Home » Management Discussion and Analysis » Performance Section » Financial Section » Other Accompanying Information » Appendices »
	Mission Organization and Structure Performance Goals, Objectives, and Results Joint Strategic Planning Performance Summary Analysis of Financial Statements Analysis of Systems, Controls, and Legal Compliance Management Assurances Government Management Reform Act Federal Information Security Management Act Improper Payments Information Act Other Management Information
	Advanced Search... Search USAID Personnel... Search USAID Documents...

Federal Managers' Financial Integrity Act (FMFIA)

FMFIA requires agencies to establish management controls and financial systems which provide reasonable assurance that the integrity of federal programs and operations are protected. It also requires that the Agency head, based on an evaluation, provides an annual Statement of Assurance on whether USAID has met this requirement.

Internal Control Over Management Operations

The Management Control Review Committee (MCRC) oversees the Agency’s internal control program over management operations. The MCRC is chaired by the Deputy Administrator and is composed of USAID senior managers. Individual annual certification statements from Mission Directors located overseas and Assistant Administrators (AA) in Washington, D.C., serve as the primary basis for the Agency’s certification that management controls are adequate or that control deficiencies exist. The certification statements are based on information gathered from various sources, including the managers’ personal knowledge of day-to-day operations and existing controls, program reviews, and other management-initiated evaluations. In addition, the Office of the Inspector General (OIG) and the Government Accountability Office (GAO) conduct reviews, audits, inspections, and investigations.

Under this program, a control deficiency occurs when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect vulnerabilities on a timely basis. Specifically, a design deficiency exists when a control necessary to meet the control objective is missing or an existing control is not properly designed, so that even if the control operates as designed, the control objective is not always met. An operation deficiency exists when a properly designed control does not operate as designed or when the person performing the control is not qualified or properly skilled to perform the control effectively.

A reportable condition exists when there is a control deficiency or combination of deficiencies that management determines should be communicated because they represent significant weaknesses in the design or operation of internal control that could adversely affect the organization’s ability to meet its internal control objectives. Reportable conditions that the USAID Administrator determines are significant enough to report outside of the Agency are categorized as material weaknesses. The chart below describes the criteria that the Agency considers when conducting FMFIA reviews.

Internal Control Over Financial Reporting

In December 2004, the Office of Management and Budget (OMB) revised Circular A-123, Management’s Responsibility for Internal Control. Circular A-123 includes a new appendix, Appendix A, Internal Control Over Financial Reporting, which requires agencies to assess, document, and report on internal control over financial reporting. USAID is committed to strengthening internal control over financial reporting and is implement-ing a program to continuously assess, document, and report on these controls. The Agency began working toward the implementation of this program in FY 2005. The remaining work to fully implement Appendix A will be completed over the next three years, with full implementation to conclude in FY 2008. USAID will test and assess one-third of its key processes and controls over the next three years, in FY 2006, FY 2007, and FY 2008. USAID has identified 12 key processes and will assess four each year. The key processes will be assessed as follows:

The USAID Administrator is required to provide an assurance statement that accurately reflects the amount of work completed, including a scope limitation, for each of the next three years, and the results of the assessments performed. The assessment of internal control over financial reporting is performed at the Agency level and is coordinated through the Chief Financial Officer (CFO). The CFO is responsible for ensuring preparation of the Agency-wide assurance statement. The Agency Senior Assessment Team (SAT), which functions as a subset of the Management Control Review Committee (MCRC), oversees the implementation of this effort. The primary responsibilities of the SAT are to develop an overall approach, disseminate specific implementation guidance to individuals performing the assessment, report the results of the assessment to senior management, and monitor correction of control deficiencies. The Deputy CFO for Overseas Operations chairs the SAT. Other members of the SAT include representatives from key Agency offices and programs.

USAID made substantial progress in OMB Circular A-123 assessment activities during FY 2006. Specifically, management: (1) provided an initial implementation plan to OMB; (2) established a SAT as a subset of the MCRC; (3) identified the scope of financial reports to be included in the assessment of internal control over financial reporting; (4) established materiality thresholds for planning, testing, and reporting on internal controls; (5) identified significant accounts, financial statement line items, and key processes and sub-processes to be documented and tested based on a materiality level that is more rigorous than the Agency auditors; (6) established a virtual task force, comprised of both field and Washington financial personnel, to document the Agency’s key processes and procedures; and (7) completed preliminary risk assessments and testing of the first four key processes and controls.

USAID is leveraging control-related activities under other compliance efforts to meet the requirements of this initiative. To the extent possible, documentation and testing from ongoing internal control initiatives will be used. Current initiatives and activities within USAID include the following:

• Federal Information Security Management Act (FISMA) – The annual review of USAID’s information systems is a key component in the review of internal control over IT systems. The SAT will coordinate with the CIO to ensure that FISMA reviews and the results of the FISMA efforts are properly integrated in the assessment and reporting of internal control required by Appendix A.
  
  
• Improper Payments Information Act (IPIA) – The IPIA requires agencies to determine and report on the amount of improper payments made during the fiscal year. In determining the extent of improper payments, the SAT will coordinate with the Cash Management and Payments Division (CMP), which is responsible for assessing and reporting under IPIA.
  
  
• Annual Financial Statement Audit – The assessment of internal control over financial reporting required by Appendix A will complement the testing of internal controls performed as part of the annual financial statement audit. The documentation and testing of controls required by Appendix A are similar to the work done by the auditors. The SAT will coordinate with the auditors regarding these efforts. This will include requesting copies of the auditor’s process cycles memos. The memos will serve as a basis for management’s documentation of internal control for each of the significant cycles. In addition, the SAT will review the documentation furnished to the auditors per the audit engagement letter.
  
  
• Annual Federal Financial Management Improvement Act (FFMIA) Reporting – The FFMIA requires that the Agency’s financial management systems substantially comply with federal financial management systems requirements, applicable federal accounting standards, and the U.S. Standard General Ledger (USSGL) at the transaction level. The annual FFMIA review is a key component in the review of internal control over financial management systems. The SAT will coordinate with the CFO to ensure that FFMIA reviews and the results of the FFMIA efforts are properly integrated in the assessment and reporting of internal control required by Appendix A.
  
  
• Annual Federal Managers’ Financial Integrity Act (FMFIA) Reporting – The SAT considers current efforts performed under FMFIA. Weaknesses identified under FMFIA are included in the current assessment of internal control over financial reporting.
  
  
• Implementation of Phoenix – USAID has just completed a multi-year process of implementing a new financial system, Phoenix, in field missions overseas. The Phoenix system is compliant with federal financial regulations and standards, and consists of a fully integrated worldwide database which incorporates financial operations and reporting. Due to the unique nature and variety of field mission activities, documentation was developed as the deployment progressed, incorporating lessons learned and new functionalities. Reporting tools evolved over time and were added to meet the specific Missions’ needs. For the FY 2006 assessment, the SAT reviewed this documentation to determine its sufficiency to meet the requirements of internal control over financial reporting.

The Agency utilizes the services of other federal agencies to process financial data. A review of the Agency financial operations identified the following significant service providers and their activities:

• U.S. Department of Agriculture (USDA) National Finance Center – Payroll Services
  
• U.S. Department of Health and Human Services (HHS) – Grant Payments
  
• U.S. Department of State, Charleston, SC – Phoenix Operations Host

USAID is using financial reports from these agencies to:

• Determine whether the reports address the process and controls relevant to the Agency’s assessment process.
  
• Review the time period covered by the reports to determine whether they meet Agency needs.
  
• If the reports are deemed sufficient, review the opinion and testing exceptions identified by the service auditor and determine whether the effect on internal control is relevant to the assessment process.

If a service report does not exist, USAID will determine what procedures, if any, are needed. Additionally, the Agency will communicate with each service provider regarding the establishment of an ongoing relationship, necessary to coordinate the internal control assurance activities. USAID will employ this methodology throughout the multi-year effort.

The decentralized nature of the Agency’s operations presents a significant challenge in developing a detailed test plan. The SAT, in conjunction with a contractor, is responsible for designing an overall testing plan for the Agency key processes and controls. Testing is based on several factors:

• Testing will be conducted over control activities determined to be designed effectively to meet the control objectives. If a control is not designed effectively, USAID will not test it because it would not achieve the control objective even if properly performed throughout the Agency.
  
• Testing of internal control will be based upon an assessment of risk. Items tested will be most likely to have a material impact on financial reporting.
  
• Testing will be influenced by other internal reviews, OIG inspections and audits, and other reviews and audits.

Procedures, including a combination of inquiry, observation, and tests of detail, will be used to test the operating effectiveness of key controls. Procedures will be performed at both Washington and overseas locations to ensure sufficient coverage.

Sample sizes for the detailed test of transactions will be designed using guidance in the CFO Council Implementation Guide for Circular A-123, and other professional guidance, such as the GAO/President’s Counsel on Integrity and Efficiency (PCIE) Financial Audit Manual, and the American Institute of Certified Public Accountants (AICPA) audit sampling guide.

The Agency will continue to use a combination of in-house staff, contractors, and interns for this program. It will continue to leverage existing internal control activities (i.e., management assessments, controller assessments) to facilitate the assessments. Task forces comprised of financial management professionals will work with the SAT and contractors to perform various functions throughout the assessment of internal controls (i.e., risk assessments, documenting, testing). The assessment will be designed and incorporated in the overall FMFIA process. Testing of results will eventually be institutionalized in, and coordinated with, the Controllers’ assessment program already in place for cost effectiveness and cost savings.

OMB Circular A-123 requires that the Agency document its understanding of internal control throughout the assessment process. USAID completed its baseline documentation in year one. USAID will continue to improve the documentation of control activities in subsequent years to include the following:

• Planning.
  
• Controls at the Entity Level: USAID will use questionnaires and the GAO’s Internal Control Management and Evaluation Tool in the assessment of entity-wide controls. It will continue to review existing Agency policies and procedures. Narratives summarizing observations and inquiries of management will be used to document controls at the entity level.
  
• Controls at the Process Level: A standard control evaluation form will be developed, based on templates provided in the CFO Council implementation guide, to evaluate internal control at the process level. Key resources for ongoing review include Agency business processes, current policies and procedures, and process summaries that may be provided by OIG and/or its contract auditors.
  
• Interviews will be conducted with individuals responsible for processing transactions, and a walkthrough of transactions will be performed to ensure that the actual procedures are consistent with written documentation. Where necessary, supplemental narratives and/or flowcharts will be developed.
  
• Significant focus is given to assessing internal controls within the information systems area of the Agency. The SAT will consult with the Agency’s CIO on existing documentation related to both general and application controls over the Agency’s financial systems.
  
• Testing at the Transaction Level: Standard working papers will be developed to document testing at the transaction level. The work papers will include use of standard formats and tickmarks, and a common indexing system.
  
• Reporting: Results of testing will be recorded in a standard format.

The results of assessments and testing of the financial controls will be evaluated using the following criteria:

Internal control over financial reporting should assure the safeguarding of assets from waste, loss, unauthorized use, or misappropriation, as well as assure compliance with laws and regulations pertaining to financial reporting. Financial reporting includes the annual financial statements as well as other significant internal or external financial reports. Other significant financial reports are defined as any financial reports that could have a material effect on a significant spending, budgetary, or other financial decision of the Agency or that is used to determine compliance with laws and regulations on the part of the Agency. In addition to the annual financial statements, significant reports might include quarterly financial statements, financial statements at the operating division or program level, budget execution reports, reports used to monitor specific activities, and reports used to monitor compliance with laws and regulations.

A control deficiency occurs when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect vulnerabilities on a timely basis. Specifically, a design deficiency exists when a control necessary to meet the control objective is missing or an existing control is not properly designed, so that even if the control operates as designed, the control objective is not always met. An operation deficiency exists when a properly designed control does not operate as designed or when the person performing the control is not qualified or properly skilled to perform the control effectively.

A reportable condition exists when there is a control deficiency, or combination of control deficiencies, that adversely affects the Agency’s ability to initiate, authorize, record, process, or report external financial data reliably in accordance with generally accepted accounting principles (GAAP) such that there is more than a remote likelihood that a misstatement of the entity’s financial statements, or other significant financial reports, that is more than inconsequential will not be prevented or detected.

A material weakness in internal control is a reportable condition, or combination of reportable conditions, that results in more than a remote likelihood that a material misstatement of the financial statements, or other significant financial reports, will not be prevented or detected.

FMFIA Material Weaknesses In Management Operations

As an Agency-wide accomplishment in FY 2006, USAID managers successfully completed management control reviews of the Agency’s financial, program, and administrative policies, procedures, and operations. After the results from operating units were consolidated and discussed by the MCRC, two previous reportable conditions have been elevated to material weaknesses. This forms the basis for the qualified statement of assurance provided in this report.

USAID’s former office building in Asmara, Eritrea with inadequate setback from street. Photo: USAID/Office of Security (SEC)

Inadequate physical security in USAID’s overseas buildings and operations. This issue was first documented as a reportable condition in 2001. It is now considered a material weakness because USAID cannot implement cost-effective, remedial action to improve the physical security of seven of its overseas missions against the threat of vehicle-borne improvised explosive devices (VBIED).

Following the August 1998 bombings of the U.S. embassies in Kenya and Tanzania, the USAID Office of Security initiated a security survey of all USAID overseas facilities.

The findings revealed that more than 40 of the 90 USAID facilities lacked adequate countermeasures to mitigate the VBIED threat. Essentially, the buildings had insufficient setback from the perimeter and were not built to withstand significant blast effects.

USAID subsequently developed and continues to implement a concurrent, three-phase, remedial action plan. Phase one involves the collocation of vulnerable USAID missions on New Embassy Compounds (NEC) which are being constructed by the Department of State. Phase two involves the hardening of other USAID buildings and perimeters at posts where NEC facilities are not planned for, and where sufficient perimeter setback opportunities exist. Phase three includes the relocation of vulnerable USAID missions to Interim Office Buildings (IOB) which afford greater security until they can be collocated.

USAID has successfully relocated 45 vulnerable USAID Missions to more secure facilities since 1998. Eleven of those missions are now collocated in NEC facilities, while 34 USAID missions have been moved to IOB sites.

The FY 2005 Consolidated Appropriations Act, Public Law 108-447, authorized the Capital Security Cost Sharing (CSCS) program. The CSCS program requires all agencies with overseas personnel under Chief of Mission (COM) authority to help fund construction of 150 NECs over 14 years, at an annual rate of $1.4 billion per year after a five-year phase-in. In the long term, this should ensure that secure facilities are provided to meet USAID space requirements; however, the Agency does not have a short term solution for seven of its vulnerable missions.

With respect to the seven missions, NEC facilities are either not planned for under the CSCS program or are several years away from the start of construction. While the USAID Security Office has done everything possible to improve the overall physical security posture of these missions, it would not be financially prudent to spend additional money on facilities with inadequate perimeter setback and inferior building construction. The absence of suitable IOB space and inadequate funding exacerbate the situation.

Implementation and activity monitoring in the Asia and Near East (ANE) Region, most notably in Iraq, Afghanistan, Pakistan, and West Bank/Gaza. Security restrictions and, more recently, the U.S. government’s “No Contact” policy toward the Hamas-led government in West Bank/Gaza, continue to inhibit travel to project sites to monitor and to meet with USAID partners. At the same time, it continues to be difficult to attract appropriately qualified staff to Missions in the critical priority countries (CPC) of Afghanistan, Iraq, and Pakistan. Together, these weaknesses limit USAID’s ability to effectively implement and monitor programs and, in some cases, inhibit start-up of new programs.

During 2006, Missions in these countries continued to take steps within their authority to implement and monitor programs as well as possible. Completed and ongoing steps include improving coordination with U.S. Department of State Diplomatic Security at post; updating emergency procedures and communication systems; expanding the role of foreign service nationals (FSN), who can travel more freely, in monitoring, evaluation, and design; and expanding use of local contractors and geographic information systems for monitoring, evaluation, and audit. USAID continues to seek adequate funding for rapidly escalating security costs, which is essential for travel in these countries. The Agency is also developing a spatially enabled management information system which will allow Missions to remotely monitor progress of construction activities in real time.

Similarly, USAID continues to make efforts to improve recruitment of appropriately skilled staff for CPCs. These steps include requiring foreign service officers participating in the 2007 assignment process to bid on a CPC, where qualified; and hiring an Ombudsman who is working with individual employees, the Department of State, other agencies and counterparts to strengthen recruiting efforts as well as incentives and training for service in CPCs. It must be noted that additional resources will be needed to support staffing incentives and other selected efforts to address this material weakness. With assignments of only one year, there are continuing challenges to keeping positions filled with qualified staff. As a relatively small agency, USAID has a limited base of qualified people for these positions. USAID works aggressively to identify qualified staff and utilizes a variety of employment mechanisms to provide qualified staff to CPCs.

Improved stability and security and progressive political agreements are the essential preconditions to resolving this weakness and are beyond the manageable interest of USAID.

Internal Control Over Financial Reporting Material Weaknesses

The management assurance statement reflects the status of internal control over financial reporting of four key business processes at USAID as of June 30, 2006. The four business processes included in this year’s assessment are: (1) Accruals, (2) Financial Reporting, (3) Fund Balance with Treasury, and (4) Credit Programs. These processes were selected for first year assessment based on a combination of risk and qualitative factors.

Based on the review, USAID identified two material weaknesses in the Agency’s internal controls over financial reporting:

• Personnel preparing the quarterly accruals have not received adequate training on how to properly document and calculate quarterly accruals.
• The reconciliation between the Accruals Reporting System (ARS) and Phoenix was not performed when data were initially transferred from one database to the other.

USAID will develop and implement corrective action plans to remediate these deficiencies.

FMFIA Reportable Conditions

In keeping with the Agency’s core concept of increasing transparency, USAID is voluntarily disclosing the following issues as reportable conditions:

Lack of effective systems to manage field support. The intent of the field support system is to provide Missions easy and flexible access to a wide variety of technical services provided by centrally-managed contract and grant agreements, in a manner that meets the changing needs, priorities, and approaches of Missions’ development portfolios with minimal Mission management burden. Although progress in improving the system has been made, e.g. the integration of the Field Support-USAID system (FS-AID) with the Agency’s accounting system, Phoenix, the operating procedures and processes in place continue to be excessively labor intensive. The Agency is working toward integrating field support with the new grants and acquisition systems (JAMS and GLAS) which are scheduled to be deployed during FY 2007. Once this is accomplished, the remaining issues of accurate accruals reporting and pipeline analysis can be addressed.

IT Governance issues. Based on internal discussions with staff and other stakeholders, several deficiencies have been noted that pertain to lowering risk and increasing efficiency in the following key IT practice areas: IT strategic planning, enterprise architecture (EA), IT policy and practice standardization, and the full establishment of IT governance and best practices.

There is general agreement that funding the correction of these process control areas is in the best interest of the Agency. Internal assessments have pointed out that the Chief Information Officer (CIO) needs sufficient resources to provide effective IT governance. The lack of adequate funding, due to Agency budget cutbacks and the assignment of limited resources to higher priority tasks, is the major factor for the Office of the CIO’s slow progress in resolving these issues. However, over the last year, progress has been made in several areas.

The Office of the CIO expects to make large strides during the next six months in closing these issues. Along with the realignment of the CIO’s organization that is occurring, a process improvement plan has been developed, a process engineering group (PEG) has been formed, regular meetings occur to prioritize the tasks and artifacts needed, documentation is being developed, the process Web site is being updated, and staff training is occurring. Refer to the management challenges table in Section 4 of this report for more information on the status of initiatives under IT Governance.

Inability to meet statutory requirements for Equal Opportunity Programs (EOP) reporting. Regulations governing federal sector equal employment opportunity (EEO) require each agency to provide sufficient resources to its EEO program to ensure efficient and successful operation. Currently at USAID, statutory requirements are not being met:

• Complaints of discrimination are not processed within the regulatory timeframe, and not in accordance with all complaint processing procedures.
  
• Required annual compliance reports to oversight agencies have been submitted after required deadlines.
  
• The IG determined that the Agency reasonable accommodation program does not meet all regulatory requirements.
  
• Development of required training has been impeded.

In addition, USAID is only minimally able to maintain basic Agency-wide EEO services:

• Customer feedback consistently demonstrates an increased need for outreach and visibility of EOP efforts to meet the Agency’s legal obligation for achieving diversity and affirmative employment.
  
• EOP’s capacity to sustain diversity initiatives and plans to assess and monitor the representation of the Agency’s various employment categories (i.e. Personal Service Contractors, a large segment of the USAID population); and to help the Agency achieve its Human Capital Strategic Plan objective to attain a diverse workforce are seriously diminished.
  
• Management decisions on budget, staffing, and other supporting resources have resulted in inadequate annual budget allocations; serious staff reductions; and the absence of automated data information and tracking systems to aid program operations.

To remedy this situation, the following actions have been taken:

• The EOP office received a fourth quarter FY 2006 budget increase of 67 percent.
  
• The Administrator authorized the filling of all EOP office vacancies.

Back to Top ^ | < Previous Page | Next Page >