4 FAM 040
Financial MANAGEMENT CONTROLS
(CT:FIN-468; 04-22-2021)
(Office of Origin: CGFS/MC)
4 FAM 041 GENERAL STATEMENT
(CT:FIN-468; 04-22-2021)
a. Internal control is a process effected by an agency's oversight body, management, and personnel that provides reasonable assurance that the objectives of the Department will be achieved. Management controls are a means of managing risk associated with Federal programs and operations. The Department is required to incorporate management controls in all of its programs and functions. 4 FAM 040 provides general guidance pertaining to financial management controls, including the recording and executing of transactions, separation of duties, supervision, record access, and accountability. 2 FAM 020 explains the responsibilities associated with the evaluation and improvement process of the Department’s system of management controls.
b. As required by 31 U.S.C. 3512, the head of each executive agency must establish and maintain systems of accounting and management controls that provide:
(1) Complete disclosure of the financial results of the agency’s activities;
(2) Reliable and timely financial information the agency needs for management purposes;
(3) Effective control over, and accountability for, assets for which the agency is responsible;
(4) Reliable accounting results that will be the basis for preparing and supporting the budget requests of the agency; controlling the execution of the agency budget; and providing financial information that the President requires; and
(5) Suitable integration of the accounting system with the central accounting and reporting responsibilities of the Secretary of the Treasury.
c. The accounting system must incorporate a comprehensive system of management controls characterized by:
(1) Organizational plans that provide appropriate separation of functional responsibilities;
(2) Authorization and recording procedures adequate to provide reasonable control over assets, liabilities, revenues, and expenses;
(3) Sound practices incorporated within the performance of duties and functions of organizational components; and
(4) Assignment of responsibilities to personnel commensurate with their qualifications.
d. The Federal Managers’ Financial Integrity Act (FMFIA) of 1982, Public Law 97-255, codified at 31 U.S.C. 3512 and implemented by OMB Circular A-123, amended, requires that internal accounting and administrative controls of each executive agency must be established in accordance with standards prescribed by the Comptroller General and must provide reasonable assurances that:
(1) Obligations and costs are in compliance with applicable law;
(2) Funds, property, financial information, and other assets are safeguarded against waste, loss, unauthorized use, and misappropriation; and
(3) Revenues and expenditures applicable to agency operations are properly recorded and accounted for to permit the preparation of accounts and reliable financial and statistical reports and to maintain accountability over the assets.
The standards prescribed by the Comptroller General under this paragraph also include standards to ensure the prompt resolution of all audit findings (see GAO report number GAO-14-704G, Standards for Internal Control in the Federal Government, most commonly referred to as the Green Book).
e. The Federal Financial Management Improvement Act (FFMIA) of 1996, Public Law 104-208, requires that agencies develop and maintain financial management systems that substantially comply with Federal accounting standards, Federal financial management system requirements, and the standard general ledger.
f. The Payment Integrity Information Act of 2019 (PIIA) requires that agencies periodically review all programs and activities that the agency head administers and identify all program and activities that may be susceptible to significant improper payments, and have a cost-effective recapture audit program to identify and collect overpayments and other improper payments. Additionally, PIIA requires agencies to comply with prepayment procedures defined within the Do Not Pay initiative as well as to conduct an evaluation of fraud risk, and improve fraud prevention controls.
g. OMB Circular A-123, as amended, Management's Responsibility for Enterprise Risk Management and Internal Control, promulgates a U.S. Government-wide internal control policy and a system of agency responsibilities and requirements. It requires agencies to implement an Enterprise Risk Management capability coordinated with strategic planning and review processes, and with management control processes required by FMFIA and GAO's Green Book. The circular provides guidance to Federal managers on improving the accountability and effectiveness of Federal programs and operations by establishing, assessing, correcting, and reporting on management controls. The circular has specific appendices that address controls over reporting and data integrity risk (Appendix A); the U.S. Government charge card program (Appendix B); and payments made under PIIA (Appendix C). The circular requires each agency head to report annually on management control through Statements of Assurance (overall FMFIA assurance).
4 FAM 042 SEPARATION OF DUTIES
(CT:FIN-468; 04-22-2021)
a. The system of management controls must incorporate an appropriate separation of duties between authorizing, processing, recording, and reviewing transactions; and maintaining the accounting records and receipts, as well as using and disposing of resources. No individual should control all key aspects of a transaction or event. Particular emphasis should be made as follows:
(1) Employees collecting receipts or having custody of cash or negotiable securities must not be assigned to duties of maintenance or reconciliation of related accounting records;
(2) Employees having procurement authority, custody of property, property disposal, or collection of disposal funds responsibilities must not be responsible for maintaining or adjusting related accounting records;
(3) Employees requesting obligations must not be assigned to duties of recording obligations for purchasing goods and services in accounting records; and
(4) Employees approving or certifying vouchers for payment must not be assigned procurement, receiving, invoice approval or inventory duties.
b. A proper separation of duties must exist and be reflected in the financial systems access profiles for all personnel. Access levels and passwords and/or IDs for all financial systems will be under the control of the CGFS information systems security office (ISSO).
c. On an annual basis, the Department ISSOs, system business owners, and post and domestic bureau/office management will review the access controls for financial systems, recertification of users, and individual access rights and verify that systems accesses for all personnel support the proper separation of duties. The review must be documented and sent to the Comptroller.
d. At overseas posts and domestic bureaus/offices operational conditions may require duties to overlap. Where a post or bureau/office requires the same individual to perform multiple functions that conflict with the proper separation of duties, management must submit a request for departmental approval of dual authority. The request must include an explanation of the need for dual authority, start/end date, and additional controls put in place if authorized. The Office of Financial Policy (CGFS/FPRA/FP) working with the Office of the Procurement Executive (A/OPE) will review dual authority requests for certifying and contracting duties, obtain additional information as necessary, and grant dual authority for a specified period based upon demonstrated compelling operational need. GFMS or RFMS business process role owners in consultation with ISSOs will review other dual authority requests, obtain additional information as necessary, approve a separation of duties conflict within the systems based upon demonstrated compelling operational need, and maintain a log of these dual authority requests and approvals.
4 FAM 043 PERSONAL RESPONSIBILITY
(CT:FIN-468; 04-22-2021)
a. Employees are responsible for the custody and appropriate disposition or use of property or other assets entrusted to their care, and, in some cases, for the administrative review of such custody, disposition, or use by others.
b. Employees at all levels are expected to be familiar with management control objectives and techniques associated with their assigned duties.
c. Managers are responsible for the establishment, maintenance, continuing evaluation, and monitoring of management controls. Managers are also responsible for ensuring that skill needs are continually assessed and that the Department is able to obtain a workforce that has the required skill set that matches those necessary to achieve the Department’s goals.
4 FAM 044 ACCOUNTING CONTROLS
(CT:FIN-468; 04-22-2021)
a. A system of general ledger and subsidiary accounts must be maintained for assets, liabilities, investments of the U.S. Government, revenues, and costs. Accounts must be reconciled and differences investigated according to the following schedule:
(1) Produce general ledger trial balances at least at the end of each monthly accounting period. Both internal and external reports will be based on the accounting period;
(2) Reconcile subsidiary ledger cost accounts with the general ledger control accounts at the close of each accounting period;
(3) Reconcile subsidiary ledgers for property and current asset inventories to general ledger controls at least at the end of each fiscal year, and at intervals when physical inventories are taken. Also, reconcile subsidiary ledgers for assets, other than property, current asset inventories, and liabilities to general ledger controls at the end of each accounting period;
(4) Review documents supporting unliquidated obligations with financial management and accounting system on a monthly basis (including the end of each fiscal year). Critically review obligation balances at the end of each fiscal year to ensure they are still valid and can be supported by documentary evidence as specified in 31 U.S.C. 1501 (34 Comp. Gen 820). Specific responsibility must be assigned at the operating level to prepare adequate working papers and records in a form suitable for audit (GAO Policy and Procedures Manual for Guidance of Federal Agencies, Title 7, Chapter 3, Section 3.8); and
(5) Other financial records maintained by management, if considered as subsidiary to the accounting records, must be reviewed and reconciled at least quarterly.
b. An audit trail refers to the documentary or other evidence in place (on hard copy or authorized electronic storage devices) that allows the retracing of a transaction to its source.
c. For individual voucher claims, the audit trail includes but is not restricted to requisition of goods; request for proposals or solicitations; issuance of purchase order or contract; preparation of a receiving report or other evidence of performance or receipt; preparation of vendor or U.S. agency invoice or voucher; verification of names and signatures of individuals authorized to approve transactions; and maintenance of logs to track claims in transit and voucher schedules.
d. Audit trail requirements for the entire voucher and claim process include identification of accounting classification codes; maintenance of relevant dates, such as preparation date, processing date, and accounting date; maintenance of records (i.e., authorization of individuals to perform specific functions, signature cards, letter of authorization); retention of supporting documentation and certificates; retention of vouchers, supporting documentation, calculations, and computations, etc., for manual systems; and maintenance, in an automated environment, of batch control logs, header and trailer records, error listings, suspense and exception reports, etc.
4 FAM 045 ADMINISTRATIVE REVIEW
(CT:FIN-468; 04-22-2021)
a. The system of management controls must include administrative review of disbursement transactions sufficient to ensure compliance with laws and regulations governing certification of vouchers and disbursing of U.S. Government funds. Transactions and other significant events should be authorized and executed only by persons acting within their scope of authority. Vouchers must be reviewed consistent with Department requirements.
b. Certifying officers certifying voucher schedules can rely on the integrity of the automated payment system as a whole and do not physically examine hard copy documentation (vouchers). The reasonableness of the certifying officer’s reliance on an automated payment system must be based on the audits and reviews of the system controls that have been conducted by the OIG, GAO, and internally by CGFS, management assertions about the controls functioning properly, and the system's authority to operate that indicate the system on which they rely is functioning properly, operating effectively and can be relied upon to make accurate and legal payments (see 4 FAM 022.13).
4 FAM 046 SAFEGUARDING OF rESOURCES
(CT:FIN-402; 06-17-2009)
All funds, cash, collections, financial information, property, and other resources for which the Department is responsible will be appropriately safeguarded to prevent misuse, misappropriation, unwarranted waste, deterioration, or destruction. No assets are to be disposed of; leave the possession of the Department; or be reduced in value without proper authorization. Access to U.S. Government resources must be restricted to authorized persons. Accountability must be assigned and maintained, and periodic reviews should occur to account for all resources.
4 FAM 047 Office of management control internal reviews
(CT:FIN-468; 04-22-2021)
The Office of Management Control (CGFS/DCFO/MC) administers the requirements of the Federal Managers' Financial Integrity Act (FMFIA) for the Department. These requirements include providing annual FMFIA guidance materials to the bureaus and posts; compiling the results of the statements of assurance from the Assistant Secretaries and chiefs of mission; and preparing analysis materials for the Management Control Steering Committee (MCSC), who evaluates significant deficiencies and material weaknesses reported in the Statements of Assurance. The MCSC votes on what content to recommend to the Secretary to be disclosed within the Secretary's overall statement of assurance as it will be presented in the annual report. Procedures necessary to comply with Circular A-123, Appendix A (internal controls over reporting and data integrity risk) and Appendix C (improper payments) are also performed by CGFS/DCFO/MC, as well as the GAO Green Book and the Fraud Reduction and Data Analytics Act. (See 1 FAM 614.14 for further description.)
4 FAM 048 office of inspector general audits and inspections
(CT:FIN-418; 02-19-2013)
The Office of Inspector General (OIG) is responsible for independent audits and inspections of agency programs and operations, which include financial management. OIG’s mission is to protect the integrity of the U.S. Government; improve program efficiency and effectiveness; and prevent and detect fraud, waste, and abuse in Federal agencies. The OIG’s independent audits and inspections are an integral part of the Department’s management controls. The IG Act requires agency managers to follow up on audit recommendations. Agency managers should use the findings and recommendations made in these independent audit reports to correct problems resulting from inadequate or poorly designed controls and to build appropriate controls into new programs (see 1 FAM 050).
4 FAM 049 UNASSIGNED