4
 S"
«.«*.
                       UNITED STATES
              ENVIRONMENTAL PROTECTION AGENCY
        (V
        K
        t
        (V
  GUIDANCE FOR PREPARING

THE 1991  FEDERAL MANAGERS'

   FINANCIAL INTEGRITY ACT

        ANNUAL  REPORT
                           Prepared by:

                           RESOURCE MANAGEMENT DIVISION
                           OFFICE OF THE COMPTROLLER
                           OFFICE  OF ADMINISTRATION AND
                               RESOURCES MANAGEMENT
                           August 1991
        O-J
        CD
        CD
       HEADQUARTERS LIBRARY
       ENVIRONMENTAL PROTECTION AGENCY
       WASHINGTON, D.C. 20460

-------

-------
        CONTENTS  OF THE 1991 GUIDANCE PACKAGE
                                                                 Page
Table of Contents of the 1991 Guidance Package                            3
Executive Summary                                                    5
Milestone Calendar                                                     6
New Requirements for the 1991  FMFIA Report                          '    7
General Information About Preparing and Submitting the Report                8

CONTENTS OF THE AA's and RA's 1991 REPORT                       11
The Body of the AA's and RA's Memorandum                           13
Outline of a  Model Memorandum                                        13
The Attachments to the Memorandum                                  17
A,   Statistical Summary of Performance                                 19
B.   Review Process                                                 21
C.   Progress Report on High Risk Areas                                24
D.   .Material Weaknesses / Corrective Actions                            27
E.   Agency-Level Weaknesses / Corrective  Actions                        32
F.   Quality Control Evaluation Report                                   34

APPENDIX TO THE GUIDANCE PACKAGE
Options for Preparing Sub-Assurance Memoranda                            A
Quality Control Evaluation Report by the Assessable Unit Manager              B
Blank Forms for the Attachments and Sub-Assurance Memoranda               C
Copy of OMB's 1991  Instructions for the FMFIA Report                        D
                                  3

-------

-------
I
                                    EXECUTIVE SUMMARY


                  This document is the Agency guidance for preparing the 1991 report required
            by the Federal Managers' Financial Integrity Act.  The guidance document consists
            of the following main components:

            o     The transmittal  memorandum from  the  Deputy Administrator, expressing  his
                  expectations about how the  process will be conducted and the importance of
                  the personal involvement of the Assistant and Regional Administrators;

            o     A milestone calendar for completing  the  1991  report;

            o     Highlights of new requirements;

            o     General information about preparing  and submitting  reports;

            o     The required contents of the 1991 report:

                        What AAs and  RAs must address in the body of their memoranda;

                        What  AAs  and  RAs  must  provide   in the  attachments  to  their
                        memoranda; and

            o     An appendix containing additional material to help you prepare your report.

            o     The requirements  for  your 1991  report are little changed from  1990.  The
                  main changes are:

                        AAs and RAs must identify resources needed for corrective actions;

                        Subordinate organizations have the option of using a simplified report
                        to speed  up the sub-assurance report  process and  lessen  paperwork;
                        and

                        Reporting requirements in the Statistical Summary of Performance have
                        been reduced.

                  The  staff  of the  Resource  Management  Division  of the Office  of  the
            Comptroller stands ready to assist you  in  all aspects of your management integrity
            program including your preparation of the  1991 FMFIA report.  Please call  them  on
            FTS 260-4160.

-------
                  CRITICAL MILESTONES  IN THE
                  1991  FMFIA REPORT PROCESS
10-31-91:    FMFiA  reports  for  Fiscal  Year  1991  are  due  to the  Deputy
            Administrator from  Assistant Administrators, the General Counsel, the
            Inspector General, and the Regional Administrators.

11-8-91:     Resource Management Division completes first draft of Agency Report.

11-21-91:    The Senior  Council on  Management  Controls  discusses with the
            Assistant and Regional Administrators:

            o     Their personal involvement in the  management control and audit
                 follow-up programs;

            o     The material weaknesses they declare  in their respective 1991
                 FMFIA reports;

            o     The reasons that they judge  to be non-material any OIG or GAO
                 candidate weakness proposed in  the September  12  meeting of
                 the Senior Council on Management Controls;

            o     The quality and timeliness of Headquarters  and Regional Office
                 reports;

            o     The  material  weaknesses  that  are  under consideration  for
                 inclusion in the Agency report that the  Administrator submits to
                 the President and the Congress by December 31;
11-26-91:   Resource Management Division submits draft Agency report to Internal
           Control Coordinators for their offices' review.

12-12-91:   Resource Management Division completes revised draft Agency report.

12-19-91:   Resource Management Division meets with the  Deputy Administrator to
           review the draft  report  and  the  material weaknesses that  will  be
           declared in the report to the President and the Congress.

12-31-91:   The  1991  FMFIA process concludes  with the Administrator signing the
           Agency Report to the President and the Congress.

-------
                        NEW REQUIREMENTS
                  FOR THE 1991 FMFIA REPORT
      There are few changes in requirements from  last  year.   OMB continues to
emphasize "high-risk" reporting, priority setting for addressing material weaknesses,
budget linkage, automated information  systems, validation  of  corrective actions,
description of training in management controls, and strengthened reporting on review
processes.

      A complete copy of OMB's 1991 guidance for preparing the report is included
in  this document as Appendix  D.  Informally, OMB  has  requested information on
resource  estimates for dealing  with  high risk  areas  and  correcting  material
weaknesses. This information is requested in Attachments C and D.

-------
                  GENERAL  INFORMATION ABOUT
         PREPARING AND SUBMITTING  YOUR  REPORT
           The  original report is due to the Deputy Administrator by
           October 31, 1991.

           A  double-sided copy  and 5-1/4"  diskette  containing the
           report and all attachments in WordPerfect 5.0 must be sent
           by October 31, 1991, to:

                     U.S. Environmental Protection Agency
                        Resource Management Division
                        Management Controls Branch
                        Mail Code H-3304, NELC-0024
                          Washington, D.C.  20460
      This guidance should be used in preparing your Office's 1991  report to the
Deputy Administrator under the Federal Managers' Financial  integrity  Act (FMFIA).
Your report should cover program, administrative, and financial controls.

      Detailed instructions  on preparing the report and attachments are provided in
the section on this document entitled:  "Contents of the Report," which begins on
page  11.   The  narrative  portion must  be  substantive  and highlight the major
management control accomplishments and problems of  the year ending September
30, 1991.   It also  should  discuss  activities  impacting  your  ability to  provide
reasonable assurance of effective  controls, such as reorganizations or new statutory
requirements.

      Your attachments  must include specific statistical and  milestone information.
The  formats  for the  attachments  ensure  consistent  and complete  statistical
information required by OMB, including budget information.

      If you have no  information to report in an attachment, please state in the
narrative section  that your  report does  not include that  attachment.  Please do not
enclose a blank attachment saying "Not  Applicable".    Label  your  attachments,
however,  as identified  in this guidance so that when culling  information from the
various reports, we have a  common frame of reference.

Sub-assurance Letters

      Most offices  require their  divisions and  laboratories to prepare their own
FMFIA reports {known as "sub-assurance  memos") to gather the information  needed
for the office annual report.
                                     8

-------
      We have  included  in Appendix A  a simplified, optional approach for  sub-
assurance memoranda    AAs and RAs  prepare their  reports based on  the full
guidance, while subordinate organization managers  have two options for preparing
their sub-assurance memoranda: either the same  format as the office report or the
abbreviated style.  The  simplified approach was pioneered by the Office of Water,
and it is a good a approach for saving work, where applicable.

-------
10

-------
     CONTENTS



         OF
THE 1991 FMFIA REPORT
         11

-------
12

-------
            THE BODY OF THE AA's & RA's REPORT
An outline of a model FMFIA report memorandum is presented below.

Information  about the required contents of the  memorandum is included
within the outline.  The model allows each office sufficient flexibility to reflect
the actual character of its individual management integrity program.
      MEMORANDUM

      SUBJECT:  1991 Report on Management Controls

      FROM:     [Primary Organization Head]

      TO:        F. Henry Habicht II
                Deputy Administrator
     ASSURANCE STATEMENT:  State whether the controls in your Office
     provide  reasonable assurance that your Office, as a  whole, complies
     with the requirements of FMFIA.

     ACCOMPLISHMENTS  IN  MANAGEMENT  CONTROL  PROGRAM:
     Describe any  accomplishments your  Office  made in the area  of
     management  controls.    Examples  include a  task  force  effort  to
     strengthen particular controls  or your Office's entire  control process;
     overall  changes  in your  Office's  control  procedures  to  enhance
     effectiveness; increased attention  to audit follow-up; or conferences
     held or councils  formed to discuss  control issues.   Be generous  in
     sharing your success stories here, so that others may profit from them.

     PIG. GAP, and OMB CONCERNS:   Auditors in both the Office of the
     Inspector General (OIG) and the General Accounting  Office  (GAO)
     review management controls as part of every audit they conduct.  Be
     sure your memorandum addresses:

     o     Any major concerns identified in OIG and GAO audits performed
           in your Office in 1991;
                                   13

-------
      Audit follow-up.  Reviews by the  OIG and the OARM are
      continuing to find that offices' audit follow-up is weak and
      that  reporting  is  incomplete  or  inaccurate.     These
      weaknesses  may  be  material.    AAs  and  RAs should
      carefully assess their audit follow-up programs.   If their
      follow-up or their tracking information is weak, they should
      report the weaknesses in their FMFIA reports.

      Payroll/overtime administration;

      Contracts management and administration;

      1991  activities  to  improve  the  integrity,  availability,
      confidentiality of automated information systems.
and
      You may  address the  OIG, GAO,  and  OMB  issues  in  the
narrative itself, in particular attachments, or in a crosswalk of both.
The choice is yours depending on the degree of concern about them in
your particular office.

      In accordance with the Computer Security Act of 1987, Federal
agencies developed plans for assuring adequate  security  for sensitive
systems last year. According to OMB, in some instances  that process
identified significant weaknesses in agency systems along with plans
for correcting  the weaknesses.   Your memorandum should address
weaknesses identified in your office  through this process.

      Your letter should address these  particular control issues and
any others identified in OIG and GAO audits performed in your Office
in 1991. Evaluate these activities carefully and report any  weaknesses,
along with corrective action plans to eliminate the weaknesses.  When
you report weaknesses  identified by  an OIG or GAO  auditor, and
correction of the  weakness is being tracked in the Management Audit
Tracking  System  (MATS),  please   note   this.    Internal  Control
Coordinators   may  have  tc  work   closely  with  Audit  Follow-up
Coordinators to determine this information.

HIGH-RISK AREAS FOR OMB'S GOVERNMENT-WIDE LIST:  Identify
and describe existing and new "high-risk areas" for OMB's  high-risk list
Give detailed information about these areas and the resources needed
to address the high risk in Attachment C.

      We recognize that high  risk areas  may overlap with material
weaknesses.  High risk areas are broad issues of concern.  They may
                                14

-------
   be made up of discrete material weaknesses.  For example, a high-risk
   area  entitled "procurement" might consist of several discrete material
   weaknesses.

         If you believe that a high-risk area exists in the Agency but must
   be addressed by another office, you should notify the appropriate office
   in a separate memorandum, with  a copy to the Resource Management
   Division.  Work with  the other office to raise and investigate the issue,
   so that the office can determine whether to report it in its FMFIA
   report.

   MATERIAL WEAKNESSES:  Identify and  briefly describe existing and
   newly reported  "material  weaknesses"  in your  FMFIA  report.   Give
   detailed  information   about these  weaknesses,  and  the  resources
   needed to cure them, in Attachment D.

         The OMB guidance in Appendix D  offers  criteria for materiality.
   Use these criteria to help determine which weaknesses are  "material,"
   that is, significant enough to report to the President and Congress.

         The September  12,  1991  meeting  of the Senior Council on
   Management Controls  (SCMC)  will include briefings  from  EPA's
   Inspector  General and GAO  representatives  on  potential material
   weaknesses.  The Resource Management Division will apprise you and
   your Internal Control  Coordinator (ICC) of the results of this meeting.

         If you believe that a material weakness exists in the Agency but
   must be addressed by another office, you should notify the appropriate
   office in  a separate  memorandum,  with  a copy to the  Resource
   Management Division.    Work with  the  other   office to  raise  and
   investigate the issue, so that the office can determine whether to report
   it in its FMFIA report.

   Attachments
There are six standard "Attachments" to each FMFIA report.

They are described on the pages which follow.
                                   15

-------
16

-------
 STANDARD  ATTACHMENTS FOR EACH FMFIA REPORT
        A,   Statistical Summary of Performance
        B.   Review Process
        C.   Progress Report on High Risk Areas
        D.   Material Weaknesses / Corrective Actions
        E.   Agency-Level Weaknesses / Corrective
             Actions
        F.    Quality Control Evaluation Report
Guidance  for completing the Attachments to  the  Memorandum is
presented on the following pages.

Blank forms for the Attachments are in the Appendix to this Guidance
package.
                              17

-------
18

-------
                       ATTACHMENT A
         STATISTICAL SUMMARY OF PERFORMANCE
OVERALL COMPLIANCE:  Overall, do your management control systems comply
with the objectives of FMFIA (to reasonably assure that they protect Government
assets from waste, fraud, and mismanagement)?
Yes
,; year achieved
No
NUMBER OF MATERIAL WEAKNESSES:

            In year indicated,
            number reported
            for the first time.
Prior Years:
1989 Report:
1990 Report:
1991 Report:

      TOTAL:
             X
             X
             X
             X

            XX
      For that year,
      number that  have
      been corrected.

              X
              X
              X
              X

             XX
For that year,
number still
pending.

          X
          X
          X
          X

         XX
State the total number of material weaknesses corrected in 1991
PENDING MATERIAL WEAKNESSES:

Category                      Number

Program Management:
—Program Execution                         X
—Systems Development &  Implementation      X
—Asset Disposition                         X
—Environmental Impact                     X
—Safety/Health-Related                     X
—Other *( Specify)                           X
       -i
Functional Management:
—Procurement                              X
—Grant Management                         X
—Personnel & Organizational  Management     X
—ADP Security                             X
                               19

-------
—Payment Systems & Cash Management
—Loan Management & Debt Collection
—Property & Inventory Management
—Other (Specify).
TOTAL
 X
 X
 X
 X
XX
                                20

-------
                            ATTACHMENT B
                           REVIEW PROCESS
      FMFIA .directs Federal  agencies not only to  establish  management controls
and report on their effectiveness, but to evaluate them regularly to ensure continued
effectiveness.  This attachment should describe your Office's FMFIA review process
in the following format.  Please use additional pages if  necessary.


DESCRIPTION OF OFFICE AND STRUCTURE OF REVIEW PROCESS:

[This section should describe your office's segmentation structure.  (Segmentation is
the process  in  which  we  break the  Agency  into  "assessable  units."   Each
assessable unit must establish, evaluate,  and report on its controls.)  The Agency's
policy is to segment  by division  because EPA  divisional activities  tend to have
common characteristics.  If your office complies with this policy, simply state this. If
not, discuss your segmentation structure  and  explain why it is more appropriate for
your office.   If you  determine  that  your  segmentation structure  is  no  longer
appropriate for your office, discuss how and why you plan to re-segment it in  1992.

Next,  you should describe your  office's  procedure for  determining what activities
within your assessable units require testing of controls, how often you test controls,
and what types of reviews are performed.  EPA's 1990 Management Control Plan
(MCP)  guidance and  your 1991  MCP  have information  to  help you  distinguish
between types of reviews.]
                                      .         V

1991 STATISTICAL DATA FOR REVIEW  PROCESS:

[To complete this  section, you should use two other FMFIA documents your office
prepared  previously:  your  1991  Management  Control  Plan  (MCP)  and  your
vulnerability assessments (high/medium/low ranges with numeric scores).

Note that each Internal Control Review (ICR) or  Alternative Internal Control Review
(AICR) conducted must meet three specific criteria:

1.    A written report  must be on  file outlining the review methodology used,
      the reviewer(s), and any findings and recommendations.

2.    The  review must have  tested the controls  described in the office's
      event cycle documentation.
                                    21

-------
3.    The findings and  recommendations  indicate which control techniques
      must be updated in the documentation.

OIG and GAO audits are considered either ICRs or AlCRs and may be counted
below.  However, the review criteria still apply.  Weaknesses and corrective actions
resulting from ICRs and AlCRs should be reported in Attachments D or E.]

o     Number of assessable units?     •  .

o     Number of vulnerability  assessments?   [A  vulnerability assessment
      should  have  been  completed for  each  assessable  unit  in  1989.
      Therefore,  include  all vulnerability assessments conducted in  1989, as
      well as any conducted in  1990  and 1991 for new assessable units.]

      Planned	.  Conducted	.

o     Number of 1991  Internal Control Reviews?
      Planned	.  Conducted	.

o     Number of 1991 Alternative Internal Control Reviews?
      Planned	.  Conducted	.

o     Percentage of assessable units reviewed in 1991 	.
COMMENTS  ON  DISCREPANCY  BETWEEN  REVIEWS  PLANNED  VERSUS
CONDUCTED:

[This section should explain discrepancies in the  numbers reported above in 1991
STATISTICAL DATA FOR REVIEW PROCESS (planned versus conducted).  Also, if
the numbers reported in the section above  are not consistent with the number of
reviews  reported  in your Management  Control Plan, provide  an  overall explanation
for those inconsistencies here as well.]


DESCRIPTION  OF  THE  OFFICE   SYSTEM   FOR  TRACKING   REVIEWS.
WEAKNESSES. AND CORRECTIVE ACTIONS:

[In this section, explain how your office  uses  management control "tools" to schedule
and perform reviews and  correct weaknesses in  controls.   Such tools include the
MCP,  the  Corrective Action Tracking  System  (CATS),  and tracking mechanisms
specific  to your office, such as the Administrator's tracking  system for Superfund
which  has corrective action information far more  detailed than  CATS.]
                                    22

-------
DESCRIPTION OF THE OFFICE'S PROCESS  FOR  VALIDATING CORRECTIVE
ACTIONS:

[Describe your overall  process for  ensuring  that corrective actions are effective in
eliminating weaknesses.  In subsequent attachments, you should describe specific
validation actions for particular weaknesses.]                                   :
DESCRIPTION OF THE OFFICE'S TRAINING IN MANAGEMENT CONTROLS:

[In this section, describe your Office's training  on management controls.  Include
specific information on:

o     Training available to and taken by program managers;

o     Anticipated changes to your training program in FY 1992.]
                                    23

-------
                           ATTACHMENT C

           PROGRESS REPORT ON HIGH  RISK AREAS
      The following report format should be used by offices having a high-risk area,           j
or reporting one for the first time.

      A high-risk  area is  a broad issue or activity whose controls may need           <
improvement.   It  is  usually an  area  requiring  continual  monitoring and  close           i
oversight.   It may be made up  of discrete weaknesses which clearly  must be           j
corrected, or it may simply be an area which is weak overall.                               j

      The  relationship  between  high-risk areas   and  material   weaknesses
varies. Some high-risk areas are broadly defined and have not been identified as           :
material weaknesses.   Other high-risk areas have a direct relationship to one or
more   material  weaknesses.    For  example,  EPA's  high-risk  area  entitled
"enforcement" was comprised of  three distinct material weaknesses.                          !

o     High-risk areas broadly defined with no material weaknesses should be                 .
      reported in this Attachment (C).

o     Discrete material weaknesses should be reported in Attachment D.

o     For  high-risk  areas  comprised of  one  or  more  specific  material
      weaknesses, a crosswalk  between  Attachment C and Attachment D is
      acceptable.    The  name of the  high   risk  area(s)  and  material
      weakness(es) should be  noted  in  this attachment, but the  detailed
      information  about the weakness(es) should  be  included  in Attachment
      D.

NEW REQUIREMENT FOR THE 1991 FMFIA REPORT

      OMB has requested information  on resource estimates for  dealing with
high risk areas.  Therefore, please identify the FTE and associated resources
for FY 1992 and FY 1993.

PRINCIPAL STAFF CONTACT

Name:
Title:
Agency/Office:
Telephone Number: FTS
                                   24

-------
 HIGH  RISK AREA:  Describe the problem/weakness.  If  the  area  is already on
 OMB's high-risk list, use that description.  If a new high risk area is  reported, prior
 consultation with the Resource Management Division's Management Controls Branch
 (MCB) is advised.  Call Peter B. Nobert, Chief, MCB, on FTS 260-4160.

 o    Appropriation.

 o    Year Identified.

 o    How  identified:    [OIG/GAO  audit,  ICR  or AICR,   Management
      Assistance Review, A-130 Security Review,  newspaper report, etc.]

 o .   Targeted Correction Date in Last Year's Report.

 o    Current Target Date.

 o    Reason for Change in Date(s).


 STRATEGY: Briefly describe how your Office is correcting the problem/weakness.
CRITICAL MILESTONES	COMPLETION DATE-
                       , ^ORIGINAL        CURRENT
                     ,,~'"~  PLAN           PLAN
                                                       ACTUAL
CRITICAL MILESTONES. DATES AND RESOURCE REQUIREMENTS
A;

B.
C.
D.
Completed Actions/Events:
high risk report to OMB.
Describe actions taken  since the mid-year
Planned Actions/Events (FY 1992):   Identify critical milestones and dates for
the next  12 months.  If it is  necessary to revise the original planned  date,
explain above the  reason for the change, and identify actions to minimize
slippage in the Assessment of Progress section of the report.

Planned Actions/Events (FY 1993 and bevond):  Identify critical longer-term
milestones  and dates through achievement of final  corrective action.   The
milestones  listed here should be consistent  with the Management Integrity
section of the Agency's 1993 budget  submission to OMB.

Resource Requirements:  In the  following table, please show the  resources
needed to address the high  risk  area.  Please identify the appropriation for
which the resources are needed.  The resource information listed here should
                                     25

-------
      be drawn  from the  Management Integrity section  of the Agency budget
      submission.
                            FY 1992
                         President's
                            Budget
          FY  1993 OMB Submission
                        Additional
           Request   .      Need
Appropriation


S&E  ($000)
AC&C
SF
R&D
  TOTAL


S&E  FTE
SF   FTE
  TOTAL FTE
      Budget Implications:  In addition to the resources listed above, you may want
      to provide a narrative description of the budgetary impact.

RESULTS INDICATORS:  Describe key results indicators.  Results  indicators are
quantitative and/or qualitative measures to determine  whether offices'  actions have
corrected the weakness or deficiency.  For example, improved  response times to
requests for data and  information and increased collections  or decreased debt are
results indicators.    Project  milestones  are  usually   process-oriented.     Their
accomplishment does not, therefore, necessarily ensure that the intended result has
been achieved.
ASSESSMENT  OF  PROGRESS:
progress.
Highlight  both significant  achievements  and
                                    26

-------
                          ATTACHMENT P

      MATERIAL WEAKNESSES / CORRECTIVE ACTIONS
      Material weaknesses are those which are significant enough to be reported by
the Administrator to the President and Congress.  The OMB guidance, Appendix D,
offers criteria to help you determine materiality.

      This attachment should consist of three parts:

o     A summary/table of uncorrected material weaknesses.

o     A description  of  each  uncorrected  material  weakness  in  internal
      controls.

o     A description of each material weakness corrected in 1991.

NEW REQUIREMENT FOR THE 1991 FMFIA REPORT

      To   ensure that  the  Agency   plans  for resources  to fix  material
weaknesses, please  identify the  FTE  and associated  resources for FY  1992
and FY 1993.

PART ONE:  SUMMARY/TABLE.   Provide a summary of all uncorrected material
weaknesses listed in  part two (please provide a page  number for easy reference.)
The summary should  list  the titles  in priority order and provide information on the
correction schedule.  The following format should be used:
Title
First
Reported
	YEAR	
 1990 FMFIA
 Report Target
 for Correction
Current
Target  for
Correction
PART TWO:   DESCRIPTION  OF  UNCORRECTED  MATERIAL WEAKNESSES.
Describe each uncorrected material weakness - in order of priority -- and provide
a complete  action  plan to correct the weakness.  Changes in previous corrective
action schedules  should  be  explained.   Although you  may  cease  reporting the
material  weakness  when the corrective  actions eliminate  the  materiality of the
problem, you  must continue to track  the  weakness,  as Agency-level,  until the
problem is completely eliminated.
                                   27

-------
                          ATTACHMENT  D

      MATERIAL WEAKNESSES / CORRECTIVE ACTIONS
      Material weaknesses are those which are significant enough to be reported by
the Administrator to the President and Congress.  The OMB guidance, Appendix D,
offers criteria to help you determine materiality.

      This attachment should consist of three parts:

o     A summary/table of uncorrected material weaknesses.

o     A description  of  each  uncorrected  material  weakness  in  internal
      controls.

o     A description of each material weakness corrected in 1991.

NEW REQUIREMENT FOR THE 1991 FMRA REPORT

      To  ensure  that   the  Agency  plans  for  resources  to  fix  material
weaknesses, please  identify the  FTE and  associated resources for  FY 1992
and FY 1993.

PART ONE:  SUMMARY/TABLE.   Provide a summary of all uncorrected material
weaknesses.   The summary  should  list  the titles  in priority order  and provide
information on the correction schedule.  The following  format should be used:

                     	YEAR	
Title                 First         1990  FMFIA        Current
                       Reported      Report Target     Target  for
                                     for Correction    Correction
PART TWO:   DESCRIPTION  OF  UNCORRECTED MATERIAL  WEAKNESSES.
Describe each uncorrected material weakness - in order of priority -- and provide
a complete  action plan to correct the  weakness.  Changes  in previous corrective
action schedules should be  explained.  Although  you may cease  reporting the
material  weakness when  the corrective actions eliminate  the  materiality of the
problem, you  must  continue to track the weakness, as Agency-level,  until the
problem is completely eliminated.
                                  27

-------
The following format must be followed for each uncorrected material weakness.  All
data elements are required.

CATS Tracking Number:  If this is a new  weakness, leave this blank.   Resource
Management Division will assign the number.

Title of Material Weakness:

Description of Material Weakness and Its Impact on Agency Operations:

Functional  Category in  Statistical  Summary:   From  the  following  functions  of
management, list any areas where there are uncorrected weaknesses.

      -Procurement
      -Grant Management
      -Personnel & Organizational Management
      -ADP Security
      -Payment Systems & Cash Management
      -Loan Management & Debt Collection
      -Property & Inventory Management
      -Other (Specify)

Appropriation/Program Element:

Administrative Activity/Program Activity:

Year Identified:

Source of Discovery:   Indicate how the material weakness was initially discovered
(e.g.,  OIG  audit or investigation; management review  or evaluation.)   Reference
specific source document by title and  report  number or subject matter and  date.
When you report weaknesses identified by an  OIG or GAO auditor, please note this.
Internal Control Coordinators  may have  to  work closely  with  Audit  Follow-up
Coordinators to determine this information.

Original Target Correction Date:

Targeted Correction Date in Last Year's Report:

Current Target Date:

Reason for Change.in Datefs):

Critical  Milestones  in  Corrective  Action:    Provide a  complete  action  plan to
correct/improve the material weakness in the format presented below.
                                     28

-------
A.


B.


C.


a
Completed Actions/Events:  Briefly describe actions taken since the last report
to OMB,
Planned Actions/Events (FY  1992):
the next 12 months.
Identify critical milestones and dates for
Planned. Actions/Events  (FY 1993 and beyond):   Identify critical longer-term
milestones and dates through achievement of final corrective action.

Resource Requirements:   In the following table,  please show the resources
needed to cure the material weakness.  Please identify the appropriation for
which the resources are needed. The resource information listed here should
be  drawn from  the Management  Integrity  section  of  the  Agency  budget
submission.
      Appropriation


      S&E ($000)
      AC&C
      SF
      R&D
        TOTAL


      S&E FTE
      SF   FTE
        TOTAL FTE
                      FY 1992
                    President' s
                      Budget
     FY 1993 OMB Submission
                   Additional
      Request        Need
      Budget Implications:  In addition to the resources listed above, you may want
      to provide a narrative description of the budgetary impact.


Validation  Process to be Used:  Explain the validation process management will use
to verify completion and  effectiveness  of the corrective actions.   Describe the
inspector  General's  role  in   validating  corrective   actions  and  identify   other
independent validation processes to be used.

Corrective Action Plan Status Updates:

o     September 30. 1991. Status Update: [This block serves as the Fourth
      Quarter 1991 CATS Update.   Address  the  progress  being  made  on
      each milestone listed above.]
                s
o     December 31. 1991. Status Update:
                                     29

-------
      [Leave blank.  This information will  be requested as the 1992 First Quarter
      CATS Update.]

o     March 31. 1992. Status Update:

      [Leave blank. This information will be requested as the 1992 Second Quarter
      CATS Update.]

o     June 30. 1992. Status Update:

      [Leave blank.  This information will be requested as the  1992 Third Quarter
      CATS Update.]

o     September 30.  1992. Status Update:

      [Leave blank. This information will be  requested as the 1992 Fourth Quarter
      CATS Update.j


PART THREE:  DESCRIPTION OF  CORRECTED MATERIAL WEAKNESSES.  For
each material weakness corrected this year, please provide the following  information.
All data elements are required.
CATS Tracking Number:

Title of Material Weakness:

Description of Material Weakness and Its Impact on Agency Operations:

Functional Category in  Statistical  Summary:   From the  following  functions, of
management, list any areas where there are unconnected weaknesses.

      --Procurement
      -Grant Management
      -Personnel & Organizational Management
      -ADP Security
      -Payment  Systems & Cash Management
      -Loan Management & Debt Collection
      -Property & Inventory Management
      -Other (Specify)

Appropriation/Program Element:

Administrative Activity/Program Activity:

Year Identified:


                                    30

-------
Source  of Discovery:  Indicate how the material weakness was initially discovered
(e.g., OIG audit  or investigation; management review  or evaluation.)   Reference
specific source document  by  title and  report number or subject matter and date.
When the weakness was  identified  by. an  OIG or  GAO auditor, please note  this.
Internal Control  Coordinators  may  have  to  work  closely  with  Audit Follow-up
Coordinators to determine this information.

Original Target Correction Date:

Targeted Correction Date in Last Year's Report:

Actual Completion Date:

Reason for Change in Datefs):
Corrective Actions Taken:
material weakness.
Provide a complete  list of actions  which corrected the
Results of  Validation Actions:  Explain the validation process management used  to
verify completion and effectiveness of the corrective actions.  Describe the role the
Inspector  General  performed, in  validating  corrective  action  and identify  other
independent validation processes used.
                                      31

-------
                            ATTACHMENT E

     AGENCY-LEVEL WEAKNESSES/CORRECTIVE ACTIONS
      In this section, report new and previously reported weaknesses which do not
require  reporting to the President  and Congress  but  which the office  still  must
address. Include weaknesses identified in ICRs or AlCRs.  Use the following format
for each weakness.   This  format  will serve  as the  1992 Corrective Action
Tracking System (CATS) format, and eliminate duplicative entry of data.

      It is  not necessary to identify resource  requirements for curing Agency-level
weaknesses.

CATS Tracking Number:  Leave this blank for weaknesses being reported for the
first time.  The  Resource  Management Division will assign this tracking number.
Otherwise, include the  number assigned previously to the weakness.

Assessable Unit Number:

Title of Agency-level Weakness and  Description:

Year Identified and  Source  of Discovery:   Indicate briefly how the weakness was
initially discovered (e.g., AICR such  as an OIG audit).  Reference a specific source
document by report  number or subject  matter and date.   If you  report weaknesses
identified by an  OIG  or GAO auditor,  and correction  of the weakness  is being
tracked  in  MATS, please note this so  it  will not  be tracked in  CATS.   Internal
Control Coordinators may have to work closely with Audit  Follow-up Coordinators to
determine this information.

Critical  Milestones  in  Corrective Action:   Provide  the  action plan to correct the
weakness.  Number each milestone in the plan and give  dates for each milestone.
Explain any changes in milestone dates reported in previous years.

Validation  Milestone:   The  final  milestone should  be  a  step  to verify
completion  and effectiveness of  the corrective  actions.   If this  was  not
included in previously reported action plans, please include it now. Validation
actions can include actions managers themselves take, actions others - such
as auditors -  take, and other independent processes.

Budget Implications:  If the corrective actions will impact your budget, please provide
a narrative description  here.
                                    32

-------
Corrective Action Plan Status Updates:
o     September 30. 1991. Status Update:  [this block serves as the Fourth
      Quarter 1991 CATS Update.   Address the progress being made on
      each milestone listed above.]
o     December 31. 1991. Status Update:
      [Leave blank.   This  information will be  requested as  the  1992  First
      Quarter CATS Update.]
o     March 31. 1992. Status  Update:
      [Leave blank.  This information will be requested as  the 1992 Second
      Quarter CATS Update.]
o     June 30.  1992. Status Update:
      [Leave blank.   This  information will be requested as the 1992 Third
      Quarter CATS Update.]
o     September 30. 1992. Status Update:
      [Leave blank.  This information will be requested as the 1992 Fourth
      Quarter CATS Update.]
                                     33

-------
                            ATTACHMENT F

            QUALITY  CONTROL  EVALUATION REPORT

                       (Internal Control Coordinator and
                      Assistant or Regional Administrator)  .   .
      The  Assistant Administrator for Administration and  Resources Management,
 as  the Agency's Senior Internal  Control  Official, must  report to the Administrator
 each year  on whether the Agency's  internal control process was performed in
 compliance with OMB  Circular A-123 and the Federal Managers' Financial Integrity
 Act (FMFIA).

      The steps of the process were:

      1.     Organizing the process - Annual Work  Plan;
      2.     Updating CATS Reports;
      3.     Training personnel;
      4.     Updating EPA's Segmentation;
      5.     Reviewing and revising Event Cycle Documentation;
      6.     Conducting Vulnerability/Risk Assessments;
      7.     Evaluating "highly vulnerable" assessable units;
      8.     Updating Management Control Plans;
      9.     Performing.Internal Control  Evaluations  (ICRs and AiCRs);
      10.    Resolving  weaknesses and improving controls;
      11.    Reporting  on the process and developing assurance letters;
      12.    Ensuring Quality Assurance

      This  Quality Control Evaluation Report and your assurance letter helps you,
the  Resource Management Division,  and  the  Office of Inspector General evaluate
your organization's implementation of this process.

      The  basic  purpose for  this  form  is  to  provide a  quality  control
mechanism for your  1991  internal  control  program,   ft is a quick  reference
form  for  seeing  what   parts  of  your   internal  control  program  need
improvement.   Any statement answered with a "NO"  or "NOT SURE" must be
accompanied by a narrative  explanation  and should  be addressed in  your 1992
FMFIA program.

      Please  ensure  that  all  statements are  answered and this questionnaire
accompanies your assurance letter, due October 31,  1991.
                                    34

-------
             FEDERAL MANAGERS' FINANCIAL INTEGRITY ACT
                QUALITY CONTROL EVALUATION REPORT
AA or Regional Office
Primary Organization Head .

Internal Control Coordinator
Any statement answered with "NO" or  "NOT SURE" requires  a  narrative statement
describing the reasons for your response.
 I YES|NO|NOT  |
 i_	I	i SURE i                                                              ;
                      ORGANIZATION/ORISNTATION/AWARENESS                  ]

               1.  All SES, GM  supervisors,  and others with               j
               significant FMFIA responsibility have been
 	    trained or briefed on FMFIA and/or internal                '
 I|   |   |    controls.
               2.  Copies of the  FMFIA,  the GAO Standards, OMB
 	 	    guidelines,  and pertinent Agency internal control
I	I	j	I   guidance are on file and accessible for review.

               3.  Managers in,your organization know where to  find
               the copies of FMFIA,  the GAO Standards,  OMB
 	guidelines,  and perjtinent Agency internal control
I	I	|	I    guidance.
               4.  FMFIA responsibilities  have been included in
               the Performance  Standards of all appropriate
            I   managers/supervisors  as defined in 1.  above.
                                 SEGMENTATION

     	    5.  This organization is segmented into Assessable
    I	|	|   Units  (AUs) as  required by Agency guidance.

     	    6.  All functions,  operations,  and organizations
    I   |	|   are fully covered in  the FMFIA process.
                                 35

-------
 I   I
 7.   The  AU managers  in the organization have been
 informed of,  or  are  fully aware of,  their
 responsibilities, in  internal  control.
                       EVENT CYCLE DOCUMENTATION

           8.  Event cycle documentation is on file and
           is complete, up-to-date, and accurate.
           9;  Event cycle documentation has all elements
           required by Agency guidance.  Event cycles,
           control objectives, and control techniques are
           clearly identified.

           10.  Event cycle documentation has been certified
           by the organization's managers for accuracy,
           completeness, and current activities.
.I_J	I
     VULNERABILITY  (RISK) ASSESSMENTS  (VAs)

 11.  A VA was performed  for  all assessable units
 in 1990, or  1991  for new assessable units.

 12.  Offices rated  "highly"  vulnerable have com-
 pleted or planned a review to  address their vul-
 nerability and determine if  weaknesses in controls
 exist or if  existing controls  are adequate.
I  I
.1  I
13.
    MANAGEMENT CONTROL PLANS (MCPs)

This organization updated its 1991 MCP.
14.  The MCP includes  "1991  completed reviews" and
."1992 - 1996 planned reviews" based on VA ratings,
priority arid resources.
             INTERNAL CONTROL EVALUATIONS  (ICRs and AICRs)

           15.  Internal control reviews and/or alternative
           internal control reviews  (ICRs/AICRs) have been
           conducted so that the organization's managers are
           aware of improvements needed in their controls.
                             36

-------
               16.   Written reports for ICRs/AICRs are on file and
               are  used to make necessary.improvements.

               17.   Supporting documentation for the ICRs/AICRs is
               on file verifying that weaknesses identified or
               recommendations made in these written reports have
               been corrected or implemented.

               18.   ICR/AICR-recommended corrective actions were
               evaluated to determine their effectiveness in
 	    eliminating the weakness.   Supporting documentation
I	I	|	|    is on file to substantiate this.

 	    19.   ICR/AICR's conducted tested controls.  Those
I	|	J	|    controls are listed in event cycle documentation.
                    CORRECTIVE ACTION TRACKING SYSTEM (CATS)

               20..  Corrective Action Plans,  containing milestones
               and completion  dates  were developed for each
 	    weakness.   Actions  taken to correct the weaknesses
I	I	I	I    are monitored routinely for quarterly CATS updates.

               21.   Every IG and GAO report was reviewed for
               internal control weaknesses.  This effort has  been
 	. 	    coordinated with the  office's  Audit Follow-Up
I	I	I	|    Coordinator.

               22.   The managers have performed follow-up action
               to  ensure that  the  corrective  actions reported as
               "complete" in CATS  have,  indeed,  corrected the
 	    weakness.   Supporting documentation is on file to
I	I   |	|    substantiate this.
                    .   SUMMARY EVALUATION STATEMENT

               Based on the  manager's  Quality  Control  Evaluation
              .Reports  and the personal  involvement of the  key
               personnel in  this  organization,  we have
 	    implemented the Internal  Control process in  a
I	I   I	|    thorough and  conscientious manner.
                                37

-------
REMARKS;
ICC's Signature
Date
AA's or RA's Signature
Date
                                  38

-------

-------
                    APPENDIX
                        TO
          THE GUIDANCE PACKAGE
Optional Sub-Assurance Memoranda
Quality Control Evaluation Report by the Assessable Unit Manager
Blank Forms for the Attachments
Copy of OMB's 1991 Instructions for the FMFIA Report
A
B
C
D

-------


-------

-------
                                                             APPENDIX A

     THE  BODY OF THE  SUB-ASSURANCE  MEMORANDUM

      We   are  providing  a  simplified,  optional  approach  for  sub-assurance
memoranda. This means that while the AA and RA memoranda must be based on           j
the full guidance,  subordinate  managers  have two  options  for preparing sub-           {
assurance memoranda: the same format as AAs and RAs, or the abbreviated one.

      To simplify the preparation  of  1991  sub-assurance  letters  within offices,
managers may want  to use this optional checklist format and transmittal  memo.
With this approach, the transmittal memo contains the manager's  assurance that a           j
system of management controls is in place  and working,  and describes the actions
the manager has taken, or plans to take, to improve management controls.

      The  Office of Water has used this streamlined approach and found that it
lessens the paperwork burden of assurance  letter reporting, saves time, and still .
complies with the requirements of the Federal  Managers' Financial Integrity  Act.

      If your managers have any questions about using  this streamlined approach,
please have your  ICC  call  the  Resource  Management  Division's Management
Controls Branch.


An outline  of a model sub-assurance FMFIA report memorandum is presented
below.


      MEMORANDUM

      SUBJECT:  Annual Report on Management Controls

      FROM:     (Division)

      TO:        Assistant Administrator or Regional Administrator

           I am submitting this annual report  as required  by Resource
      Management Directive 2560 - "Internal Controls",  to help you comply
      with  OMB   Circulars  A-123  •   "Internal   Controls"  and  A-130  -
      "Management of Federal Information Resources".

-------
ASSURANCE STA TEMENT

      I have  taken the necessary measures  to assure that we have
evaluated  our management  controls  in  accordance  with  guidance
provided by the Office of Administration and  Resources Management
and  OMB.    Based on our evaluation process and the following
information, it  is our opinion that the system of management controls in
effect in this office during the fiscal year ending September 30, 1991.
provide reasonable assurance of compliance with the objectives  of
management control.

ACTIONS  TAKEN  OR  PLANNED  TO  IMPROVE  MANAGEMENT
CONTROLS

      I have implemented the following steps  to improve management
controls in my office:

      1.
      2.
      3. and so on...

DETAILED INFORMATION ON MANAGEMENT CONTROLS

      The attached forms provide detailed information on management
control  training,   vulnerability  assessments,   management  control
evaluation(s), implementing corrective action(s), and plans for review(s)
in the upcoming fiscal year.

Attachment

-------
                                                              Attachment
                 FEDERAL MANAGERS' FINANCIAL INTEGRITY ACT

                              ANNUAL REPORT                                   i

     OFFICE:   (AA OFFICE or REGION)                                    . '         •
                                                                                i
     ASSESSABLE UNIT:    (DIVISION)                                               j

     ASSESSABLE UNIT NUMBER:

          The attached forms support the actions taken to strengthen our management          ,
     controls.                                                                     !

FORM     TITLE                                     APPLICABLE    N/A            |
                                              '                                  i
                                                                                i
 A        Statistical Summary of Performance           	       	            ;
                                                                                |
 B        Review Process                               	       	

 C        Progress Report on High Risk Areas           	       	

 D        Material Weaknesses/Corrective Actions       		

 E        Agency-Level Weaknesses/
          Corrective Actions
          Quality Control Evaluation Report

-------

-------
                                                                APPENDIX B

            QUALITY  CONTROL EVALUATION REPORT
                          (Assessable Unit Manager)

      The Assistant Administrator for  Administration and Resources  Management,
as the Agency's Senior Internal  Control Official,  must report to the Administrator
each  year  on whether the  Agency's  internal  control process  was  performed in
compliance with OMB  Circular A-123 and  the Federal Managers' Financial Integrity
Act (FMFIA).

      The steps of the process were:

      1.     Organizing the process - Annual Work Plan;
      2.     Updating  CATS Reports;
      3.     Training personnel;
      4.     Updating  EPA's Segmentation;
      5.     Reviewing and revising Event  Cycle Documentation;
      6.     Conducting Vulnerability/Risk Assessments;
      7.     Evaluating "highly vulnerable"  assessable units;
      8.     Updating  Management Control Plans;
      9.     Performing Internal Control Evaluations (ICRs and AlCRs);
      10.    Resolving weaknesses and improving  controls;
      11.    Reporting on the process and  developing assurance  fetters;
      12.    Ensuring Quality Assurance

      This Quality  Control Evaluation Report and your assurance letter helps you,
your  Internal Control  Coordinator,  the Resource Management   Division,  and  the
Office of the  Inspector General evaluate your organization's  implementation of this
process.

      The  basic  purpose  for  this form is  to  provide  a  quality  control
mechanism  for your  1991 internal control program.  It  is a quick reference
form  for  seeing  what  parts   of   your  internal  control  program  need
improvement.  Any statement answered  with  a  "NO" or "NOT SURE"  must be
accompanied  by  a narrative explanation and should  be  addressed  in  your 1992
FMFIA program.   Please  ensure  that all  statements are  answered and any other
requested  information  is  provided to your primary  organization's Internal Control
Coordinator.

      You will notice  that statement number 2  has been marked "not applicable".
Your organization's Internal Control Coordinator is  responsible for responding to this
one.

-------
            FEDERAL MANAGERS' FINANCIAL INTEGRITY ACT
               QUALITY CONTROL EVALUATION REPORT
AA or Regional Office

Assessable Unit	
Assessable Unit Manager
Any statement answered with "NO" or "NOT SURE" requires a narrative statement
describing the reasons for your response.

|YES|NO|NOT  |
I	I	| SURE|  ORGANIZATION/ORIENTATION/AWARENESS

               1.  All SES, GM supervisors, and others with
               significant FMFIA responsibility have been
 	    	    trained or briefed on FMFIA and/or  internal
I	I	I	I    controls.

               2.  Copies of FMFIA, the GAO Standards, OMB  guide
               lines, and pertinent EPA internal control  guidance
Not Applicable are on file and accessible .for review.

               3.   Managers in  your  organization  know  where  to
               find the copies of FMFIA, the GAO Standards, OMB
 	    guidelines, and pertinent Agency internal  control
I	|	|	|    guidance.

               4.  FMFIA responsibilities have been included  in
 	    the Performance Standards of all appropriate
               managers/supervisors as defined in 1. above.
                           SEGMENTATION

 	    5.  My office is a segmented Assessable Unit  in
I	|	I	I    accordance with Agency FMFIA guidance.

               6.  All functions, operations, programs, and
 	    activities are fully covered in the FMFIA
I	|	|	|    process.
               7.  I, as the manager of this designated Assessable
               Unit,  have been informed of my responsibilities
               for internal control as outlined in FMFIA.
                                   8

-------
                    :       EVENT CYCLE DOCUMENTATION

     	    8.   Event cycle documentation is on file and
    I	I	I    is  complete,  up-to-date,  and accurate.

               9.   Event cycle documentation has all elements
               required by Agency guidance.   Event cycles,
     	'    control  objectives and control techniques are
      _|	|    clearly  defined techniques.

               10.   I have certified the event cycle documentation
      	    for accuracy,  completeness,  and current activities.
       I	I    My  ICC has the certification.
                   VULNERABILITY  (RISK)  ASSESSMENTS  (VAs)

I	I	I	I    11.   I completed a VA for  my assessable unit  in
               1989,  1990,  or  1991 if  it  is new.

               12.  If my organization is rated "highly" vulnerable
               I  have  completed or planned  a review to  determine
	    if weaknesses in controls  exist  or  existing  controls
I	I	I	I    are  adequate.   (Put N/A if rated "medium"  or "low") .
                       MANAGEMENT CONTROL PLANS  (MCPs)

    I	|	|    13.   I updated my assessable unit's  1991 MCP.
               14.   I included  "1991 completed reviews"  and
    __	     "1992 -  1996 planned reviews" on my  organization's
   '|   I    I    1991 MCP.
                INTERNAL CONTROL EVALUATIONS  (ICRs and AICRs)

              15.   Internal control reviews and/or alternative
              internal control reviews  (ICRs/AICRs) have been
       	    conducted so that I, as the AU Manager, am aware
       I	|   of improvements needed in my controls.

       	    16.   Written reports for ICRs/AICRs are on file and
       I	|   are used to make necessary improvements.

-------
                        17.   Supporting documentation for the ICRs/AICRs is
                        on file verifying that weaknesses identified or  •
          	    recommendations made in these written reports have
         I	I	I	I    been corrected or implemented.

                        18.   ICR/AICR-recommended corrective actions were
                        evaluated to determine their effectiveness in •
          	'    eliminating the weakness.  Supporting documentation
         I	I	I	I    is on file to substantiate this.

          	    19.   ICRs/AICRs conducted tested  controls, and those
         I	I	I	I    controls are listed in event cycle documentation.
                             CORRECTIVE ACTION TRACKING SYSTEM (CATS)

                        20.   Corrective Action Plans,  containing milestones
                        and  completion dates were developed for each
                 	    weakness.   Actions  taken to correct the weaknesses
                I	I    are  monitored routinely for quarterly CATS updates.

                        21.   Every IG and GAO report was reviewed for
                        internal control weaknesses.  I have coordinated
                 	    this effort with the office's Audit Follow-Up
                I	I    Coordinator.

                        22.   I  have taken follow-up action to ensure that
                        the  corrective action reported as "complete" in
                        CATS have,  indeed,  corrected the weakness.
                 	    Supporting documentation is on file to .substantiate
                I    I    this.
                                SUMMARY EVALUATION STATEMENT
                        I  am confident  that  my  organization  has
                        implemented  the Internal  Control  process  in  a
                        thorough and conscientious  manner.
                                         10
\

-------
REMARKS:
AU Manager's Signature
Date
                                  11

-------
12

-------
                                            APPENDIX C
 BLANK FORMS FOR THE AA AND RA REPORT
AND SUB-ASSURANCE REPORT ATTACHMENTS
   A.   Statistical Summary of Performance


   B.   Review Process


   C.   Progress Report on High Risk Areas


   D.   Material Weaknesses / Corrective Actions
   E.   Agency-Level  Weaknesses  /   Corrective
       Actions
   F.   Optional Sub-Assurance Memorandum
                       13

-------
14

-------
                         .                         ATTACHMENT A  .

                STATISTICAL SUMMARY OF PERFORMANCE

OVERALL COMPLIANCE;   Overall,  do your management control systems
comply with  the objectives  of FMFIA  (to  reasonably assure that
they   protect   Government  assets   from   waste,    fraud,   and
mismanagement)?

Yes      ; year achieved 	.  No 	.

NUMBER OF MATERIAL WEAKNESSES:

            In year indicated,   For that year,    For that year,
            number reported      number that have  number still
            for the first time,  been corrected.   pending.

Prior Years:
1989 Report:
1990 Report:
1991 Report:

      TOTAL:

PENDING MATERIAL WEAKNESSES:

Category                                 Number

Program Management:
—Program Execution
—Systems Development & Implementation
—Asset Disposition
—Environmental Impact
—Safety/Health-Related
—Other (Specify)

Functional Management:
—Procurement
—Grant Management
—Personnel & Organizational Management
—ADP Security
—Payment Systems &  Cash Management
—Loan Management &  Debt Collection
—Property &  Inventory Management
—Other (Specify)

TOTAL

-------
                                                  ATTACHMENT B
                          REVIEW PROCESS
DESCRIPTION OF OFFICE AND STRUCTURE OF REVIEW PROCESS:
1991 STATISTICAL DATA FOR REVIEW PROCESS;

o    Number of assessable units?  	.

o    Number of vulnerability assessments?

     Planned 	.  Conducted 	.

o    Number of 1991 Internal Control Reviews?
     Planned 	.  Conducted 	.

o    Number of 1991 Alternative Internal Control Reviews?
     Planned 	.  Conducted	.

o    Percentage of assessable units reviewed in 1991 	
COMMENTS ON DISCREPANCY BETWEEN REVIEWS PLANNED VERSUS CONDUCTED:
DESCRIPTION   OF  THE   OFFICE  SYSTEM   FOR  TRACKING   REVIEWS,
WEAKNESSES, AND CORRECTIVE ACTIONS;
DESCRIPTION  OF THE  OFFICE'S PROCESS  FOR VALIDATING  CORRECTIVE
ACTIONS:
DESCRIPTION OF THE OFFICE'S TRAINING IN MANAGEMENT CONTROLS:

-------
                                                   ATTACHMENT C

                PROGRESS REPORT ON HIGH RISK AREAS
PRINCIPAL STAFF CONTACT

Name:
Title:
Agency/Office:
Telephone Number:  FTS
HIGH RISK AREA:
o    Appropriation.

o    Year Identified.

o    How Identified.

o    Targeted Correction Date in Last Year's Report,

o    Current Target Date.

o    Reason for Change in Date(s).


STRATEGY:
CRITICAL MILESTONES	COMPLETION DATE	
                      ORIGINAL       CURRENT        ACTUAL
                        PLAN          PLAN
CRITICAL MILESTONES, DATES AND RESOURCE REQUIREMENTS

A.   Completed Actions/Events;


B.   Planned Actions/Events  (FY 1992);


C.   Planned Actions/Events  (FY 1993  and beyond):

-------
D.   Resource Requirements:


                 FY 1992       FY 1993 OMB Submission
                      President's                 Additional
     Appropria t ion      Budget	  ,   Request       Need

     S&E ($000)
     AC&C
     SF
     R&D            	    	   '	
       TOTAL

     S&E FTE
     SF  FTE        	    		
       TOTAL FTE


     Budget Implications;

RESULTS INDICATORS:

ASSESSMENT OF PROGRESS:

-------
                        . .                          ATTACHMENT  D

              MATERIAL WEAKNESSES/CORRECTIVE ACTIONS
PART ONE;  SUMMARY/TABLE.

                   _	YEAR	
Title                First        1990 FMFIA       Current
                     Reported     Report Target    Target for
                                  for Correction   Correction
PART TWO:  DESCRIPTION OF UNCORRECTED MATERIAL WEAKNESSES.
CATS Tracking Number;

Title of Material Weakness:

Description  of  Material  Weakness  and  Its  Impact  on  Agency
Operations:

Functional Category in Statistical Summary;

Appropriation/Program Element;

Administrative Activity/Program Activity:

Year Identified;

Source of Discovery;

Original Target Correction Date;

Targeted Correction Date in Last Year's Report:

Current Target Date:

Reason for Change in Date(s);

-------
Critical Milestones in Corrective Action;

A.   Completed Actions/Events;


B.   Planned Actions/Events  (FY 1992):


c-.   Planned Actions/Events  (FY 1993  and beyond);


D.   Resource Requirements;

                 FY 1992       FY 1993 OMB Submission
                      President's                 Additional
     Appropriation      Budget         Request       Need

     S&E ($000)
     AC&C
     SF
     R&D            	    	   	
       TOTAL

     S&E FTE
     SF  FTE        	    	   	'
       TOTAL FTE
     Budget Implications;

Validation Process to be Used;

Corrective Action Plan Status Updates;

o    September 30, 1991, Status Update;

o    December 31, 1991, Status Update;

o    March 31, 1992, Status Update;

o    June 30, 1992, Status Update:

o    September 30, 1992, Status Update;


PART THREE;  DESCRIPTION OF CORRECTED MATERIAL WEAKNESSES.


CATS Tracking Number;

-------
Title of Material Weakness:

Description  of  Material  Weakness  and  Its  Impact  on  Agency
Operations;  •  .                •

Functional Category in Statistical Summary;

Appropriation/Program Element:

Administrative Activity/Program Activity;

Year Identified;

Source of Discovery:

Original Target Correction Date;

Targeted Correction Date in Last Year7s Report;

Actual Completion Date;

Reason for Change irt Date(s):

Corrective Actions Taken;


Results of Validation Actions;

-------
                 . •:.•••                       .  ATTACHMENT  E




            AGENCY-LEVEL WEAKNESSES/CORRECTIVE ACTIONS






CATS Tracking Number:




Assessable Unit/AU #;




Title of Agency-level Weakness and Description:




Year Identified and Source of Discovery;




Critical Milestones in Corrective Action:




Validation Milestone:
Budget Implications, If Any;




Corrective Action Plan Status Updates:




o    September 30, 1991, Status Update;




o    December 31, 1991, Status Update:




o    March 31, 1992, Status Update;  '• -




o    June 30, 1992, Status Update:




o    September 30, 1992, Status Update;

-------
                                                  ATTACHMENT F

MEMORANDUM

SUBJECT:  Annual Report on Management Controls

FROM:

TO:

     I  am  submitting this annual report  as  required by Resource
Management  Directive  2560  -  "Internal  Controls",  to  help  you
comply with OMB Circulars A-123 - "Internal Controls" and A-130 -
"Management of Federal Information Resources".

ASSURANCE STATEMENT

     I have taken  the necessary measures to  assure that we have
evaluated  our management  controls   in  accordance  with guidance
provided by the Office of Administration  and Resources Management
and  OMB.    Based  on our  evaluation process  and  the  following
information,  it  is  our opinion  that  the  system  of management
controls in effect in this office during the fiscal year ending
September  30,  1991,  provide  reasonable  assurance  of compliance
with the objectivesof management control.

ACTIONS TAKEN OR PLANNED TO IMPROVE MANAGEMENT CONTROLS

     I have implemented the following steps to improve management
controls in my office:

     1.
     2.
     3.                      .  .

DETAILED INFORMATION ON MANAGEMENT CONTROLS

     The   attached   forms   provide   detailed  information   on
management    control   training,     vulnerability    assessments,
management   control   evaluation(s),   implementing   corrective
action(s),  and plans for review(s)  in the upcoming fiscal year.

Attachment

-------
                                                            Attachment
                 FEDERAL MANAGERS' FINANCIAL INTEGRITY ACT

                               ANNUAL REPORT     .

     OFFICE:

     ASSESSABLE UNIT:

     ASSESSABLE UNIT NUMBER:

          The attached  forms  support the actions  taken to strengthen
     our management controls.

FORM      TITLE                                    APPLICABLE    N/A

 A        Statistical Summary of Performance           	       	

 B        Review Process                               	       	

 C        Progress Report on High Risk Areas           	       	

          Material Weaknesses/Corrective Actions       	       	
          Agency-Level Weaknesses/
          Corrective Actions

          Quality Control Evaluation Report

-------

-------
                                  APPENDIX D
OMB'S 1991  INSTRUCTIONS
 FOR THE FMFIA REPORT
           15

-------
                  EXECUTIVE OFFICE OF THE PRESIDENT
                     OFFICE OF MANAGEMENT AND BUDGET
                          WASHINGTON. D.C. 20503

                          August 3,  1991
MEMORANDUM FOR THE DEPUTY SECRETARIES OF EXECUTIVE DEPARTMENTS
               DEPUTY ADMINISTRATOR OF THE ENVIRONMENTAL
                  PROTECTION AGENCY
               DEPUTY ADMINISTRATOR OF THE NATIONAL
                  AERONAUTICS AND SPACE ADMINISTRATION
               SELECTED HEADS OF INDEPENDENT AGENCIES
                                                    /
FROM:          Frank Hodsoll
               Executive Associate Director

SUBJECT:       1991 Federal Managers' Financial Integrity Act
               (FMFIA) Reporting Requirements


     Attached is the guidance to be used in preparing your
agency's 1991 FMFIA report to the President and the congress.
This guidance should be followed by the agencies listed in
Attachment A.  Smaller independent agencies will receive modified
guidelines.

     The report is due to the President and the Congress on
December 31, 1991.  However, agencies are encouraged to submit
the report early, so that OMB can use agency FMFIA findings
during the budget formulation process.

     I ask your personal attention in assuring that the 1991
FMFIA report reflects the true state of your agency's management
controls.

     Please ask your staff to direct any questions to your
agency's OMB Management Examiner or to the Management Integrity
Branch on 395-6911.

Attachments

-------
                     .                                 Attachment A


 The  following  agencies  are  subject  to  the  Federal  Managers'
 Financial Integrity Act (FMFIA)  and  the  attached  guidance:

 Department of Agriculture   .
 Department of Commerce
 Department of Defense
 Department of Education
 Department of Energy
 Department of Health and Human Services
 Department of Housing  and  Urban  Development
 Department of the  Interior
 Department of Justice
 Department of Labor
 Department of State
 Department of Transportation
 Department of the  Treasury
 Department of Veterans Affairs

 ACTION
 Agency  for International Development
 Appalachian Regional Commission
 Arms  Control  and Disarmament Agency
 Central Intelligence Agency
 Commission.on Civil Rights
 Commodity  Futures  Trading  Commission
 Consumer Product Safety Commission
 Equal Employment Opportunity Commission
 Environmental Protection Agency
 Executive  Office of the President
 Farm Credit Administration
 Federal Communications Commission
 Federal Election Commission
 Federal Emergency  Management Agency
 Federal Energy Regulatory Commission
 Federal Labor Relations Authority
 Federal Maritime Commission
 Federal Mediation  and  Conciliation Service
 Federal Retirement  Thrift Investment Board
 Federal Trade Commission
 General Services Administration
 International Trade Commission
 Interstate  Commerce Commission
Merit Systems Protection Board
National Aeronautics and Space Administration
National Archives  and.Records Administration
National Credit Union  Administration
National Endowment  for  the Arts
National Endowment  for  the Humanities
National Gallery of Art
National Labor Relations Board •
National Science Foundation

-------
National Transportation Safety Board
Nuclear Regulatory Commission
Office of Personnel Management            .
Panama Canal Commission
Peace Corps
Railroad Retirement Board
Resolution Trust Corporation Oversight Board
Securities and Exchange Commission
Selective Service System
Small Business Administration
U.S. Information Agency
U.S. Soldiers' and Airmen's Home
The following agencies are exempt from the provisions of FMFIA but
are subject to OMB Circulars No. A-123,  Internal Control Systems.
and No. A-127, Financial  Management  Systems,  and to the attached
guidance:

Commodity Credit Corporation
Export-Import Bank of the United States
Federal Crop Insurance Corporation
Federal Housing Finance Board
Federal Housing Administration Fund
Federal Prison Industries, Inc.
Government National Mortgage Association
Overseas Private Investment Corporation
Pension Benefit Guaranty corporation
Rural Telephone Bank
Saint Lawrence Seaway Development Corporation
Smithsonian Institution

-------
                 •   ;-..'                             Attachment B

         GUIDANCE FOR PREPARING 1991  INTEGRITY ACT REPORT

This guidance should be used in preparing your agency's 1991 report
to  the President  and the Congress  under the  Federal  Managers'
Financial Integrity Act (FMFIA).

This . guidance  applies  to  the  Cabinet departments  and  major
independent  agencies,  as  listed in   Attachment A.    Separate
instructions will be  issued for smaller agencies.

The report  is  due to the President  and Congress on  December 31,
1991.  However,  agencies are encouraged to submit the report early.
This will allow OMB  to make  maximum  use of  the report during the
budget formulation process.

The  report  should  highlight  the major  management  control  and
financial systems accomplishments and problems of the year ending
September  30,  1991,  as  well  as  your  commitment  to  future
improvements.  The report should cover both Section 2, and Section
4 of the FMFIA.   Section 2 addresses  improving management controls
over program  and  administrative  areas  —  as well  as  financial
activities  —  to protect against fraud,  waste or mismanagement.
Section 4 requires that  financial management systems comply with
standards applicable to Executive Branch agencies.

Your  submission  should   include  those material weaknesses  in
management  controls,  and material non-conformances  in  financial
systems, significant enough to be  of  interest to  the President and
the Congress.   Special  consideration should  be  given  to whether
nbncompliance  with  commonly accepted  security  practices  in  a
sensitive system constitutes a material weakness.

Questions may be directed to  your  agency's OMB Management Examiner
or to OMB's Management Integrity Branch on 395-6911.

-------
Overall Requirements
The 1991 year-end management integrity report should consist of a
single  letter from  the  agency  head  to the  President  and  the
Congress, with five Enclosures:

     A.   Statistical Summary of Performance;
     B.   Summary of Agency's Management Control Review Process;
     C.   Progress Report on High Risk Areas;
     D.   Description   of  Material   Weaknesses   and   Critical
          Milestones for Corrective Actions; and
     E.   Description of  Material Non-conformances  and Critical
          Milestones for Corrective Actions.

Assessing Materiality of Weaknesses - Section 2 Internal Controls
For purposes of determining what constitutes a material weakness in
internal control systems (Section 2), the criteria set forth in OMB
Circular A-123  should be used.   The  criteria  require  reporting
weaknesses that:

  o  significantly  impair  the   fulfillment  of   an  agency  or
     component's mission;
  o  deprive the public of needed services;
  o  violate statutory or regulatory requirements;
  o  significantly  weaken   safeguards   against  waste,   loss,
     unauthorized use or  misappropriation  of funds,  property,  or
     other assets; or
  o  result in a conflict of interest.

Since  the  above  factors  are  judgmental  and  can  be  widely
interpreted, the  following  additional factors should be  used  to
determine whether weaknesses are  to  be reported to the President
and the Congress.  Each material weakness should meet one or more
of the following additional criteria:

  o  merits the  attention  of the agency head/senior management, the
     Executive   Office   of  the   President,  or   the   relevant
     Congressional oversight committee;
  o  exists in a major program or activity;
  o  could result in the loss of $10 million  or more, or 5 percent
     or more of the resources of a budget line item; or
  o  its omission from  the  report  could reflect adversely on the
     management integrity of the agency.

Assessing Materiality of Weaknesses - Section 4
Each material non-conformance (Section 4) should meet one or more
of the following criteria:

  o  merits the  attention  of the agency head/senior management, the
     Executive   Office   of  the   President,  or   the   relevant
     Congressional oversight committee;
  o  prevents the agency primary accounting system from achieving
     central  control  over  agency  financial  transactions  and

-------
     resource balances;..
  o  prevents  compliance   of   the   primary  accounting  system,
     subsidiary system or  program system with OMB Circular A-127
     (Financial Management Systems),  the Standard General Ledger.
     and the Core Financial Systems Requirements: or
  o  results in an actual material misstatement  (either 5 percent
     or more  of  a budget  line item or  $10 million or  more)  in
     reports required by .the OMB, the Treasury Department, or the
     Congress.

Assessing Overall Compliance with Section 4
To  report  compliance with Section  4,  agencies  must  provide
reasonable assurance  that  the  quality of both  agency  budget and
accounting  information  and  agency   financial  systems meets  the
requirements  described  below.    Agencies  may  report  overall
compliance even with a number of material  non-conformances, as long
as  the   non-conformances   when  considered  together   are  not
sufficiently serious  to  prevent compliance.  As a  general rule,
agencies with systems on the OMB high  risk  list must report non-
compliance,  or   compliance  with   specific   exceptions.   until
corrective action is completed.
Compliance with information standards requires:
                                                      (crosswalks
  o  implementation  of  the  Standard  General  Ledger
     acceptable); and
  o  accurate,  timely,  comparable,  useful budget  and accounting
     information for the current and past fiscal years.

Compliance with systems functional standards requires:

  o  for the agency  (bureau level acceptable):
          a  primary financial  system  featuring general  ledger
          control (including fund control) over agency resources,
          obligations and spending;
          single entry of data (or adequate reconciliation) between
          primary and subsidiary systems; and
          appropriate  accounting  capability  for  cost  and  for
          production units.

  o  for individual systems or subsystems:
          adequate systems documentation and audit trails; and
     —   adequate overall performance of assigned mission.

-------
                 FORMAT FOR THE 1991  FMFIA REPORT
Letter From the Agency Head
Your  letter . to  the   President
substantive.  It should:
          and  the  Congress  should  be
  o  state whether there is reasonable assurance that the agency,
     as a whole, complies with both Sections 2 and 4 of the FMFIA
     (such assurance may be provided even though limited exceptions
     are cited);
  o  state high risk areas in priority order;
  o  state critical material weaknesses  and non-conformances other
     than those identified as high risk areas;
  o  describe  concisely the  impact or  potential  impact  of these
     problems on agency programs; and
  o  summarize corrective  actions being taken or planned to address
     these problems.

Enclosures
Detailed requirements for Enclosures A - E follow.

Transmission of Report
     The letter and enclosures, addressed to the following persons,
must be signed by the agency head and transmitted to the recipients
no later than  December  31  (Agencies  are encouraged to make early
submissions.} :
     Addressee
     The President
     The President
     of the Senate
     Speaker of the
     House of
     Representatives
Address on letter

The President
The White House
Washington, D.C.
                                           20500
Honorable J. Danforth Quayle
President of the Senate
Washington, D.C.  20510

Honorable Thomas S. Foley
Speaker of the House
  of Representatives
Washington, D.C.  20515
Salut
Dear Mr.
President:
Dear Mr.
President:
Dear Mr.
Speaker:
     In addition,  fifteen  copies of the report  to the President
should be sent to:

     Ms. Susan Gaffney
     Acting Assistant Director for
       Financial Management
     Office of Management and Budget
     New Executive Office Building, room 10235
     Washington, D.C.  20503

-------
        ENCLOSURE A — STATISTICAL SUMMARY OF PERFORMANCE
Enclosure  A to  the  agency letter  should present  a statistical
summary  of the  agency's performance  under  Section  2  (internal
controls} and Section 4  (financial systems) using the format on the
following pages. . The enclosure should, where necessary, describe
changes in the definition of material weakness and non-conformance,
and any other action that would affect the statistical summary.

                STATISTICAL  SUMMARY  OF PERFORMANCE

SECTION 2, INTERNAL CONTROL SYSTEMS

Overall compliance     	 Yes    	 No        Year achieved 	

                  Number of Material Weaknesses
               In year indicated,   For that year      For that year,
               number reported      number that have   number still
               for the first time   been corrected     pending


Prior years
1989 report
1990 report
1991 report
     Total :

Of the total number corrected, how many were corrected in 1991? 	

                   Pending Materia1 Weaknesses
Category                                          Number
Program management:
  Program execution
  Systems development
    and implementation
  Asset disposition
  Environmental impact
  Safety, health-related                                     .    •
  Other (specify)
Functional management:
  Procurement
  Grant management
  Personnel and
    organizational management
  ADP security
  Payment systems
    and cash management
  Loan management
    and debt collection
  Property and
    inventory management
  Other (specify)
Total

-------
SECTION 4. FINANCIAL MANAGEMENT SYSTEMS

                       Compliance  assurance

                                                  Yes

Overall compliance with Section 4

  o  Compliance with financial information
     standards
  o  Compliance with systems functional
     standards

                  Number  of  Material  Non-conformances
               In year indicated,  For that year,
               number reported     number that have
               for first time      been corrected
                                         Year
                                     No  Achieved
                                   For that  .
                                   year,  number
                                   still pending
Prior years
1989 report
1990 report
1991 report
Total

Of the total number corrected, how many were corrected in 1991?

                     Pending Non-conformances
Name of
System
Type of
Non-conformance
Title of
Non-conformance
Non-conformance types are as follows:
  o  Financial information standards
          Compliance with SGL
          Data quality
  o  Systems functional standards
          Primary financial system
          Effective interfaces
     —   Cost accounting
          Documentation/audit trails
     —   Mission performance

-------
                  ENCLOSURE B — REVIEW PROCESS
This enclosure should describe the agency's FMFIA review process.

1.   Section 2

  o  Description of organization and structure of review process:
  o  1991 statistical data for review process:
          Number of assessable units 	.
          Number of vulnerability assessments ,
          planned	.   Conducted 	.
          Number of .internal control reviews
          planned 	.   Conducted 	.
          Number of alternative reviews
          planned 	.   Conducted 	.
     —   Percentage of assessable units reviewed 	.
  o  Comment on results versus plan:

2.   Section 4

  o  Description of organization and structure of review process:
  o  Provide an inventory of agency's financial management systems,
     and indicate the total number of systems *:
  o  1991 statistical data for review process:
          Number of annual reviews 	.
          Number of detailed cyclical reviews 	.
  o  Comments on results versus plan:

3.   Overall

  o  Describe  the  agency system  for tracking  reviews,  material
     weaknesses, material non-conformances,  and corrective actions;
  o  Describe process for validating corrective actions;
  o  Briefly  describe  how   the   agency   provides  training  in
     management controls;
  o  Describe actions taken or planned to ensure accountability for
     results in identifying  and  correcting material weaknesses and
     non-conformances.

* Use agency response to OMB Memorandum 91-05 (April 15, 1991) if
  available.

-------
        ENCLOSURE C --- PROGRESS REPORT ON HIGH RISK AREAS
This enclosure  should be used by agencies that  have  a high risk
area.

The relationship between high  risk  areas and material weaknesses
varies.  Some high risk areas have a direct relationship to one or
more material weaknesses.  For example, a high risk area entitled
11 procurement"  might  be  comprised  of  five  discrete  material
weaknesses.  Other high risk  areas are broadly defined  and have not
been identified as  material  weaknesses.   High risk areas in the
latter category should be reported in this enclosure.

For high risk areas made up of one or more material weaknesses, a
crosswalk  between  this  enclosure  and  Enclosure  D  or  .E  is
acceptable.    The  name  of   the  high  risk  area  and  material
weakness(es)  should  be  noted  in  this  enclosure,  but  detailed
information should be included in Enclosure D or E.

High Risk Area;                        .
Describe problem/weakness.   If the  area is on the  OMB high risk
list, that description should  be  used  or updated.   If a new high
risk area  is reported here,  prior  consultation with  OMB  on the
description is advised.

Bureau/Appropriation;

Pace of Corrective Action
     Year Identified:
     Original Targeted Correction Date;
     Targeted Correction Date in Last Year's Report:
     Current Target Date;
     Reason for Change in Datefs):

Strategy;
Briefly describe how the agency is  correcting the problem/weakness.

                                        Completion Date
Critical Milestones           Original Plan  Current Plan  Actual
Provide a complete plan of action for correcting the high risk.

     A.  Completed Actions/Events
     B.  Planned Actions/Events (short term - next 12 months)
     C.  Planned Actions/Events  (longer termV

Results Indicators
Describe  key   results  indicators.    Results   indicators  are
quantitative  and/or qualitative measures  to determine  whether
agency actions have corrected the weakness or deficiency.

Assessment of Progress
Highlight both significant achievements and problems.

-------
      ENCLOSURE D  — MATERIAL WEAKNESSES/CORRECTIVE ACTIONS
This  enclosure  consists of three parts:   (1)  a summary/table of
contents of material weaknesses; (2)  a description  of each pending
material  weakness  in internal  controls (Section 2);  and,  (3) a
description of each material weakness  that was corrected in 1991.
The   summary/table  of  contents  section  includes  material  on
correction  targets which  is also  requested in  the  description
sections.   This is done  to facilitate analysis of the agency's
overall performance on pace of  corrective actions.

Part 1..  Provide a  summary of all pending material weaknesses.   The
summary  should:  list the . titles of the  weaknesses  in priority
order; provide information on the correction schedule; and indicate
the page  number of the  more detailed description to follow.   The
following format should be used:
Title
Year
First
Reported
Target for
Correction
in 1990
FMFIA Report
Current
Target
for
Correction
Page
Part  2.   Describe each  pending material weakness  and provide a
complete  plan of  action to  correct the  weakness.   Changes in
previous   corrective   action  schedules   should   be  explained.
Correction is accomplished when the weakness is no  longer material.
Material weaknesses may  be  consolidated,  so long as the identity
and character of the weaknesses are not lost.

The  following  format shall  be  followed  for each  uncorrected
weakness.  All data elements are required.

     Title of Material Weakness;

     Functional Category  in Statistical Summary;

     Sureau/Appropriation/Account Number:

     Administrative Activity/Program Activity;
     Pace of Corrective Action
          Year Identified;
          Original Targeted Correction Date;
          Targeted Correction Date in LastYear's Report;
          CurrentTarget Date:
          Reason for Change in Datefs);
     Description  of  Material Weakness  and Its  Impact  on Agency
     Operations;

-------
     Source of Discovery of Material Weakness;
     Indicate how material weakness was initially discovered, e.g.,
     IG  audit or  investigation,  management  review,  evaluation.
     Provide a reference to a  specific source document by report
     number .or subject matter and date.

     Critical Milestones inCorrective Action;
     Provide  a  complete plan  of  action  to  correct/improve the
     material weakness in the format presented below.
     Critical Milestones
                         Completion Date
               Original Plan  Current Plan  Actual
          A.
          B.

          C.
Completed actions/events
Planned  actions/events
(short  term  -  next  12
months!
Planned actions/events (longer term)
     Validation Process to be Used;
     Explain the  validation  process to be used  by management to
     verify the completion of the corrective action.. Describe the
     role  the  Inspector  General   can   perform  in  validating
     corrective   action   and  identify   any   other  independent
     validation processes to be used.

Part 3.   For each material weakness corrected this year, please
provide the following information:

     Title of Material Weakness:

     Bureau/Appropriation/Account Number;

     Year Identified:

     Corrective Actions Taken;

     Results of Validation Actions Taken;
                                10

-------
            ENCLOSURE E — MATERIAL NON-CONFORMANCES/CORRECTIVE ACTIONS .
         This enclosure consists  of three .parts:   (l)  a summary/table of
         contents of material non-conformances;  (2)  a description of each
         pending material  non-conformance  (Section 4); and (3) a description
         of each material non-conformance that was corrected in 1991.  The
         summary\table of contents section includes material on correction
         targets which is  also requested in the description, sections.  This
         is done to facilitate analysis  of the agency's overall performance
         on pace of corrective actions.

         Fart  1.    Provide  a  summary  of  all  pending  material  non-
         conformances.  The titles of the  non-conformances should be listed
         in priority order.  Information on the correction schedule can be
         broken down either by system or by individual non-conformance.  The
         following format may be used as a model:
                                         Year
         Name of system/
         Title(s) of
         non-conforraance f s)
                             First
                             Reported
Target for
Correction
in 1990
FMFIA Report
Current
Target
for
Correction
                              Page
         Part 2.  Describe each pending material non-conformance and provide
         a plan  of  action  to  correct the  non-conformance.  . Changes  in
         previous  corrective   action  schedules  should   be  explained.
         Correction is accomplished when the non-conformance  is  no longer
         material.    Material  non-conformances may  be  grouped  (e.g.,  by
         system  or organizational  unit),   so long  as  the  identity  and
         character of the deficiencies are not lost.

         The  following  format  may be used  as  a model for uncorrected
         material  non-conformances.    Under  any .circumstances,  all  data
         elements are required.

              Name of System for Organizational Unit, if appropriate);
              Title of Material Non-conformance:

              System Type:  Core Financial  .  Subsidiary

              Functional Category in-Statistical Summary:

              Bureau/Appropriation/Account Number;

              Administrative Activity/Program Activity:
                     Program
:\
  \
          \

-------
                                                                        A
     Pace of Corrective Action

          Year Identified;               ..                       '
          Original Targeted Correction Date:
          Targeted Correction Date in Las_t Year's Report:
          Current Target Date;
          Reason for Change in Date(si;

     Description  of  Material Non-conformance  and Its  Impact' on
     Agency Operations:

     Source of Discovery of Material Non-conformance;
     Indicate   how   material   non-conformance   was   initially
     discovered, -e.g.,  IG  audit or  investigation,  management
     review, evaluation.  Provide a reference to a specific source
     document by report number or subject matter and date.

     Critical Milestones in Corrective Action:
     Provide a complete plan of action to correct/improve material
     non-conformance in the format presented below.

                                        Completion Date
     Critical Milestones      Original Plan  Current Plan  Actual

          A.   Completed actions/events
          B.   Planned  actions/events  (short  term  -  next  12
               months)
          C.   Planned actions /events (longer j-erm)

     Validation Process to beUsed;
     Explain the  validation  process  to be used  by management to
     verify the completion of the corrective action.  Describe the
     role  the  Inspector   General   can   perform  in  validating
     corrective   action   and  identify  any   other  independent
     validation processes to be used.

Part 3.  Please provide the following information for any material
non-conformances corrected this year:

     Name of System or Organizational Unit (if appropriate):

     Title of Material Non-conformancefs):

     System JType^  Core Financial 	 Subsidiary 	 Program 	

     Bureau/Appropriation/Account Number;

     Year Identified:            *

     Corrective Actions Taken:

     Results of Validation Actions Taken;

                                12

-------