OMB BULLETIN NO. 98-08

TO THE HEADS AND INSPECTORS GENERAL OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS

SUBJECT:  Audit Requirements for Federal Financial Statements

1. Purpose. This Bulletin, which includes an Attachment and Appendices A through H, establishes minimum requirements for audits of Federal financial statements. The Bulletin is issued under the authority of the Budget and Accounting Act of 1921, as amended, and the Budget and Accounting Procedures Act of 1950, as amended. It implements the audit provisions of the Chief Financial Officers (CFOs) Act of 1990 (P.L. 101-576), as amended, the Government Management Reform Act (GMRA) of 1994 (P.L. 103-356), and the Federal Financial Management Improvement Act of 1996 (P.L. 104-208). The requirements of this Bulletin are set forth in the Attachment.

2. Applicability. The provisions of the Bulletin apply to audits of financial statements of executive departments and agencies and certain components of these agencies, listed in Appendices A and B, respectively.

3. Effective Date. The provisions of this Bulletin are effective for audits of financial statements for fiscal years ending on or after September 30, 1998. Audit reports shall be submitted to the agency head in sufficient time to enable the agency head to meet the due date for submitting the audited financial statement under GMRA, no later than March 1 following the end of the fiscal year for which the financial statements were prepared.

4. Inquiries. Further information concerning this Bulletin may be obtained by contacting the Office of Management and Budget (OMB), Office of Federal Financial Management, Washington, DC 20503, telephone (202) 395-3993.

5. Copies. Individual copies of this Bulletin may be obtained from the Executive Office of the President, Publications Office at (202) 395-7332, and from the OMB home page on the Internet at /OMB.

Jacob J. Lew
Director

Attachment

1.BACKGROUND. The Government Management Reform Act (GMRA) of 1994 amended the requirements of the Chief Financial Officers (CFOs) Act of 1990 by requiring, among other things, the annual preparation and audit of organizationwide financial statements of 24 executive departments and agencies (Appendix A). The GMRA also requires audited financial statements of components of executive departments and agencies designated by the Director of the Office of Management and Budget (OMB), which are identified in Appendix B. In addition, the Federal Financial Management Improvement Act (FFMIA) of 1996 requires, among other things, that the report on these audits state whether the agency financial management systems comply substantially with Federal financial management systems requirements, applicable Federal accounting standards, and the U.S. Government Standard General Ledger at the transaction level.

2. DEFINITIONS. For the purposes of this Bulletin, the following definitions apply:
 
a. "Annual Financial Statement" means the financial statement of a reporting entity as described in Section 3515 of Title 31 of the United States Code and OMB Bulletin 97-01, "Form and Content of Agency Financial Statements" and subsequent issuances (OMB's Form and Content Bulletin), and, shall be comprised of:

c. "Federal accounting standards" are those standards included in the hierarchy of Federal accounting standards described in paragraph 5 of this Bulletin.

d. "Federal financial management systems requirements" are those requirements described in OMB Circular A-127, "Financial Management Systems."

e. Government Auditing Standards are those standards issued by the Comptroller General of the United States.

f. "Independent auditor" means an auditor who meets the independence standards specified in the Government Auditing Standards.

g. "Internal control," as it relates to the Principal Statements and Required Supplementary Stewardship Information, is a process, effected by the agency's management and other personnel, designed to provide reasonable assurance that the following objectives are met:

i. "Material weaknesses in internal control" are reportable conditions in which the design or operation of the internal control does not reduce to a relatively low level the risk that errors, fraud or noncompliance in amounts that would be material in relation to the Principal Statements or Required Supplementary Stewardship Information being audited or material to a performance measure or aggregation of related performance measures may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions. The auditor shall use this definition of material weaknesses to report on an entity's internal control in accordance with the requirements of Government Auditing Standards and this Bulletin rather than the definition of material weaknesses used by management to prepare an agency's Federal Managers' Financial Integrity Act (FMFIA) of 1982 report.

j. "Overview of the Reporting Entity" means a brief narrative overview, prepared by management, also called Management's Discussion and Analysis (MD&A), which describes the reporting entity and its mission, activities, program and financial results, and financial condition. OMB's Form and Content Bulletin further defines the "Overview of the Reporting Entity."

k. "Reportable conditions" are matters coming to the auditor's attention that, in the auditor's judgment, should be communicated because they represent significant deficiencies in the design or operation of internal control, that could adversely affect the organization's ability to meet the objectives in paragraph 2.g. of this Bulletin.

l. "Reporting Entity" means one of the executive departments and agencies and components of such departments and agencies listed in Appendices A and B, or an agency, bureau, or other organization that represents a meaningful unit for program management, for which a financial statement is prepared, and for which management chose to have an audit performed in accordance with this Bulletin. OMB's Form and Content Bulletin further defines "Reporting Entity."

m. "United States Government Standard General Ledger (SGL)" means the uniform chart of accounts prescribed by the Department of the Treasury in its Treasury Financial Manual.

3. FREQUENCY OF AUDIT. Audits shall be performed annually.

4. RESPONSIBILITY FOR AUDIT. For purposes of this Bulletin, the following responsibilities apply:

a. For the 24 executive departments and agencies and selected components of such departments and agencies listed in Appendices A and B, the audits of financial statements shall be performed by the IG of the executive department or agency or by an independent auditor as determined by the IG.

b. GMRA provides that, in lieu of an audit otherwise required, the Comptroller General of the United States may, at his or her discretion and following consultation with the IG, perform the audit.

5. ACCOUNTING PRINCIPLES AND STANDARDS. The Federal Accounting Standards Advisory Board (FASAB) was established by the Secretary of the Treasury, the Director of OMB, and the Comptroller General (the Principals) to recommend Federal accounting standards to the Principals. Specific standards agreed upon by the Principals are issued by the Director of OMB and the Comptroller General as Statements of Federal Financial Accounting Standards (SFFASs). Federal agencies are required to follow these standards in the preparation of financial statements pursuant to GMRA. Recognizing that the SFFASs may not explicitly address all transactions of departments and agencies, the Principals adopted the following hierarchy of Federal accounting standards, which constitutes generally accepted accounting principles for the Federal Government:

a. Individual standards (SFFASs) agreed to by the Director of OMB, the Comptroller General, and the Secretary of the Treasury and published by OMB and the General Accounting Office.

b. Interpretations related to the SFFASs issued by OMB in accordance with the procedures outlined in OMB Circular A-134, "Financial Accounting Principles and Standards."

c. Requirements contained in OMB's Form and Content Bulletin in effect for the period covered by the financial statements.

d. Accounting principles published by other authoritative standard-setting bodies and other authoritative sources (a) in the absence of other guidance in the first three parts of this hierarchy, and (b) if the use of such accounting principles improves the meaningfulness of the financial statements.

6. SCOPE OF AUDIT. Financial statements shall be audited in accordance with Government Auditing Standards and the provisions of this Bulletin.

a. With respect to the Principal Statements and Required Supplementary Stewardship Information, the auditor shall:

 (1) In obtaining an understanding of the components of internal control, particularly the risk assessment component, and assessing control risk, the auditor shall obtain an understanding of the process by which the agency identifies and evaluates weaknesses required to be reported under FMFIA and related agency implementing procedures.
 
(2) The auditor shall compare material weaknesses disclosed during the audit with those material weaknesses reported in the agency's FMFIA report that relate to the financial statements of the entity under audit and document material weaknesses disclosed by audit that were not reported in the agency's FMFIA report. The auditor should consider whether the failure to detect and report material weaknesses constitutes a reportable condition or material weakness in the entity's internal control.

d. With respect to compliance with applicable laws and regulations, the auditor shall perform tests of compliance with laws and regulations that could have a direct and material effect on the Principal Statements and Required Supplementary Stewardship Information, and any other laws, regulations, and governmentwide policies identified by OMB in Appendix C of this Bulletin.

e. With respect to compliance with governmentwide policies contained in OMB Circular A-127, using the guidance in Appendix D, the auditor shall perform tests of compliance with Federal financial management systems requirements⁽²⁾, applicable Federal accounting standards, and the SGL at the transaction level. This provision only applies to audits of entities listed in Appendices A and B. Circular A-127 requires the agency to establish and maintain a single, integrated financial management system that complies with characteristics stated therein, that include maintaining accounting data to permit reporting in accordance with Federal accounting standards, application of the SGL at the transaction level, and incorporation of the functional requirements issued by the Joint Financial Management Improvement Program (JFMIP) in its series Federal Financial Management Systems Requirements (FFMSR). As of the date of this Bulletin, the issuances in this series are:

-- Framework for Federal Financial Management Systems, FFMSR-0, January 1995,
-- Core Financial System Requirements, FFMSR-1, September 1995,
-- Personnel-Payroll System Requirements, FFMSR-2, May 1990,
-- Travel System Requirements, FFMSR-3, January 1991,
-- Seized/Forfeited Asset System Requirements, FFMSR-4, March 1993,
-- Direct Loan System Requirements, FFMSR-5, December 1993,
-- Guaranteed Loan System Requirements, FFMSR-6, December 1993,
-- Inventory System Requirements, FFMSR-7, June 1995, and
-- Managerial Cost Accounting, FFMSR-8, February 1998.

f. With respect to information accompanying the Principal Statements and Required Supplementary Stewardship Information, the auditor shall assess whether the information and manner of its presentation in the Overview of the Reporting Entity (or MD&A) and any other accompanying information is materially inconsistent with the information in the Principal Statements and Required Supplementary Stewardship Information.

g. With respect to required supplementary information referred to in paragraph 2.a.(4) of this Bulletin, the auditor shall follow AU Sections 551 and 558, Codification of Statements on Auditing Standards.

h. The auditor shall obtain written representation from management as part of an audit conducted in accordance with this Bulletin. See AU Section 333, "Management Representations," of the Codification of Statements on Auditing Standards. An illustrative management representation letter is provided in Appendix E.

i. The auditor shall request entity management to send a letter of inquiry to those lawyers with whom management consulted concerning litigation, claims, and assessments. See AU Section 337, "Inquiry of a Client's Lawyer Concerning Litigation, Claims, and Assessments," of the Codification of Statements on Auditing Standards.

(1) The letter of inquiry shall be sent to legal counsel no later than October 15 and shall include a request for an interim response to be effective no earlier than December 1, except as noted in paragraph 6.i.(3), and submitted to the auditor by December 15 following the end of the fiscal year for which the financial statements are prepared. In addition, the letter of inquiry shall include a request for an updated response to be effective no earlier than February 15 and submitted to the auditor by March 1 following the end of the fiscal year for which the financial statements are prepared.

(2) The Inspector General shall submit to OMB (Deputy Controller, Office of Federal Financial Management), Department of the Treasury (Commissioner, Financial Management Service), and the General Accounting Office (Assistant Comptroller General, Accounting and Information Management Division) copies of the interim and updated legal responses described in paragraph 6.i.(1) by December 31 and March 10, respectively.

(3) If the audit is completed prior to December 1, the legal response provided in connection with the audit may be used in place of the interim response described in paragraph 6.i.(1). In addition, an updated legal response to be effective no earlier than February 15 shall be provided. These legal responses shall be submitted in accordance with paragraph 6.i.(2).

a. An audit report, or separate audit reports, on the Principal Statements and Required Supplementary Stewardship Information, internal control, and compliance shall be prepared at the completion of the audit. The audit report(s) shall be submitted to the agency head in sufficient time to enable the agency head to meet the due date for submitting the audited financial statement under GMRA, no later than March 1 following the end of the fiscal year for which the financial statements were prepared. The audit results shall be discussed with management as soon as practicable but, in any case, prior to issuance of the audit report. IGs are encouraged to work with CFOs to accelerate the preparation of financial statements, and to accelerate the completion of audits.

b. The audit report(s) shall state that the audit was made in accordance with Government Auditing Standards and the provisions of this Bulletin.

c. The audit report(s) shall include:

(1) An opinion as to whether the reporting entity's Principal Statements and Required Supplementary Stewardship Information are fairly presented in all material respects in conformity with Federal accounting standards. See AU Section 623.05 of the Codification of Statements on Auditing Standards.
 
(a) With respect to reporting on other accompanying information, which includes the information referred to in paragraph 2.a. (1) and (5) of this Bulletin, the auditor shall follow AU Section 551, Codification of Statements on Auditing Standards.

(b) When required supplementary information referred to in paragraph 2.a.(4) of this Bulletin is presented, the auditor shall follow AU Sections 551 and 558, Codification of Statements on Auditing Standards.

(c) If the financial statements are not prepared in accordance with Federal accounting standards, the auditor shall report the departure(s) from those standards and, if practicable, the effects of the departure(s) on assets, liabilities, and net position; net costs; changes in net position; budgetary resources; reconciliation of net costs to budgetary obligations; and, if applicable, custodial activity either directly in the auditor's report on the Principal Statements and Required Supplementary Stewardship Information or by reference in the auditor's report to an explanatory note in the Notes to Principal Statements, or Required Supplementary Stewardship Information, if applicable, prepared by management.

(d) If the auditor disclaims an opinion, the report shall describe why the auditor was unable to conduct the audit in accordance with Government Auditing Standards and this Bulletin. If material weaknesses and other reportable conditions prevented the conduct of the audit in accordance with Government Auditing Standards and this Bulletin, such conditions shall be included in the report on internal control described in paragraph 7.c. (2), along with recommendations for correcting the condition(s).

(e) When there is a change in accounting principles, for example, changes to comply with SFFASs, the auditor's report on the Principal Statements and Required Supplementary Stewardship Information shall include an explanatory paragraph identifying the nature of the change and referring the reader to the note to the Principal Statements, or Required Supplementary Stewardship Information, where applicable, that discusses the change in detail.
 

(2) A report on internal control⁽³⁾, which shall at a minimum:
 
(a) State that, with respect to the internal control objectives described in paragraph 2.g.(1) of this Bulletin, the auditor obtained an understanding of the design of internal controls, determined whether they have been placed in operation, assessed control risk, and performed tests of the reporting entity's internal controls.

(b) State that, with respect to the internal control objective described in paragraph 2.g.(3) of this Bulletin, and relating to the performance measures included in the Overview of the Reporting Entity, the auditor obtained an understanding of the design of internal controls relating to the existence and completeness assertions and determined whether they have been placed in operation.

(c) State whether or not the tests performed provided sufficient evidence to support an opinion on internal controls.

(d) Describe reportable conditions and material weaknesses identified during the audit.

(e) Identify those material weaknesses disclosed by audit that were not reported in the reporting entity's FMFIA report.
 

(3) A report on the reporting entity's compliance with applicable laws, regulations, and governmentwide policy requirements.⁽⁴⁾
 
(a) The auditor shall report noncompliance with laws and regulations disclosed by audit, except for those instances of noncompliance that, in the auditor's judgment, are clearly inconsequential. In meeting this requirement, the auditor shall list those laws and regulations that tests disclosed reportable instances of noncompliance.

(b) With respect to laws and regulations tested for which the audit disclosed no reportable instances on noncompliance, the report shall state that the audit disclosed no reportable instances of noncompliance with these laws and regulations. A listing of these laws and regulations is not required.

(c) For compliance with governmentwide policy requirements contained in OMB Circular A-127 and referred to in FFMIA, the auditor shall report whether the reporting entity's financial management systems substantially comply with Federal financial management systems requirements, Federal accounting standards, and the SGL at the transaction level. To meet this requirement, the auditor's report shall state the auditor's reporting requirement and that the auditor performed tests of compliance in accordance with the requirements of this Bulletin (see Appendix D). The audit report shall reflect instances in which the reporting entity's systems did not substantially comply with the three Federal financial management systems requirements, or state that the audit disclosed no instances in which the reporting entity's systems did not substantially comply with the three requirements. In addition, as required by FFMIA, where tests disclosed that the reporting entity's systems did not substantially comply with the three requirements, the auditor's report on compliance shall:
 

(i) Identify the entity or organization responsible for the financial management systems that were found not to comply with the requirements.

(ii) Include all facts pertaining to the noncompliance, including the nature and extent of the noncompliance, the primary reason or cause of the noncompliance, and any relevant comments from reporting entity management or employees responsible for the noncompliance.

(iii) Provide recommended remedial actions and the time frames to implement such actions.
 

(d) With respect to the objectives of tests of compliance generally, the auditor's report on compliance shall state whether or not providing an opinion on compliance was an objective of the audit and whether or not the tests performed provided sufficient evidence to support an opinion.

e. The reporting entity shall provide comments on the auditor's findings and recommendations included in the audit report, including corrective actions taken or planned and comments on the status of corrective actions taken on prior findings. To the extent practical, these comments shall be included in the audit reports on internal control or report on compliance. If corrective actions are not necessary, an explanatory statement shall be included in the applicable audit report.

f. Copies of the audit report shall be distributed to the head of the executive department or agency and subsequently included in the CFO's annual report or the agency's Accountability Report.

8. MANAGEMENT LETTER. Conditions that are not required to be included in the audit report, but that the auditor considers necessary to communicate, should be separately communicated to management of the reporting entity in a management letter. If a management letter is issued, the auditor shall refer to that management letter in the auditor's report on internal control (see paragraph 5.28 of Government Auditing Standards).

9. AGREED-UPON PROCEDURES: RETIREMENT, HEALTH, AND LIFE INSURANCE WITHHOLDINGS/CONTRIBUTIONS AND SUPPLEMENTAL SEMIANNUAL HEADCOUNT REPORT SUBMITTED TO THE OFFICE OF PERSONNEL MANAGEMENT (OPM). The agreed-upon procedures listed in Appendix H shall be applied separately for each Agency Payroll Office (APO) that services 30,000 or more employees per year for the agencies listed in Appendix A during the course of conducting audits in accordance with this Bulletin. Additionally, the agreed-upon procedures shall be applied each year to at least one APO per CFOs Act agency (listed in Appendix A). The period subject to the agreed-upon procedures shall be for the 12 months ended September 30 of each year. Reports on the application of these procedures shall be addressed and submitted to the Inspector General of OPM. Report copies shall be provided to OPM's CFO and Associate Director for Retirement and Insurance. These reports shall be submitted no later than December 15 following the end of the fiscal year for which the financial statements are prepared. The provisions of this paragraph are subject to AU Section 622, "Engagements to Apply Agreed-Upon Procedures to Specified Elements, Accounts, or Items of a Financial Statement," Codification of Statements on Auditing Standards.

10. INSPECTOR GENERAL OVERSIGHT.

a. IGs shall:

 (1) Ensure that audits are performed and audit reports completed in a timely manner and in accordance with the requirements of this Bulletin. This responsibility pertains to audits conducted directly by IG staff and audits conducted by independent auditors under contract.

(2) Provide technical advice and liaison to agency officials and independent external auditors.

(3) Obtain or make quality control reviews of audits made by independent external auditors and provide the results, when appropriate, to other interested organizations.

(4) Monitor and report on management's progress in resolving audit findings related to audits made pursuant to this Bulletin, in accordance with the Inspector General Act of 1978, as amended, the provisions of OMB Circular A-50, "Audit Followup," and FFMIA.

Appendix A: Executive Departments and Agencies Required to Prepare Financial Statements

Appendix B: Components of Executive Departments and Agencies Required to Prepare Financial Statements

Appendix C: General Laws

Appendix D: The Federal Financial Management Improvement Act of 1996 -- OMB Implementation Guidance for CFOs and IGs

Appendix E: Illustrative Management Representation Letter

Appendix F: Illustrative Auditor's Report on Internal Control

Appendix G: Illustrative Auditor's Report on Compliance with Laws and Regulations

Appendix H: Agreed-Upon Procedures: Retirement, Health, and Life Insurance Withholdings/Contributions and Supplemental Semiannual Headcount Report Submitted to the Office of Personnel Management 

Department of Agriculture
Department of Commerce
Department of Defense
Department of Education
Department of Energy
Department of Health and Human Services
Department of Housing and Urban Development
Department of the Interior
Department of Justice
Department of Labor
Department of State
Department of Transportation
Department of the Treasury
Department of Veterans Affairs
Agency for International Development
Environmental Protection Agency
Federal Emergency Management Agency
General Services Administration
National Aeronautics and Space Administration
National Science Foundation
Nuclear Regulatory Commission
Office of Personnel Management
Small Business Administration
Social Security Administration 

Department of Defense
Department of Army General Funds
Department of Navy General Funds
Department of Air Force General Funds
Military Retirement Trust Fund
U.S. Army Corps of Engineers Civil Works Program
Department of Army Working Capital Fund
Department of Navy Working Capital Fund
Department of Air Force Working Capital Fund
Defense Finance and Accounting Service Working Capital Fund
Defense Logistics Agency Working Capital Fund

Department of Health and Human Services
Health Care Financing Administration

Department of Labor
Unemployment Trust Fund

Department of Transportation
Federal Aviation Administration
Highway Trust Fund

Department of the Treasury
Bureau of Alcohol, Tobacco, and Firearms
Internal Revenue Service
United States Customs Service

Office of Personnel Management
Civil Service Retirement and Disability Fund
Federal Employees Health Benefits Program
Federal Employees Life Insurance Program 

Anti-Deficiency Act (codified as amended in 31 U.S.C. 1341, 1342, 1351, 1517)

Provisions Governing Claims of the United States Government as provided primarily in sections 3711-3720E of Title 31, United States Code (including provisions of the Debt Collection Improvement Act of 1996, Pub. L. No. 104-134, 110 Stat. 1321-358, which also is codified in various sections of 5 U.S.C., 18 U.S.C., 26 U.S.C., 28 U.S.C., 31 U.S.C., 42 U.S.C.)

Federal Credit Reform Act of 1990, Pub. L. No. 101-508, 104 Stat. 1388-610 (codified in various sections of 2 U.S.C.)

Pay and Allowance System for Civilian Employees as provided primarily in Chapters 51-59 of Title 5, United States Code

Prompt Payment Act (codified as amended in 31 U.S.C. 3901-3907) 

Introduction

The Federal Financial Management Improvement Act of 1996 (FFMIA), 31 U.S.C. 3512, fundamentally does two things:

• establishes in statute certain financial management system requirements that are already established by Executive Branch policies, and

• establishes new requirements for auditors to report on agency compliance with these basic requirements, and for agency heads and agency management to correct deficiencies within a certain time period.

Substantive Statutory Requirement

The 1997 Omnibus Consolidated Appropriations Act includes Title VIII, the Federal Financial Management Improvement Act of 1996. Section 803(a) of this Act states:

"In General -- Each agency shall implement and maintain financial management systems that comply substantially with Federal financial management systems requirements, applicable Federal accounting standards, and the United States Government Standard General Ledger (SGL) at the transaction level."

These three requirements -- Federal financial management system requirements, applicable Federal accounting standards, and the SGL -- are already well-established in Executive Branch policy documents. These documents, which are described in more detail below, include: OMB Circulars (A-127, "Financial Management Systems" and A-134, "Financial Accounting Principles and Standards"), Joint Financial Management Improvement Program (JFMIP) documents (such as the Core System Requirements), and Treasury Department policies.

Section 803 (a) of FFMIA does not establish any new financial system requirements.

Other sections of FFMIA establish new procedural requirements. However, these new requirements follow the basic principles established in Federal audit policies:

• Section 803 (b)(1) requires that auditors report whether agency systems substantially comply with Federal financial management systems requirements;

 
• Section 803 (c)(1) requires that the head of each agency determine whether the agency's financial management systems comply with the Act, based on a review of the report on the applicable agencywide audited financial statement and any other information the head of the agency considers relevant and appropriate;

 
• Section 803 (c)(3) requires that, when the agency head disagrees with the auditor's findings,the Director of OMB shall review such determinations and provide a report on the findings to the appropriate committees of the Congress;

 
• Section 803 (c)(3) requires that when the agency head agrees with the auditor's findings of noncompliance, a remediation plan shall be developed, in consultation with OMB, that describes the resources and milestones for achieving compliance; and

 
• Section 804 (b) requires that the Inspector General (IG) report on agency progress in achieving compliance in the IG's semiannual report required by the IG Act, as amended.

Relationship to Section 4 of FMFIA (the Integrity Act)

There is a close, if not overlapping, relationship between FFMIA and the Federal Managers' Financial Integrity Act (FMFIA). Since the acronyms are similar, this guidance refers to FMFIA as the Integrity Act. The Integrity Act requires that the agency head, on an annual basis no later than December 31, provide an assurance statement with respect to agency management controls (Section 2) and agency compliance with financial management system requirements (Section 4). For the most part, in many agencies, the Integrity Act statement of assurance for Section 4 provides management's assertion of compliance with section 803(a) of FFMIA.

Section 803, Implementation of FFMIA

Section 803 (a), cited above, states: "In General -- Each agency shall implement and maintain financial management systems that comply substantially with Federal financial management systems requirements, applicable Federal accounting standards, and the United States Government Standard General Ledger (SGL) at the transaction level."

This section of the guidance more fully describes (1) Federal financial management systems requirements; (2) applicable Federal accounting standards; and (3) the SGL at the transaction level. In each section, information is provided on substantial compliance and types of indicators to be used in assessing whether an agency is in substantial compliance. The criteria are broad and flexible; yet, they provide a practical basis for measuring achievement in complying with the FFMIA requirements.

(1) Federal Financial Management Systems Requirements

Circular A-127 prescribes policies and standards for agencies to follow in developing, operating, evaluating, and reporting on financial management systems. In addition, Circular A-127 also incorporates by reference: Circular A-123, "Management Accountability and Control;" Circular A-130, "Management of Federal Information Resources;" other operating policies and related requirements prescribed by OMB; and Federal Financial Management Systems Requirements issued by JFMIP.

The financial management systems subject to the requirements of FFMIA are included in the inventory of financial management systems subject to the requirements of Section 4 of the Integrity Act.

Compliance with the financial management systems requirements of FFMIA applies to all financial management systems essential to meeting financial statement preparation and budgetary reporting requirements.

An agency of the Federal Government is considered to be in substantial compliance with financial management system requirements if:

• Financial management systems meet Circular A-127 requirements which, for purposes of complying with this Act, call for systems to: support management's fiduciary role; support the legal, regulatory, and other special management requirements of the agency; support the budget execution functions; support fiscal management of program delivery and program decision-making; comply with internal and external reporting requirements, including, as necessary, the requirement for financial statements prepared in accordance with the form and content prescribed by OMB and reporting requirements prescribed by Treasury; and be monitored by agency staff to ensure the integrity of financial data. This is accomplished through a unified set of systems comprised of financial systems and financial portions of mixed systems. These systems may or may not be operated by the CFO's office.

 
• Financial management systems follow requirements published in JFMIP's Federal Financial Management System Requirements series which prescribe the functions that must be performed by systems to capture information for financial statement preparation.

 
• Compensating procedures are applied to financial management information produced by third parties, such as service bureaus, when it is determined that systems used by third parties to provide those services do not comply with the provisions of the FFMIA.

 
• Security over financial information is provided in accordance with Circular A-130, Appendix 3.

 
• Internal controls over financial management systems are designed properly and operating effectively. Internal controls are described in OMB Bulletin 98-08. It is not expected that the scope of the auditor's work in this area would extend beyond the requirements of the Bulletin.

• Annual assurance statement issued pursuant to the Section 4 Integrity Act report does not reflect any material non-conformance related to financial management systems covered by FFMIA.

 
• Audit procedures performed for the purpose of obtaining evidence in support of the auditor's opinion on the financial statements did not disclose material weaknesses or noncompliance with legal or regulatory requirements of the agency.⁽⁶⁾

 
• Standard budget execution information is provided on a timely basis to OMB and Treasury in the manner requested and is consistent with budget execution information used internally within the agency.

 
• Agency senior management and program managers have access to timely financial information on the status of funds (commitments, reservation and obligations) by operating units and programs that allows analysis of data for decision-making.

 
• Funds control decisions are based on information provided from the agency's financial management systems.

 
• The agency core financial system, supported by other systems containing the detailed data summarized in the core financial system, is the source of information used in the preparation of the annual financial statements and other internal and external reporting requirements. Detailed information contained in these other systems also may be used as the source information for reporting where summarized information contained in the agency core system does not provide the details necessary to meet reporting requirements.

 
• The agency has a management control program that identifies and reports deficiencies in financial management systems, including deficiencies resulting in a lack of substantial compliance with the three requirements of FFMIA, and ensures such deficiencies are corrected.

An agency of the Federal Government will be considered in substantial compliance with Federal accounting standards if the agency prepares audited financial statements in accordance with the hierarchy of Federal accounting standards included in paragraph 5 of OMB Bulletin 98-08. Substantial compliance does not require all transactions to be in full compliance with Federal accounting standards at the point of original entry, but that financial information used in the preparation of financial statements, based on such transactions, is adequately supported by detailed financial records (automated or manual).

Indicators:

• An unqualified opinion on the agency's financial statements. For a qualified opinion, a review of the underlying reasons for the qualified opinion is needed to determine whether or not the agency is in substantial compliance with this requirement. In limited circumstances, a qualified opinion on the agency's financial statements may indicate substantial compliance with this requirement when it is solely due to reasons other than the agency's ability to prepare auditable financial statements. Further, a disclaimer of opinion may not indicate that there is a lack of substantial compliance with this requirement when it results from a material uncertainty, such as resolution of litigation or projecting future economic events.

 
• The audit disclosed no material weaknesses in internal controls that affect the agency's ability to prepare auditable financial statements and related disclosures.⁽⁷⁾

Implementing the SGL at the transaction level requires that the Core Financial System General Ledger Management Function is in full compliance with the SGL chart of accounts descriptions and posting rules; transactions from feeder systems are summarized and fed into the Core Financial System's General Ledger following SGL requirements through an interface (automated or manual); detail supporting the interface transactions can be traced back to the source transactions in the feeder systems; and the feeder systems process transactions consistent with SGL account descriptions and posting.

An agency of the Federal Government will be considered in substantial compliance with the SGL at the transaction level requirement if the agency's classification of financial events for its financial statements and required financial information provided to the Department of the Treasury and OMB is consistent with the account descriptions and posting rules as approved by the SGL Board and published by the Treasury Department's Financial Management Service in the Treasury Financial Manual.

Indicators:

• The agency's core financial system uses the SGL number to capture financial information, or the agency uses an alternative code (pseudo-code) following the same account descriptions and posting rules that are used by the SGL to capture financial information, and the information can be appropriately matched to SGL codes for reporting to OMB or Treasury and for preparing financial statements. The use of the SGL code in the feeder system is not necessary as long as the code definitions used to capture information are consistent with the SGL definitions.

 
• Systems must capture information using the same descriptions and posting rules as in the SGL. Detailed information captured in feeder systems can be summarized in the Core Financial System; however, information shall be captured and summarized so that it follows the SGL descriptions and posting rules and is captured at the level necessary to meet OMB or Treasury reporting requirements and for preparing financial statements.

 
• Transactions can be traced back to the source/point-of-entry in the feeder systems and to supporting information.

Based on the foregoing, the auditor shall use professional judgment in determining substantial compliance with the systems requirements of FFMIA. However, lack of substantial compliance with the requirements in any one or more of the three areas included in FFMIA -- Federal financial management system requirements, Federal accounting standards, and the SGL -- would result in lack of substantial compliance with FFMIA.

Further, a lack of substantial compliance with any one or more of the indicators described herein would typically result in a lack of substantial compliance with one or more of the three areas described above and, thus, a lack of substantial compliance with the systems requirements of FFMIA. Judgment shall be used in determining a lack of substantial compliance with an indicator. For instance, if an auditor finds that a few budget execution reports were submitted late to OMB and contained minor inaccuracies, this may not result in a lack of substantial compliance with the indicator regarding standard budget execution information. 

[Date of auditor's report]

[Name and title of head of audit organization]
[Address of audit organization]

Dear [name of head of audit organization]:

This letter is in connection with your audits of the [entity's] Principal Statements and Required Supplementary Stewardship Information (hereinafter referred to as "financial statements") (list Principal Statements and Required Supplementary Stewardship Information) as of [end of year(s) covered by principal statements and required supplementary stewardship information and for the year(s) then ended] for the purposes of (1) expressing an opinion as to whether the principal statements and required supplementary stewardship information are presented fairly, in all material respects, in conformity with Federal accounting standards, and (2) reporting whether the agency's financial management systems substantially comply with Federal financial management systems requirements, applicable Federal accounting standards, and the U.S. Government Standard General Ledger at the transaction level as of [the end of the period(s) covered by the financial statements].

We confirm, to the best of our knowledge and belief, the following representations made to you during your audits, that these representations are as of the date of your auditor's report, and pertain to the period [or periods] covered by the principal financial statements. [If comparative statements are presented the following sentence should be added: "These representations update the representations we provided in conjunction with your audit of the financial statements as of and for the year ended (state year)."]

1. We are responsible for the fair presentation of the financial statements in conformity with Federal accounting standards [or, where applicable, for the fair presentation of the financial statements in conformity with generally accepted accounting principles].

2. The financial statements are fairly presented in conformity with Federal accounting standards [or, where applicable, generally accepted accounting principles].

3. We have made available to you, all

5. The [entity] has satisfactory title to all owned assets, including stewardship property, plant, and equipment; such assets have no liens or encumbrances, nor have any assets been pledged.

6. We have no plans or intentions that may materially affect the carrying value or classification of assets and liabilities.

7. Guarantees under which the agency is contingently liable have been properly reported or disclosed.

8. Related party transactions and related accounts receivable or payable, including assessments, loans, and guarantees have been properly recorded and disclosed.

9. All intra-governmental transactions and activities have been appropriately recorded, reported, and disclosed.

10. There are no:

12. No material events or transactions have occurred subsequent to [the date of latest audited financial statements] that have not been properly recorded in the financial statements and required supplementary stewardship information or disclosed in the notes thereto.

13. There has been no material fraud (intentional misstatements or omissions of amounts or disclosures in financial statements and misappropriation of assets that could have a material affect on the financial statements) or any fraud involving management or employees who have significant roles in internal control. [Fraud meeting foregoing criteria should be described.]

14. We are responsible for establishing and maintaining internal control.

15. Pursuant to the Federal Managers Financial Integrity Act, we have assessed the effectiveness of [entity's] internal control in achieving the following objectives:

If there are material weaknesses in internal control, the forgoing representation should be modified to read: "Those controls in place on September 30, XXXX, provided reasonable assurance that the foregoing objectives are met except for the effects of the material weaknesses discussed below or in the attachment," or a statement that "internal controls are not effective" or "do not meet the foregoing objectives."

17. We are responsible for implementing and maintaining financial management systems that comply substantially with Federal financial management systems requirements contained in OMB Circular A-127, "Financial Management Systems," applicable Federal accounting standards, and the United States Government Standard General Ledger (SGL) at the transaction level.

18. We have assessed the financial management systems to determine whether they comply substantially with these Federal financial management systems requirements. Our assessment was based on criteria established under OMB Circular A-127 and guidance issued by OMB and included in Appendix D of OMB Bulletin 98-08.

19. The financial management systems complied substantially with Federal financial management systems requirements, applicable Federal accounting standards, and the SGL at the transaction level as of the [date of financial statements].

[If the financial management systems did not substantially comply, the following paragraphs should be used instead:

As of [date of financial statements], the entity's financial management systems do not comply substantially with the Federal financial management systems requirements.

Identify herein or in an attachment all the facts pertaining to the noncompliance, including the nature and extent of the noncompliance and the primary reason or cause of the noncompliance.

This representation does not change the representation in paragraph 2 of this letter.]

20. We are responsible for [entity's] compliance with applicable laws and regulations.

21. We have identified and disclosed to you all laws and regulations that have a direct and material effect on the determination of financial statement amounts.

22. We have disclosed to you all known instances of noncompliance with laws and regulations.

[Signed by Agency Head]
[Signed by Chief Financial Officer] 

We have audited the Principal Statements and Required Supplementary Stewardship Information (hereinafter referred to as "financial statements") of [Name of Federal Agency] as of and for the year ended September 30, XXXX, and have issued our report thereon dated _____________. We conducted our audit in accordance with generally accepted auditing standards; the standards applicable to financial audits contained in Government Auditing Standards, issued by the Comptroller General of the United States; and, Office of Management and Budget (OMB) Bulletin No. 98-08, "Audit Requirements for Federal Financial Statements."

In planning and performing our audit, we considered [Name of Federal Agency]'s internal control over financial reporting by obtaining an understanding of the agency's internal controls, determined whether these internal controls had been placed in operation, assessed control risk, and performed tests of controls in order to determine our auditing procedures for the purpose of expressing our opinion on the financial statements and not to provide assurance on the internal control over financial reporting. Consequently, we do not provide an opinion on internal controls.⁽⁹⁾
 
Our consideration of the internal control over financial reporting would not necessarily disclose all matters in the internal control over financial reporting that might be reportable conditions. Under standards issued by the American Institute of Certified Public Accountants, reportable conditions are matters coming to our attention relating to significant deficiencies in the design or operation of the internal control that, in our judgment, could adversely affect the agency's ability to record, process, summarize, and report financial data consistent with the assertions by management in the financial statements. Material weaknesses are reportable conditions in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that misstatements in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions. However, we noted certain matters [discussed in the following paragraphs or accompanying schedule] involving the internal control and its operation that we consider to be reportable conditions [and material weaknesses].

If none of the reportable conditions is believed to be a material weakness, the report should state the following: "However, none of the reportable conditions is believed to be a material weakness."

If no reportable conditions were noted during the audit, the report should state the following: "However, we noted no matters involving the internal control and its operation that we considered to be material weaknesses as defined above."

In addition, with respect to internal controls related to performance measures reported in [refer to section of financial statement or accountability report], we obtained an understanding of the design of significant internal controls relating to the existence and completeness assertions, as required by OMB Bulletin 98-08. Our procedures were not designed to provide assurance on internal control over reported performance measures, and, accordingly, we do not provide an opinion on such controls.

If conditions came to the auditor's attention that in his or her judgment represent significant deficiencies in the design or operation of internal control over performance measures, which could adversely affect the agency's ability to collect, process, record, and summarize performance information and report performance measures in accordance with management's criteria, the following sentence should be added to the foregoing paragraph. "However, we noted certain significant deficiencies in internal control over reported performance measures [discussed in the following paragraphs or accompanying schedule] that, in our judgment, could adversely affect the agency's ability to collect, process, record, and summarize performance information and report performance measures in accordance with management's criteria."

This report is intended for the information of the management of [Name of Federal Agency], OMB and Congress. However, this report is a matter of public record and its distribution is not limited.

[Signature]

[Date] 

[Addressee]

We have audited the Principal Statements and Required Supplementary Stewardship Information (hereinafter referred to as "financial statements") of [Name of Federal Agency] as of and for the year ended September 30, XXXX, and have issued our report thereon dated ______________. We conducted our audit in accordance with: generally accepted auditing standards; the standards applicable to financial audits contained in Government Auditing Standards, issued by the Comptroller General of the United States; and, Office of Management and Budget (OMB) Bulletin No. 98-08, "Audit Requirements for Federal Financial Statements."

The management of [Name of Federal Agency] is responsible for complying with laws and regulations applicable to the agency. As part of obtaining reasonable assurance about whether the agency's financial statements are free of material misstatement, we performed tests of its compliance with certain provisions of laws and regulations, noncompliance with which could have a direct and material effect on the determination of financial statement amounts and certain other laws and regulations specified in OMB Bulletin 98-08, including the requirements referred to in the Federal Financial Management Improvement Act (FFMIA) of 1996.

The results of our tests of compliance with the laws and regulations described in the preceding paragraph exclusive of FFMIA⁽¹⁰⁾ disclosed instances of noncompliance with the following laws and regulations that are required to be reported under Government Auditing Standards and OMB Bulletin 98-08, which are described below.

Under FFMIA, we are required to report whether the agency's financial management systems substantially comply with the Federal financial management systems requirements, Federal accounting standards, and the United States Government Standard General Ledger at the transaction level. To meet this requirement, we performed tests of compliance using the implementation guidance for FFMIA included in Appendix D of OMB Bulletin 98-08.

The results of our tests disclosed no instances in which the agency's financial management systems did not substantially comply with the three requirements discussed in the preceding paragraph.

[If the results of tests disclosed that the agency's systems did not substantially comply with the foregoing requirements, the preceding sentence should be replaced with the following:

1. The entity or organization responsible for the financial management systems that were found not to comply with the requirements.

2. All facts pertaining to the noncompliance, including: (a) the nature and extent of the noncompliance, (b) the primary reason or cause of the noncompliance, and (c) any relevant comments from reporting entity management or employees responsible for the noncompliance.

3. Recommended remedial actions and the time frames to implement such actions.]

Providing an opinion on compliance with certain provisions of laws and regulations was not an objective of our audit and, accordingly, we do not express such an opinion.⁽¹¹⁾

This report is intended for the information of the management of [Name of Federal Agency], OMB, and Congress. However, this report is a matter of public record, and its distribution is not limited.

[Signature]

[Date] 

Objective: To perform the procedures enumerated below to assist the Office of Personnel Management (OPM) in assessing the reasonableness of retirement, health, and life insurance withholdings/contributions and employee headcount data submitted by agencies. (Questions may be directed to OPM's Financial Policy Staff at (202) 606-0606.)

Procedures: Gain an understanding of the Agency Payroll Office's (APO's) procedures for reconciling payroll registers to Form 2812, Report of Withholdings and Contributions for Health Benefits, Life Insurance and Retirement. Obtain the APO's most recent Supplemental Semiannual Headcount Report submitted to OPM and the summary of Form 2812 submissions and related payments to OPM for the current fiscal year. Randomly select two Form 2812s submitted for the current fiscal year, and also obtain the Form 2812 that coincides with the most recent Supplemental Semiannual Headcount Report. Obtain payroll registers or payroll data files for the periods covered by the Form 2812s selected.

1. Perform the following procedures:

2. For the three pay periods selected, review the APO's reconciliation of the payroll data file to the general ledger accounts or, if such a reconciliation does not exist, perform the reconciliation. Report when the APO did not prepare the reconciliation. Also report any unsupported or unsubstantiated differences (i.e., gross rather than net) in the total payroll paid for the selected pay period and the amount recorded in the general ledger that exceeds 5% of total payroll. To the extent practical, management's comments on the auditor's findings shall be included in the report.

3. From the payroll registers corresponding to the three Form 2812s selected for testing in step 1, randomly select a total of twenty-five individuals from the payroll registers or files footed in step 1.a. that have retirement, health, and life insurance and at least one optional life coverage. For step 3.d. only, randomly select additional individuals as necessary so that ten individuals are selected for each life insurance option (i.e., Options A, B, and C). For each individual selected, perform the following procedures:

4. Randomly select a total of ten employees who do not have either health or life insurance withholdings from the payroll registers or related files footed in step 1.a. and verify from a review of personnel records that the employees elected to be excluded from health and/or life insurance coverage. Report any differences or exceptions that are unsupported or unsubstantiated, or represent an error. To the extent practical, management's comments on the auditor's findings shall be included in the report.

5. Recalculate the headcount reflected on the Supplemental Semiannual Headcount Report selected for testing above as follows:

To the Inspector General
U.S. Office of Personnel Management:

We have performed the procedures described below (or in the attachment), which were agreed to by the Inspector General, Chief Financial Officer, and the Associate Director for Retirement and Insurance of the U.S. Office of Personnel Management (OPM), solely to assist with respect to the employee withholdings and employer contributions reported on the Report of Withholdings and Contributions for Health Benefits, Life Insurance, and Retirement for the payroll periods ended [state dates] and Supplemental Semiannual Headcount Report as of [state date]. This engagement to apply agreed-upon-procedures was performed in accordance with the standards established by the American Institute of Certified Public Accountants. The sufficiency of the procedures is solely the responsibility of the Inspector General, Chief Financial Officer, and the Associate Director for Retirement and Insurance of OPM. Consequently, we make no representation regarding the sufficiency of the procedures described below either for the purpose for which this report has been requested or for any other purpose.

Insert the following unless the procedures and findings are in an attachment.

The procedures and the associated findings are as follows:

[Insert procedures and findings]

We were not engaged to, and did not, perform an audit, the objective of which would be the expression of an opinion on the withholdings and contributions for health benefits, life insurance, and retirement, and employee headcount of the [name of agency]. Accordingly, we do not express such an opinion. Had we performed additional procedures, other matters might have come to our attention that would have been reported to you.

This report is intended solely for the use of the Inspector General, Chief Financial Officer, and the Associate Director for Retirement and Insurance of OPM and should not be used by those who have not agreed to the procedures and taken responsibility for the sufficiency of the procedures for their purposes.

[Signature]

[Date]

c: Chief Financial Officer of OPM
Associate Director for Retirement and Insurance of OPM 

1. This list was included in OMB Bulletin 97-01. At the time of issuance of this Bulletin, OMB is considering modifying the list of statements that comprise the Principal Statements. Auditors shall refer to the most current version of OMB's Form and Content Bulletin to determine which statements shall be treated as Principal Statements for the fiscal year for which the financial statements were prepared.

2. Federal financial management systems requirements to be tested do not include those contained in the Framework for Federal Financial Management Systems and Travel System Requirements. These systems requirements do not affect an agency's ability to prepare financial statements in accordance with Federal accounting standards. 

3. An illustrative auditor's report on internal control is provided in Appendix F. Use of this guidance is optional. 

4. An illustrative auditor's report on compliance with laws and regulations is provided in Appendix G. Use of this guidance is optional. 

5. The requirement for components to prepare financial statements may be satisfied by presenting the components separately in consolidating agencywide financial statements and conducting an audit, in accordance with this Bulletin, at the consolidating financial statement level.

6. In very limited circumstances, reportable conditions that significantly impair an entity's ability to meet Federal financial management systems requirements (such as reportable conditions related to computer security over financial information covered by OMB Circular A-130, Appendix 3) may represent conditions reportable under FFMIA. 

7. In very limited circumstances, reportable conditions that significantly impair an entity's ability to meet Federal financial management systems requirements (such as reportable conditions related to computer security over financial information covered by OMB Circular A-130, Appendix 3) may represent conditions reportable under FFMIA. 

8. This illustrative management representation letter must be customized to the situation of the audited entity. Representations number 1-14 relate to the opinion on the financial statements and the required supplementary stewardship information; numbers 14-19 relate to management's assertion about the effectiveness of internal control; numbers 20-22 relate to management's assertion about the financial management systems' substantial compliance with Federal financial management system requirements; and numbers 23-25 relate to compliance with laws and regulations. AU Section 333, "Management Representations," Codification of Statements on Auditing Standards, provides examples of additional representations that may be appropriate. 

9. If the objective is to express an opinion on the agency's internal controls over financial reporting, the auditor should follow Statement on Standards for Attestation Engagements No. 2, "Reporting on an Entity's Internal Control Over Financial Reporting," issued by the American Institute of Certified Public Accountants. 

10. FFMIA does not impose any compliance requirements; rather, it requires reporting on whether an agency's financial management systems substantially comply with the financial management systems requirements contained in governmentwide policies, e.g., OMB Circular A-127, "Financial Management Systems;" Statements of Federal Financial Accounting Standards; and the United States Government Standard General Ledger published by the Department of the Treasury. FFMIA imposes additional reporting requirements when tests disclose instances in which agency systems do not substantially comply with the foregoing requirements. 

11. If the objective is to express an opinion on the agency's compliance with laws and regulations, the auditor should follow Statement on Standards for Attestation Engagements No. 3, "Compliance Attestation," issued by the American Institute of Certified Public Accountants.