GSA Management and Internal Control Program

  1. Management’s Responsibility for Enterprise Risk Management and Internal Controls
    Internal control is at the core of GSA fulfilling its mission and achieving its goals while safeguarding governmental resources. GSA management is responsible for implementing internal control activities across the agency.

    GSA uses a top down collaborative approach to implement effective and efficient internal controls. The agency’s senior assessment team, the Management Control Oversight Council (MCOC), chaired by the Acting Deputy Administrator, is responsible for establishing governance for GSA’s senior managers to provide leadership and oversight necessary for effective implementation of the Agency’s Internal Control Program. GSA evaluates internal control across the Agency at various levels of the organization to ensure significant risks are identified, and related internal controls are tested and evaluated.

    In FY 2017, GSA continued to strengthen management practices and internal controls to assure the integrity of its programs, operations, business and financial management systems. GSA completed an initial risk profile, reviewed it with GSA leadership, considered it as part of the FY 2018 to 2022 strategic plan, and included it with the guidance for developing the FY 2019 budget.

    The OCFO A-123 Internal Control Review team and the Office of Government-wide Policy (OGP) conducted parallel financial and acquisition reviews across the agency. The organization within OGP performing the work was the Procurement Management Review (PMR) Division, which is a component of the Procurement Management Division that reports directly to the GSA Senior Procurement Executive in the Office of Acquisition Policy. PMR reviews assessed the effectiveness of internal controls over procurement management. By analyzing activities from both an acquisition and financial perspective, GSA addressed control issues that involved financial and acquisition functions. Any identified control deficiencies are tracked through a database application and monitored for timely and accurate implementation of corrective actions.

    The OCFO deploys an extensive annual testing and assessment methodology that evaluates the effectiveness of internal controls over financial reporting and financial systems. In FY 2017, OCFO redesigned the assessment process to support the statement of assurance conducting an agency wide assessment of the 5 Components and 17 Principles of Internal Control as required by GAO’s Standards for Internal Control in the Federal Government (Green Book). The OCFO also worked on improving the quality of the reporting and monitoring of improper payments by recruiting a new Compliance Branch Chief in the Internal Controls Division, and providing improper payment training to all members of the branch.

  2. Federal Managers’ Financial Integrity Act
    The FMFIA of 1982 requires that agencies establish internal controls and financial systems to provide reasonable assurance that the integrity of federal programs and operations is protected. Furthermore, it requires that the head of the agency provide an annual assurance statement on whether the agency has met this requirement and whether any material weaknesses exist.

    In response to the FMFIA, the Agency holds managers accountable for the performance, productivity, operations and integrity of their programs through the use of internal controls. Senior managers at the Agency each year evaluate the adequacy of the internal controls surrounding their activities and determine whether the controls conform to the internal control standards established by OMB and the U.S. Government Accountability Office (GAO). The results of these evaluations and other information provided to senior management are used to determine whether there are any internal control matters to be reported as material weaknesses. The Agency’s senior assessment team, the MCOC, provides oversight of the internal control program and advises the Administrator on the Statement of Assurance.

    Additionally, GSA monitors internal controls over purchase and travel cards. See the Fraud Reduction Report Section for comments on this activity.

  3. OMB Circular No. A-123, Appendix A
    Appendix A of OMB Circular No. A-123 provides requirements to agencies for conducting the management assessment of internal control over financial reporting. The Agency’s evaluation for FY 2017 did not identify any material weaknesses in financial controls as of, or subsequent to June 30, 2017.

  4. Federal Financial Management Improvement Act
    The FFMIA of 1996 was designed to improve federal financial management and reporting by requiring that financial management systems comply substantially with three requirements:
    (1) Federal financial management system requirements;
    (2) Applicable federal accounting standards; and
    (3) The United States Government Standard General Ledger at the transaction level.

    Furthermore, the Act requires independent auditors to report on agency compliance with the three stated requirements as part of financial statement audit reports. The Agency evaluated its financial management systems and has determined that they substantially comply with federal financial management systems requirements, applicable federal accounting standards and the United States Government Standard General Ledger at the transaction level.

  5. Information and Financial Management Systems Framework
    The Chief Financial Officers Act assigns responsibilities for planning, developing, maintaining, and integrating financial management systems within federal agencies. GSA currently maintains E-Payroll applications; portions of its legacy core accounting system, and general support systems, which operate on a variety of hosting platforms to support various feeder applications. In FY 2017, GSA continued its progress in financial systems modernization and improvement in support of this financial management systems framework. To achieve its strategic goals GSA will continue efforts to streamline, consolidate, and modernize financially oriented general support systems. These strategies support GSA financial management system goals of reducing financial system operating and maintenance costs, and enhancing compliance and IT security controls.

  6. Federal Information Security Modernization Act
    The Federal Information Security Management Act (FISMA) requires federal agencies to implement a mandatory set of processes and system controls designed to ensure the confidentiality, integrity, and availability of system-related information. The processes and systems controls in each federal agency must follow established Federal Information Processing Standards, National Institute of Standards and Technology (NIST) standards, and other legislative requirements pertaining to federal information systems, such as the Privacy Act of 1974.

    To facilitate FISMA compliance, GSA maintains a formal program for information security management focused on FISMA requirements, protecting GSA IT resources, and supporting the GSA mission. This program consists of policies, procedures, and processes to mitigate new threats and anticipate risks posed by new technologies. Designated GSA information system security managers and information system security officers implement information security requirements in accordance with FISMA requirements and GSA policies.

    GSA continues to address weaknesses identified in its Plan of Action and Milestones. GSA annually provides security and privacy awareness training for over 15,000 employees and contractors. GSA continues to implement and develop a continuous diagnostics and mitigation (CDM) program in accordance with NIST, U.S. Department of Homeland Security (DHS), and OMB direction.
Last Reviewed: 2019-01-30