         
|
August 31, 1999
Thompson Letter on GPRA - Treasury
Thompson Letter on GPRA - Treasury
August 17, 1999
The Honorable Lawrence H. Summers Secretary U.S. Department of Treasury 1500 Pennsylvania Ave., NW Washington, D.C. 20220
Dear Secretary Summers: As you know, the Congress is focused on ensuring that the federal government delivers better results to its citizens and taxpayers. The Congress has enacted a statutory framework to achieve these results. This statutory framework includes the Government Performance and Results Act (GPRA); financial management statutes, such as the Chief Financial Officers Act; and information resources management statutes, such as the Clinger-Cohen Act. Each of these reforms aims at achieving more efficient and effective performance throughout the federal government.
As part of our oversight agenda, the Committee has developed information on how effectively the Department of the Treasury is using the above statutory tools to improve its performance in several key areas such as becoming more results-oriented and resolving long-standing problems of fraud, waste, and mismanagement. The purpose of this letter is to share with you the information we have developed and obtain your response to certain questions pertaining to it. With this dialog as a start, we hope to work with you on a continuing basis to ensure that Treasury delivers the best possible results for the American people.
Performance Plan Assessment The Congress continues to look closely at how well departments and agencies are implementing GPRA. At the request of this Committee and others, GAO recently completed an assessment of Treasury’s annual performance plan for fiscal year (FY) 2000. According to GAO, "real progress is not yet evident" in correcting the weaknesses in its FY 1999 plan. In fact, GAO considers the Treasury plan one of the weakest and least improved in the Executive Branch.
The FY 2000 plan’s major strengths are that it (1) provides linkages between the annual and strategic goals; (2) shows trend data for past performance; (3) includes information on resources needed to achieve goals; and (4) discusses department-wide systems and capital improvements.
GAO found that the FY 2000 plan had four key weaknesses: (1) performance goals were not included to address all management challenges and high risk areas; (2) programs that contributed to the same or similar results were not consistently identified; (3) strategies for achieving goals were not consistently discussed; and (4) procedures for verifying and validating performance data were not adequately discussed. For instance, Customs has no method to verify the accuracy of its estimate of the number of persons processed as they enter U.S. land borders.
In addition, Treasury's FY 2000 plan is one of three agencies that received the lowest quality ranking from GAO on all three core GPRA evaluation questions: (1) to what extent does the agency's performance plan provide a clear picture of intended performance across the agency; (2) how well does the agency's performance plan discuss the strategies and resources to achieve its performance goals; and (3) to what extent does the agency's performance plan provide confidence that its performance information will be credible.
As a result, I am quite concerned that Congress will not be able to use Treasury’s plan for decision-making unless major improvements are made soon. As discussed in more detail below, I would like to know how you intend to improve the plan to address these very basic and important GPRA requirements.
Need to implement audit recommendations on major management problems One area where there have been too few results is solving major management challenges that seem to persist year after year at most agencies, including Treasury. Problem areas of particular concern at Treasury are high risk areas involving (1) tax filing fraud and (2) asset forfeiture programs. Regarding, Treasury has yet to fully implement GAO recommendations addressed to this high-risk problem area in the enclosure.
According to information provided to the Committee by your Inspector General (IG) and GAO, there are a number of open audit recommendations addressing financial management and other major management problems at Treasury as well. One example of a GAO recommendation from November 1998 is that Treasury develop a policy to ensure that courier services do not unduly expose the government to losses in the event of lost, stolen, or damaged deposits in transit. The enclosure describes many such unresolved recommendations by GAO and the IG. Several of the IG recommendations propose ways to prepare for the Year 2000 conversion.
Need for specific performance goals to address major management problems It is essential that agency heads and other managers commit themselves to tangible steps that will lead to solutions to major management problems and that agency heads accept accountability for following through on these commitments. One obvious way to do this is to establish specific and measurable goals in your annual GPRA performance plans. OMB guidance in Circular A-11 for agencies to prepare their performance plans states that
performance goals for management problems should be included particularly for problems whose resolution is mission-critical or which could potentially impede achievement of program goals...
GAO recently evaluated the extent to which Treasury’s fiscal year 2000 GPRA performance plan contains specific and measurable performance goals to address the high risk and other most serious management problems confronting Treasury that GAO and your IG have identified. According to the GAO evaluation, which is detailed in the enclosures, Treasury’s plan has no specific goals for 12 of these 21 problem areas including several on GAO’s high risk list. For example, GAO’s evaluation says that the performance plan discusses the activities IRS plans to complete as part of its Year 2000 conversion, but offers no specific performance goals, indicators, or measures to which IRS can be held accountable. Without such measures or goals, it is difficult, if not impossible, to assess progress in addressing major management problems and to hold agencies accountable. Congressional follow-up With so many tax dollars being wasted, this Committee expects agencies to take every opportunity to use the many tools available to them, such as GPRA plans, to resolve major management problems. Furthermore, the GAO and your own IG exist to work in partnership with you to solve longstanding issues of waste, fraud, and abuse.
I hope that the information provided with this letter will stimulate you to make greater use of these tools and resources. In this regard, I ask that you review the enclosed information and respond to the following questions:
- Do you disagree with any of the GAO or IG recommendations described in the enclosures? If so, what is the basis for your disagreement?
- Where you agree with the recommendations, what specific actions are you taking to implement each one and how long will it take to complete?
- Do you disagree with any of the GAO or IG designations of management problems facing Treasury? If so, which ones and why?
- Where you agree with the problem designations, are you prepared to establish specific and measurable commitments to address each one of them in your next performance plan?
- If so, could you outline what approach you plan to take for each problem?
- If you believe that any of these problems do not lend themselves to specific and measurable performance plan goals, please explain why. Please also explain what alternative steps you are taking to solve the problem.
I would appreciate your early attention to this letter. After receiving your response, I will ask Committee staff to arrange a meeting with your representatives to discuss it. My Governmental Affairs Committee staff contact is Robert Shea.
Sincerely,
Fred Thompson
Chairman
FT/rs
Enclosures OPEN GAO RECOMMENDATIONS ON "HIGH RISK" AREAS Asset Forfeiture Programs | GAO Report No. and Date | Recommendation | | GGD-91-97 June 28, 1991 |
The Departments of Justice and Treasury should consolidate the management and disposition of all noncash seized properties in order to reduce program administration costs. | |
AIMD-94-6 Nov. 22, 1993 |
The Commissioner of Customs should direct the Assistant Commissioners for the Offices of Enforcement, Inspection and Control, Commercial Operations, and Management (the Chief Financial Officer), in consultation with each other and other program officials, to enforce existing policies and procedures for: (1) safeguarding seized property; (2) maintaining accurate financial data on seized property inventory; and (3) controlling special operations advances and safeguarding related documents. | |
AIMD-94-6 Nov. 22, 1993 |
The Commissioner of Customs should direct the Chief Financial Officer to require that the independent external auditor's recommendations to improve accounting and control over special operation advances be promptly and fully implemented. | |
AIMD-94-6 Nov. 22, 1993 |
The Commissioner of Customs should direct the Chief Financial Officer to improve Customs Property Tracking System information so that all seized property, especially cash and drugs, are timely and accurately reflected in Customs' inventory records and financial reports. |
IRS Receivables | GAO Report No. and Date | Recommendation | | GGD-93-67 May 11, 1993 |
The Commissioner of Internal Revenue should restructure IRS’ collection organization to support earlier telephone contact with delinquent taxpayers and determine how to use current collection staff in earlier, more productive phases of the collection cycle. | |
GGD-93-67 May 11, 1993 |
The Commissioner of Internal Revenue should develop detailed information on delinquent taxpayers and use it to customize collection procedures. | |
GGD-93-67 May 11, 1993 |
The Commissioner of Internal Revenue should identify and implement ways to increase cooperation with state governments in collecting delinquent taxes. | |
GGD-92-130 Sept. 22, 1992 |
The Commissioner of Internal Revenue should actively use information returns from federal agencies in IRS enforcement programs. | |
GGD-94-47 Dec. 23, 1993 |
To improve administration of the offer in compromise program, the Commissioner of Internal Revenue should develop the indicators necessary to evaluate the offer in compromise program as a collection and compliance tool. The indicators should be based on accurate data, resolving the errors GAO identified, and include: (1) the yield of the program in terms of costs expended and amounts collected; (2) the amount of revenues collected that would not have been collected through other collection means; (3) a measure of noncompliant taxpayers who returned to the tax system; and (4) a measure of participating taxpayers who remained compliant in future years. | |
GGD-94-118 June 1, 1994 |
The Commissioner of Internal Revenue should direct IRS staff to implement Correspondence Task Force recommendations to: (1) incorporate correspondence improvements at district offices; (2) meet user requirements for a letter writing measure and an automated inventory control system; and (3) measure taxpayer satisfaction. |
IRS Financial Management | GAO Report No. and Date |
Recommendation | |
AIMD-99-16 Oct. 30, 1998 | Manually review and eliminate duplicate or other assessments that have already been paid to assure all accounts related to a single assessment are appropriately credited for payments received. | |
Ensure that IRS’ modernization blueprint includes developing a subsidiary ledger to accurately and promptly identify, classify, track, and report all IRS unpaid assessments by amount and taxpayer. This subsidiary ledger must also have the capability to distinguish unpaid assessments by category in order to identify those assessments that represent taxes receivable versus compliance assessments and write-offs. In cases involving trust fund recovery penalties, the subsidiary ledger should ensure that (1) the trust fund recovery penalty assessment is appropriately tracked for all taxpayers liable, but counted only once for reporting purposes, and (2) all payments made are properly credited to the accounts of all individuals assessed for the liability. | |
Examine and consider options to increase deterrent controls at service centers. Some options IRS should examine and consider include: --installing surveillance cameras to monitor staff when they are opening, extracting, and sorting the mail, and when they are processing receipts; --restricting personal items that can be brought into the receipt processing areas, such as handbags, briefcases, and bulky outerwear; and, --providing lockers and requiring their use for storing personal belongings outside of the receipt processing areas. | | AIMD-99-15 Nov. 30, 1998 | Refund controls (two related recommendations): a. Conduct a cost-benefit study to evaluate whether preventive controls, such as manually comparing W-2 information to tax returns at the time returns are received rather than many months later, would be cost beneficial. This study should include a complete analysis of the projected costs and associated benefits of increases to preventative controls. If such controls are determined to be beneficial, IRS should implement them to the extent practical to reduce the amount of inappropriate refund payments. | | b. Ensure that IRS’ modernization blueprint includes the ability to compare W-2 and other third-party information to tax returns as they are processed to further prevent improper refunds from being issued. | |
Employee Background Checks (three related recommendations): Develop and implement a policy prohibiting new employees from being assigned to process receipts until results of fingerprint checks are received and reviewed by management. Continue efforts to explore the feasibility of obtaining local police checks on IRS applicants and evaluate the efficiency and effectiveness of Philadelphia Service Center’s electronic fingerprinting system in order to supplement FBI fingerprint checks. Continue efforts to negotiate with OPM and the FBI and procure the necessary equipment so that it can participate in the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) program by August 1999. | | Improve the physical security controls over receipts and returns in unsecured overflow areas. Such controls might include limiting unnecessary traffic by temporarily designating these overflow areas as restricted access areas and/or posting additional security guards over such areas during the peak filing season. | | | Security over loose checks: Consistently locate all final candling activities in a restricted access area. Store unmatched checks in locked containers until they can be researched and processed for deposit. | |
Courier transport (two related recommendations): Study the feasibility of improving security for deposits in transit. In conducting this study, IRS should consider a number of alternatives, including the use of depositories in closer proximity to its various field locations and employing security guards to accompany couriers to the depositories. Develop a policy to ensure that contracts related to courier services do not unduly expose the government to losses in the event of lost, stolen, or damaged deposits in transit. | |
AIMD-94-33 Feb. 9, 1994 | Reconciliation of Fund Balance With Treasury (two related recommendations): Promptly resolve differences between IRS and Treasury record of IRS’ cash balances and adjust accounts accordingly. Promptly investigate and record suspense account items to appropriate appropriations accounts. | |
AIMD-93-24 Aug. 5, 1993 |
ADP Property Accounting and Inventory: Develop and implement standard operating procedures that incorporate controls to ensure that inventory records are accurately maintained. Such controls should include
--establishing specific procedures to ensure the prompt and accurate recording of acquisitions and disposals in IRS’ ADP fixed asset system, including guidance addressing the valuation of previously leased assets; --reconciling accounting and inventory records monthly as an interim measure until the successful integration of inventory and accounting systems is completed as planned; and, --implementing mechanisms for ensuring that annual physical inventories at field locations are effectively performed, that discrepancies are properly resolved, and that inventory records are appropriately adjusted.
Develop an interim means to capture relevant costs related to in-house software development. |
IRS Tax Filing Fraud | GAO Report No. and Date |
Recommendation | |
GGD-98-150 July 28, 1998 |
The Commissioner of Internal Revenue should ensure that customer service efforts aimed at EIC claimants are available earlier in the filing season when most EIC claims are filed. | |
| The Commissioner of Internal Revenue should include prominent information regarding the 2-year and 10-year sanctions and the recertification process in the Form 1040 EIC instructions and Schedule EIC. |
| GAO Report No. and Date |
Recommendation | |
AIMD/GGD-98-54 Feb. 24, 1998 |
To ensure that IRS develops a complete blueprint for modernizing its information systems, the Commissioner of Internal Revenue should require the IRS CIO to complete the definition and implementation of all System Life Cycle (SLC) processes, including processes for ensuring disciplined software development and acquisition and for validating SLC products; for each phase of the modernization, define business requirements and complete the architecture with sufficient detail and precision to build or acquire systems; formulate a sequencing plan that specifies: (a) phase and release cost and schedule estimates: (b) projects that constitute the phases and releases; (c) project cost and schedule estimates; (d) project interdependencies; (e) the evolution of architectural subfunctions; and (f) the projects that replace legacy systems that are eliminated; and validate the business requirements, architecture, and sequencing plan using the completed and implemented SLC processes. |
| AIMD/GGD-98-54 Feb. 24, 1998 |
To ensure that the modernization blueprint is implemented and enforced agency-wide, the Commissioner of the Internal Revenue should give the CIO (1) responsibility for developing, implementing, and enforcing SLC processes and products across IRS; and (2) requisite budgetary and organizational authority over all IRS systems development, research and development, and maintenance activities. | |
AIMD/GGD-98-54 Feb. 24, 1998 | Until mature SLC processes for developing and acquiring systems have been implemented across IRS, the Commissioner should limit requests for future appropriations for information technology to only cost-effective efforts that (1) support ongoing operations and maintenance, including all efforts to make IRS systems year 2000 compliant; (2) support ongoing IRS efforts to instill requisite SLC discipline, including completing and enforcing the architecture, institutionalizing disciplined software development and acquisition processes, and improving its information technology investment management; (3) are small, represent low technical risk, and can be delivered in a relatively short time frame; or (4) involve deploying already developed systems, but only if these systems have been fully tested, are not premature given the lack of a completed architecture, and produce a proven, verifiable business value. |
OPEN GAO RECOMMENDATIONS ON TREASURY’S MAJOR MANAGEMENT CHALLENGES IRS/The Need for Restructuring IRS' Organization and Business Practices IRS is planning the most comprehensive restructuring of its organization and business practices in decades. The impetus for change stems from congressional concerns about tax administration, including concerns about IRS' treatment of taxpayers, which resulted in the Congress passing the IRS Restructuring and Reform Act of 1998. To address these concerns and to institute his own initiatives, the Commissioner of Internal Revenue announced a multiyear business modernization plan for IRS that emphasizes improving customer service. Under the proposed changes, IRS would be organized into four units that would specialize in serving the needs of different types of taxpayer groups. The four proposed units are (1) wage and investment income, (2) small business, self-employment, and supplemental income, (3) large and mid-size business, and (4) tax exempt and government entities. Managing the restructuring will be a challenge for IRS because the proposed changes to IRS' operations are extensive coupled with IRS' need to balance taxpayer assistance efforts while applying appropriate enforcement actions and collecting taxes, and the necessity to coordinate restructuring with systems modernization.
Restructuring is also the basis for IRS to change its organizational performance measures and the way it uses measures to focus attention on priorities, assess organizational performance, and identify improvement opportunities. The new framework for organizational performance will seek to balance customer satisfaction, business results, employee satisfaction, and productivity. On that basis, IRS is developing a balanced set of measures to reinforce the appropriate relationship between providing service to taxpayers and enforcing compliance with the tax laws. This too will be challenging for IRS, in particular as it develops and implements performance measures to gauge it efforts to reduce taxpayer burden through improved customer service.
The Commissioner's restructuring plan acknowledges that new technology is essential to addressing the problems that have hampered IRS' ability to better serve taxpayers. Deficiencies exist in IRS' computer systems and, as the plan points out, the new business practices and organizational structure are to provide a basis for completing and implementing the modern systems outlined in the technology modernization blueprint. One challenge for IRS is to ensure that the systems development plans under the modernization blueprint and restructuring plan are aligned. In addition, the success of the Commissioner's restructuring plan depends on IRS addressing and correcting its long-standing internal control and system weaknesses related to financial management.
There are no open recommendations related to the restructuring of IRS' organization and business practices. It is only recently that IRS has begun to develop final implementation plans for restructuring. GAO is currently monitoring IRS' overall efforts in this area and it plans to periodically share any observations it has with IRS on a real-time basis. In addition, GAO recently started work that focuses specifically on how IRS' restructuring and businesses practices affect small business taxpayers but that work has not progressed far enough for us to make recommendations. IRS/ The Need to Improve Security Controls Over Information Systems For the past 5 years, GAO has testified and reported numerous times on the ineffectiveness of IRS’ security and general controls in safeguarding IRS information systems and facilities. Although IRS has made progress improving computer security, weaknesses in IRS’ computer security controls continue to place IRS’ automated systems and taxpayer data at serious risk. These weaknesses affect IRS’ ability to control physical access to its facilities and sensitive computing areas, control electronic access to sensitive taxpayer data and computer programs, prevent and detect unauthorized changes to taxpayer data or computer software, and restore essential IRS operations following an emergency or natural disaster. Until these weaknesses are mitigated, IRS continues to run the risk of its tax processing operations being disrupted. Furthermore, sensitive taxpayer data entrusted to IRS could be disclosed to unauthorized individuals, improperly used or modified, or destroyed, thereby exposing taxpayers to loss or damages resulting from identity fraud and other financial crimes.
In addition to the three recommendations discussed in the following table, there are eight other open recommendations related to specific computer control weaknesses at several IRS facilities. In GAO/AIMD-93-34, GAO recommended that IRS computer programs be controlled by a program librarian and that the Philadelphia Service Center director review the card key system to ensure that only authorized users have access to protected facilities. In GAO/AIMD-99-38, GAO recommended that IRS continue efforts to improve computer controls over tape media, telecommunications equipment and remote access to IRS systems, modifications to computer programs, and disaster recovery planning and to complete implementation of a servicewide computer security management program. GAO will be conducting follow-up work to identify the status of IRS efforts to implement these recommendations.
| GAO Product | Recommendation | | AIMD-99-38 Dec. 14, 1998 |
The Commissioner of Internal Revenue should direct the Chief Information Officer and Director of the Office of Systems Standards and Evaluation to work in conjunction with the facility directors as appropriate to continue efforts to implement appropriate control measures to limit physical access to facilities, computer rooms, and computing resources based on job responsibility. | |
| The Commissioner of Internal Revenue should direct the Chief Information Officer and Director of the Office of Systems Standards and Evaluation to work in conjunction with the facility directors as appropriate to continue efforts to limit access authority to only those computer programs and data needed to perform job responsibilities and review access authority regularly to identify and correct inappropriate access. | |
| The Commissioner of Internal Revenue should ensure that IRS completes implementation of its servicewide computer security management program. This program should include procedures for assessing risks for all of IRS’ facilities, networks, major systems, and taxpayer data on a regular, ongoing basis to ensure that controls are adequate. |
IRS/The Need to Confront the Challenges Presented By the Year 2000 Computer Problem
IRS' Year 2000 computer problem is a pervasive time-critical management challenge that IRS must successfully overcome to avoid significant disruptions in its operations in the new millennium. Most of IRS' information systems, like those in many public and private entities, were not designed to read dates beyond December 31, 1999. As a result, IRS, along with many other entities, is engaged in massive efforts to make its information systems Year 2000 compliant to avoid operational disruptions. IRS is challenged with managing one of the largest civilian Year 2000 undertakings. Of the estimated $1.9 billion earmarked for the Treasury Department's Year 2000 program, $1.4 billion has been designated for IRS. Although much time and effort has been spent working to correct its Year 2000 problems, IRS was faced with significant challenges in making its systems Year 2000 compliant because it lacked a comprehensive inventory of information systems infrastructure (i.e., systems software, hardware, and telecommunications networks) and IRS' Chief Information Officer did not control all mission-critical assets. GAO issued a report in June 1998 that addressed IRS' Year 2000 challenges and identified two risk areas: (1) the absence of an integrated master schedule showing the interdependencies among the many Year 2000 efforts and (2) a limited approach to contingency planning. GAO’s report recommended that IRS act to expand its contingency planning efforts to address potential system failures that could affect its core business processes. Since GAO issued its report, IRS has acted to address many of GAO’s recommendations. One recommendation related to IRS’ Year 2000 efforts focusing on developing and testing contingency plans for IRS’ core business processes remains open and is discussed in the following table.
| GAO Product | Recommendation | | GGD-98-138 June 15, 1998 |
The Commissioner of Internal Revenue should ensure that IRS has adequately assessed the vulnerabilities of its core business processes in the event of year 2000-induced system failures by developing and testing contingency plans for core business processes if existing plans are not appropriate. |
U.S. Customs Service/Weaknesses Relating to Internal Controls Over Data in Automated Systems Customs faces certain challenges that are primarily related to controlling access to sensitive data that are maintained in its automated systems and maintaining complete and reliable information in its core financial systems. In its March 1998 audit report on Customs’ fiscal year 1997 financial statements, the Treasury Office of Inspector General (OIG) reported several internal control matters, including (1) core financial management systems needed to be improved and integrated, (2) adherence to systems development standards for certain financial management systems was lacking, (3) computer access vulnerabilities existed that could allow for unauthorized modification and deletion of production programs, systems software, and data in Customs’ systems, and (4) disaster recovery capabilities were in need of improvement. In its March 1999 audit report on Customs’ fiscal year 1998 financial statements, the Treasury OIG continued to report these same matters. There are 13 open GAO recommendations related to this management challenge, which are discussed in the following table. In addition, the Treasury OIG made similar recommendations to Customs related to access to its computer systems and improvement and integration of its core financial management systems.
|
GAO Product | Recommendation | | AFMD-92-30 Aug. 25, 1992 | The Commissioner of Customs should direct the Chief Financial Officer (CFO) to develop and implement an integrated accounts receivable system to record and control all amounts (duties, fees, fines, and penalties) from the time they are owed until they are collected or determined to be uncollectible. | |
AIMD-94-5 Nov. 8, 1993 |
To help strengthen the accuracy of the accounts receivable balance reported in Customs' financial statements, the Commissioner of Customs should direct the CFO to require supervisory personnel to review the work of staff responsible for updating and changing information in ACS to ensure that all assessments are accurately and completely recorded.
Customs should develop and maintain an integrated accounting system that can capture accurate and reliable information on all types of assessments (including duties, taxes, fines, and penalties) from assessment through collection of any related amounts. | |
AIMD-94-23 Dec. 14, 1993 |
The Commissioner of Customs should direct the CFO to revise Customs' accounting systems and procedures to properly account for the receipt of goods and services. Specifically, the CFO should (1) modify the accounting systems for Automated Receiving Report System (ARRS) transactions to automatically liquidate obligations and post the related entries in the proprietary accounts immediately upon receipt of goods and services, (2) develop and implement a mechanism for non-ARRS transactions to acknowledge and transmit receiving data and use such data to post the appropriate budgetary and proprietary accounting entries, and (3) expand the use of the Report on Open Obligations, as a short-term measure, by instructing program office personnel to review the report and notify the National Finance Center when goods and services have been received. | |
AIMD-94-38 Mar. 7, 1994 |
The Commissioner of Customs should direct the Assistant Commissioner for Inspection and Control to develop and implement, in conjunction with Customs' CFO, a strategy for inspecting cargo from both high- and low-risk carriers to help provide reasonable assurance that all cargo delivered is accurately and completely identified on manifests and entry documents. Carriers undergoing such inspections should be randomly selected to ensure that they are representative of all carriers.
The Commissioner of Customs should monitor implementation of the new procedures for accounting for in-bond transfers to ensure that they address the weaknesses that have been identified. In conjunction with this effort, the Commissioner should provide personnel involved in maintaining data on in-bond transfers with clear and detailed guidance and adequate training on complying with the new procedures. | |
| The Commissioner of Customs should direct the Assistant Commissioner for Inspection and Control, in conjunction with the CFO, to require district offices to maintain perpetual inventory records of goods held in bonded warehouses and foreign trade zones (FTZ) that they are responsible for overseeing.
The Commissioner of Customs should direct the Assistant Commissioner for Inspection and Control, in conjunction with the CFO, to enhance the Automated Commercial System (ACS) so that the district offices could use this system to maintain perpetual records of merchandise quantities at each warehouse and FTZ. | |
| The Commissioner of Customs should direct the Assistant Commissioner for Commercial Operations, in conjunction with the CFO, to develop a means of automatically entering information needed to verify drawback claims into ACS so that liquidators can use the system to automatically verify drawback claims. | |
| The Commissioner of Customs should direct the Assistant Commissioner for Commercial Operations, in conjunction with the CFO, to drawback claimants such as accelerated claim privileges, excessive claims previously filed, overdue receivables, and regulatory audit results are available to liquidators in a national database. | |
| The Commissioner of Customs should direct the Assistant Commissioner for Commercial Operations, in conjunction with the CFO, to require that liquidators review this database to ensure that special privileges, such as accelerated drawback payments, are granted only to claimants who have consistently complied with Customs claim filing requirements. | |
| The Commissioner of Customs should direct the Assistant Commissioner for Commercial Operations, in conjunction with the CFO, to enhance the bond liability module to monitor the sufficiency of bonds posted for drawback transactions, including the ability to alert liquidators when coverage is exceeded. | |
| The Commissioner of Customs should direct the Assistant Commissioner for Commercial Operations, in conjunction with the CFO, to develop a means of automatically entering information needed to verify drawback claims into ACS so that liquidators can use the system to automatically verify drawback claims.
The Commissioner of Customs should direct the Assistant Commissioner for Commercial Operations, in conjunction with the CFO, to enhance ACS so that historical information on drawback claimants such as accelerated claim privileges, excessive claims previously filed, overdue receivables, and regulatory audit results are available to liquidators in a national database.
The Commissioner of Customs should direct the Assistant Commissioner for Commercial Operations, in conjunction with the CFO, to require that liquidators review this database to ensure that special privileges, such as accelerated drawback payments, are granted only to claimants who have consistently complied with Customs claim filing requirements.
The Commissioner of Customs should direct the Assistant Commissioner for Commercial Operations, in conjunction with the CFO, to enhance the bond liability module to monitor the sufficiency of bonds posted for drawback transactions, including the ability to alert liquidators when coverage is exceeded. | | AIMD-94-119 June 15, 1994 |
The Commissioner of Customs should direct the Assistant Commissioner for Inspection and Control to require personnel at ports of entry to maintain accurate and up-to-date data in the AMS and to routinely investigate all shipments that have not been released by the end of a prescribed period. |
U.S. Customs Service/Weaknesses Relating to the Development of Customs’ Automated Commercial Environment System GAO’s work showed that an incomplete systems architecture hindered Customs’ ability to manage information technology investments, particularly large, mission-critical systems such as its Automated Commercial Environment (ACE) system. Since GAO’s January 1999 report, GAO identified additional serious management and technical weaknesses that have hindered Customs’ ability to develop and acquire ACE. The additional weaknesses that GAO reported are that Customs (1) invested in ACE without a firm basis for knowing that it is a cost-effective system solution and (2) built ACE without employing software engineering rigor and discipline.
GAO’s work on Customs’ systems architecture resulted in recommendations for Customs to complete and enforce an enterprise systems architecture. Customs agreed with these recommendations and has acted to fully address them and GAO has, therefore, closed the two architecture-related recommendations. As a result of GAO’s subsequent work, there are now three open recommendations related to this major management challenge.
| GAO Product | Recommendation | | AIMD-99-41 Feb. 26, 1999 |
In addition to previous recommendations to improve Custom’s management of information technology, GAO recommended that Customs correct the management and technical weaknesses discussed in this report before building ACE. To accomplish this, the Commissioner of Customs should, with the support of Customs’ chief information officer (CIO), ensure that Customs rigorously analyzes alternative approaches to building ACE, including exploring the International Trade Data System as an alternative to developing ACE entirely within Customs. | |
| In addition to previous recommendations to improve Customs’ management of information technology, GAO recommended that Customs correct the management and technical weaknesses discussed in this report before building ACE. To accomplish this, the Commissioner of Customs should, with the support of the Customs CIO, ensure that Customs makes investment decisions incrementally, i.e., for each increment: (1) use cycle cost estimate, including an explicit discussion of its inherent uncertainty, (2) prepare realistic and supportable benefit expectations, (3) require a favorable return-on-investment and compliance with Customs’ architecture before making any investment, and (4) validate actual costs and benefits once an increment is piloted, compare these with estimates, use the results in making further decisions on subsequent increments, and report the results to Customs’ House and Senate appropriations and authorizing committees. | |
| In addition to previous recommendations to improve Customs’ management of information technology, GAO recommended that Customs correct the management and technical weaknesses discussed in this report before building ACE. To accomplish this, the Commissioner of Customs should, with the support of the Customs CIO, ensure that Customs strengthens ACE software acquisition management by (1) establishing an effective process improvement program and correcting weaknesses in ACE software acquisition processes identified in this report, thereby bringing ACE processes to at least Software Engineering Institute (SEI) level 2, and (2) requiring at least SEI level 2 processes of all ACE software contractors. |
U.S. Customs Service/Weaknesses Relating to the Development of Customs’ Automated Commercial Environment System GAO’s work showed that an incomplete systems architecture hindered Customs’ ability to manage information technology investments, particularly large, mission-critical systems such as its Automated Commercial Environment (ACE) system. Since GAO’s January 1999 report, GAO identified additional serious management and technical weaknesses that have hindered Customs’ ability to develop and acquire ACE. The additional weaknesses that GAO reported are that Customs (1) invested in ACE without a firm basis for knowing that it is a cost-effective system solution and (2) built ACE without employing software engineering rigor and discipline.
GAO’s work on Customs’ systems architecture resulted in recommendations for Customs to complete and enforce an enterprise systems architecture. Customs agreed with these recommendations and has acted to fully address them and GAO has, therefore, closed the two architecture-related recommendations. As a result of GAO’s subsequent work, there are now three open recommendations related to this major management challenge.
|
GAO Product | Recommendation | | AIMD-99-3 Oct. 14, 1998 |
The Secretary of the Treasury should direct the Commissioner of FMS to work with agencies and provide sufficient resources to develop supplemental written guidance, including step-by-step procedures for reconciliations, targeted to agencies with reconciliation problems to assist them in clearly understanding their responsibilities. | |
| The Secretary of the Treasury should direct the Commissioner of FMS to work with agencies and provide sufficient resources to develop training courses for agencies’ use in reconciling fund balances with Treasury accounts. | |
| Treasury should make enhancements to the Government On-Line Accounting Link System as soon as it is practical in order to provide agencies with the technology needed to promote efficient and effective reconciliations. |
Financial Management Service/The Need to Address Issues Related to Preparing Reliable Consolidated Financial Statements for the Government In GAO’s March 1998 audit report on the government’s fiscal year 1997 consolidated financial statements (CFS), GAO reported that problems with fundamental record-keeping, incomplete documentation, and weak internal controls prevent the government from accurately reporting a large portion of assets, liabilities, and costs. These deficiencies affect the reliability of the CFS and much of the underlying financial information. As preparer of the CFS, FMS has a key responsibility to work with agencies to address some of these problems, including the government’s inability to (1) properly account for billions of dollars of basic transactions, especially those between governmental entities, (2) ensure that the information in the CFS is consistent with agencies’ financial statements, and (3) ensure that all disbursements are properly recorded. While there currently are no open recommendations related to the first two issues, FMS has developed actions plans and is working with us, OMB, and key agencies to address the noted problems. However, fixing all of these problems represents a significant challenge because of the size and complexity of the government and the discipline needed to comply with new accounting and reporting requirements. Meeting these challenges will require a significant commitment of agencies’ and FMS’ management as well as adequately trained staff and effective automated financial systems.
|
GAO Product | Recommendation | | AIMD-99-3 Oct. 14, 1998 | The Secretary of the Treasury should direct the Commissioner of FMS to work with agencies and provide sufficient resources to develop supplemental written guidance, including step-by-step procedures for reconciliations, targeted to agencies with reconciliation problems to assist them in clearly understanding their responsibilities. | |
| The Secretary of the Treasury should direct the Commissioner of FMS to work with agencies and provide sufficient resources to develop training courses for agencies' use in training personnel who are involved in reconciling fund balances with Treasury accounts. | |
| Treasury should make enhancements to the Government On-Line Accounting Link System as soon as it is practical in order to provide agencies with the technology needed to promote efficient and effective reconciliations. |
Financial Management Service/The Need to Improve Computer Security Controls
FMS faces considerable challenges in overseeing the development, implementation, and operation of its entitywide information systems, including the establishment of appropriate computer controls. FMS maintains a wide array of financial and information systems to help it process and reconcile money disbursed and collected by the various government agencies. Multiple banking, collection, and disbursement systems are also used to process agency transactions, capture relevant data, transfer funds to and from Treasury accounts, and facilitate the reconciliation of these transactions. In addition to operating six regional financial centers, FMS relies on a network of contractors and the Federal Reserve Banks to help carry out its financial management responsibilities. In October 1998, GAO reported that general computer control weaknesses at FMS and its contractor data centers place the data maintained in FMS’ financial systems at significant risk of unauthorized modification, disclosure, loss, or impairment. The weaknesses GAO found included (1) inappropriate access to computer programs, data, and equipment, (2) inadequate segregation of duties, (3) improper application software development and change control procedures, and (4) incomplete or untested service continuity plans. Weak controls over FMS’ computer systems place billions of dollars of payments and collections at risk of fraud. These weaknesses existed primarily because FMS does not have an effective entity-wide computer security planning and management program. Because of the large volume of transactions, the significance of the related amounts involved, and the number of weaknesses identified at the FMS data centers visited, GAO considered FMS’ general computer control problems a material weakness. In connection with fulfilling GAO’s requirement to audit the U.S. government’s fiscal year 1998 financial statements, GAO reviewed the computer controls over key FMS financial systems and GAO also reviewed the status of computer weaknesses at FMS identified during the fiscal year 1997 audit. GAO noted that general computer control problems continue to exist and be identified as a material weakness.
| GAO Product | Recommendation | | AIMD-99-10 Oct. 20, 1998 | To address weaknesses in general controls cited inGAO’s July 31, 1998, "Limited Official Use" version of this report, GAO recommended that the Secretary of the Treasury direct the Commissioner of the Financial Management Service, along with the FMS Information Resources Assistant Commissioner, to take the following actions: (1) correct the individual weaknesses that GAO identified and communicated to FMS management during GAO’s testing, which were summarized in the "Limited Official Use" report, and (2) assign responsibility and accountability for correcting each weakness to designated individuals. These individuals should report to the Commissioner on the status of all weaknesses, including actions taken to correct them. | |
| To address weaknesses in general controls cited inGAO’s July 31, 1998, "Limited Official Use" version of this report, GAO recommended that the Secretary of the Treasury direct the Commissioner of the Financial Management Service, along with the FMS Information Resources Assistant Commissioner, to work with other appropriate assistant commissioners to ensure that an effective entitywide security planning and management program is in place. This program should include the following elements: (1) a strong central security management focal point to ensure that major elements of a risk management program are carried out and to provide a communications link among organizational units, (2) periodic risk assessments and needs determinations, (3) policy and controls implementation, (4) promotion of computer control awareness through training and other attention-getting techniques, and (5) evaluation and monitoring of policy and control effectiveness. |
Financial Management Service/The Need to Effectively Implement the Debt Collection Improvement Act The Congress has raised concerns about the slow pace at which the Debt Collection Improvement Act of 1996 (DCIA) has been implemented by the Department of the Treasury’s FMS and the other agencies with related responsibilities. GAO reported in June 1997 that improved reporting for billions of dollars of delinquent debt was needed. In June 1998, GAO testified that FMS did not have a system capable of matching all federal payments against nontax delinquent debts owed the government, as envisioned by DCIA, because of systems development problems. Progress is being made by FMS; however, challenges remain in effectively fulfilling its responsibilities under DCIA.
There are six open recommendations related to improving delinquent debt reporting, which are discussed in the following table. In addition, GAO identified several areas in which actions by FMS are needed to reduce the risk of costly system modifications and further delays in the Treasury Offset Program (TOP). FMS has acted to address these areas; however, enhancements to the TOP system to incorporate additional payment types (e.g., Social Security benefit payments) have not yet been completed.
| GAO Product | Recommendation | | AIMD-97-48 June 2, 1997 |
The Secretary of the Treasury should revise the framework and data requirements for agency reporting on debt collection to ensure that reports to the Congress (1) provide complete and consistent reporting on the status of agency efforts to collect delinquent debt; (2) provide amounts that agencies are actually trying to collect. For example, agencies should report amounts that have been written off but that are still being pursued; (3) provide information that is reliable based on independent audits and disclose information about account balances that are questioned through audits, and (4) report delinquent debt consistently from agency to agency or disclose inconsistencies. | |
| The Secretary of the Treasury should revise the framework and data requirements for data reporting on debt collection to ensure that reports to the Congress offer an evaluation of agency use of individual collection tools. The reports should include the number of cases and dollar amount against which each tool was applied, the success rate, and the cost of using each tool. | |
| The Secretary of the Treasury should revise the framework and data requirements for data reporting on debt collection to ensure that reports to the Congress aggregate credit data by similar program characteristics and provide explanatory information where necessary in order to more appropriately portray program differences and focus on collection challenges unique to similar programs. |
Weaknesses Exist in Computer Systems Security In its auditors’ reports on Treasury’s fiscal year 1997 and 1998 departmentwide financial statements, the Treasury OIG reported as a material weakness that computer security controls, which are designed to safeguard data, protect computer application programs, prevent system software from unauthorized access, and ensure continued computer operations, need to be strengthened. Although some improvements have been made, computer control weaknesses in financial systems access and physical security controls at certain bureaus reported by the Treasury OIG in previous years continued to exist during fiscal years 1997 and 1998 and additional weaknesses were identified.
GAO’s work and that of the Treasury OIG have identified significant problems at three bureaus—IRS, Customs, and FMS. GAO’s recommendations have been made at the bureau level. A description of the weaknesses and GAO’s open recommendations are contained in the separate sections on each of these bureaus. Additionally, GAO is continuing to monitor actions in response to recommendations made by the Treasury OIG through GAO’s work related to the OIG’s audit of Treasury’s departmentwide financial statements in conjunction with GAO’s audit of the consolidated financial statements of the U.S. government.
Weaknesses Relating to Integrated Financial Management Systems In its auditors’ report on Treasury’s fiscal year 1996 departmentwide financial statements, the Treasury OIG reported that Treasury’s lack of integrated financial management systems was a material weakness. An integrated system would perform basic accounting functions and provide integrated budget, financial, and performance information that managers could reliably use to make decisions. The auditors reported that several component entities maintained separate systems to support programs and financial management and that these nonintegrated systems could not be relied on to provide complete and accurate information without extensive manual procedures, analyses, and reconciliations. The Treasury OIG had recommended that the Treasury Chief Financial Officers Council develop a strategy for improving the level of financial systems integration within and among the department’s bureaus.
The Treasury OIG reported in its fiscal year 1997 audit report that the CFO Council had initiated a project to define core financial data requirements, evaluate current systems capabilities, and develop recommendations for implementation of a departmentwide data stewardship process. However, in both its fiscal year 1997 and 1998 audit reports, the Treasury OIG reported that financial system integration issues continued to exist.
There are currently no open GAO recommendations related to this issue. The Treasury OIG has one open recommendation related to the need for the Treasury Chief Financial Officer to ensure that component entities develop appropriate plans to improve and integrate their financial management systems and monitor the implementation of these plans. GAO is continuing to monitor the status of this major management challenge through GAO’s work related to the OIG’s audit of Treasury’s departmentwide financial statements in conjunction with GAO’s audit of the consolidated financial statements of the U.S. government.
Weaknesses Relating to the Process Used to Prepare Department-wide Financia
|
 |
|
|
