice Standards: USAID needs to develop and maintain a formal set of policies, processes, methods, tools, and procedures to guide its IT portfolio management, development projects, and operations in a manner that is repeatable, and meets industry and government best practices. All IT projects undertaken at USAID must follow these policies and practices.
  
• PMO Full Establishment: The PMO needs to be fully established and matured. The role of the PMO needs to be solidified within the USAID organization, and appropriate portfolio management and project oversight practices need to be established and followed. The PMO has no identified long-term funding within the USAID organization budget structure. Improvement in this area needs to focus on mission-critical systems first and then extend to other priority activities of the PMO.

In order to resolve these deficiencies, the CIO will prepare documentation to request increased funding and staffing of these important IT functional areas, as well as assess how current projects are governed to achieve optimal efficiency and effectiveness. Upon budgeting and proper staffing, a plan will be put into place to expeditiously resolve these issues.

Until such time as increased funding is provided, the CIO will try to resolve these issues given other operational and project priorities. To complicate this matter, USAID (and the CIO organization) is under tremendous pressure to reduce its budget, which will not only exacerbate these OIG concerns but also jeopardize the CIO's ability to provide basic IT operations and customer support services.

FMFIA MATERIAL WEAKNESSES

In September 2005, the MCRC agreed to close the two remaining material weaknesses, based on the following:

USAID's Primary Accounting System – Since 1988, it has been reported that the Agency's primary accounting system does not: (1) substantially comply with federal core financial systems requirements, (2) produce accurate and timely reports, and
(3) contain adequate controls.

USAID made significant progress addressing, and ultimately closing, the material weakness in the primary accounting system by implementing a single Agency-wide financial system, known as Phoenix. The Phoenix System is based on Momentum® Financials, a commercial core financial system software product. The Joint Financial Management Improvement Program (JFMIP) has certified the software product to be compliant with federal core financial system requirements. USAID has configured this software product without any alterations to the baseline software and further validated through testing that the software complies with federal and Agency core financial system requirements.

USAID has implemented Phoenix at its headquarters, five pilot missions (Colombia, Egypt, Ghana, Nigeria, and Peru), and in February 2005, at missions in the Latin America and the Caribbean (LAC) region, including El Salvador, Honduras, Dominican Republic, Haiti, Jamaica, Nicaragua, Bolivia, and Guatemala. In June 2005, the upgrade to a Web-based version was completed. Europe and Eurasia (E&E) missions (Armenia, Bosnia & Herzegovina, Georgia, Hungary, Kazakhstan, Kosovo, Russia, Serbia & Montenegro, and Ukraine), then successfully converted to Phoenix in July 2005. As a result, 54 percent of the total number of transactions (count) and 48 percent of the total dollar value (amount) are accounted for in the Phoenix financial system. With the upcoming Asia and the Near East (ANE) deployment in December 2005, 74 percent of the total number of transactions (count) and 90 percent of the total dollar value (amount) are expected to be accounted for in Phoenix. Phoenix deployment will conclude with the missions in Africa in April 2006.

USAID and the Department of State recently upgraded their respective versions of the software, and are currently on the same version. Both Agencies plan to run from a common infrastructure from the Department of State's facility in Charleston, SC, by November 2005.

The Budapest staff enter their first transactions into Phoenix. Photo: USAID/Lisa Fiely

Information Resources Management (IRM) Processes – The Clinger-Cohen Act of 1996 requires the heads of executive agencies to implement a process that maximizes the value of and assesses and manages the risks involved in IT investments. The process is to include: (1) procedures to select, manage, and evaluate investments; and (2) a means for senior managers to monitor progress in terms of costs, system capabilities, timeliness, and quality. The key material weakness that was identified in 1997 was that the Agency's IT programs lacked sufficient safeguards against waste and mismanagement, as demonstrated by the (then) over-budget and failed rollout of new management information systems to USAID missions. Specifically, the Agency lacked: (1) a strategic-oriented IT capital investment planning, budgeting, and acquisition process; and (2) a tactical-oriented IT investment program management control capacity. Key milestones and progress in these areas are described briefly below.

As previous reports have shown, over the last several years the Agency has taken major strides in correcting the issues identified in this eight-year-old weakness. Concerning the strategic issues, the Agency has implemented an effective strategically-oriented capital investment process by making the Business Transformation Executive Committee (BTEC), which provides Agency-wide leadership for initiatives and investments to transform USAID business systems and organizational performance, responsible for selecting, managing, and evaluating specific IT investments. The BTEC chartered the Capital Planning and Investment Control (CPIC) Subcommittee to advise on investment selection, considering potential risk, cost, and benefit, as well as priority in relation to other USAID investments. The CPIC Subcommittee recommended policies and procedures for IT CPIC, which were approved by the BTEC and published in the Agency's Automated Directives System. The CPIC Subcommittee was operational for the FY 2005 budget formulation cycle and used the published CPIC procedures for investment selection.

The Agency has implemented tactically-oriented program management and oversight practices with the formation of a PMO and the reorganization of the Management Bureau. The PMO is responsible for monitoring the progress of IT projects and developing standards, processes, and tools for improving project management practices. PMO staff work with the functional and IT leadership team assigned to projects to provide guidance on the use of these standards, processes, and tools. The office published a risk management plan, quality control plan, project management change control guidance, and a standard set of governance tools for project management and project status reporting. Although still maturing its processes, the PMO is a functioning organizational entity that has responsibility for critical Agency projects. Based on the improvements that have been achieved since this weakness was originally documented, discussions among multiple stakeholders, and a forthcoming audit of Agency IT practices, it has been determined that this weakness can be closed.

Federal Information Security Management Act (FISMA)

FISMA, part of the Electronic Government Act of 2002, provides the framework for securing the federal government's information systems. Agencies covered by FISMA are required to report annually to OMB and Congress on the effectiveness of their information security programs. Specifically, FISMA requires agencies to have: (1) periodic risk assessments; (2) information security policies, procedures, standards, and guidelines; (3) delegations of authority to the CIO to ensure compliance with policy; (4) security awareness training programs; (5) procedures for detecting, reporting, and responding to security incidents; and (6) plans to ensure continuity of operations. FISMA also requires an annual independent evaluation of the Agency's information security program by the Agency IG. This report is separate from the PAR. Weaknesses found under FISMA are to be identified as a significant deficiency, reportable condition, or other weakness, and FISMA weaknesses that fall into the category of significant deficiency are required to be reported as a material weakness under the FMFIA. This year's evaluation concluded that USAID generally met the requirements of FISMA, and that the Agency has made many positive strides in addressing information security weaknesses. However, USAID still faces several important challenges in the areas of tested disaster recovery plans and security requirements. Based on last year's report, Congress awarded an A+ to USAID in recognition of the exceptional status of the information security program. USAID is the first and only federal agency to receive this distinction. USAID has developed an excellent risk-based information security program that includes processes, training, and security technologies, and the Agency expects to continue to receive high marks for its work in this area.

Federal Financial Management Improvement Act (FFMIA)

FFMIA is designed to improve federal financial management by requiring that financial management systems provide reliable, consistent disclosure of financial data in accordance with generally accepted accounting principles (GAAP) and standards. FFMIA requires USAID to implement and maintain a financial management system that complies substantially with:

• Federal requirements for an integrated financial management system
• Applicable federal accounting standards
• U.S. Standard General Ledger at the transaction level.

OIG is required to report on compliance with these requirements as part of the annual audit of USAID's financial statements. In successive audits, OIG has determined that USAID's financial management systems do not substantially comply with FFMIA accounting and system requirements. The USAID Administrator has also reported this instance of noncompliance.

The current target date for substantial compliance with FFMIA is the third quarter of FY 2006, which coincides with the completion of USAID's worldwide deployment of the financial management system. A detailed discussion of the financial systems framework, structure, and strategy is included in the Financial Section of this report.

Financial Systems Remediation Plan

The Financial Systems Remediation plan is a required part of USAID's financial management plans. It sets forth a strategy for modernizing USAID's financial management systems and details specific plans and targets for achieving substantial compliance with federal financial management requirements and standards.

The Agency relies extensively on OIG audit work to determine compliance with FFMIA. The results of the FY 2005 audit indicate that USAID has made substantial progress in becoming compliant and has two remaining items to address. The remaining deficiencies in the Agency's financial management systems and associated remedies are detailed on the following table:

Back to Top ^ | < Previous Page | Next Page >