FEDERAL MANAGER'S ACCOUNTABILITY ACT OF 1981 A HEARING BEFORE THE SUBCOMMITTEE OF THE COMMITTEE ON GOVERNMENT OPERATIONS HOUSE OF REPRESENTATIVES NINETY-SEVENTH CONGRESS FIRST SESSION ON H.R. 1526

Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 FEDERAL MANAGERS' ACCOUNTABILITY ACT OF 1981 HEARING SUBCOMMITTEE OF THE COMMITTEE ON GOVERNMENT OPERATIONS HOUSE OF REPRESENTATIVES NINETY-SEVENTH CONGRESS FIRST SESSION ON H.R. 1526 TO AMEND THE ACCOUNTING AND AUDITING ACT OF 1950 TO REQUIRE ONGOING EVALUATIONS AND REPORTS ON THE ADEQUACY OF THE SYSTEMS OF INTERNAL ACCOUNTING AND ADMINISTRATIVE CONTROL OF EACH EXECUTIVE AGENCY, AND FOR OTHER PURPOSES U.S. GOVERNMENT PRINTING OFFICE 77-6770 WASHINGTON : 1981 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 L. H. FOUNTAIN, North Carolina DANTE B. FASCELL, Florida BENJAMIN S. ROSENTHAL, New York DON FUQUA, Florida JOHN CONYERS, JR., Michigan CARDISS COLLINS, Illinois JOHN L. BURTON, California GLENN ENGLISH, Oklahoma ELLIOTT H. LEVITAS, Georgia DAVID W. EVANS, Indiana TOBY MOFFETT, Connecticut HENRY A. WAXMAN, California FLOYD J. FITHIAN, Indiana TED WEISS, New York MIKE SYNAR, Oklahoma EUGENE V. ATKINSON, Pennsylvania STEPHEN L. NEAL, North Carolina DOUG BARNARD, JR., Georgia PETER A. PEYSER, New York BARNEY FRANK, Massachusetts HAROLD WASHINGTON, Illinois TOM LANTOS, California FRANK HORTON, New York JOHN N. ERLENBORN, Illinois CLARENCE J. BROWN, Ohio PAUL N. McCLOSKEY, JR., California THOMAS N. KINDNESS, Ohio ROBERT S. WALKER, Pennsylvania M. CALDWELL BUTLER, Virginia LYLE WILLIAMS, Ohio H. JOEL DECKARD, Indiana WILLIAM F. CLINGER, JR., Pennsylvania RAYMOND J. McGRATH, New York HAL DAUB, Nebraska JOHN HILER, Indiana DAVID DREIER, California WENDELL BAILEY, Missouri LAWRENCE J. DENARDIS, Connecticut JUDD GREGG, New Hampshire WILLIAM M. JONES, General Counsel JOHN E. MOORE, Staff Administrator ELMER W. HENDERSON, Senior Counsel JOHN M. DUNCAN, Minority Staff Director DANTE B. FASCELL, Florida DON FUQUA, Florida ELLIOTT H. LEVITAS, Georgia DAVID W. EVANS, Indiana HENRY A. WAXMAN, California FRANK HORTON, New York JOHN N. ERLENBORN, Illinois M. CALDWELL BUTLER, Virginia WILLIAM F. CLINGER, JR., Pennsylvania RICHARD C. BARNES, Staff Director (II) Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 CONTENTS Page Hearing held on March 11, 1981 ................................................................................... 1 Text of H.R. 1526 .............................................................................................................. 2 Statement of- Abbadessa, John P., executive vice president, Association of Government Accountants, accompanied by Gilbert Simonetti, chairman, Congres- sional Affairs Committee .................................................................................... 83 Brooks, Hon. Jack, a Representative in Congress from the State of Texas, and chairman, Legislation and National Security Subcommittee: Open- ing statement ........................................................................................................ 1 Hyde, Hon. Henry J., a Representative in Congress from the State of Illinois ..................................................................................................................... 16 Lordan, John J., Chief, Financial Management Branch, Office of Manage- ment and Budget .................................................................................................. 58 Watsen, John K., on behalf of the Institute of Internal Auditors .................. 103 Letters, statements, etc., submitted for the record by- Abbadessa, John P., executive vice president, Association of Government Accountants: Excerpts from a document entitled "Executive Reporting on Internal Controls in Government" ........................................................................... 87-96 Responses to Chairman Brooks' and Congressman Horton's questions 98- 100 Hyde, Hon. Henry J., a Representative in Congress from the State of Illinois: Information concerning the Budget and Accounting Act ......................... 54 Study on management reports published by Ernst & Whinney ............. 18-52 Lordan, John J., Chief, Financial Management Branch, Office of Manage- ment and Budget: Responses to Chairman Brooks' questions .................................................. 66-70 Responses to Congressman Horton's questions .......................................... 71-78 Staats, Elmer B., Comptroller General of the United States: February 25, 1981, statement before the subcommittee ......................................................... 8-14 Watsen, John K., on behalf of the Institute of Internal Auditors: Document entitled "A Focus on the Role of the Internal Auditor" .... 106- 148 Submissions to additional subcommittee questions .............................. 149-150 APPENDIX Material submitted for the record ................................................................................ 153 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 FEDERAL MANAGERS' ACCOUNTABILITY ACT OF 1981 HOUSE OF REPRESENTATIVES, LEGISLATION AND NATIONAL SECURITY SUBCOMMITTEE OF THE COMMITTEE ON GOVERNMENT OPERATIONS, Washington, D.C. The subcommittee met, pursuant to notice, at 1:45 p.m., in room 2247, Rayburn House Office Building, Hon. Jack Brooks (chairman of the subcommittee) presiding. Present: Representatives Jack Brooks, Frank Horton, and M. Caldwell Butler. Also present: subcommittee staff: Cynthia Meadow, professional staff member; Linda Shelton, office manager; full committee staff: William M. Jones, general counsel; Elmer W. Henderson, senior counsel; John M. Duncan, minority staff director; and Thomas Houston, minority professional staff, Committee on Government Operations. OPENING STATEMENT OF CHAIRMAN BROOKS Mr. BROOKS. Today's hearing is on H.R. 1526, the Federal Manag- ers' Accountability Act of 1981. Over the years studies done by the GAO and others have uncov- ered waste in Federal resources, funds, and property, which appar- ently could have been avoided by more stringent and more effec- tive internal controls. The bill which is before us today would improve those controls by requiring top agency management offi- cials to certify the effectiveness of the system of internal controls and outline a plan and schedule for strengthening any weaknesses in the system. In addition, the bill establishes the Office of Inspector General as the recipient of any allegations of false or misleading statements in connection with the certification process or the certification state- ment itself. [The bill, H.R. 1526, follows:] Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 2 97TH CONGRESS He R? 1526 tsT SESSION To amend the Accounting and Auditing Act of 1950 to require ongoing evalua- tions and reports on the adequacy of the systems of internal accounting and administrative control of each executive agency, and for other purposes. IN THE ROUSE OF REPRESENTATIVES FFBRIJARY 2, 1981 Mr. BROOKS introduced the following bill; which was referred to the Committee on Government Operations A BILL To amend the Accounting and Auditing Act of 1950 to require ongoing evaluations and reports on the adequacy of the systems of internal accounting and administrative control of each executive agency, and for other purposes. 1 Be it enacted by the Senate and House of Representa- 2 tives of the United States of America in Congress assembled, 3 SECTION 1. This Act may be cited as the "Federal 4 Managers' Accountability Act of 1981". 5 SEC. 2. Section 113 of the Accounting and Auditing 6 Act of 1950, as amended (31 U.S.C. 66a), is amended by 7 adding at the end thereof the following new subsection: Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 2 1 "(d)(1) To ensure that the requirements of subsection 2 (a)(3) of this section are fully complied with, the head of each 3 executive agency which the Director of the Office of Manage- 4 ment and Budget determines to be covered by this subsection 5 shall prepare a report stating an opinion on the adequacy of 6 the agency's systems of internal accounting and administra- 7 tive control by December 31, 1982, and by December 31 of 8 the succeeding year. 9 "(2) The reports shall be signed by the head of each 10 executive agency and addressed to the President. Such re- 11 ports shall also be made available to Congress and the public. 12 "(3) By December 31, 1981, the Comptroller General, 13 in consultation with the Director of the Office of Management 14 and Budget, shall establish a system of reporting and guide- 15 lines for the agencies in performing evaluations on their sys- 16 tems of internal accounting and administrative control. The 17 Comptroller General, in consultation with the Director, may 18 modify the system for reporting or the guidelines for 19 conducting the evaluations from time to time as deemed 20 necessary. 21 "(4) Internal accounting and administrative controls 22 shall be established in accordance with standards prescribed 23 by the Comptroller General, and shall provide reasonable 24 assurances that- Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 3 1 "(i) all obligations and costs were in compliance 2 with applicable law; 3 "(ii) all funds, property, and other assets were 4 safeguarded against waste, loss, unauthorized use, or 5 misappropriation; and 6 "(iii) all revenues and expenditures applicable to 7 agency operations were properly recorded and account- 8 ed for to permit the preparation of accounts and reli- 9 able financial and statistical reports and to maintain 10 accountability over the assets. 11 Any inadequacy or material weaknesses in an agency's sys- 12 tems of internal accounting and administrative control which 13 prevents the head of the agency from stating that the 14 agency's systems of internal accounting and administrative 15 control provided reasonable assurances that each of the ob- 16 jectives specified above were achieved shall be identified and 17 the plans and schedule for correcting any such inadequacy 18 described in detail. 19 "(5)(A) The Inspector General of an executive agency 20 or, if no Inspector General exists for an agency, the head of 21 the internal audit staff, shall receive and investigate any alle- 22 gation that an employee of the agency provided false or mis- 23 leading information in connection with the evaluation of the 24 agency's systems of internal accounting and administrative 25 control or in connection with the preparation of the annual Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 5 4 1 report on the systems of internal accounting and administra- 2 tive control. 3 "(B) If, in connection with any investigation under sub- paragraph (A), the Inspector General or the head of the in- ternal audit staff, as appropriate, determines that there is reasonable cause to believe that false or misleading informa- tion was provided, he shall report that determination to the head of the agency. "(C) The head of the agency shall review any matter referred to him under subparagraph (B) and shall take action under chapter 75 of title 5, United States Code, or such other disciplinary or corrective action as he deems necessary.". SEC. 3. Section 201 of the Budget and Accounting Act, 1921 (31 U.S.C. 11), is amended by adding at the end there- of the following new subsection: "(k) The President shall include in the supporting detail 17 accompanying each budget submitted on or after January 1, 18 1982, a statement with respect to each department and es- 19 tablishment of- 20 "(1) the original amount of appropriations re- 21 quested by the Office of the Inspector General of such 22 department or establishment, if any; 23 "(2) the changes made in such request by the 24 head of such department or establishment prior to the Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 5 1 submission of such request to the Director of the Office 2 of Management and Budget; 3 "(3) any further changes made in such request 4 prior to the submission of such Budget to the 5 Congress.". 6 SEc. 4. Section 215 of the Budget and Accounting Act, 7 1921 (31 U.S.C. 23), is amended by inserting immediately 8 after the first sentence thereof the following new sentence: 9 "The head of each department and establishment shall in- 10 elude with any such requests for appropriations a statement 11 certifying that the request is based on an accounting system 12 that has been approved by the Comptroller General pursuant 13 to section 112 of the Budget and Accounting Act of 1950.". Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. BROOKS. Such requirements focus attention on an area which has had low priority in recent years. The lack of strong and effec- tive controls has created opportunity for waste, misuse, and mis- management, as well as fraudulent transactions. If these opportu- nities were lessened-if not altogether eliminated-Federal pro- grams would automatically experience an expansion of funds as more of the taxpayers' hard-earned dollars would be available for use in implementing program objectives as intended by the Con- gress. The type statement of effectiveness required by this legisla- tion is voluntarily in use today in the private sector. It is just sound business practice to require that the Federal Government also maintain tight control over all its resources. In hearings on February 25, the then Comptroller General, Elmer Staats of the General Accounting Office, strongly supported this legislation. A copy of Mr. Staats' statement will be included in the record at this point. [The statement follows:] Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 8 UNITED STATES GENERAL ACCOUNTING OFFICE FOR RELEASE ON DELIVERY EXPECTED AT 10:00 AM WEDNESDAY, FEBRUARY 25, 1981 STATEMENT OF ELMER B. STAATS, COMPTROLLER GENERAL UNITED STATES GENERAL ACCOUNTING OFFICE BEFORE THE SUBCOMMITTEE ON LEGISLATION AND NATIONAL SECURITY COMMITTEE ON GOVERNMENT OPERATIONS HOUSE OF REPRESENTATIVES CONCERNING IMPROVING FEDERAL AGENCIES' SYSTEMS OF INTERNAL FINANCIAL CONTROL Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 9 We are here today to testify on the merits of the pro- posed bill H.R. 1526 entitled the "Federal Managers' Account- ability Act of 1981." This bill, if enacted, will require ongoing evaluations and reports on the systems of internal con- trol of each executive agency. I am grateful for the opportunity to offer our support for the bill and to provide some insight as to why the legislation has our enthusiastic support. Broadly speaking, the bill deals with the area of account- ability, a subject receiving a lot of attention in the past several years. A seemingly unending disclosure of fraud, waste, abuse, and mismanagement in Government during the 1970s has surfaced a serious crisis of confidence in Federal Government programs and agencies. Moreover, the ability of Government officials to effectively, efficiently, and honestly administer programs was a major issue in the recent national election and, as a result, has intensified the need to improve accountability at all levels of management. Federal departments and agencies cannot maintain a level of accountability expected by the public unless they can be assured that strong and effective control over operations exists. Internal control systems properly conceived, soundly based, and effectively monitored are the front-line defense against fraud, waste, and abuse. The proposed "Federal Managers' Accountability Act of 1981" was designed for the purpose of strengthening controls by requiring management to periodically analyze, monitor, and report on the adequacy of their systems of internal control. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 10 The proposed bill deals with internal accounting and administrative controls which essentially are plans of opera- tions, procedures, and records designed to lead to the most effective and efficient management decisions, the safeguard of assets, and the maintenance of reliable financial records. Such controls include for example: (1) a routine in a computer sys- tem that prevents issuance of a salary check to any individual that the personnel department has not approved as a bonafied employee, (2) a separation of duties and responsibilities be- tween persons authorized to purchase materials and approve pay- ment for them to minimize the chances of error or embezzlement, and (3) a requirement to do a periodic reconciliation between actual property on hand and quantities per accounting records to insure that financial reports are reliable. The requirements for Federal agencies to maintain internal administrative and accounting control systems have been mandated by law for over 30 years; however, most agencies have not always given adequate priority to their internal control systems. The General Accounting Office (GAO) has issued literally hundreds of reports and studies that disclose the fact that most agencies are operating systems vulnerable to physical losses and waste of Federal property and money as well as susceptible to fraudulent or otherwise improper use of Federal resources. Examples of findings disclosed in GAO's reports include: --About $198,000 was returned by vendors because duplicate payments were made by one department as a result of in- adecuate control over processing invoices submitted by the vendors. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 11 --A ru;,;.er of Federal agencies were found to incur connitnents for future cash outlays without first verifying availability of appropriated funds. --A number of agencies did not effectively analyze receivables to identify overdue accounts in order to take necessary action to receive payment. --A Defense Department employee embezzled over $2 million because he was allowed to both process claim adjustments as well as approve claim payments. Although agency management has generally concurred with the internal control weaknesses reported by GAO and has agreed to implement appropriate corrective actions, the weaknesses that are left undetected by management, GAO auditors, or other Federal auditors is reason for greater concern. The proposed Federal Managers' Accountability Act of 1981 would supplement existing legislation by requiring management to periodically monitor and report on the adequacy of their systems of internal control to provide reasonable assurance that (1) all financial commitments and obligations were in compliance with applicable laws; (2) all funds, property, and other assets were safeguarded against waste, loss, unauthorized use or misappropria- tion; and (3) all revenues were properly recorded and accounted for. Specifically, the Act requires each agency head to conduct annual evaluations of internal accounting and administrative control and to prepare an annual report, addressed to the President and made available to the Congress and the public, stating an opinion on the adequacy of the agency's systems of internal control. The Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 12 correcting such weaknesses, and (3) a narrative on any un- resolved findings disclosed in audit or management reports. In addition, these reports are subject to review and audit by Federal auditors (both GAO and agency Inspector Generals or the chief of internal audit) to determine their accuracy and validity. Although we actively support the passage of this bill, we do have one minor concern related to section 4 of the bill. Section 4 requires the head of each agency to include with appropriation requests a statement certifying that the request be based on an accounting system that has been approved by the Comptroller General. Since no penalty or action is specified if certification could not be made, this provision seems to con- clude that a possibility exists for appropriation request to go unapproved, in which case operations of Government activities can be at least temporarily halted. All agencies' accounting systems have not yet been approved although we continue to work closely with agencies and provide the assistance they need. We believe a better approach might be for the legislation to pro- vide that, when an appropriation is requested, the head of an agency be required to report to the Congress on the status and progress made in having its accounting system(s) approved. This would give the Congress an opportunity to exercise its oversight authority with individual agencies to see that their systems get approved. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 13 Notwithstanding this concern which needs only minor mod- ification, we believe the importance of this proposed legislation cannot be understated. Effective internal controls help ensure that Government managers know what their monetary and physical assets and resources are at all times; know how the assets are being used, dispensed, and disposed of and for what purposes; know that such purposes are authorized; and know that fraud, waste, and abuse are minimized and discouraged. This proposed legislation establishes a badly needed mechanism which forces management to pay closer attention to the quality of internal controls in its agency and, more importantly, it establishes a vehicle to enhance accountability of Federal officials. We be- lieve passage of the Federal Managers' Accountability Act of 1981 would definitely help bring about strong commitment and vigilance in the area of accountability. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 14 SOURCE OF EXAMPLES USED IN THE FEBRUARY 25, 1981, STATEMENT OF ELMER B. STAATS, COMPTROLLER GENERAL BEFORE THE SUBCOMMITTEE ON LEGISLATION AND NATIONAL SECURITY COMMITTEE ON GOVERNMENT OPERATIONS CONCERNING INTERNAL CONTROL WEAKNESSES Example 1: About $198,000 was returned by vendors because duplicate payments were made by one department as a result of inadequate control over processing invoices submitted by the vendors. A completed General Accounting Office (GAO) review. The written report is in final processing and should be released in the near future. A number of Federal agencies were found to incur commitments for future cash outlays without first verifying availability of appropriated funds. GAO report No. FGMSD 80-65, "Continuing and Wide- spread Weaknesses in Internal Controls Result in Losses Through Fraud, Waste, and Abuse," August 22, 1980, pages 19-21 (copy of report attached). Example 3: A number of agencies did not effectively analyze receivables to identify overdue accounts in order to take necessary action to receive payment. Source: GAO report No. FGMSD 80-65, "Continuing and Wide- spread Weaknesses in Internal Controls Result in Losses Through Fraud, Waste, and Abuse," August 22, 1980, pages 4-6 (copy of report attached). Example 4: A Defense Department employee embezzled over $2 million because he was allowed to both process claim adjustments as well as approve claim payments. Source: A completed GAO review. The written report is in final processing and should be released in the near future. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 15 Mr. BROOKS. I talked with Elmer Staats at another meeting this morning and he restated his conviction that this legislation can be of substantial help to the Government. Congressman Hyde and representatives of the Office of Manage- ment and Budget, the Association of Government Accountants, and the Institute of Internal Auditors will testify today. I will first see whether Mr. Horton has a statement and then I shall introduce the witnesses. Mr. HORTON. For a couple reasons I am especially pleased we are here today to consider H.R. 1526. First, I believe that we at this end of Pennsylvania Avenue must do whatever we can do to see to it that Federal programs are administered as efficiently as possible. Second, this is only March 11, Congress is still trying to get organized, and this subcommittee is meeting for the second time this year to discuss financial accountability. Two weeks ago, under the chairman's leadership, we examined the need for more effective audit followup in the executive depart- ments and agencies. Today I understand we will discuss the possi- bility of tightening the internal accounting and administrative con- trols at the same departments and agencies. That is a good beginning, Mr. Chairman, and I encourage you to continue to pursue the kind of legislation and oversight that will increase Government efficiency and decrease fraud, abuse, waste, and mismanagement of programs throughout the Federal Govern- ment. The bill before us today, H.R. 1526, if enacted, would require ongoing evaluations and reports on the systems of internal control of each executive agency. I understand that this legislation is fa- vored by accountants, auditors, and professional organizations rep- resenting CPA's and auditors. I appreciate their presence here today and look forward to their testimony later in this hearing. I must, however, at the outset confess my instinctive 'reluctance to require yet another congressionally mandated report unless that report will result in either a long-term decline of Federal paper- work or a long-term increase in administrative efficiency. That is the kind of yardstick we must use, Mr. Chairman, if we are to continue passing legislation that requires new reports or new pa- perwork. I do have some questions and concerns about various parts of the bill, but I will reserve those questions for the witnesses. Like you, Mr. Chairman, I welcome our colleague from Illinois, Mr. Hyde, as well as the witness from the Office of Management and Budget and the various accounting and auditing organizations. I look forward to this hearing and congratulate you once again for introducing this legislation. Mr. BROOKS. Thank you, Mr. Horton. Our first witness is Congressman Henry J. Hyde. He represents the Sixth District of Illinois and has represented that district since November of 1974. He has introduced a lot of legislation and many amendments, but he also has introduced legislation similar to the bill we are considering in these hearings. Congressman, I look forward to having your comments and I welcome you before the committee. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 16 STATEMENT OF HON. HENRY J. HYDE, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF ILLINOIS Mr. HYDE. Thank you, Mr. Chairman, Mr. Horton, and Mr. Butler. I think the context for this legislation is established by two GAO reports. The first one is dated August 28, 1980. It states simply billions of Federal dollars are lost annually through fraud, waste, and abuse. This report to which I have referred covers only 11 Federal agencies, a cross section of all Government activities appearing within that figure. A more recent GAO report of January 23, 1981, which was made at the request of this committee, states similarly that the Govern- ment is losing billions of dollars because agencies are not acting on audit recommendations to recover funds, avoid costs, and improve operation. If there is anything that distresses and angers the electorate, the taxpaying electorate, it is reading documents like these that talk about billions of dollars lost through fraud, waste, and abuse. A solution has to be found. I do appreciate the opportunity to appear here today to discuss H.R. 1526, a bill which would require continuing evaluations and reports to Congress on the internal control systems of Federal agencies and departments. I wholeheartedly support this bill. As we seek ways to reduce the Federal budget, legitimate con- cerns are being voiced about program cutbacks or their total elimi- nation. One way some of these programs can be salvaged, or even enhanced, is to provide assurance that fraud, waste and other abuses have been eliminated as far as humanly possible. Nothing brings an aroused taxpayer's blood to a quick boil faster than reading about waste or fraud or abuse in government. This bill is an overdue antidote to this major problem. The bill's primary goal of strengthening the internal control systems within each agency, coupled with requiring senior agency officials to pay more serious attention to these systems in orderly fashion, will have important ancillary benefits as well. Not only will the agency's programs and their administration be more cost- effective, but public confidence can be restored in the belief that agencies of Government are honestly and effectively serving the people. We ought not underestimate the confidence factor as we try to balance the need to cut spending and preserve necessary pro- grams and services. Legislation requiring Federal agencies to maintain effective in- ternal controls has been mandated for over 30 years by the Ac- counting and Auditing Act of 1950. I believe internal controls require a commitment from top management and constant vigi- lance to be effective, let alone the legal mandate. Yet management has not always given adequate priority nor emphasis to the impor- tance of good internal controls. The General Accounting Office has constantly reminded us of the lack of management's attention to internal controls through the many reports it has issued to us annually. The proposed Feder- al Managers' Accountability Act of 1981 supplements the existing legislation by providing the missing link of assurance that strong Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 internal controls will exist. It requires management to periodically analyze, monitor, and report on the adequacy of their systems of internal control. Specifically, the act requires each agency head to conduct annual evaluations of internal accounting and administrative control and to prepare an annual report, addressed to the President, and made available to the Congress and the public, stating an opinion on the adequacy of the agency's systems of internal control. The opinion, as a minimum, shall contain: (1) A description of material weaknesses in internal control; (2) a plan for correcting such weaknesses; and (3) a narrative of any unresolved findings disclosed in audit or in management reports. In addition, these reports are subject to review and audit by Federal auditors, both GAO and agency Inspectors General or the chief of internal audit, to determine their accuracy and validity. Reporting on the adequacy of internal controls by management will not be unique in the Federal Government. As you know, the Foreign Corrupt Practices Act of 1977 requires private companies filing with the Securities and Exchange Commission to maintain effective systems of internal control. Since then, with the encouragement of the Securities and Ex- change Commission, management of private companies have begun to include statements on their internal control systems in their annual reports to stockholders. This practice is becoming more prevalent. The international accounting firm of Ernst and Whinney recent- ly published a study on management reports and included numer- ous examples of actual statements appearing in annual reports. Such companies include, for example, Xerox Corp., Westinghouse Electric Corp., and others. The study by Ernst and Whinney points out the growing trend of management in private business reporting on internal controls, and to highlight that trend and capability I would like to submit their study for the record. [The material follows.] Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 18 MANAGEMENT REPORTS IN ANNUAL REPORTS TO SHAREHOLDERS 1980 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Related E&W Publications and Seminar Ernst & Whinney publications on the Foreign Corrupt Practices Act and evaluating internal control and information on our internal control seminar are listed below. The publications and informa- tion on the seminar may be obtained from any E&W executive. Foreign Corrupt Practices Act of 1977--An Overview of the Law and Its Implications (E&W No. 38748)--This Financial Report- ing Developments pamphlet issued in February 1978 analyzes the provisions of the Act. It summarizes the existing responsibilities of management and independent auditors for internal control and explains why a normal audit will not ensure compliance with the Act. Included are our suggestions for management actions--particularly in dealing with the Act's bribery provisions. Evaluating Internal Control--A Guide for management and directors and a supplementary set of preprinted forms for documenting and evaluating internal accounting control (including our Guide to Flow Charting--E&W No. 39080) for the following types of businesses: Commercial or Industrial (E&W No. 39078) Banking (E&W No. 38905) Life Insurance (E&W No. K58145) Property/Casualty Insurance (E&W No. K58146) Hospitals (E&W No. J58320) Blue Cross/Blue Shield Plans (E&W No. K58166) Internal Control Seminar--To help companies improve their review and monitoring of their systems, we have developed a seminar on the E&W approach to evaluating internal control for commercial or industrial companies. The complete "how to" seminar takes approximately four hours including time for questions and answers and a case study. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Contents 2 RECENT DEVELOPMENTS--SEC ACTIONS AND EXPECTATIONS . . . . . . 2 SEC Views on Content of Management Reports. . . . . . . . . . 2 Materiality . . . . . . . . . . . . . . . . . . . . . . . . 3 Point in Time Reporting . . . . . . . . . . . . . . . . . . 3 Objectives of Internal Control . . . . . . . . . . . . . . . 4 Reasonable Assurance . . . . . . . . . . . . . . . . . . . . 4 Comprehensive Management Reports . . . . . . . . . . . . . . 4 Compliance with the FCPA . . . . . . . . . . . . . . . . . . . 5 Review and Evaluation of Internal Accounting Controls . . . 5 Control Environment . . . . . . . . . . . . . . . . . . . . 6 Documentation . . . . . . . . . . . . . . . . . . . . . . . 6 E&W Recommendation for Future Action . . . . . . . . . . . . . 7 3 CONTENT OF A MANAGEMENT REPORT . . . . . . . . . . . . . . . . 8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Comparison of the Recommendations . . . . . . . . . . . . . . 8 Summary of Ernst & Whinney Survey . . . . . . . . . . . . . . 10 Management's Responsibility for the Financial Statements. . . 11 Material Uncertainties . . . . . . . . . . . . . . . . . . . 11 E&W Survey Results . . . . . . . . . . . . . . . . . . . . . 12 Specific Examples . . . . . . . . . . . . . . . . . . . . . 12 Internal Accounting Control . . . . . . . . . . . . . . . . . 13 Concept of Reasonable Assurance . . . . . . . . . . . . . . 13 Explicit vs. Implicit Assessments . . . . . . . . . . . . . 14 Objectives of Internal Control . . . . . . . . . . . . . . . 14 Period Covered . . . . . . . . . . . . . . . . . . . . . . . 15 Internal Audit . . . . . . . . . . . . . . . . . . . . . . . 15 Additional SEC Recommendations . . . . . . . . . . . . . . . 16 Specific Examples of Discussions of Internal Accounting Control . . . . . . . . . . . . . . . . . . . . . . . . . 16 Role of Board of Directors/Audit Committee. . . . . . . . . . 17 E&W Survey Results . . . . . . . . . . . . . . . . . . . . . 18 Specific Examples . . . . . . . . . . . . . . . . . . . . . 18 Role of Independent Accountants . . . . . . . . . . . . . . . 19 E&W Survey Results . . . . . . . . . . . . . . . . . . . . . 20 Specific Example . . . . . . . . . . . . . . . . . . . . . . 21 Other Disclosures or Information . . . . . . . . . . . . . . . 21 E&W Survey Results . . . . . . . . . . . . . . . . . . . . . 22 Specific Example . . . . . . . . . . . . . . . . . . . . . . 22 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 21 1 Summary It is becoming more common for companies to include a "management report" in their annual report to shareholders. Such reports typically affirm management's responsibility for the financial statements, comment on the adequacy of the system of internal accounting controls and discuss the roles of the board of direc- tors, audit committee and independent and internal auditors. This pamphlet is intended to assist those who include a management report in their annual report to shareholders or are considering including one. Section 2 of the pamphlet discusses the SEC's recent withdrawal of its proposals to require public reporting on internal accounting control, its expectations for voluntary provision of management reports and its plans to monitor the results of company initia- tives over the next three years. It also analyzes the SEC's pub- lished views regarding the conte't of management reports and compliance with the internal accounting control provisions of the Foreign Corrupt Practices Act (FCPA). Section 3 compares the recommendations of the Financial Executives Institute, Cohen Commission, AICPA and the SEC regarding the con- tent of management reports. The discussion also incorporates the results of an Ernst & Whinney survey of 1979 annual reports of Fortune 1,000 industrial companies. The Section is organized by the major subject areas typically addressed in a management report. The final Section of the pamphlet includes the full text of ten published management reports as examples of some of the comprehen- sive reports companies have presented. The SEC is still very interested in public reporting on internal accounting controls and could reconsider rule making in this area. The private sector can preempt that possibility--by contin- uing the trend of significantly increasing management reports and experimenting with reporting on internal accounting controls by independent accountants. Now the AICPA has issued Statement on Auditing Standards No. 30, "Reporting on Internal Accounting Con- trol," which allows independent accountants to publicly report on a company's system of internal accounting controls when a special study has been performed for that purpose. Ernst & Whinney pro- fessionals are available to assist you in reviewing and testing your system of internal accounting controls and in making your management report an informative and effective communication to shareholders. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 22 2 Recent Developments-SEC Actions and Expectations The subject of management reports has been discussed frequently in the past few years. Since 1978, the Financial Executives Insti- tute (FEI) has encouraged its members to include a management report in their companies' annual reports and has published sug- gested guidelines. The FEI's current suggestions on the content of a management report and those of other organizations are sum- marized in Section 3. The SEC had stated for some time that it planned to require reporting on internal accounting control. Its 1979 proposal would have required management's opinion as to whether a company's sys- tem of internal accounting controls provided reasonable assurance that the broad objectives of internal accounting control included in the FCPA were achieved throughout the year. Response to the proposal was massive and overwhelmingly negative with a record number of comment letters (950) received. In withdrawing the proposal in June 1980, the SEC issued Account- ing Series Release (ASR) No. 278 explaining its action and its expectations regarding voluntary management reporting and auditor association. The SEC said that its preliminary analysis showed that the trend of increasing numbers of companies presenting man- agement reports in their annual reports to shareholders had con- tinued in 1979 and it expects management reports to become a common disclosure within three years.* It also expects companies to experiment with auditor reports on internal accounting con- trols. The SEC intends to monitor the progress that is made vol- untarily in these areas and to reconsider the need for rules based on that monitoring. The SEC will monitor the content of management reports as well as the number of companies that provide them. Its present views about the content of management reports differ in certain key respects from the proposed rules. Because the proposals directly paralleled the FCPA, they were more controversial than they might otherwise have been. Many commenta- tors stated that the proposals would effectively require companies to make a statement of compliance with the law. In addition, many * We do not believe the SEC expects companies to include a manage- ment report in their Form 10-K, registration statements, or other SEC filings. Before including management reports in SEC filings, we recommend that management review with its counsel the legal consequences of such reports becoming "filed" material. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 23 2 Recent Developments-SEC Actions and Expectations challenged the SEC's statutory authority to impose such a require- ment and questioned its motives. There was concern that the pro- posals were not intended to inform shareholders, but rather to influence corporate conduct. The FCPA also made it more difficult for the SEC to deal with cer- tain major issues raised in the comment process--more difficult because of a concern that the scope of an SEC requirement for a management report would effectively define the scope of the inter- nal accounting control provisions of the FCPA. The SEC believes that withdrawing its proposals permits flexibility to experiment with various approaches to public reporting on internal accounting control. This approach--basically persuasion rather than regula- tion--also allows the SEC to be more flexible about the scope and content of management reports. Materiality Many commentators, including those few who supported an SEC requirement for management reports, suggested that any requirement should contain a materiality limitation. They contended that investors and other users of management reports are not concerned about nonmaterial weaknesses in internal accounting controls. Indeed, they maintained that disclosure of immaterial weaknesses could be confusing and possibly misleading. The SEC continues to emphasize that the internal accounting con- trol provisions of the FCPA are not limited by a materiality stan- dard. However, for purposes of encouraging management reports, it recognizes that some weaknesses in internal accounting control are more significant than others. It recommends that a management statement cover the adequacy of controls "over matters about which shareholders reasonably should be informed"--i.e., matters which are material. Point in Time Reporting The SEC had proposed that management report on conditions that existed throughout the year. Many commentators disagreed, recom- mending instead that a management report be limited to conditions existing as of a point in time (e.g., the fiscal year end or report date). They questioned the value of disclosing weaknesses that existed during the year, but were subsequently corrected. They also pointed out that such disclosure could discourage system improvements because a change in the system might imply a prior deficiency. And it could hinder open discussion between auditors and their clients about potential system improvements and impair client receptivity to suggestions by their auditors. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 24 2 Recent Developments-SEC Actions and Expectations Naturally, the SEC does not believe that the FCPA requires effec- tive controls only at year end. But it now accepts management reporting as of a point in time: "For disclosure purposes, the Commission believes there is value in providing management state- ments which address the effectiveness of internal accounting con- trol systems as of a recent date." Objectives of Internal Control Although compliance with the law need not be discussed, the SEC still expects management reports to address each of the internal accounting control objectives of the FCPA. Taken almost verbatim from generally accepted auditing standards, these objectives state that a system of internal accounting control should provide rea- sonable assurance that: transactions are executed in accordance with management's authorization; recorded transactions permit pre- paration of financial statements in conformity with generally accepted accounting principles or other applicable criteria and maintain accountability for assets; access to assets is permitted only in accordance with management's authorization; and recorded assets are compared with existing assets at reasonable intervals. Recognizing that companies typically paraphrase these objectives when describing them in a management report, the SEC encourages companies to continue to describe them in the manner they believe most informative. In addition to discussing the objectives of a system of internal accounting control, the SEC recommends that management reports address the concept of "reasonable assurance." Basically, this concept is that the cost of a control procedure should not exceed its benefit; that is, the reduction in risk of not achieving a control objective. Of course, these benefits of control proce- dures usually cannot be quantified and assessing their "value" requires judgment. Therefore, the SEC recommends that management reports explain the concept of reasonable assurance and its limi- tations in management's assessment of the internal accounting con- trol system. Comprehensive Management Reports Rather than just a statement on the effectiveness of internal accounting controls, the SEC now is encouraging companies to pro- vide comprehensive reports covering management's responsibilities for "accounting, control and financial reporting in general," such as recommended by the FEI and others. Approximately 100 comment letters supported comprehensive reports, but not as an SEC requirement. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 2 Recent Developments-SEC Actions and Expectations ASR No. 278 also discloses the SEC's views about compliance with the internal accounting control provisions of the FCPA.* We believe this discussion is significant because it represents pub- lished views of the SEC as an agency--not just the views of an individual commissioner or staff member. The following paragraphs summarize those views. Review and Evaluation of Internal Accounting Controls Because internal accounting controls are dynamic and have inherent limitations, the SEC believes that ongoing review and monitoring procedures are necessary for a company to have reasonable assur- ance that its system continues to be effective. It recognizes, however, that the concept of reasonable assurance includes cost- benefit judgments as to the extent and timing of the review and monitoring procedures. In other words, the costs of review and monitoring must be weighed against the estimated potential reduc- tion in exposure which they will produce--a very subjective judg- mental process. The SEC recognizes that the specific control procedures and tech- niques that will provide for effective controls, and the specific methods of reviewing and monitoring control systems, must be geared to the circumstances of individual companies. However, it stresses the importance of an organized approach to evaluating internal accounting controls and suggests that evaluations should encompass certain "conceptual elements." Basically, these are: 2. Review the system of internal accounting controls by identi- fying and considering specific control objectives and speci- fic control procedures to achieve those objectives. 3. Monitor compliance to determine that the system is function- ing as intended. 4. Determine whether reasonable assurance is achieved by con- sidering the benefits and costs of additional or alternative controls. *For further information regarding the FCPA, refer to our Financial Reporting Developments pamphlet (E&W No. 38748), Foreign Corrupt Practices Act of 1977--An Overview of the Law and Its Implica- tions. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 2 Recent Developments-SEC Actions and Expectations We believe these "conceptual elements" are sound and are consis- tent with the guidance provided in the Ernst & Whinney Guides for Evaluating Internal Control.* Through an organized and thorough approach to documentation and evaluation of the system of internal accounting controls, companies can provide a basis for developing their management report. Many of our clients, often working together with Ernst & Whinney, already are doing this. The SEC continues to emphasize the importance of a strong control environment. Companies need active, effective audit committees; clear communication of policies, procedures, authority and respon- sibility; competent personnel of integrity; accountability for performance and for compliance with policies and procedures; and objective, effective internal audit functions. The SEC recognizes that a strong control environment alone will not provide effective controls--but it believes specific control procedures will not function effectively in an organization lacking a high level of control consciousness. The SEC continues to stress the importance of documenting the sys- tem; the plans, bases and results of review and monitoring of the system; and the bases of cost-benefit decisions (which it recog- nizes may not be quantifiable). It recognizes, however, that the appropriate level of documentation also will be determined by cost-benefit decisions. The SEC also emphasizes the defensive importance of documentation, pointing out that whether a system provided reasonable assurance will most likely come under scrutiny after a system failure. It suggests that management will be in a better position to defend itself if the bases for its cost-benefit analysis are supported by documentation of both the system of internal accounting controls and its review and evaluation. *For further information on specific publications, refer to the inside front cover of this pamphlet. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 2 Recent Developments-SEC Actions and Expectations It would be very unfortunate if the general response to the SEC's action were only a loud and long sigh of relief. The SEC cer- tainly has not lost interest in public reporting on internal accounting control, nor has it abandoned the possibility of rule- making in this area. The private sector has the opportunity to preempt that possibility--by continuing the trend of significant increases in management reports, and by experimenting with report- ing on internal accounting control by independent accountants. If this opportunity is lost, companies may be forced to comply with SEC rules. The FEI and AICPA deserve recognition for recommending that com- panies provide management reports. And companies that provided management reports in 1979 also are to be commended. These efforts unquestionably were a major factor in the SEC's decision to withdraw its rule proposals. More importantly, companies should continue to assess the adequacy of their system of internal accounting controls, their programs for ongoing review and monitoring of those systems, and their related documentation. This is vital to a well managed busi- ness--whether or not it has provided a management report or plans to do so. It is very important to keep in mind that the SEC has withdrawn, for the present time, only its rule proposals for pub- lic reporting on internal accounting control. The statutory requirements of the FCPA to maintain effective systems of internal accounting control are still with us. Our series of Guides for Evaluating Internal Control and the sup- plementary sets of documentation forms provide a practical approach to documenting and evaluating systems of internal accounting controls that result in clear easy to understand state- ments of how a company achieves the objectives of the FCPA's accounting provisions. Our approach is economical yet responsive to the SEC's views. Ernst & Whinney professionals are available to assist you in reviewing and testing your system of internal accounting controls and in preparing a management report. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report As guidance in presenting a management report, this Section pro- vides information concerning what various organizations have sug- gested and what certain companies have done. It is organized by major subject areas typically addressed in a management report: management's responsibility for the financial statements; internal accounting controls; the role of the board of directors and audit committee; the role of independent accountants; and other disclo- sures or information. For each of the categories, there is a brief discussion of the views of the Commission on Auditors' Responsibilities (Cohen Com- mission), Financial Executives Institute (FEI), AICPA Special Advisory Committee on Reports by Management (AICPA Committee) and SEC, a summary of the results of an E&W survey of management reports, and excerpts from published management reports. The FEI, Cohen Commission, AICPA Committee, and SEC all have sug- gested that companies provide a management report in the annual report to shareholders. Each of the private sector organizations has published suggestions for the contents of such a report and the SEC generally has endorsed experimentation with their sugges- tions. Table 1 below summarizes and compares the recommendations of the FEI, Cohen Commission and AICPA Committee. These recommendations, as well as additional ones made by the SEC in ASR No. 278, are discussed further in the remainder of this Section. SUBJECTS PROPOSED FOR INCLUSION IN MANAGEMENT REPORTS Suggested By FEI Cohen AICPA Management's Responsibility for the Financial Statements 1. Management's responsibility for the finan- cial statements and other financial information X X X a. Compliance with GAAP X X X Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report FEI Cohen AICPA b. Adequacy of judgments and estimates x X X c. Consistency of other information in the annual report with the financial statements x x x Internal Accounting Control 3. Management responsibility for the sys- tem of internal accounting controls x X X 4. Assessment of the effectiveness of internal accounting controls x X X Role of Board of Directors/Audit Committee 6. Composition of the audit committee x X X 7. Review and oversight of management's financial reporting responsibility x X X 8. Engagement of and interaction with independent accountants x X X Role of Independent Accountants 9. Auditors' responsibilities in relation to the financial statements and related opinion x X 10. Reference to change in independent accountants x x x Other Disclosures or Information 12. Reference to ethical and legal policies (code of conduct) X X X Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report 13. Reference to corporate social respon- sibilities X 14. Signature of chief financial officer and/or chief executive officer. X X To measure the trends in both the extent to which management reports are being provided and their contents, Ernst & Whinney surveyed the first 305 calendar 1979 annual reports of Fortune 1,000 industrial companies that were available to us. 40% of the companies surveyed included a management report in 1979, compared to 23% for the same companies in 1978. Only one company that presented a management report in 1978 did not present one in 1979. Management reports were presented more frequently by larger com- panies. As indicated by Table 1 below, 50% of the Fortune 500 industrial companies surveyed included a management report in 1979, compared with 18% of the Fortune Second 500. This compares to 30% and 6% respectively for 1978. Fortune Number of Management Report Presented Number Companies Surveyed 1979 %* 1978 %* 0-100 58 36 62% 24 41% 101-200 47 25 53 13 28 201-300 42 20 48 10 24 301-400 38 16 42 10 26 401-500 25 8 32 6 24 0-500 210 105 50 63 30 501-600 22 5 23 1 5 601-700 19 2 11 2 11 701-800 22 7 32 2 9 801-900 18 1 6 0 0 901-1000 14 2 14 1 7 501-1000 95 17 18 6 6 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report The communication of management's responsibility for the financial statements received widespread attention when the Cohen Commis- sion, in its 1978 report, concluded that some users of financial statements erroneously assume that the statements are the repre- sentations of the independent accountants rather than manage- ment's. It stated, "We encourage boards of directors (or official bodies, if necessary) to require the company's chief financial officer or other representative of management to present a report with the financial statements that acknowledges the responsibility of management for the representations in the financial informa- tion." Similar recommendations were made both by the FEI and the AICPA Committee. In addition, all three organizations recommended that, in acknowledging responsibility for the financial information, management should state that (1) the financial statements were prepared and presented in conformity with GAAP, (2) management estimates and judgments are necessary in the preparation and pre- sentation of certain financial information and, (3) the informa- tion in the financial statements is consistent with that found in the remainder of the annual report. The SEC, in ASR No. 278, did not specifically address these mat- ters, but encouraged companies to provide comprehensive reports covering management's responsibilities for "accounting, control and financial reporting in general." The Cohen Commission stated that a management report should pro- vide management's assurances that all material uncertainties have been appropriately accounted for or disclosed. It also stated that the report "should indicate that the company's legal counsel has been consulted regarding the accounting for or disclosure of legal matters and that those matters have been appropriately dis- closed in the financial statements." The FEI also recommended that management discuss the significance of any uncertainties. The AICPA Committee, however, disagreed with the Cohen Commission's recommendations as follows: "The Com- mittee does not believe that a report by management should (a) confirm that all material uncertainties have been appropriately accounted for and disclosed or (b) indicate that legal counsel has been consulted regarding the accounting for or disclosure of legal matters in the financial statements, and that counsel concurs with management's presentation."" Basically, the AICPA Committee believed that implicit in management's responsibility for the Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report financial statements is an understanding that such matters are adequately disclosed in the financial statements as required by generally accepted accounting principles. Management acknowledged its responsibility for the financial statements in 100% of the management reports included in our survey and 89% indicated that the financial statements had been prepared in conformity with GAAP. 77% discussed the use of esti- mates or judgments in the preparation of financial data, and 27% referred to the consistency of other financial information in the annual shareholders report. None of the management reports sur- veyed included a discussion of material uncertainties and only one mentioned consultation with legal counsel. "We have prepared the accompanying consolidated financial statements and related information included herein for the years ended December 31, 1979 and 1978. The opinion of Ernst & Whinney, the Company's independent auditors, on those financial statements is included herein. The primary respon- sibility for the integrity of the financial information included in this annual report rests with management. Such information was prepared in accordance with generally accepted accounting principles appropriate in the circum- stances, based on our best estimates and judgments and giving due consideration to materiality." Monsanto Company "Monsanto Company management is responsible for the integrity of all financial data, whether audited or unaudited, included in this Annual Report. The consolidated financial statements have been prepared in accordance with generally accepted accounting principles consistently applied in all material respects and reflect estimates by management where neces- sary. Where acceptable alternative accounting principles exist, as described in the Summary of Significant Accounting Policies on page 56, management has used its best judgment in selecting those principles that, in the circumstances, reflect fairly the consolidated financial position, results of operations and changes in financial position of Monsanto. All financial information in this Annual Report is consistent with that in the consolidated financial statements." Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report Of the subjects generally mentioned for inclusion in management reports, internal accounting controls has received the most atten- tion. This is largely due to the FCPA and the SEC's proposal for reporting on internal accounting controls. The Cohen Commission, FEI and AICPA Committee all have recommended that companies include an assessment of the effectiveness of internal accounting controls. And, when it withdrew its proposal, the SEC emphasized that there must be an assessment of the effectiveness of internal accounting controls in order for discussion of the subject in man- agement reports to be meaningful. Management's assessment of the company's system of internal accounting controls is influenced by a number of important vari- ables such as cost-benefit considerations, the size and type of the business, environmental considerations, the degree of central- ization and sophistication of financial and operating management and a myriad of other factors. In any system, the cost of a con- trol procedure should not exceed its benefit--i.e., the reduction in risk of not achieving a control objective. Therefore, manage- ment's assessment of the effectiveness of the system of internal accounting controls should be phrased in terms of reasonable rather than absolute assurance that the control objectives are being achieved. The Cohen Commission stated that the "report by management should present management's assessment of the company's accounting system and controls over it, including a description of the inherent limitations of control systems . . ." (emphasis added). Its illustrative example uses the concept of reasonable assurance: "There are inherent limitations that should be recognized in con- sidering the potential effectiveness of any system of internal accounting control. The concept of reasonable assurance is based on the recognition that the cost of a system of internal control should not exceed the benefits derived and that the evaluation of those factors requires estimates and judgments by management. The com an 's system provides such reasonable assurance" (emphasis added . The AICPA Committee also endorsed the concept of reasonable assur- ance and, to a large extent, the FEI's suggested guidelines for management reporting on internal accounting controls parallel ? those of the Cohen Commission. However, the Cohen Commission's conclusions were reached before the FCPA was finalized. The FCPA imposes a requirement for a system of internal accounting controls sufficient to provide reasonable assurance that the broad objec- Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report tives of internal accounting control are achieved. The FEI guide- lines caution management to consult legal counsel regarding the FCPA's provisions when making representations as to the adequacy of controls and integrity of the financial statements. The SEC, in ASR No. 278, recommended that management communicate its opinion on the system's effectiveness. As discussed on page 3, although the SEC continues to maintain that the FCPA is not limited by a materiality standard, it accepts the concept of a materiality limitation for purposes of a management report. In addition, the SEC believes "that it may be appropriate for manage- ment statements on internal accounting control to discuss and explain the concept of reasonable assurance and its limitations in the context of communicating management's assessment of its system of internal accounting control" (emphasis added). As previously discussed, all of the organizations recommended that management express an opinion on the effectiveness of the system of internal accounting controls. The E&W Survey disclosed that all management reports surveyed referred to internal controls maintained by the company, but some companies did not explicitly assess the effectiveness of the system. 41% of the management reports surveyed included some type of representation that the system of internal accounting controls provided reasonable assur- ance that the control objectives were met, whereas 52% commented that the controls were designed to provide reasonable assurance. (Examples of both types are included below.) The remaining 7% of the reports simply referred to the existence of a system of inter- nal accounting controls. In addition, 27% mentioned the essential cost-benefit relationship of a system of internal accounting controls. However, only 7% actually discussed the concept of reasonable assurance as recom- mended by the Cohen Commission and SEC. The Cohen Commission, AICPA Committee and FEI all suggested that management discuss its responsibility for maintaining a system of internal accounting controls as well as maintaining an atmosphere or environment in which controls can be effective. However, in ASR No. 278, the SEC went further and recommended that management reports specifically address each of the internal control objec- tives of the FCPA (see page 4), but it recognized that companies "paraphrase the same broad objectives which were adopted in the FCPA--often in terms of authorization of transactions, safeguard- ing of assets, and accounting or preparation of reliable financial statements." Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report The management reports surveyed support the SEC's conclusion that most companies paraphrase the broad objectives into three categor- ies rather than four. Only 3% of the management reports surveyed addressed all four of the objectives. However, 57% of the reports surveyed stated that transactions were executed in accordance with management's authorization, 73% discussed safeguarding of assets, and 92% stated that transactions were recorded to permit prepara- tion of financial statements in conformity with GAAP. As discussed in Section 2 of this pamphlet, the SEC now accepts management reporting as of a point in time rather than reporting on conditions existing throughout the year. The AICPA Committee and FEI did not specifically address this issue. The Cohen Com- mission, while not specifically discussing a time period, did sug- gest that management acknowledge responsibility for the financial statements as of the balance sheet date. None of the management reports surveyed by E&W specifically reported on the system of internal accounting controls as of a point in time or for a time period. If management were to report as such, the following is an example of how the report could be worded: A system of internal accounting controls has been maintained which, as of December 31, 19X1, provided reasonable assurance that . . . . A system of internal accounting controls has been maintained which, for the year ended December 31, 19X1, provided reason- able assurance that . . . . The internal audit function can be a key element in a system of internal accounting controls--particularly in monitoring the func- tioning of the system. The suggested guidelines of each of the organizations contained little discussion of the internal audit function, but all concurred that there is a need to discuss the role of the internal auditors. 44% of the management reports included in our survey discussed the function and responsibilities of internal auditors. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report The SEC endorses the initiatives of the Cohen Commission, FEI and AICPA Committee in recommending appropriate subject matter regard- ing internal accounting controls in management reports. In addi- tion to the recommendations of those groups, the SEC suggests that companies also consider including the following matters in a man- agement report: The importance of other elements of the control environment, including the organization structure, communication of cor- porate policies and procedures and authority and responsibil- ity, the competence and training of personnel, and accounta- bility for performance and for compliance with policies and procedures. The general approach applied in reviewing and evaluating internal accounting controls. The extent to which internal accounting control review and monitoring procedures are performed. The role independent accountants play or have played in evaluating the issuer's system of internal accounting con- trol. (See page 19 for a further discussion.) Specific Examples of Discussions of Internal Accounting Control Western Electric Company, Incorporated "...management maintains a highly developed system of inter- nal accounting controls and supports a program of internal auditing to monitor compliance with the system. Management believes that this system provides reasonable assurance at reasonable cost that the transactions of the Company are exe- cuted in accordance with management's authorizations and are recorded properly. This system requires that the recorded assets be compared with existing assets at reasonable inter- vals, and it provides reasonable assurance that access to assets is permitted only in accordance with management's authorizations.* Management further seeks to assure the integrity and objectivity of these financial statements by the careful selection of its managers, by organization arrangements that provide an appropriate division of respon- The Western Electric management report was one of only three in the E&W survey that specifically addressed all four objectives of internal control as suggested by the SEC in ASR No. 278. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report sibility, and by communications programs aimed at assuring that its policies, standards and managerial authorities are understood" (emphasis added). Xerox Corporation "Xerox maintains a system of internal accounting controls designed to provide reasonable assurance that assets are safeguarded against loss or unauthorized use and that the financial records are adequate and can be relied upon to pro- duce financial statements in accordance with generally accepted accounting principles. The concept of reasonable assurance is based on the recognition that the cost of a sys- tem of internal control must not exceed the related bene- fits. There are written internal accounting and operating control policies and procedures that are communicated to the Company's worldwide operating units. Adherence to these policies and procedures is constantly being evaluated by an extensive coordinated audit effort of our internal audit staff and independent certified public accountants" (emphasis added). The Cohen Commission's Report contained only a short discussion on reporting the role of the board of directors and audit committee. It recommended that a management report describe the work of the company's audit committee and provided an example stating that the audit committee met regularly with the internal auditors and inde- pendent auditors and reviewed and approved the scope and timing of audits and the auditors' findings. The FEI's guidelines suggested that a discussion of the responsi- bilities of the board of directors and its audit committee could include the following: Seeing that management fulfills its financial reporting responsibilities. Reviewing the composition of the audit committee and the related independence of its members. Meeting periodically with representatives of the independent accountants and management to discuss auditing and financial reporting matters. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report Assuring that the independent accountants have free access to meet with the audit committee, without management present, to discuss the results of their examination. The AICPA Committee mentioned all the matters discussed by the FEI with the exception of the responsibility to engage or nominate independent accountants. It also suggested an alternative approach--a separate audit committee report included in the annual report. The management report could then refer to this separate report and eliminate a discussion of the audit committee's respon- sibilities. The SEC stressed the importance of the board of directors in "overseeing the establishment and maintenance of a strong control environment, and in overseeing the procedures for evaluating a system of internal accounting control." In both ASR No. 278 and the SEC's report to Congress on the accounting profession, the SEC has also stressed the importance of audit committees in assisting the board of directors in fulfilling their oversight responsibili- ties with regard to a company's accounting, financial reporting, and control obligations. E&W Survey Results All but one of the 1979 management reports surveyed mentioned an audit committee and 90% discussed the composition of the audit committee and that its members were not employees of the company. 97% discussed the audit committee's responsibilities, using langu- age similar to that recommended by the FEI and AICPA Committee, such as holding regular meetings with the independent accountants, internal auditors and management to discuss accounting, auditing, and financial reporting matters. Many of the management reports surveyed also discussed the audit committee's role in selecting the company's independent accountants. "The Directors of TRW have an audit committee currently com- prised of three Directors who are not members of management. The committee meets with management, the internal auditors and the independent auditors in connection with its review of matters relating to the Company's annual financial state- ments; the Company's internal audit program; the Company's system of internal accounting controls; and the services of the independent auditors. The Committee meets with the Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report internal auditors as well as the independent auditors, with- out management present, to discuss appropriate matters. The Committee also recommends to the Directors the designation of the independent auditors." "The members of the Audit Committee of the Board of Direc- tors, none of whom are employees of the Company, are identi- fied on page 46 of this annual report. The Audit Committee recommends independent accountants for appointment by the Board of Directors, reviews the services to be performed by the independent accountants, and receives and reviews the reports submitted by them. It makes a determination regard- ing the possible effect of the performance of non-auditing services on the independence of the principal independent accountants. It also determines the duties and responsibili- ties of the internal auditors, reviews the internal audit program, and receives and reviews reports submitted by the internal auditing staff. In the exercise of its responsibil- ities the Audit Committee meets with management, with the internal auditors, and with the independent accountants." The FEI's guidelines for the content of a management report state that a discussion of the independent accountants' responsibilities could include the following: An independent examination of the company's financial state- ments conducted in accordance with generally accepted audit- ing standards. An expression of an opinion as to whether the company's financial statements fairly present the financial position, operating results, and changes in financial position. The AICPA Committee also recommended that management clarify the role of the independent accountant. And now the AICPA has issued Statement on Auditing Standards (SAS) No. 30 which provides guid- ance for independent accountants to perform and report on a spe- cial study of a system of internal accounting controls. The inde- pendent accountants' report would express positive assurance on achievement of the broad objectives of internal accounting con- trols and could be included in the company's annual report. How- ever, companies engaging their independent accountants to perform a special study may not want to include the report in the annual Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report report. Rather, they may wish to comment on the special study in the management report, especially because ASR No. 278 states that ". . . management should also consider discussing the role which independent accountants play or have played in the internal accounting control system of the issuer." To accomplish this, a management report could be expanded as follows: During 19X1, Ernst & Whinney, the Company's independent accountants, performed a comprehensive study of the Company's system of internal accounting controls. Based on this study, Ernst & Whinney reported that at December 31, 19X1 the Com- pany's overall system of internal accounting controls was sufficient to provide management with reasonable assurance that the foregoing internal accounting control objectives were met insofar as they relate to the prevention or detec- tion of errors or irregularities that would be material to the financial statements. When the independent accountants have not performed a special study of internal accounting controls and their work was limited to that deemed necessary for the audit, a management report could include the following language: The financial statements were audited by Ernst & Whinney, the Company's independent auditors. As part of their audit, Ernst & Whinney evaluated the system of internal accounting control to the extent they deemed necessary to determine their auditing procedures. Their audit would not necessarily disclose all internal accounting control weaknesses because it was based on selective tests. And, although Ernst & Whinney did not express an opinion on the overall system of internal accounting control, they reported that their proce- dures disclosed no conditions which they consider to be a material internal accounting control weakness. E&W Survey Results Nearly 87% of the management reports surveyed included some discus- sion of the independent accountants' role. The reports generally included a brief description of the audit and the accountants' report, as recommended both by the FEI and AICPA Committee. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report Westinghouse Electric Corporation "The independent accountants provide an objective assessment of the degree to which management meets its responsibility for fairness of financial reporting. They regularly evaluate the system of internal accounting controls and perform such tests and other procedures as they deem necessary to reach and express an opinion on the fairness of the financial state- ments." Several other topics were recommended for discussion in management reports by the Cohen Commission, AICPA Committee or FEI including the following: In addition, the Cohen Commission and FEI suggested that including the signatures of the chief financial officer and/or the chief executive officer may add stature to a management report. The Cohen Commission recommended that a management report describe the extent of nonaudit services provided by the independent accountant. The SEC subsequently required such disclosures in proxy statements. The AICPA Committee reasoned that such informa- tion is readily available and need not be repeated in a management report. The AICPA Committee took exception to the Cohen Commission's recom- mendation that the report be signed by a representative of manage- ment and include a statement about whether management or the independent accountants prepared the financial statements. The AICPA Committee believed that these were issues of "form rather than substance" and that the most important representations con- cerned management's responsibility for the financial statements. As a result, the AICPA Committee did not specifically recommend that these matters be addressed in a management report, instead deferring to the individual practices and preferences of management. The SEC's 1979 proposal asked for comments on whether management reports should be signed and, if so, by whom. However, ASR No. 278 does not address signatures, indicating that the SEC has no strong opinion that the reports should be signed. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 Content of a Management Report E&W Survey Results 22% of the surveyed management reports discussed compliance with corporate codes of conduct. 3% included a discussion of the non- audit services provided by the independent accountants. As indi- cated by Table 3, 54% of the surveyed management reports were signed by an officer in 1979, a slight increase from 51% in 1978. The "typical" signed report included two signatures, most fre- quently those of the chief executive and chief financial officers. TABLE 3 SIGNATURES 1979 % 1978 % Signed reports: 1 signature 19 15% 7 10% 2 signatures 45 37 27 39 3 signatures 2 2 1 2 Total signed reports 66 54 35 51 Unsigned reports 56 46 34 49 Total reports 122 100% 69 1007 In addition to these recommended topics, it is interesting to note that two management reports mentioned that the company's indepen- dent accountants had received a peer review and were members of the SEC Practice Section of the AICPA. In a recent speech, SEC Chairman Williams stated that the SEC will consider a proposal to require this disclosure. The following excerpt from a published management report illu- strates management reporting on compliance with a corporate code of conduct: "The Company has policy statements regarding, among other things, potentially conflicting outside business interests of employees, and proper conduct of domestic and international business activities. We have developed and instituted addi- tional internal controls and internal audit procedures designed to prevent or detect violations of these policies. We believe that this provides reasonable assurance that our operations are conducted in conformity with the law and with a high standard of business conduct." Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 Examples of Published Management Reports Eaton Corporation Report of Management We have prepared the accompanying consolidated financial statements and related information included herein for the years ended December 31, 1979 and 1978. The opinion of Ernst & Whinney, the Company's independent auditors, on those financial statements is included herein. The primary responsibility for the integrity of the financial information included in this annual report rests with management. Such infor- mation was prepared in accordance with generally accepted accounting principles appropriate in the circumstances, based on our best estimates and judgements and giving due consideration to materiality. The Company maintains high standards when selecting, training and developing personnel, to insure that management's objectives of maintaining strong, effective internal accounting controls and unbiased, uniform reporting standards are attained. We believe our policies and procedures provide reasonable assurance that operations are conducted in conformity with law and with our Company commitmerit to a high standard of business conduct. Eaton maintains internal accounting control systems which are adequate to provide reasonable assurance that assets are safe- guarded from loss or unauthorized use and which produce records adequate for prepara- tion of financial information. There are limits inherent in all systems of internal accounting control based on the recognition that the cost of such system should not exceed the benefits to be derived. We believe the Company's system provides this appropriate balance. The system and controls and compliance therewith are reviewed by an extensive program of internal audits and by our independent auditors. Their activities are coordinated to obtain maximum audit coverage with a minimum of duplicate effort and cost. The independent auditors receive copies of all reports issued by the internal auditors at the same time they are released to management and have access to all internal audit work papers. In an attempt to assure objectivity and remove bias, the financial data contained in this report is subject to review by the Audit Committee of the Board of Directors. The Audit Committee is composed of outside directors who meet regularly with manage- ment, internal auditors and independent auditors to review the audit scope, timing and fee arrangements. Stephen R. Hardis Executive Vice President - Finance and Administration and Treasurer Frank C. Roberts Vice President -Accounting Ronald L. Leach Vice President and Controller Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 Examples of Published Management Reports Monsanto Company Responsibiities for Integrity of Financial Data Monsanto Company management is responsible for the integrity of all financial data, whether audited or unaudited, included in this Annual Report. The consolidated financial statements have been prepared in accordance with generally accepted accounting principles consistently applied in all material respects and reflect estimates by management where necessary. Where acceptable alternative accounting principles exist, as described in the Summary of Significant Accounting Policies on page 56, management has used its best judgment in selecting those principles that, in the circumstances, reflect fairly the consolidated financial position, results of operations and changes in financial position of Monsanto. All financial information in this Annual Report is consistent with that in the consolidated financial statements. In order to gather financial data and safeguard assets, Monsanto establishes accounting and reporting systems supported by internal accounting controls. Internal accounting controls are maintained by: (1) the selection and training of personnel; (2) a division of responsibility in all organizational arrangements; (3) the establishment and communi- cation of accounting and business policies; and, (4) a program of internal audits with follow-up, when necessary, by management. In establishing internal accounting controls, the cost of such controls is weighed against the benefits to be derived. Management believes that Monsanto's internal accounting controls provide reasonable assurance that assets are safeguarded against material loss from unauthorized use or disposition and that the financial records are reliable for preparing financial statements and other data and maintaining accountability for assets. As ratified by shareowner vote at the 1979 Annual Meeting, Deloitte Haskins & Sells, an international firm of independent auditors, examined the consolidated financial statements contained in this Annual Report. Their examination was made in accordance with generally accepted auditing standards, which provide for a review of internal accounting controls and tests of a limited number of transactions. The principal result of this examination is the expression of an opinion, which appears on page 69, as to the fairness of the presentation of the consolidated financial statements in accordance with generally accepted accounting principles consistently applied. The Audit Committee of the Board of Directors is responsible for reviewing Monsanto's financial reports and monitoring the Company's accounting practices. The membership of the Committee consists of three non-employee directors. At periodic meetings, the Committee discusses audit and financial reporting matters with representatives of financial management, the internal audit function and Deloitte Haskins & Sells. The independent auditors and the director of the internal audit function have full and free access to meet with the Audit Committee - with or without the presence of management representatives - to discuss the results of their examinations, the adequacy of internal accounting controls and the quality of financial reporting. John W. Hanley James J. Kerley Chairman and Chairman of the Finance Chief Executive Officer Committee (Chief Financial Officer) Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 Examples of Published Management Reports Eli Lilly and Company Responsibility for Accounting Controls and Financial Statements Eli Lilly and Company and Subsidiaries The precedingconsolidated finan- cial statements, including the notes thereto, have been prepared by the Company in accordance with gener- ally accepted accounting principles and necessarily include amounts based on judgments and estimates by management. The other financial information in this annual report is I consistent with that in the financial statements. The financial statements have been audited by Ernst & Whinney, independent accountants, whose re- port appears on the preceding page. Their responsibility is to examine the Compare 's financial statements in accordance with generally ac- cepted auditing standards and to express their opinion with respect to the fairness of presentation of the statements. The Company maintains internal accounting control systems that are designed to provide reasonable as- surance that assets are safeguarded, that transactions are executed in accordance with management's atr thorization and are properly record- ed, and that accounting records are adequate for preparation of finan- cial statements and other financial information. The design, monitor- ing, and revision of internal account- ing control systems involve, anions., other things, management's judg- ments with respect to the relative cost and expected benefits of spe- cific control measures. The members of the Audit Conn mince of the Board of Directors, none of whom are employees of the Company, are identified on page 46 Of this annual report. The Audit Committee recommends independ- ent accountants for appointment b~ the Board of Directors, reviews the services to be performed by the independent accountants, and re- ceives and reviews the reports sub- mitted by them. It makes a deter- mination regarding the possible effect of the performance of non auditing services on the independ- ence of the principal independent accountants. It also determines the duties and responsibilities of the internal auditors, reviews the inter- nal audit program, and receives and reviews reports submitted by the internal auditing staff. In the cxcr- cise of its responsibilities the Audit Committee meets with management, with the internal auditors, and with the independent accountants. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 46 4 Examples of Published Management Reports NCR Corporation Report of Management The Consolidated Financial Statements appearing in this Annual Report have been prepared by management in conformity with gener- ally accepted accounting principles and include, where required, amounts based on the best estimates and judgments of management. The integrity and objectivity of data in these financial statements are the responsibility of management as is all other information included in the Annual Report unless otherwise indicated. Financial information elsewhere in this Annual Report is consistent with that in the financial statements. In fulfilling its responsibilities for integrity of data and safeguard- ing assets, management employs a system of internal controls including internal accounting controls which, considering the costs involved and the benefits to be derived therefrom, are designed to pro- vide reasonable assurance that NCR's assets are protected and that transactions are appropriately authorized and recorded and summar- ized properly. This system of control is supported by the selection of qualified personnel, organizational assignments that provide appro- priate delegation of authority and division of responsibilities, and the dissemination of written policies and procedures. This is further rein- forced by an extensive program of internal audits including follow-up procedures that require responsive action by management. The financial statements have been examined by Price Water- house & Co., independent accountants. Their examination provides an independent review of management's discharge of its responsibilities insofar as they relate to the reported operating results and financial condition of NCR. They obtain and maintain an understanding of NCR's systems and procedures and perform such tests and other proce- dures, including tests of the internal accounting controls, as they deem necessary to enable them to express an opinion on the fairness of the financial statements. The Board of Directors monitors the internal control systems, including the internal accounting controls, of NCR through its Audit Committee. The Audit Committee is composed of directors who are not officers or employees of NCR. The external auditors, internal auditors and management have complete and free access to the Audit Commit- tee, and the Committee periodically meets with each group to ensure that each is properly discharging its responsibilities. Donald L. McIntosh Senior Vice President Finance and Administration Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 Examples of Published Management Reports Occidental Petroleum Corporation Management Responsibility for Financial Statements The management of Occidental Petroleum Corporation is responsible for the integrity of the financial data reported by Occidental and its subsidiaries. Fulfilling this responsibility requires the preparation and presentation of financial statements and other data in accordance with generally accepted accounting principles which are consistently applied in all material respects. Management uses internal accounting controls, offers guidance through corporate-wide policies and procedures and exercises its best judgement in order that such statements reflect fairly the consolidated financial position, results of operations and changes in financial position of Occidental. In order to gather and control financial data, Occidental has established accounting and reporting systems supported by internal controls. Internal control is maintained by: (1) the selection and training of qualified personnel,(2) an appropriate division of responsibility in all organizational arrangements, (3) the establishment and communication of accounting and business policies, and (4) an extensive program of internal audits with prompt follow-up, when necessary, by appropriate levels of management. In establishing systems of internal control, management weighs the cost of such systems against the benefits that it believes can be derived. Management believes that its internal controls provide Occidental with reasonable assurance that assets are safeguarded against loss from unauthorized use or disposition and that the financial records are reliable for preparing financial statements and other data, and maintaining accountability for assets. Arthur Andersen & Co., independent public accountants, have been engaged to examine Occidental's financial statements for the years ended December 31. 1979 and 1979. Their report, which is included herein, is based on procedures considered by them to be sufficient to provide reasonable assurance that the financial statements are not materially misleading and do not contain material errors. The audit committee of Occidental's board of directors is responsible for reviewing and monitoring the company's financial reports and accounting practices to ascertain that they are within acceptable limits of sound practice in such matters. The membership of the committee consists of non- employee directors. At periodic meetings, the audit committee discusses audit and financial reporting matters with representatives of financial management, the internal audit George M. Cayce Vice President and Controller March 20, 1980 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 Examples of Published Management Reports TRW Inc. Report of Management TRW Shareholders Management of TRW is responsible for the preparation of the accompanying financial statements of the Company and its subsidiaries. The financial statements have been prepared in conformity with generally accepted accounting principles appropriate in the circumstances and consistently applied and, as such, include the estimates and judgments of management The financial statements have been examined by Ernst & Whinney, independent auditors, whose report appears below. The Company maintains a system of internal accounting control designed and intended to provide reasonable assurance that assets are safeguarded and transactions are executed and recorded in accordance with management's authorization, The system is tested and evaluated regularly by the Company's internal auditors as well as by the independent auditors in connection with their annual audit. The Directors of TRW have an audit committee currently comprised of three Directors who are not members of management. The committee meets with management, the internal auditors and the independent auditors in connection with its review of matters relating to the Company's annual financial statements, the Company's internal audit program; the Company's system of internal accounting controls; and the services of the independent auditors The Committee meets with the internal auditors as well as the independent auditors, without management present, to discuss appropriate matters The Committee also recommends to the Directors the designation of the independent auditors. February 19, 1980 X % , ,,, i al Ruben F Mettler Charles R Allen Chairman of the Beard and Executive Vice President and Chief Executive Officer Chief Financial officer Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 Examples of Published Management Reports Twentieth Century-Fox Film Corporation TWENTIETH CENTURY-FOX FILM CORPORATION The management of Twentieth Century-Fox Film Corporation is responsible for the integrity and objectivity of the financial statements of the Company and its subsidiaries. The financial state- ments on the following pages, including the notes, were prepared by the Company in conformity with generally accepted accounting principles appropriate in the circumstances, and necessarily include some amounts that are based on our best estimates and judgments. The financial informa- tion in the remainder of this Annual Report is consistent with that in the financial statements. The Company's practice has been to ensure the integrity of its financial reporting through the use of generally accepted accounting principles and a comprehensive system of internal account- ing controls. The system is designed to provide reasonable assurance as to the reliability of finan- cial records and the protection of assets, and is supported by a staff of corporate auditors. The system is further characterized by care in the selection, training and development of professional financial managers, by organizational arrangements that provide for delegations of authority and divisions of responsibility, and by the dissemination of accounting and business policies and pro- cedures throughout the Company. The financial statements have been examined by the Company's independent accountants in accordance with generally accepted auditing standards. In connection therewith, the independent accountants develop and maintain an understanding of the Company's accounting and financial controls, and conduct such tests and related procedures as they deem necessary to render their opinion as to the fairness of the financial statements. The adequacy of the Company's internal financial controls and the accounting principles employed in financial reporting are under the general surveillance of the Audit Committee of the Board of Directors, consisting of three outside directors. The independent accountants and internal auditors have free and direct access to the Audit Committee, and they meet with the Committee periodically, with and without financial management present, to discuss accounting, auditing, and financial reporting matters. The Company has policy statements regarding, among other things, potentially conflicting out- side business interests of employees, and proper conduct of domestic and international business activities. We have developed and instituted additional internal controls and internal audit proce- dures designed to prevent or detect violations of these policies. We believe that this provides rea- sonable assurance that our operations are conducted in conformity with the law and with a high standard of business conduct. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 Examples of Published Management Reports Western Electric Company, Incorporated The financial statements on the following pages, which consolidate the accounts of Western Electric Company, Incorporated and its principal subsidiaries, have been prepared in conformity with generally accepted ac- counting principles. The integrity and objectivity of data in these financial statements, including estimates and judgments relating to matters not concluded by year end, are the responsi- bility of management as is all other information in- cluded in the Annual Report. To this end, management maintains a highly developed system of internal ac- counting controls and supports a program of internal auditing to monitor compliance with the system. Man- agement believes that this system provides reasonable assurance at reasonable cost that the transactions of the Company are executed in accordance with manage- ment's authorizations and are recorded properly. This system requires that the recorded assets he compared with existing assets at reasonable intervals, and it pro- vides reasonable assurance that access to assets is permitted only in accordance with management's au- thorizations. Management further seeks to assure the integrity and objectivity of these financial statements by the careful selection of its managers, by organization arrangements that provide an appropriate division of responsibility, and by communications programs aimed at assuring that its policies, standards and managerial authorities are understood. These financial statements have been examined by Arthur Young & Company, Certified Public Account- ants. Their report, which appears on this page, expresses an informed judgment as to whether management's financial statements, considered in their entirety, pre- sent fairly, in conformity with generally accepted ac- counting principles, the Company's financial position and results of its operations. In connection with their examination of these financial statements, the auditors have reported to management that their study and eval- uation of the Company's system of internal accounting control did not disclose any conditions that they be- lieve to be material weaknesses. It is generally recog- nized, however, that such study is based on selective tests of accounting records and related data and there- fore would not necessarily disclose all weaknesses which might exist. The Audit Committee of The Board of Directors, which is composed of Directors (see page 32) who are not employees, meets periodically with management, the internal auditors and the independent auditors to review the manner in which they are performing their responsibilities and to discuss auditing, internal ac- counting controls and financial reporting matters. The independent auditors periodically meet alone with the Audit Committee and have free access to the Audit Committee at all times. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 51 4 Examples of Published Management Reports Westinghouse Electric Corporation Re rt of Management The Corporation has prepared the consolidated financial statements and related financial information included in this report Management has the primary responsibility for the integrity of the financial statements and other financial information and for ascertaining that the data accurately reflect the financial position and results of operations of the Corporation The financial statements were prepared in accordance with generally accepted accounting principles appropriate in the circumstances, and necessarily include amounts that are based on best estimates and judgments with appropriate consideration to materiality Financial Information included elsewhere in this annual report is consistent with the financial statements The Corporation maintains a system of internal accounting controls, supported by documentation, to provide reasonable assurance that assets are safeguarded and that the books and records reflect the authorized transactions of the Corporation Limitations exist in any system of internal accounting controls based upon the recognition that the cost of the system should not exceed the benefits derived Westinghouse believes its system of internal accounting controls, augmented by its internal auditing function, appropriately balances the cosbbenefit relationship The independent accountants provide an objective assessment of the degree to which management meets its responsibility for fairness of financial reporting They regularly evaluate the system of internal accounting controls and perform such tests and other procedures as they deem necessary to reach and express an opinion on the fairness of the financial statements The Board of Directors pursues its responsibility for the Corporation's financial statements through Its Audit Review Committee which is comprised solely of directors who are not officers or employes of the Corporation The Audit Review Committee meets regularly with the independent accountants, management and the internal auditors The independent accountants have direct access to the Audit Review Committee, with or without the presence of management representatives, to discuss the scope and results of their audit work and their comments on the adequacy of internal accounting controls and the quality of financial reporting We believe that the Corporation's policies and procedures, including its system of internal accounting controls, provide reasonable assurance that the financial statements are prepared in accordance with the applicable securities laws and with an appropriately high standard of business conduct Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 Examples of Published Management Reports Xerox Corporation Report of Management The accompanying consolidated financial statements including the notes thereto of Xerox Corporation and subsidiaries as of December 31, 1979 and 1978 and for the years then ended have been prepared by management, which is responsible for their integrity and objectivity. The statements have been prepared in conformity with generally accepted accounting principles appropriate in the circumstances, and nec- essarily include some amounts that are based on management's best judgments. The financial information contained elsewhere in this Annual Report is consistent with that in the financial statements. Xerox maintains a system of internal accounting controls designed to provide reasonable assurance that assets are safeguarded against loss or unauthorized use and that the financial records are adequate and can be relied upon to produce financial statements in accordance with generally accepted accounting principles. The concept of reasonable assurance is based on the recognition that the cost of a system of internal control must not exceed the related benefits. There are written internal accounting and operating control policies and procedures that are communicated to the Com- pany's worldwide operating units. Adherence to these policies and procedures is constantly being evaluated by an extensive coordinated audit effort of our internal audit staff and independent certified public accountants. Xerox' accompanying consolidated financial statements have been examined by Peat, Marwick, Mitchell & Co., independent certified public accountants, whose examinations were made in accordance with generally accepted auditing standards and included a review of the system of internal accounting controls to the extent considered necessary to determine the audit procedures required to support their opinion on the consolidated financial statements. The report of independent certified public accountants appears on page 52. The Audit Committee of the Board of Directors, composed solely of outside directors, meets periodically with the Company's management, internal auditors and independent certified public accountants to review matters relating to the quality of financial reporting and internal accounting control and the nature, extent and results of the audit effort. The independent certified public accountants have free access to the Audit Committee. In a business ethics policy that is communicated to employees annually, Xerox has established its intent to maintain the highest standards of ethical conduct in all its business activities. Ongoing review programs are carried out to ensure compliance with this policy. C. Peter McColough Chairman and Chief Executive Officer Senior Vice President, Finance Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 53 Mr. HYDE. Aside from the growing trend in the private sector, internal controls are beginning to receive a lot of attention at the State and local government level also. In fact, the New York Legis- lature will consider a bill in the near future on internal controls in government operations. The current draft of that bill requires man- agement in the various State departments and agencies to analyze, monitor, and annually report on the adequacy of their internal control systems. With the increased attention being given to internal controls in private and State and local government sectors, I believe the pro- posed Federal Managers' Accountability Act of 1981 becomes even more significant as the key to reducing fraud, waste, and abuse in the Federal Government. As you may know, I sponsored a similar bill last session and another this session called the Financial Integrity Act of 1981. These bills are very similar; however, the Federal Managers' Ac- countability Act of 1981 includes three different items I believe are important since it gives the Congress direct oversight into areas it presently does not have. The first item, with which I concur, requires budget submissions to the Congress by the President to include original amounts of appropriations requested by each of the Offices of Inspectors Gen- eral and all changes made subsequent to that original request until final amounts submitted by the President. The second item concerns the frequency of the report on internal controls submitted by the head of each executive agency. Section 2(dXl) of the bill requires reports to be submitted by the agency head for 2 years beginning at the end of 1982. However, I believe continual monitoring and reporting on inter- nal controls each succeeding year is essential to obtain the level of assurance we seek that assets are safeguarded against waste and abuse. I therefore recommend that the report requirement con- tained in this bill be slightly modified to include annual reports each succeeding year thereafter the date specified as the first report date in this bill, as opposed to reports for only 2 years after the passage of this legislation. The third item requires the head of each agency to include with appropriation requests a statement certifying that the request be based on an accounting system that has been approved by the Comptroller General. The General Accounting Office (GAO) has raised a point concern- ing this item. The GAO states that this item can be interpreted to mean that appropriation requests might not be approved if an agency's accounting system has not been approved by the Comp- troller General. GAO reports to us annually that not all systems have yet been approved though it continues to provide any assist- ance agencies need. Although I actively support the passage of the Federal Managers' Accountability Act of 1981, I believe the GAO point is well taken and would warrant consideration of a minor modification to that part of the bill. I concur with a GAO suggestion that a better approach might be for the bill to require that when an appropriation is requested, the head of an agency be required to report to the Congress on the Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 54 status and progress made in having its accounting systems ap- proved. I have prepared suggested additions to section 4 of the bill to incorporate this change appearing in the attachment to my state- ment. This would give the Congress an opportunity to exercise its oversight authority over individual agencies to see that their sys- tems, including the internal controls contained in them, get ap- proved by the Comptroller General. Mr. BROOKS. Health and Human Services has a myriad of sys- tems not yet approved. That could present a serious problem. Mr. HYDE. It isn't asking too much of agency administrators to know what their resources are and how they are being utilized. It isn't asking too much to require those who administer Government programs to be cost conscious, waste conscious, fraud conscious, and to establish and monitor control systems that will give the taxpayers an honest and effective return on their tax investment. This vehicle, H.R. 1526, charts the course and provides the me- chanics for accomplishing this. It stresses oversight of how well public moneys are being spent, something we all talk about but see very little of in practice. In this congressional session, as I stated before, I have also introduced similar legislation, the Financial Integrity Act of 1981, H.R. 350. However, my primary concern is enhancing accountabil- ity in the Federal Government by improving internal controls through legislative mandate, as I have testified here today. I am confident that if any bill passes it will be H.R. 1526, and so I would appreciate it if the chairman would be so kind to consider me as a cosponsor to the Federal Managers' Accountability Act of 1981. We need answers to billions of dollars lost through waste, fraud, and abuse. I think this is a reasonable and effective answer. Thank you for listening to me. [Additional material follows:] Sec. 4. Section 215 of the Budget and Accounting Act, 1921 (31 U.S.C. 23), is amended by inserting immediately after the first sentence thereof the following new sentence: "The head of each department and establishment shall include with any such requests for appropriations a statement (1) certifying that the funds requested will be accounted for in an accounting system that has been approved by the Comptroller General pursuant to section 112 of the Budget and Accounting Act of 1950, or (2) indicating the status and expected progress to be made, including expected approval dates, in having the accounting system(s) of such department or establishment approved by the Comptroller General and including the design of any accounting system which is being developed or is to be developed (and any related automatic data processing system development) which will account for the funds which such appropriations are being requested." Mr. BRooKS. We welcome your support. I am delighted that you indicate a keen awareness of the problem. I hope that awareness can be reflected throughout Congress, because passage of this bill will take some doing. It is never easy to get anything like this passed. Many people also talk about savings; but when you try to imple- ment controls, everybody is mad at you. We have been doing that for 20 years, saving billions of dollars of Federal money. I never saved a dime but what there was not somebody complaining bitter- ly about it-Democrats, Republicans, or both. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 The members of this committee have steadfastly tried to protect what is the public right, their right to good and efficient govern- ment. I have a couple questions for you. Fraudulent use of Government funds can result in the loss of thousands, even millions, of Federal dollars. How do you feel this bill will eliminate or reduce such fraud? Mr. HYDE. I think it highlights, underscores, turns the search- light on these internal control systems. We have had requirements that these be in place under the Budget and Accounting Proce- dures Act of 1950. We passed Inspectors General legislation in 1978. OMB has had a financial priorities program since 1979. Despite that, the problems of fraud, waste and abuse go on and on. In answering the question ,Congressman Horton I put earlier " Do we need another law?" Is this just more paper work? I can only say the laws we have have not been effective. We need a means to enforce the laws which are on the books. This legislation requires that these internal controls not be shoved into the corner of the desk. They have to be evaluated and we get reports. It makes our job of oversight, the most neglected aspect of the entire congressional process, easier by facilitating access to reports and reminding us of the constant need for con- tinuing oversight. Therefore, I think this is useful. It focuses attention on enforce- ment of the requirement for effective internal controls. Mr. BROOKS. Why do you feel this legislation is necessary inas- much as it is an inherent function of management to maintain controls over the resources entrusted to them? Mr. HYDE. They have not been doing it. If this does not work, the next step is civil penalties to agency heads; if that does not work, criminal penalties. However, when you deal with billions of dollars you should be mindful of how they are being administered as to waste and fraud. We all know horror stories. I can tell you some and you can tell me some, and there are some in these reports. It covers neglect, misplaced emphasis, and so on. I think this bill will focus the mind of every agency and department head on the need to look at these things and to report to us, the President, and the public. It is disclosure of a very important sort. Mr. BROOKS. Thank you. Mr. Horton? Mr. HORTON. First, Henry, I would like to congratulate you on introducing your bill and also for taking your time. to be with us this afternoon to testify. I want to indicate my support as you have already indicated your support for this type of legislation. I think it is important. One of the questions I wanted to ask was this: This bill, as well as yours, provides that the Comptroller General would have the authority to establish a system of reporting on internal controls. Why would you put that authority with GAO rather than OMB, which in theory is the management arm of the executive branch? Could it be just as effective with OMB? Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 56 Mr. HYDE. Let me first say, Mr. Horton, that my interest in this legislation generates from the interest of Mrs. Nancy Short of my staff, who has made this a project of hers and made it my project. I thank her for her interest in this very worthwhile piece of legisla- tion. I think the GAO should be more independent than OMB. OMB is a very professional agency but it is politically appointed and has a political function. The GAO should be and is independent and it would be more clinical, it would seem to me, in approaching these problems. The answer really is OMB and the GAO have the resources, the brains, and the energy to do this together. I am sure they can work together in resolving these problems. The GAO strikes me as the appropriate agency because it would be a little more clinical. Mr. HORTON. The only problem is that the GAO is an arm of the legislative branch and not an arm of the administrative or execu- tive branch. GAO does have this capability. Whether or not it would be effective is another question. Mr. HYDE. I would view it as an extension of our appropriations function. We have appropriated the moneys. We need to see how well they are being used for the purposes for which they were appropriated. Oversight is a congressional function. GAO best can help us in exercising this oversight. Meanwhile we are asking the agency heads to do the oversight on their own agencies and then provide us with a look at it. There is a role for both OMB and GAO here. Mr. HORTON. I understand that OMB is working on a draft circular which would in effect accomplish many of the objectives of this bill. If they could come up with such a circular to cover the same ground as the bill, would you still favor approval of legisla- tion? If so, why? Mr. HYDE. Yes. I think legislation has more impact than a circu- lar or an Executive order or anything of a lesser standing. I think only legislation has the force of law. Mandating of the disclosure to the President, to the Congress, and to the public requires the dignity and the status of law rather than any lesser mandate. Mr. HORTON. It seems to me, too, this is an important matter. If you have legislation, then it will not be changed unless they come back to the legislature, the Congress, to do it. If, on the other hand, they do it by circular, somebody can change the circular next week or a year from now. You then have nothing. I would agree with you, therefore. Mr. HYDE. I would like to be able to answer somebody when they ask, "What are you doing about the billions of dollars lost in fraud, waste and abuse?" I can say, "We are told the executive agency issued a circular." That is not an answer. It is our responsibility. Mr. HORTON. Thank you. Mr. BROOKS. Mr. Butler? Mr. BUTLER. I, too, congratulate you on your legislation. It seems to me it is a very important step. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Your suggested amendment, which I think tightens it up, also would be an improvement. You took a hard line on GAO versus OMB. I judge if it was the wisdom of this subcommittee that it was appropriate to shift this function to the Office of Management and Budget your feelings would not be hurt so that you would withdraw your support? Mr. HYDE. I have great confidence in OMB, particularly under Mr. Stockman, who is well-known for being the enemy of fraud, waste, and abuse. No, I have no hangup on GAO versus OMB. I think there is a role for both agencies to play in this. Mr. BUTLER. The way this legislation is written it is the head of each executive agency which the Director of OMB determines to be covered. There is no agency that you can determine is not covered by this, is there? Mr. HYDE. Any agency dealing with public funds should account for those funds. They should have an internal control system. Someone has to look at that and say yes, it is adequate. Mr. BUTLER. We had the Legal Services Administration before us the other day at a Judiciary Committee hearing. They were sug- gesting they were not under any kind of suggestions from OMB. It is your intent that that agency and others who are semiautono- mous should be covered? Mr. HYDE. And those quasi-autonomous. Underscore that em- phatically. Mr. BUTLER. Yes. I think we cover both of those, at least halfway. We have the other problem, it seems to me, that you and I on the Judiciary Committee, as well as the chairman, frequently see that an Attorney General has all of these areas of compliance and problems. Would it not be more appropriate, or is there some way we can say, for example, that the Immigration Service, within its own Department, can evaluate itself as well as the department head? There are many subdepartments and divisions which ought to examine themselves and be required to certify. Will that ask too much? Mr. HYDE. My own feeling on the Immigration and Naturaliza- tion Service is that it is almost a terminal case. It will require the total attention of many skilled people to shape up that agency. I would hope the provisions of this legislation would apply to that agency as well. Mr. BUTLER. No. Should not that agency develop its own internal examination procedure rather than putting it on the Attorney General who has to look after five or six divisions? Mr. HYDE. No. I want someone looking over the Immigration and Naturalization Service's shoulders, both shoulders, at all times. The Justice Department seems to be appropriate. Mr. BUTLER. Thank you. Mr. BROOKS. Thank you again. Mr. HYDE. Thank you, Mr. Chairman. Mr. BROOKS. We appreciate your bringing in your study as well. Our next witness is John Lordan, Chief of the Financial Manage- ment Branch, Office of Management and Budget. He is a certified public accountant, a graduate of Suffolk University, with advanced degrees from Boston College and Harvard University. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. Lordan began his Government career with the General Ac- counting Office. He is active in a number of professional associ- ations, having served on the governing bodies of the American Institute of Certified Public Accountants, the Association of Gov- ernment Accountants, and the National Council on Governmental Accounting. Mr. Lordan has written numerous articles for professional jour- nals, and has received a number of Government and professional awards, the most recent of which was OMB's exceptional achieve- ment award. A native of Massachusetts, he lives in Columbia, Md., with his wife and two children. Mr. Lordan has been a source of inspiration to us for many years. We are delighted to have you here. STATEMENT OF JOHN J. LORDAN, CHIEF, FINANCIAL MANAGE- ' MENT BRANCH, OFFICE OF MANAGEMENT AND BUDGET Mr. LORDAN. Thank you very much. Mr. Chairman and members of the committee, I am pleased to have an opportunity to meet with you today to discuss H.R. 1526, the Federal Managers' Accountability Act of 1981. This bill has as its primary objective the improvement of internal control systems to prevent fraud, abuse, and waste in Government, an objective we wholeheartedly support. To date, much of our attention at OMB has been focused on four major components of the President's program for economic recov- ery-spending restraint, tax-rate reduction, regulatory reform, and monetary stability. We view efforts to improve the efficiency of Government as a vital corollary to spending restraint. Simply stated, the Govern- ment must do more with what it has, and the elimination of fraud, abuse, and waste will make that possible. Let me tell you about some of the things the administration is doing that run parallel to the objectives of H.R. 1526. First, as directed by the President, we are putting together a top level interagency task force to attack waste and fraud. The task force will be made up of the statutory Inspectors General, the Justice Department, and other key audit and investigative officials. The group will be chaired by OMB. Second, the President has pledged to appoint as Inspectors Gen- eral highly trained professionals who will spare no effort to elimi- nate waste and fraud. OMB will provide support to these officials in every way possible. Third, we now have under consideration a new OMB circular, "Internal Control Systems." The circular fills out the concepts of internal control in more detail than they are described in H.R. 1526, and provides procedural steps for seeing to it that effective systems of internal control are set in place. The draft circular was developed by an interagency group, com- prised of representatives of 22 major departments and agencies, as well as representatives of the General Accounting Office. Here is what the proposed circular would do: Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Each department and agency head would issue an internal con- trol directive tailored to their particular program and organization. OMB would review and approve these directives. Administrative mechanisms would be set up in the agencies, calling for reports on internal control breakdowns and disciplinary action against responsible individuals. Vulnerability assessments and risk analyses would be made of all major programs and organizations. Audits would be made of internal control systems and of agency compliance with them. The internal control responsibilities of each top manager would be pinned down. Perhaps most important of all, performance appraisals, on which pay and bonuses are calculated, would include consideration of internal control issues. In time, additional guidelines would be added to the basic circu- lar, giving detailed guidance on such areas as fund control, cash management, debt collection, procurement, grant management, automatic data processing, and payments systems. While the requirements of the draft circular go well beyond those in H.R. 1526, we believe they are entirely consistent with the objectives of the bill. In fact, the draft circular could be said to form a nucleus of the "system of reporting and guidelines" called for by section 2(d)(3) of the bill. This brings us to one feature of the bill that we express reserva- tions about. Section 2(dX3) would require the Comptroller General to establish a system of reporting and guidelines for the agencies for making evaluations of their systems of internal control. Section 2(dX4) would require agencies to establish internal control systems in accordance with standards prescribed by the Comptroller Gener- al. We believe both these functions-establishing guidelines and pre- scribing standards-are executive branch responsibilities, and ought not to be delegated to the Comptroller General. Accordingly, we recommend that the duties prescribed in sec- tions 2(d)(3) and 2(dX4) be assigned to the Director of OMB. This would keep the responsibility for internal control focused where it belongs, in the executive branch, and give Congress the opportuni- ty to hold us fully accountable for the adequacy of internal control systems. We would, of course, work very closely with the Comptroller General in developing guidelines and standards, just as we did in ? developing the draft circular referred to earlier. There are two other features of the bill that cause us some concern. One is section 3(k), which would require the President to include in the supporting detail accompanying the budget a state- ment of the original appropriation request of each Inspector Gener- al, any changes made by the head of the agency, any further changes made before submission of the budget to the Congress. We believe this provision represents a serious breach in the concept of executive budgeting, and could set an unfortunate prece- dent in other areas of budget decisionmaking. We believe the idea of a President's budget, which he alone submits to the Congress, and which his administration justifies in Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 detail, is an important tool in control over Government spending. Routine exposure of the details of how Presidential budget deci- sions are arrived at could have a chilling effect upon the process. Of course, as you know, much of this detail is available from the agencies on request of the Congress. Our concern about its routine provision is the potential this holds for eroding the discipline of the system. Our next concern is one that we understand is shared by the General Accounting Office. It involves section 4 of the bill, which would require department and agency heads to certify that their budget requests are based on accounting systems that have been approved by the Comptroller General. As you know from your work with the various agencies in trying to move this legislation forward for some 20 years, about 40 per- cent of these systems have not yet been approved, despite the requirement for approval in the Budget and Accounting Act of 1950. This is a situation we intend to correct, but, in the meantime, many department and agency heads would just not be able to make the certification called for by section 4. We suggest, therefore, that this section be deleted from the bill or that it be modified to provide for a statement on the status of accounting system approv- al, instead of a certification. With these caveats, Mr. Chairman, let me repeat our strong support for the objectives of the bill. We believe we can achieve these same objectives administratively, and we are committed to doing so. However, if the Congress believes that legislation on internal control is appropriate, we hope our views on H.R. 1526 will be taken into account. Similarly, we would welcome any thoughts from you or your staff on how our administrative efforts on internal control could be improved. Mr. Chairman, that completes my statement. I would be glad to answer any questions you may have. Mr. BROOKS. Thank you very much for an interesting and good statement. I notice at page 4 your concern about the requirement that the Comptroller General prescribe guidelines for use by the Federal agencies in making evaluations of their systems of internal control. We have been trying to get the Comptroller General to get the agencies' accounting systems approved over the years. He is slowly getting that done, but some of the agencies drag their feet. They dragged their feet under Republican administrations and dragged their feet under Democratic administrations, and they are surely dragging their feet now if you don't put a gun to their heads. This is the nature of the situation. If you think otherwise you are wrong. I have been here 29 years and agencies are still not getting their systems approved. You mention the Inspectors General. We hope we get some ap- pointed soon. We had a lot of them and they all left at the request of the new administration. I remember that bunch. One came to work in the Federal Government under Nixon; six came to work under President Eisenhower. They came to work under various Presidents and were selected on the basis of their capability. They Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 eliminated some fraud and waste and they had competence to do program evaluation. These people were not picked off the street because they were Carter Democrats. They were not. You cannot easily get people as well qualified as those who were serving as Inspectors General in the prior administration. If political plums are made of these jobs, and the Reagan admin- istration selects people because of their support for the President, that will not do the job. It would be counterproductive. I don't think that is what he wants to do. I hope the staff recommending Inspectors General will select people in accordance with their qualifications. I talked to President Reagan about it. He said he would perhaps reappoint many of those people who were serving as Inspectors General in the last administration. I think most of them have been interviewed. I think they have not yet decided how they will send them down to Congress. If they have made appointments to any of the Inspector General positions, I am not aware because I have been out of town. However, the independence and credibility and acceptance of Inspectors General was jeopardized to some extent when the President fired all the Inspectors General. He had a right to do that, but if the Inspectors General are performing their job and have done nothing wrong and they are all run off-how would you like to be the wrong next person taking the job? You can get a little nervous. If an Inspector General is working on two programs to eliminate fraud and suddenly he is no longer on the payroll, that creates a pretty difficult situation for these people who will be appointed to the job. I would hope the administration will get Inspectors General ap- pointed soon. This committee passed the legislation creating those offices, and we are intimately familiar with it. During this Con- gress we will take up and pass legislation to create an Inspector General in the Treasury Department and the Defense Department, where $33 billion in additional appropriations have been requested. They will perhaps need tremendous Inspector General facilities in the Defense Department to keep the bandits from stealing all of that $33 billion. They have been on a big high, and they have not even had a drink, since they heard about the $33 billion. President Carter was going to give them an additional $19 bil- lion. President Reagan will give them $33 billion instead. The appropriations committees will give them this money. The Armed Services Committee will wonder whether that is enough. That is the pattern and practice, and it has been that way for the past 20 years. As to the question whether Inspectors General get enough money, sometimes it is a little difficult to get details about their budget requests from the agencies. They squirm a little when you ask them the amount the Inspector General requested for his staff to do the job required in the X, Y, and Z agency. They say, "You know, those requests came from the President. They amounted to x dollars." They are also reluctant to say that the Inspector General might have asked for $10,000 and the agency might have approved it. But Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 then the OMB might say, "All you can have is about $6,000." Then a 10 percent cut across the board would drop it to $5,400. Then the agency head might decide to pick up points at the Cabinet meeting and cut it another $2,000. He might say, "I had no trouble cutting my budget. We made another 10 percent cut." He then eliminates Inspectors General a little more. That makes it pretty tough because those are the people who might save you many times the investment. Just as I explained to Congress, if they want to cut out all the money the Government Operations spent, it is all right. We saved over $2,000,200,000 for the Government last year. If they don't think that is a good return on the money-and obviously it is a good return-but if they do not want to make that kind of return for those who pay taxes, that is their choice. I like it and I think it is worthwhile. If Inspectors General do not have an adequate staff and they are not protected among the agencies and the OMB, then you might wind up with an Inspector General who has one secretary and two clerks. "We have a tremendous Inspector General Department, one of the best in the West. It has four people in it." They couldn't catch scat. We want to avoid that possibility. If you do not have an effective Inspector General Office operat- ing in all of these agencies, we want you to catch hell for it. I want all the tools necessary to haul you up on the carpet and work you over. That is the reason we need this information. People like Congressman Butler, and Congressman Horton are dedicated to efficiency and effectiveness. They are not partisan in this effort. However, they expect Inspectors General to be doing a good job, financed adequately to save money and eliminate fraud. That is the name of the game. That is the only way we can do it if we are to provide the services that this country requires. We cannot give this country the services required in various fields if we waste 20 percent, 10 percent, 30 percent, 40 percent of the available money. It cannot be done. Mr. LORDAN. Yes, sir. Mr. BROOKS. I don't think it will hurt you. I understand why you would be a little reluctant for us to know, but generally you can get that information. Mr. LORDAN. Yes, sir. Mr. BROOKS. Why not just forthrightly say that you would pro- vide it? Somebody in the Inspector General's Office, somebody who typed the document, somebody who saw the document, somebody will tell us the amount of the original request in the X, Y, Z agency, and the OMB and the executive department cut it to the bone because they were tired of it. The Inspector General was finding too many things the agency didn't like. They might even find-I cannot believe it-but they may even find a Republican doing something wrong. It is not likely now during these next few months because things are so rosy, but after things get settled down they may, and I wouldn't want them just to eliminate an Inspector General because he turned up one of those dedicated souls doing something wrong. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. LORDAN. The concern expressed has to do with the potential this might have for establishing a precedent for other areas where Congress has special concern. Environmental issues, safety issues, and others are examples. Mr. BROOKS. I understand. I think there are several ways to skin that cat. I have always thought that if you ran OMB you would not have to worry about anything. If Stockman will understand-and he seems to be getting the hang of it, though we will see how he does-but they approve the budgets. They can establish the level of efficiency required to allow a budget to be submitted in the name of the President to the U.S. Congress. Very often in the OMB they are too reluctant to utilize that power. I worked hard on McIntyre. He came along pretty well and was getting the hang of it. However, it is tough. You have to understand that in any government, when the head of the OMB begins to make recommendations to the people run- ning the agencies, they begin to say, "He is telling us how to run our business?"; they do not appreciate that. They don't like OMB's recommendations and respond to them officially, "We appreciate it. Thank you. We are working on it. We have it under study. We are making progress in this area." However, the bottom line is that they are not doing anything they don't want to do. This happens with the Democrats and it happens with Republicans. If the President does not watch it very carefully, one set of appointees will undercut another. This is a real difficulty. It means that the OMB has to keep a very close eye on these budgeted items and on every one of these agencies. OMB must see the agencies are efficiently run. If not, you pull that chain on them. Don't go to the papers. You don't have to go to the newspapers and say what the agencies are doing. Just tell them, "You blew this money on this deal. You have to get rid of those people. Clean up that operation. Dump those regional managers who are incom- petent." Incompetence is just as dangerous as corruption. "I didn't mean to do it." Well, "I didn't mean to do it" is just as dangerous if the man shoots you. Who cares why he shot you? He just made a mistake. He didn't know the gun was loaded. He misunderstood. He thought you were somebody else. That has no bearing whatsoever if you are lying there bleeding to death. That is what I think about the difference between incompetence and corruption. You have to eliminate it. Is there any reason why an agency head could not give a fair and objective statement on the adequacy of the agency systems as required by that section 2 on internal auditing? Mr. LORDAN. We believe it would be quite possible for such a statement to be submitted. Some of the agencies have expressed concern about the expression of opinion on the adequacy of sys- tems. That is a technical concern similar in some respects to the one raised by the Comptroller General with regard to section 4 where it calls for certification of the adequacy of systems. Except for that small distinction in language, I think it should be quite possible for the agencies to submit a report on the adequacy of their systems. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. BROOKS. I had a couple of questions as to the Comptroller General being the man to design these guidelines. He has been working on guidelines for some years. Forty percent of the agencies have agreed with him. Mr. LORDAN. Yes. Mr. BROOKS. The only reason the others have not is because they have been effectively dragging their feet. It is not impossible to work under those guidelines. Now they come in and cry to you and say, "We have trouble doing it." They never fight you on the main issue. They are too smart for that. They say, "Lord knows we want to do this. It is essential that we get the best possible accounting procedures lined up. We are dedicated to it and committed to it. We will do it. You can count on it." However, they never say when. "We are working on it." They will say, "We have a hand-picked, blue-ribbon and gold-plated com- mittee working on this now. It has been working on it for about 10 years. They don't tell you that, but they will work on it forever. The only way you can get them to do it is to put the heat to them. Tell them they have 30 days, 45 days. Tell them to get with it. Send their top accountants down there and look at the plans with the GAO and get a resolution of their accounting procedures. I am not an accountant and I am not trying to dictate how they do it. All I know is that they should reach accord. Forty percent of the agencies have done it. OMB can have input into the GAO. GAO has worked with OMB. Elmer Staats has tried to work with OMB in improving accountability practices. OMB over the years has always given him lip service, sometimes help, but often they have been slow to require agencies to cooperate. You can pass all the laws you want, but if the OMB lets the agencies get away with noncompliance, the agencies still thumb their noses at you. They are not unpleasant about it. That is just the way it is. Mr. LORDAN. The point is well taken about the role of the Office of Management and Budget. I have served with the General Ac- counting Office and worked closely with them at OMB. Of course, I have worked with former Comptroller General Elmer Staats. The precedent of the accounting systems approval process, where the standards are set by the General Accounting Office, and agen- cies submit to them for approval, has not been an entirely success- ful process. We think perhaps a better analogy can be drawn in the internal control area, to the process of approving funds control regulations of the agencies, responsibility vested in the Director of OMB by the Antideficiency Act. We recently got the agencies to resubmit their systems for ap- proval and approved the fund control systems of the 30 major departments and agencies. We think that process worked well and it can serve us well with regard to other areas. Mr. BRooKs. When did you finish that? Mr. LORDAN. It was completed in July of the past year. Mr. BRooKs. You think the problem can be handled administra- tively. Why do you think the agency will follow the OMB guide- lines on internal control when in recent hearings of this subcom- mittee the GAO testified that the agencies were not following Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 guidelines OMB put out for the resolution on audit findings? That is a fact. They have not done it. Mr. LORDAN. The points raised by the GAO in that report are currently under review. Certainly there has been, as is always the case, some failure on the part of the agencies fully to comply with the standards in Circular A-73. However, the GAO acknowledged in its report that there has been substantial change in the proce- dures of the agencies for tracking audit findings so the unresolved amount can be determined. We see the implementation problem as being primarily one of phasing-in what is a considerable change in the practices of the departments and agencies. Congress, in passing legislation with regard to the resolution of audit findings, Public Law 96-304, provided until the end of fiscal 1981 for the current backlog to be eliminated and provided a 6- month period of resolution for findings thereafter. I think that acknowledges that there is a time factor involved and it does take some time to eliminate the huge backlogs which existed when this committee highlighted that very serious problem some time ago. Mr. BROOKS. They sure work slowly, though. It is not just the agencies. Some of that blame has to come down on OMB. They have new personnel in charge at the agencies now. OMB needs to follow through with the new personnel. You admit the problems are there. All you have to do is call the top officials in and explain this to them. Mr. LORDAN. Yes, sir. Mr. BROOKS. Mr. Lordan, I have several questions that I would like to submit to you in writing for inclusion in the hearing record. [The questions and submissions follow:] Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 1. The Budget and Accounting Act gives the Comptroller General the duty to approve agency accounting systems. Wouldn't he also be the best person to develop standards of internal accounting for the agencies and to establish guidelines for evaluating their systems for the agencies as required by this legislation? Answer. Agency experience with regard to GAO accounting standards have not been entirely satisfactory. As you know, almost 40% of the agency systems have not yet been approved by GAO, despite the approval requirements of the Budget and Accounting Act amendments of 1950. This 40% includes some of the biggest systems in the Government, most notably those of the Department of Defense and the Department of Health and Human Services. We believe a better model for internal control standards and guidelines might be the process by which agency fund control systems are developed and approved. Under the authority of the Antideficiency Act, OMB issues fund control standards in Circular A-34, "Instructions on Budget Execution." Working within these standards, agencies develop detailed systems of control, and submit the systems to OMB for approval. The 30 largest departments and agencies recently were asked to update and resubmit their systems to OMB. All 30 systems were submitted and approved within an 18-month period. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 OMB worked very closely with GAO throughout this process. We believe, however, that it is more appropriate to have any internal control standards developed within the executive branch, rather than the GAO, a legislative branch agency. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 2. Do you see any reason why an agency's Inspector General should not be responsible for investigating allegations that employees provided false or misleading information in connection with the preparation of the annual report required by this legislation? Answer. We believe the Inspectors General already have authority to investigate allegations of employee misconduct in the preparation of official agency reports. We see no reason why that authority would not apply to reports pre- pared in connection with H.R. 1526. Several agencies have questioned the need to specify the Inspector General authority in such detail in this legislation. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3. Comptroller General Staats testified last week that the provision for requiring the agency head to certify that the system had been approved by the Comptroller General is unduly restrictive. Are you in agreement with General Staats on that point? Why, or why not? Answer. We agree with former Comptroller General Staats. The bill would call for a certification that an agency's budget request was based on an approved accounting system. As discussed in connection with question 1, many agency systems have not yet been approved. It is not clear from the language of the bill how the budgets of these agencies would be handled. We agree with the former Comptroller General that a better approach would be to call for a report to the Congress on the status of accounting systems approval. Such a report is already submitted to the Congress on an annual basis by the GAO. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4. The bill requires that the controls established by the agencies shall provide reasonable assurances that (1) all obligations and costs are in compliance with law; (2) all funds and property are safeguarded against waste or unauthorized use; and (3) all revenues and expenditures are properly recorded and accounted for. Do you find these reasonable standards that any agency could comply with? Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. BROOKS. Mr. Horton? Mr. HORTON. I have a number of questions, Mr. Lordan. I would like to submit them to you and perhaps you can submit your responses for the record. [The questions and submissions follow:] 1. I understand that OMB last year formed a task force on internal controls. What specific problems did the task force consider and what remedies did they recommend? B. Does this legislation contradict any of their findings or recommendations? Answer. The Internal Control Task Force was formed to look into potential weaknesses in agenny systems of internal control that had been highlighted in a series of General Accounting Office reports to the Congress, and in reports of the Inspectors General. The Task Force recommended issuance of an OMB Circular on internal control, and developed a draft circular, "Internal Control Systems." A. No formal task force position was taken on H.R. 1526. However, a subcommittee of the task force reviewed similar legislation introduced in the 96th Congress. The subcommittee recommended against such legislation on the basis that administrative action was more appropriate and would involve less paperwork. B. H.R. 1526 differs from the draft circular recommended by the task force in some repects, but both are consistent with the task force view that some form of central guidance on internal control systems is desirable. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 2. I understand that a proposed circular on internal controls is in the works and that the comment period on it has recently expired. If H.R. 1526 becomes law, would OMB proceed with that circular and, if you do, how would it differ from the thrust of this bill? A. Would this bill be duplicative of the OMB effort to strengthen internal controls? B. What, in your view, would both the circular legislation mean in terms of paperwork for Would it mean more paperwork? and the the agencies? Answer. If H.R. 1526 becomes law OMB would consider issuance of a Circular to implement it. Such a Circular would, of course, be consistent with the legislation. It would undoubtedly differ from the presently proposed draft Circular in some respects, but the basic thrust could remain the same. A. H.R. 1526 and the draft Circular cover the same basic subject, aqency internal control systems, and naturally are somewhat duplicative. B. The draft Circular was developed with a view toward minimizing the paperwork burden it would impose on the agencies. This was done by -- requiring reports to agency heads on an exception basis; i.e., only where major breakdowns in systems occur Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 H.R. 1526 attempts to hold down paperwork by calling on the Director of OMB to identify the agencies to which its requirements would apply. This would permit the Director to exclude many smaller agencies where the value of an annual report on internal control might not be commensurate with its costs. It should be noted, however, that the reporting requirements of H.R. 1526 are more extensive than those set forth in the draft Circular developed by the interagency task force. For example, the bill would require -- an annual report on the adequacy of all systems of financial and administrative control -- an "opinion" on the adequacy of all systems, a requirement that could entail considerable analytical work by the agencies a separate "certification" that would be submitted as part of an agency budget submission, dealing with accounting systems approval. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3. How and many many agencies are we talking about, bo the bill? How would 0MB determine whi agencies would be covered by this bil th for the circular ch agencies and how l? A. B. So that would mean how many new report What would be the cost of that paoerwo s? rk? C. In your view, do the benefits of this outweigh the costs involved? kind of reporting Answer. No decision has been made by the new Administration with regard to the issuance of an 0MB Circular, nor with regard to its coverage. The extent of coverage, under either H.R. 1526 or a Circular, should be determined on the basis of the costs of compliance vs. the potential benefits to be derived. A. If all executive branch departments and establishments were covered, this could involve several hundred reports a year. If it were limited to the major agencies that make up 90% of the budget and staff of the Federal Government, it would he more like 30 agencies. B. Estimates of costs of compliance are not now available. It appears, however, that the costs of compliance would be greater under H.R. 1526 than under the draft Circular for the reasons outlined in the answer to question 2.B. C. This is a judgment that the Congress will have to make on H.R. 1526; and the Administration, on the draft Circular. Additional agency consultations on the subject are taking place now. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 75 4. I understand your interest in protecting your turf in the Executive Branch, but other than that concern, what other substantive obiections do you have about placing in GAO the authority to establish a system of reporting and guidelines for the agencies? A. What negative impact would that have on OMB? B. Why do you feel that this particular provision would give GAO any real sense of direction over the Executive Branch? C. If we reversed the language in that provision and gave OMB the authority to establish the system in consultation with GAO, you would still feel GAO looking over your shoulder, wouldn't you? Answer: The emphasis of H.R. 1526 is on establishing that internal controls are a part of management responsibility. The bill calls for a report from the head of a department or agency as a mechanism for highlighting the importance of internal controls in the overall management of Executive Branch operations. It seems incongruous, therefore, to place the responsibility for establishing internal control standards and quidelines in the GAO, a Legislative Branch agency. We think this responsibility would be more appropriately placed in the Executive Branch. A. Placing the responsibility for establishing internal control standards and guidelines in the GAO would have no negative impact on OMB. It would, however, unnecessarily blur the lines of responsibility for Executive Branch management. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 76 B. We are always concerned about measures which blur lines of responsibility in Executive Branch management including internal control over its operations. C. We would have no objection to (',P.O oversight as the rAO assists the Congress in its oversight role. We would welcome their oversight and we would look forward to full consultation with them, in the same spirit of cooperation that has been shown to date in the development of the draft circular on internal controls. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 77 5. I understand that OMB considers Section 3 a threat to your budget discipline. Would you elaborate on that and tell us why you believe that this section would establish a potentially dangerous precedent? A. If an agency head feels that he has substantive reason to cut the IG budget request, would he still not be able to make his case in the give and take of the normal budget process? Answer. Director Stockman, in response to a similar question during his confirmation hearings, said "As in the past, OMB supports the sharing of agency budqet requests with the Congress after the President's budget has been transmitted to Congress. Under existing law and 0MB Circular No. A-10, after the President's budget is transmitted to the Congress, the heads of Executive Branch agencies may provide information concerning their budget requests to the President when the Congress asks for this information in connection with its consideration of the President's budget. The information may be obtained directly from an agency upon the request of a Congressional committee with jurisdiction. These procedures allow an agency to tailor its response to the specific needs of the committee making the request. We doubt that providing agency budget information in the standard format you suggest could be as useful, because different committees like to receive information in differing formats. 0MB has also made a practice of not interposing itself between the agencies and their Congressional committees. "Moreover, we do not believe that providing this information routinely for all agencies will enhance communication between the Legislative and Executive Branches or control over the budget. Greater emphasis on agency budget requests would shift discussions of the President's budget from major budget issues to explanations of differences between Presidential recommendations and the more parochial recommendations of the various departments and agencies. This can only serve to cause confusion and divert attention from viewing budget requests in the context of national priorities, economic conditions, and overall budget totals." Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 78 6. How do the agencies feel about paragraph (5)(A) on page 3, where the IG of an agency would be required to investigate any allegation that an employee provided false or misleading information in connection with internal report? A. Could this language in any wav discourage full and accurate participation in the reporting process? B. Is there any reason to fear that it might have a chilling effect on employees? If so, why? (5)(A) of H.R. 1526 on the basis that Inspectors General already have the authority to investigate allegations of misconduct under the inspector General Act of 1978. Mr. HoRTON. With regard to this section 3(k), the concern about giving the information with regard to the original appropriation request of the Inspector General when any change is made, and so on, it does seem to me-and I understand your concern about precedent-that this is a unique situation and one to be distin- guished from the normal. This is an instance in which Congress is concerned about its oversight function. We have a need and a desire and it is very necessary for us to perform our mission. We are concerned about objectivity and the ability of the Inspector General to do his job. I want to associate myself with the comments which the chair- man made with regard to removal of all these Inspectors General. I was with the chairman when we met with the President, and it so happened it was on the very day that that order was issued. We spoke to the President personally about it. Mr. Stockman was there. They did give us the assurance which the chairman just mentioned, that is, that some of those would be put back in. It was unfortunate the way it was handled. However, I am concerned not with this administration or the last administration but with the fact we do not find these Inspectors General in a situation where the Inspector General is able to perform his mission; namely, to be a watchdog of that agency. If we do not have that kind of information, it seems to me we might defer the prejudice and our ability to be certain that Inspec- tor General is able to call the shots the way he should be able to call them. Admittedly, the Inspector General is part of that agency, but it is important for our oversight function to be certain that he is as independent, objective and nonpartisan as possible and will not be prejudiced one way or the other. One of the quickest ways to cut the legs out from under the Inspector General is to remove the amount of his budget request. It is easy for the administration and OMB to explain the reason they cut it back. We are reasonable. We are perfectly willing to get reasonable explanations. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 However, if they ask for a certain amount and they have a good reason for that, and then they arbitrarily and substantially cut back, it will create some concern on our part with regard to their objectivity. We are dealing with a unique situation in this type of request and I would hope OMB would not raise too much objection to that particular part. I can understand, also, your concern about the GAO. I have a couple questions about that. Again, though, I think the chairman covered it quite well in his remarks. There is no reason why GAO and OMB cannot work together so that the standards are agreed upon and accepted by the various agencies. I have a question with regard to the proposed circular. I don't know what status it is in at the present time, but if that circular does go out, as you mentioned in your testimony, is there any reason we should not go ahead with this legislation? Would it be duplicative, in a sense supplementing the work of this legislation? Mr. LORDAN. With regard to the status of the circular, it has been published for comment in the Federal Register. The public comment period has recently closed. We are in process of analyzing those comments. We plan to meet again with the internal control task force, discuss the public comment with them, and make some revisions to the draft circular before we go forward to the Director with recom- mendations. With regard to any conflict between the proposed legislation and the draft circular, except for the issues addressed in my statement we see no basic conflict. In fact, as I said in the statement, we see the draft circular as a part of the standards and guidelines which would be issued in the future for implementation of legislation of this sort. Our reason for raising the circular as an issue is that it might be an alternative to proceeding legislatively in the event Congress decides not to legislate. Mr. HORTON. Thank you. Mr. BROOKS. Mr. Butler? Mr. BUTLER. Thank you, Mr. Chairman. I, too, appreciate the testimony of the witness. I am trying to identify who this applies to. It states that the Director of the Office of Management and Budget shall determine which executive agencies shall prepare a report. What is that all about? Aren't the heads of all agencies affected by this, or shouldn't they be? Mr. LORDAN. Referring to H.R. 1526? Mr. BUTLER. The vehicle before us, page 2, line 3. Mr. LORDAN. I would not speak to the intent of the authors of the bill. It seems to us that this gave us an opportunity to limit the application to the major departments and agencies and avoid some of the concerns that members of the committee have expressed about potential paperwork impact of the legislation. There are some very small agencies, for example, where perhaps routine reports to the President and to the Congress would not be in order, American Battle Monuments Commission, and a number of smaller agencies. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 We would assume that provision meant, unless there is a legisla- tive history to the contrary, that the Congress intended us to apply it first to the major departments and agencies, or to agencies which were having particular problems. Mr. BUTLER. I thank you for the answer. However, under existing law, as I read it, the head of each executive agency is to establish and maintain systems of accounting and internal control designed to provide a number of things. Mr. LORDAN. Yes, sir. Mr. BUTLER. The head of each executive agency is mentioned. Mr. LORDAN. There is no question that applies to all. Mr. BUTLER. We will be selective in this regard. Mr. LORDAN. I think with regard to the annual reporting and the rest of the requirements of this bill it would appear to be the intent of the drafters to limit applicability perhaps to the major departments and agencies. Mr. BUTLER. But they all have to file annual reports, do they not? Mr. LORDAN. The annual report requirement is one of the new legislation rather than the existing statute. Mr. BUTLER. All right. I thought every agency put something in writing once a year saying what a wonderful job they have done. That is discretionary and the statutes don't require it? Mr. LORDAN. Some statutes may. It is not an across-the-board requirement. Mr. BUTLER. The agency shall prepare a report stating an opin- ion on the adequacy of the agency's system. What does it take to discharge that obligation? Would it be sufficient to say, "I am the head of the Department of Defense and we have an adequate system of accounting and administration. Thank you"? Mr. LORDAN. The exact form of the reporting is something which would have to be worked out between the Office of Management and Budget and the General Accounting Office whichever way the legislation proceeds. The work which would go behind such an opinion, though, it would seem to me, would have to be quite extensive in a depart- ment as large as the Department of Defense. This is the basis of the concern expressed by some of the agencies to us, that legisla- tion of this sort has the potential for imposing a paperwork burden on them. They would have to do a lot of internal study before they could reach a state of recommending to a Cabinet office certifica- tion of the sort you describe. Mr. BUTLER. I recognize that. I am wondering now whether it is necessary to generate all that paperwork. Is there some way to get that evaluation without requiring a report? In other words, dignify- ing this thing with a statutory requirement is an awful burden. Do you have an alternate plan? Mr. LORDAN. I would not propose it as an alternate plan. I think it is up to the Congress whether they wish to receive an annual report of this type. I can tell you what we have done with regard to the proposed OMB circular. There our focus was to try to get reports first where there were major breakdowns in the systems. This report is to the Cabinet officer. And second, an annual report to OMB as part of Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 the routine submission of financial improvements provided us each year. In other words, this second report would be an additional requirement to an existing annual report. We did that on the advice of the internal control task force, an interagency group, in order to minimize the paperwork burdens that our own circular would impose on the agencies. Mr. BUTLER. We really have a big deal, then, if this legislation passes. We picked on the Department of Defense as an illustration. However, that might be too big an illustration. Perhaps even Inte- rior, or any other department, would have a problem. Would it be more appropriate to phase it in on a selective basis within each department? Would that be less disruptive? Mr. LORDAN. Again, Mr. Butler, potential for doing that exists in the introductory statement to the legislation which says the Direc- tor of OMB would identify the agencies to which it applied. If we applied it first to some of the bigger ones, we could phase it in and see whether the process really works as well as anticipated. Mr. BUTLER. You are really anticipating an awful lot of discre- tion. It has not been apparent to me up to this point. Mr. LORDAN. Again if the legislative history of this bill changes that view, we would not try to read that into it. As it stands now, it appears to give an element of discretion to the Director. Mr. BUTLER. Let's take the Department of the Interior, would it be your understanding that you could say to that Department, "Let's work on the Park Service this year but not the rest of it"? Or when you go for the department do you have to go for the whole shebang? Mr. LORDAN. Frankly, I had not given much thought to applica- tion to individual agencies within the Department. It was strictly in terms of identifying departments and agencies to which it ap- plied, and I assumed that would apply across the board. However, it may lend itself to that other interpretation. Mr. BUTLER. I am anxious to put this legislation together but I do not want to do anything that will go into overkill. That is the reason for my questions. How does Circular A-73 fit into this proposal? I do not see in this legislation any suggestion that there is a requirement as to unrec- onciled or unresolved audits. Perhaps I am not reading it correctly. How does that fit into this legislation? If this legislation passes, would it be your understanding that the affected agencies would have to come up with an acceptable plan for resolving all audits as A-73 requires? ? Mr. LORDAN. Audit followup would be an important element for any agency for internal control. There are specific provisions in that circular dealing with audit followup. It is the overall audit policy circular from which we work. It requires that audit findings ? be resolved within 6 months and that there be a system in place within each department and agency to make sure anything older than that is properly resolved. Some of the agencies have chosen to do that by establishing audit resolution committees. Others have chosen instead to process unresolved issues through the normal hierarchy, the chain of com- mand up to the Cabinet or subcabinet level. In either case they must have in place a system for the resolution of those issues. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 This bill would perhaps not address that issue specifically, but I think it is safe to say that any comprehensive system of internal control would have to address the question of resolving audit find- ings. Mr. BUTLER. Would it jeopardize the legislation to make that an express provision of it? Mr. LORDAN. Those systems are already required to be in place. I would not think it would add any significant burden to the legisla- tion. Mr. BUTLER. I understood your response to say it is implicit in the legislation but not expressed. Mr. LORDAN. I think that is correct. It is expressed, however, in OMB Circular A-73, so the requirement is already on the agency. Mr. BUTLER. We had some criticisms of A-73 last week. I guess you heard about those. Mr. LORDAN. Yes. Mr. BUTLER. Are you doing anything about that? Mr. LORDAN. We are working with the agencies to resolve the remaining issues. The GAO report did indicate progress has been made. There is still a long way to go. It was a major problem when it was first revealed by this committee. The agencies have done some good work but they have a way to go. Mr. BUTLER. Mr. Staats had several suggestions about the specif- ic language of A-73, one being that you identify the man responsi- ble for resolving audits within an agency, so presumably you could hang him if he did not comply. I assume that suggestion had reached you at this point. Mr. LORDAN. Yes. Mr. BROOKS. Thank you, Mr. Butler. You understand there is always a little slippage. OMB issues circulars, GAO issues findings and reports, and the agency still does what it pleases and nobody does anything about it in the final analysis. That is so in many instances. We will pass it one more time. If they will name the people responsible, we will get those people for you, and we will call Mr. Stockman and ask him what he has done about the unresolved audit findings. We want to find out. Mr. LORDAN. Yes, sir. Mr. BROOKS. We will be very curious. We have enjoyed having you. Mr. LORDAN. Thank you, Mr. Chairman. Mr. BROOKS. The next witness is Mr. John P. Abbadessa, accom- panied by Mr. Gilbert Simonetti. Mr. Abbadessa is executive vice president of the Association of Government Accountants. During his career he served 15 years in the General Accounting Office and 12 years with the Atomic Energy Commission, where he was Assistant General Manager, Comptroller. From 1975 to 1980, Mr. Abbadessa served as director of the division of budget and finance of the International Atomic Energy Commission. He has received numerous professional awards. Mr. Simonetti is chairman of the Association of Government Accountants' Congressional Affairs Committee. He is partner-in- Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 charge of Washington liaison for Price Waterhouse and Co. For- merly Mr. Simonetti was vice president for Government relations of the American Institute of Certified Public Accountants and ex- ecutive editor of its publication, the Tax Adviser. He is a frequent speaker and has numerous published articles to his credit. We are delighted to have you here, gentlemen. STATEMENT OF JOHN P. ABBADESSA, EXECUTIVE VICE PRESI- DENT, ASSOCIATION OF GOVERNMENT ACCOUNTANTS, AC- COMPANIED BY GILBERT SIMONETTI, CHAIRMAN, CONGRES- SIONAL AFFAIRS COMMITTEE Mr. ABBADESSA. Thank you, sir. Mr. Chairman, I am John P. Abbadessa, executive vice president of the Association of Government Accountants, an organization of professional financial managers having more than 12,000 members, dedicated to improving financial management at all levels of gov- ernment. I am joined by Gilbert Simonetti, Jr., chairman of the AGA's Congressional Affairs Committee and a partner in the ac- counting firm of Price Waterhouse and Co. We appreciate the opportunity to appear before your subcommit- tee to present our views on H.R. 1526, the Federal Managers' Accountability Act of 1981, which, among other things, would amend the Accounting and Auditing Act of 1950 to require public reporting on the adequacy of systems of internal accounting and administrative controls by heads of executive agencies. We fully endorse and strongly support this proposal. We believe that issuance of such annual representations by top level Govern- ment officials, and, more importantly, the substantive work that would have to be done in order for those representations to be made, will significantly improve the financial management of Gov- ernment funds and will help restore confidence in our public insti- tutions. Moreover, it would provide substance rather than theory to the basic concept that the heads of departments and agencies must take responsibility for their actions-in other words, they would be accountable in some measurable degree to the public they serve. Let me now elaborate briefly on our reasons for endorsing this legislation. The administration and the Congress are currently wrestling with the difficult and painful process of cutting the Federal budget, and certainly this is unavoidable if Government spending is to be reduced. However, there is another aspect to Government finances besides how much is spent and for what. That is, how well are the Government's resources managed and accounted for? Unfortunately, too often the answer to this question is, "not well at all." The most visible and troubling result of this situaton is the large number of reports from so many sources that billions of dollars have been lost as a result of fraud, waste, and mismanage- ment. The correction of this situation is at present one of the most immediate and promising approaches to reducing the Federal Gov- ernment's squandering of the country's limited resources. We commend the Congress for its prompt action in addressing this problem. Not the least of these efforts, Mr. Chairman, is the consideration of this proposed legislation which has been intro- duced by you, and which represents another of many examples Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 over the years of your continuing efforts to improve the financial management of Government funds in the best interest of the tax- payer. One indication of inattention to sound financial management in Federal Government agencies is the fact that 30 years after the Accounting and Auditing Act of 1950 required that the General Accounting Office approve accounting systems in all Federal agen- cies, only 64 percent of those systems have received such approval. Among the accounting systems that have not received GAO ap- proval are the largest and most important systems of the Depart- ment of Defense and the Department of Health and Human Serv- ices, which together account for more than half of the Federal budget. Through follow-on reviews, the GAO has also found wide- spread weaknesses in accounting systems that had been approved. In some cases, agencies have either not implemented proposed systems as approved or have allowed approved systems to deterio- rate. Why do situations like this continue? Here we share the view of former Comptroller General Elmer Staats. He has stated that the major reason internal control systems are in a state of disrepair is that top management has devoted most of its concerns and empha- sis to the delivery of funds and services, and that effective controls over the tasks and functions which lead to the delivery of these funds and services has had a low priority. This attitude, which inevitably filters down through the organi- zation, also has had a demoralizing effect on Government financial managers. As a result, many of them are frustrated in their efforts to carry out one of their principal functions-safeguarding public assets. Congress has been presented over the last few years with abun- dant evidence of this attitudinal problem, and its costly results. Further, this evidence has not, in any way, abated. For example, in hearings before this subcommittee last month the former Comptroller General presented results of a recent GAO report whose title, "Disappointing Progress in Improving Systems for Resolving Billions in Audit Findings," speaks for itself. Accord- ing to that report, the Government is losing billions of dollars because of failure by various agencies to act on audit recommenda- tions. The report identified $14.3 billion in unresolved audit find- ings representing potential recoveries, rebates, revenues, and sav- ings for the Federal Government. Just last week, Donald Scantlebury, a past national president of AGA, who is Director of the Financial and General Management Studies Division of GAO, conveyed similar information to the House Budget Committee and, in addition, cited other enormous losses due to failure to collect debts owed to the Federal Govern- ment. Mr. Scantlebury attributed the problem primarily to the fact that top management's attention to debt collection is inadequate. Other witnesses at that hearing, Acting and Deputy Inspectors General from several agencies, also referred repeatedly to problems of preoccupation with delivery of services and disbursement of funds, resulting in an inadequate emphasis on financial manage- ment. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 It is disturbing that some Federal managers are not making efforts to recover lost funds, even when such losses are specifically identified. It is much more disturbing that there is a lack of atten- tion to effective financial management which would help prevent fraud, waste, and mismanagement from occurring in the first place. We strongly believe that prevention has a much bigger payoff than detection with corrective action. An absolute requirement in order to achieve such preventive financial management is the implementation of effective systems of internal accounting and administrative control, which is a major objective of this bill. Such system can properly safeguard Govern- ment funds and property both by decreasing the potential for fraud and error and by making detection of their occurrence easier. Many Government officials have emphasized the need for such controls. The former Comptroller General frequently remarked on the importance of internal controls in Government, and he has given examples of the types of fraud, sometimes amounting to millions of dollars, which can occur in the absence of even the most fundamental controls. In further support of his contention, Inspec- tor General and GAO investigations have been turning up numer- ous cases of fraud and abuse resulting from inadequate internal controls. Distressingly, as a result of its investigation of 11 Federal agen- cies, GAO has concluded that internal control weaknesses pervade the Federal Government. Moreover, the Office of Management and Budget reported to Congress last year that "very few agencies have comprehensive systems of internal control," and that `controls re- quired by existing systems may not be properly observed." Ever since the GSA fraud scandal broke in the summer of 1978, we have had repeated revelations of fraud, waste, and mismanage- ment in Federal Government programs, and repeated statements on the ineffectiveness of internal controls and inattention to sound financial management practices in Federal agencies. The recent hearings in your subcommittee and the House Budget Committee make the record conclusive. Now it is time to stop compiling evidence and take action. While some efforts have been made to improve control systems in Government agencies, they can only be considered a piecemeal approach to more effective action. Something much more funda- mental is needed, and that is the promotion of a positive control environment. Mr. Chairman, we believe that your proposed legislation, by re- quiring chief executives to report publicly, in writing, over their own signatures, on the adequacy of internal control systems in their respective departments and agencies, will go a long way toward improving the financial management of Government funds. The title of your bill, the Federal Managers' Accountability Act, is self-explanatory, because the rationale for such public reporting on internal controls is personal accountability-one of the most valuable attributes a public official can have. If this requirement is enacted, it is reasonable to expect that agency heads will assume more formal responsibility for the qual- ity of their organizations' internal control systems and will set a newer, higher priority for overall good financial management Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 which will filter from the top executive down through the organiza. tion. When agency managers and employees at all levels realize that their chief executives are putting their own names on the line in attesting to the integrity of basic systems which safeguard taxpay- er dollars, they will want to insure that the work supporting such attestations is thorough and accurate, that the work is independ- ently tested and evaluated by inspections and audits, and that identified weaknesses are promptly corrected. We recognize and support the efforts that OMB has made in attempting to promote sound financial management in the Federal Government. We applaud OMB's financial priorities program, and we are fully aware of the progress being made in drafting a circu- lar on internal controls. By mandating public reporting on internal controls at the highest agency levels, the proposed legislation will strengthen what OMB is in the process of accomplishing. Federal executives will require guidance in reporting on internal controls, and in performing the reviews of internal control systems necessary to support the assessments contained in the reports. To that end, the proposed legislation directs GAO and OMB to develop guidelines for performing control evaluations and to establish a system for internal control reporting. In anticipation of such a requirement, the AGA established in 1979 a voluntary task force on standards for Federal executive reporting on internal controls to work with GAO and OMB in developing the necessary guidelines. With this work now complet- ed, we believe that the proposed Federal Managers' Accountability Act can be implemented in a timely and orderly manner. The task force was composed of a cross section of highly qualified profession- als representing that joint financial management improvement program, public accounting, and Government financial manage- ment. The guidelines they developed are now available as a GAO publication published in 1980. I respectfully request that a copy of that document be included in the hearing record. Mr. HORTON. Without objection, excerpts from this material will be included in the record. [The material follows:] Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003ROO0200010014-0 The Accounting and Auditing Act of 1950 requires the heads of the executive agencies to establish and maintain effective internal accounting and administrative control system. The same Act requires the General Accounting Office (GAO) to approve the agencies' accounting system and GAO has regularly advised agencies that their system will not be approved unless they have effective internal controls. Interest in the need for strong internal control system is exempli- fied by a recent bill, entitled the "Financial Integrity Act of 1980," which was proposed before the Oongress. The bill, if passed, would re- quire ongoing evaluations and reports on internal control systems of each executive agency. In an ongoing effort of support of effective internal control system, the Association of Government Aooountants (AGA) estab- lished a task force to help provide guidance and assistance to congres- sional oammittees and Federal agencies in developing standards and proce- dures for executive agencies to evaluate and report on their internal control system . This document entitled "Executive Reporting on Internal Oontrols in Government" was recently completed by the AGA task group. It provides a general discussion on the definition and objectives of internal aocxu ting and administrative controls as well as suggesting reporting requirements that could be adopted whether or not the proposed legislation is passed. We in GAO believe this is an excellent document for bringing out further awareness for the need of strong internal controls, and we are certainly encouraged by the fine contribution of the task force of the Association of Government Accountants. We support the objectives of this document as well as the concepts and principles provided in it. This document is valuable for informational purposes as well as a vehicle to encourage in- volvement in strengthening internal controls in Government. Approved For Release 2008/10/29: CIA-RDP85-00003ROO0200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 I INTERNAL CONTROLS--A BASIC UNDERSTANDING The Scope of the Control Review Contemplated by the Legislation The Financial Integrity Act of 1980 specifies that the head of each executive agency designated by the Office of Management and Budget will be required to submit annually, to the President, a report on the adequacy of their agency's system of internal accounting and administrative controls. The Act 'requires a report on those controls which are designed to provide reasonable assurance that the following control objectives are achieved: (1) All obligations and costs were in compliance with applicable law; (2) All funds, property and other assets were safeguarded against waste, loss, unauthorized use or misappropria- tion; and (3) All revenues and expenditures applicable to agency operations were properly recorded and accounted for to permit the preparation of accounts and reliable finan- cial and statistical reports and to maintain accounta- bility over the assets. Probably the most difficult task in conveying an understand- ing of what is meant by the broad term Internal Controls is to agree upon a definition which is clearly understood by persons who have little or no background in the field of administration and financial management. The first question usually raised is; How do internal controls relate to accounting systems? Accord- ingly, one must first address the complementary relationship Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 between accounting systems and controls before attempting a more detailed understanding of factors affecting the quality of internal control systems. Accounting systems, in a broad sense, include four principal components: (1) the system hardware, namely general ledgers and their inherent account structures, whether they be in the form of manually posted or machine processed records, (2) the assigned duties and responsibilities for maintenance of those records or the organizational structure adopted, (3) the specific procedures to be performed by persons in the execution of their role in the accounting process, the procedural controls, and (4) the informa- tion system or form of periodic reports which summarize incurred financial activity. It is a fundamental premise of a sound accounting system that the organization of personnel and the specification of pro- cedures to be performed should be constructed in such a fashion as to preclude any one individual from authorizing, approving and executing.financial transactions. This is achieved through appropriate "segregation of duties" which results in the assign- ment of key control procedures to different persons or different organizational elements. Internal Accounting Control has been defined by the American Institute of Certified Public Accountants as ". . . the plan of organization and the procedures and records that are concerned with safeguarding of assets and the reliability of financial records . . . ." In addition to accounting related internal controls, every organization will implement a wide spectrum of additional con- trols usually referred to as Internal Administrative Controls. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Administrative Controls are designed to provide a structure to carry out other organizational objectives such as planning, productivity, programmatic quality, economy, efficiency, and effectiveness. In practice administrative controls and internal accounting controls have often been referred to by a number of alternative titles and terms. The significance of the title used is obviously of less importance than understanding the use and role of each such controls within the organization. In its Standards for Audit of Governmental Organizations, Programs, Activities and Functions, the General Accounting office included both accounting and administrative controls in its defi- nition of internal control in Government. Internal Control is defined as: "The plan of organization and all the coordinate methods and measures adopted to safeguard assets, check the accuracy and reliability of accounting data, (accounting controls), promote operational efficiency, and encourage adherence to prescribed managerial policies (administra- tive controls)." In performing a review of controls within a Governmental organization, it might be considered desirable to review each type (accounting and administrative) separately. However, in practice this is rarely, if ever, practical since managerial decisions in the administrative control area can often have a direct influence on the quality and adequacy of accounting con- trols. In a simple, but nonetheless effective example, the establishment within a unit of Government of administrative controls to foster and encourage a high level of supervision and review of employee performance can be expected to have a significant influence on the quality of employees' execution of accounting controls. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 91 - 4 - Accordingly, while the presence or absence of specific accounting controls can usually be readily determined, a review of the adequacy.of the overall accounting control system will usually necessitate a review of administrative controls to the extent that they (1) establish an appropriate accounting control environment, (2) influence the nature of internal accounting control procedures required, or (3) help to satisfy internal accounting control objectives. Administrative controls which can influence the control envi- ronment generally relate to those such as indicated in the example: (1) have an effect upon employees awareness of their responsibilities, (2) create a positive organizational attitude, (3) act as an incentive to employees to follow procedures, and (4) provide reasonable assurance that the failure to perform assigned procedures appropriately will result in disciplinary action. Some administrative control procedures can also have a sig- nificant influence on the type of internal accounting controls required within the system. For example, an administrative decision which permits borrowers under loan programs to make payments at regional or district offices will necessitate a dif- ferent series of accounting controls than those accompanying a system which permits loan repayments to be processed only through one centralized processing center. Also, as pointed out, the implementation of certain adminis- trative controls can strengthen or mitigate the need for account- ing controls. The head of a department or agency may institute administrative procedures which delegate to program managers the responsibility to closely monitor and accept responsibility for financial, as well as programmatic activity. It is likely that Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 92 5 - in the performance of their responsibilities program managers will, through their review and inquiry into the appropriateness of reported financial results, act as a monitor of the accounting system. In these circumstances program managers serve in the dual capacity of carrying out both a programmatic (administra- tive) and accounting control function. In summary the term, internal Controls, is broad and includes both accounting and administrative controls. Controls in either the administrative or accounting area are implemented through the segregation of key control duties and responsibilities among employees and the establishment of specific operating procedures which specify the manner in which their functions will be con- ducted. Accounting controls deal principally with safeguarding assets and the accuracy and reliability of accounting trans- actions and reporting. Administrative controls are typically designed to encourage adherence to prescribed managerial policies and promote operational efficiency. While the control evaluation procedure discussed herein is not designed to evaluate administrative controls to assure effi- ciency and effectiveness, undoubtedly insights will be gained into these areas through this process. Further, it must be remembered that the adequacy of accounting controls can often be significantly influenced, positively or negatively, by adminis- trative controls adopted by the organization. As agreed by a wide spectrum of authors on the subject of control evaluation . . . an understanding of the distinction between accounting and administrative controls is useful for purposes of obtaining a fundamental knowledge of their interre- lationship. However, the importance of the distinction becomes less significant if the attention of a control evaluation focuses Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 93 - 6 - more appropriately upon the objectives which the organization is trying to achieve through the implementation of controls. While it might be contended by some that the objectives specified in the Act are more closely related to traditional accounting con- trols, that observation should not be viewed with significance. Rather, it should be the intention of department heads to assess the adequacy of both accounting and administrative control sys- tems which are designed to achieve the previously listed broad objectives of the Act. While the use of predetermined detailed checklists which identify customary or traditional control techniques can be of value, they should be utilized as a tool and not relied upon as the sole procedure for conducting control evaluations. The Relationship Between Objectives and Controls There is substantial agreement among professionals that an evaluation of a control system must begin with an identification of the organization's control objectives. It is assumed that management will convert broad control objectives (such as those in the Act) which relate to the organization as a whole, into specific control objectives for all affected organizational units and types of transactions. In most cases there will be a readily identifiable relationship between specified control objectives and the financial or operational risks against which protection is sought. Some difference of opinion exists as to whether evaluations should be performed on a transactional or organizational (func- tional) basis; nevertheless, under either approach specification Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 of meaningful objectives is critical to the successful perform- ance of a control evaluation. As an example, while the main- tenance of adequate internal accounting controls is an appropri- ate overall objective for an executive department, effective determination of whether that overall objective is being achieved will necessitate the identification and review of numerous sup- porting objectives. Such a supporting payroll objective would be that--all employee overtime is approved prior to being paid. It would be expected that many supporting objectives of this nature would be expressed through policy statements or regulations. As a further example, dissecting a small portion of one con- trol objective specified in the legislation would identify the overall organizational objective that: "all . property . . . (is) safeguarded against unauthorized use . . ." In most agencies the achievement of that overall objective will frequently necessitate the identification of a significant number of supporting objectives relating to the often wide vari- ety of property which is entrusted to the care of the agency and a specification of what, in each case, constitutes unauthor- ized use. It is expected that in many cases the necessity to identify control objectives will encourage management to address and establish positions on a number of issues which may not have been previously specified in either Federal regulations or pre- vious agency policies. Many times opportunities for fraud, waste and abuse are created simply because inadequate attention is focused on defining control system objectives and organizational policy. Once the objectives of a control system are identified, an effective evaluation to determine whether they are being achieved Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 can commence. The subsequent evaluation will focus upon whether or not objectives are being achieved, with little concern as to whether the controls relied upon are identified as either accounting or administrative controls. To assist departments and agencies in the development of control objectives applicable to their own organizations, Chapter Two contains a discussion and description of the princi- pal objectives usually related to frequently encountered func- tional areas in Government organizations. Most systems involve the use of Automatic Data Processing equipment and systems. The reliability of an ADP system is dependent on the adequacy and the emphasis placed on controls during the development, installation, maintenance and use of the computer equipment and software. System specification and design control should be designed to ensure the development of effective and adequately controlled systems. Additionally, auditability of systems should be addressed throughout all aspects of their development. The unique attributes of each Government organization, program and administrative function do not lend themselves to delineating a single evaluation method. Likewise experience is lacking in conducting overall organizational control assessments within public as well as in the private sector. Considering these factors a model Action Plan to conduct internal control evaluations has been developed and is described in Chapter III of this guide. The plan is developed in six major steps from a Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 description of the head of the department's initial role, to the final independent review and opinion by management on the effec- tiveness of the department's or agency's control system. The Action Plan described utilizes a Project Team approach. The intent of the plan is to systematically evaluate existing systems from those estimated to have the largest risk potential to those with the smallest risk or vulnerability. Since the con- trol environment is subject to change, (i.e., personnel com- petency, integrity and sufficiency, along with program scope and objectives) higher risk areas will require reexam.nation on a more frequent basis. Expected Results In assessing whether the organization's control objectives are reasonably achieved the evaluators of the system will become principally involved in a review to determine whether (1) pro- cedures adopted are appropriate in the circumstances, (2) key duties and responsibilities are properly segregated, and (3) pol- icies and procedures are satisfactorily documented, communicated and executed. Many contend that one of the most important aspects of any control system is how effectively individuals perform their functions. Consequently, in the performance of a control eval- uation, the reviewers should be expected to arrive at a deter- mination as to whether persons performing key functions appear to be executing their responsibility properly. They will also consider whether responsibilities are assigned to an appropriate level within the organizational structure. Evaluating whether key functions are properly assigned within the organization to individuals capable by training and experience to execute them effectively, is of no less importance to the outcome of the evaluation than is judging the appropriateness of the procedures themselves. . Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. ABBADESSA. We also endorse the provisions of the proposed legislation regarding strengthening the role of the Inspectors Gen- eral. We believe it appropriate that the Inspectors General receive and investigate any allegations that an employee of the agency provided false or misleading information in connection with the evaluation of or reporting on internal accounting and administra- tive controls. It is also essential that disciplinary or corrective action be taken by the head of the agency where the results of the investigation disclose that such is warranted. I would now like to comment briefly on two additional provisions of H.R. 1526. First, we are not competent to comment on any legal or jurisdic- tional objections which have been raised about the provision in section 3 which concerns reporting on budget requests by Offices of Inspectors General. However, we believe that it is essential and cost effective for Inspectors General to have the resources needed for them to do their jobs adequately, and we recognize that Con- gress has a responsibility to help insure that this happens. Section 4 requires agency heads to include with appropriation requests a statement certifying that the request has been based on an accounting system that has been approved by the Comptroller General. We understand that the GAO has raised concerns that a certification requirement might not be workable, considering the number of systems which have not been approved. We concur with -their suggestion that inclusion with the appropriation request of a status and progress report on accounting system approval would be more practical. This would help Congress exercise its responsibility for oversight of approval of agency accounting systems. Mr. Chairman, this concludes my prepared statement. I shall be pleased to answer any questions you or members of the subcommit- tee may have. Mr. HORTON. Thank you, Mr. Abbadessa. Have you anything to add, Mr. Simonetti? Mr. SIMONETri. I do not. Thank you, sir. Mr. HORTON. The chairman had to leave for just a moment. He has several questions. If you do not mind, I would like to submit those questions to you, with the exception of one which I will ask you now, and then perhaps you can supply written answers for the record. Can you do that? Mr. ABBADESSA. Yes, sir. Mr. HORTON. I also have questions I will submit to you on the same basis. [The questions and submission follow:] Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Answers by John P. Abbadessa Association of Government Accountants to Questions from Congressmen Brooks and Horton Hearings on H. R. 1526 The Office of Management and Budget has testified that the establishment of standards and guidelines should be the responsibility of the Executive Branch rather than the General Accounting Office in the Legislative Branch. Which office would you suggest have responsibility? The Association does not wish to take a position as to which Agency should have responsibility, but we strongly believe and want to emphasize that it is enormously important for the work to be done without further delay. We believe it would be most unfortunate if a Jurisdictional argument results in a further lack of progress. The plain facts are that GAO and OMB both have responsibilities in this matter, both have competency; and the full support and vigorous efforts of both are essential to get the job done. OMB in its testimony indicated that the objectives of the legislation can be accomplished administratively. Have you seen the draft circular and if so, what is your opinion on this matter? Answer We believe that the present situation is completely unacceptable and that both administrative efforts and the legislation introduced by the chairman should be rigorously pursued. We have seen the draft circular; and by letter dated February 11, 1981, we submitted our comments to OMB. Basically our comments consisted of suggested additions to the draft circular which would bring it more in conformity with the provisions of the legislation being discussed today. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 How much of a positive influence would this legislation have on those accounting systems not yet approved by GAO? Would it strengthen them just by having these internal controls in place? Why and how? There is no question that the provisions of the legislation, providing the agencies establish and maintain the systems of internal accounting and ad- ministrative controls as prescribed in the legislation, would have a posi- tive influence. I must emphasize again, however, the provisions of the legislation that require public reporting on the adequacy of systems of internal accounting and administrative controls by the heads of executive agencies is the best insurance policy the taxpayers could have to assure that the necessary work gets done. Some questions have been raised at the staff level about the use of the term "opinion" in Section 2(D)(1). In accounting and auditing terms, how formal and imposing is the word "opinion"? a. Would we lose any impact if we struck the phrase "stating an opinion" and simply required a report on the adequacy of the agency's control system? In accounting and auditing terms, the word "opinion" is quite formal, well understood, and important. We believe the intent of the legislation would be clearer, and the assumption of accountability by the heads of agencies would be stronger if the word "opinion" is retained. However, while striking the phrase "stating an opinion" would dilute the effectiveness of the provision, it certainly would not destroy its effectiveness. If such a compromise is desirable or necessary to retain the concept of pub- lic accountability by the heads of agencies, we would recommend that the Committee not insist on a formal opinion. Has your organization studied the application of this concept in any of the various state governments? I understand thatNew York, for example, is considering a similar legislative remedy. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. Chairman, I am not aware that we have studied this concept in any of the various state governments. We think the concept is certainly workable at the state level; and if our views were requested, we would strongly endorse its application also at the state level. While there are certain basic differences between state governments and the Federal establishment, these differences do not extend to the area of sound management in the expenditure of public moneys. It is our view that the concepts set forth in the proposed legislation would be equally effective and desirable at the state level. Do you favor this bill over the distribution of a new 0MB circular on internal controls? Why? I would favor both the enactment of this legislation and the distribution of a new 0MB circular on internal controls. I think the problem is so vast and so pervasive that the full weight of the President and the Congress is warranted. Mr. HORTON. The one question which would be important to have you answer at this time is the following: The Accounting and Auditing Act of 1950, that is 31 years ago, required Federal agencies to maintain effective internal control systems. This requirement has existed for 31 years. Yet fraud, waste, and mismanagement continue to exist. Why do you think agency management has not fully complied with this requirement of the act of 1950? Mr. ABBADESSA. My initial reaction is to ask agency manage- ment, sir. Mr. HORTON. As I understand it, you were the Comptroller at the Atomic Energy Commission. The AEC had the first complete ac- counting system approved by GAO. Mr. ABBADESSA. I think the real answer is priorities. I think the track record is clear, and it is the heart of today's problem. Pro- gram managers are interested in delivering the product, which is their primary mission, and they do not and have not given a high enough priority to the establishment of strong accounting systems and systems of internal control. I appreciate the chairman's reference to the AEC being the first agency to receive a GAO approval of its accounting system. It is an example that ties in to priorities. I was with GAO and I made the review of the AEC. We resolved it down to about five issues. I then became the Comptroller of the AEC and made the changes that were necessary. A major point here is that the Atomic Energy Commission has a Comptroller who is responsible for both budget and accounting. Many agencies in this Government have separate budget and accounting functions. Budget will attract top management atten- tion on a priority basis. Accounting will not. I think this is the heart of the problem. Mr. HORTON. In essence what you are saying is that it is a priority matter and perhaps the priority time has arrived with the crisis, and perhaps this legislation can spur on the achievement of that goal set out in that act of 1950. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. ABBADESSA. I believe that is correct, sir. I think the public pressure is such today, the publicity is such, and the perception of the problem is such, that the situation is now a national scandal. I have come back from living in Europe for 6 years. Ever since Lockheed and the GSA matter, they have headlined such stories in European papers. It was not that comfortable being in this business and being an American. It seems almost unbelievable that the situation continues when you have so much evidence, so much agreement that something has to be done, and so much agreement as to what should be done. The competence is certainly there. Hopefully, with this kind of legislation, the public pressure, the strength now coming from executive leadership to clean this up, and the Inspectors General legislation, we will get corrective action. I think this legislation is critical, sir. Mr. SiMoNErri. Let me add a comment if I may. In echoing what Mr. Abbadessa said about priorities, that is certainly true in the executive branch. However, as I was listening to the witness from OMB, I think it also should be stated, in fairness to the good work that OMB has attempted, that they too, have a problem of prior- ities. The management side of the OMB house is undernourished not because there is no interest, not because there is lack of under- standing of the need, but rather a lack of high priority. The man- agement side of OMB is thin, not in quality, not in dedication, but in resources. Hence, you have the same problems emerging right through Government, through each of the executive agencies, and the responsible central financial management agency of the execu- tive branch. There must be a reordering of priorities at OMB. I applaud Mr. Stockman's attention to the budget. There should now be increased attention to the issue of sound financial management so that we can say that the management of our Government is going to re- ceive as much attention as the budgeting side of OMB's house. I think the two go hand in hand. Mr. HORTON. Well said, Mr. Simonetti. Mr. Butler? Mr. BUTLER. I am not an accountant. I would like some enlight- enment as to exactly what happens when an agency undertakes to assign the priority that you suggest here today. How long a process is this? What does that do to those things which are presumably downgraded? How does it work after you decide what you are going to do in an agency? How do they go about it and is it reasonable to expect immediate response? Mr. ABBADESSA. A lot of this depends on how large and complex the activities of the agency are, and even more importantly, the status of their existing system. If it is a basically good system and you need only refinements, it is a relatively quick job. If you have a bad system and you have a large organization, this is not a task that will be done quickly. You have to develop your system, be sure you have your manuals, and be sure that the systems are integrated. The accounting system has to be integrated with the budget system. You have to be sure of fiscal integity for protection of assets and you have to be sure of controls over cash Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 management. It is very difficult, therefore, to put a fixed time frame on it. It depends on the magnitude of the problem. However, it is not difficult if you have a reasonably good system. At the Atomic Energy Commission we had a reasonably good system; there were just some relatively minor aspects of the GAO standards that we did not meet. We made the changes very quick- ly. However, we had a strong system to start with and a strong desire to improve our system to get the GAO approval. Mr. BUTLER. You have to analyze the existing system and then determine where you are trying to go and then work up a game plan to get it from here to there. I think that is what you have stated. Mr. ABBADESSA. Yes. Mr. BUTLER. How disruptive is it for an agency to remake its accounting system in this fashion? Of course, we all know it is desirable to get there. However, how swiftly can we expect an agency to move once they resolve they are going to do this? Mr. ABBADESSA. I am not trying to avoid the question-- Mr. BUTLER. I am not asking you to give me a timetable. Mr. ABBADESSA. I will tell you one thing, for certain, and I think this is the real value of this legislation-if the top man wants strong systems of internal controls and makes it clear that he wants such systems, it will get done enormously faster than it would otherwise get done because it otherwise most likely would not get done. Mr. SIMONETTi. As I view the legislation, some will say it is just another report. I think it should go beyond that. What we are really trying to do is cause a reordering of the priorities by top management in the agencies. It is not intended to be a quick fix. I think Mr. Abbadessa has been justly cautious in suggesting to you it is not something that can be turned around in 1 or 2 years, but it could be depending upon the agency's top man. If he says, "I want this run like a business. I want this run as though I had a bottom line to worry about," then you will get faster action. Therefore, what we are hoping is that the report, which is the end result of activity that should be taking place within the agency, will moved the chief executive to move his agency along faster in adopting sound financial management techniques. Mr. ABBADESSA. One other thing. I feel Mr. Butler that you have some concern that the committee might be starting a paper bliz- zard with this requirement. I honestly think quite the contrary is true. Two things are important. First, you have to realize this Govern- ment has a pretty fair paper blizzard going now in detecting fraud and waste and what they do with it after they discover the prob- lems, including all of the hearings, justifications, and excuses. If you move forward, there certainly is a price. However, you also obtain two big advantages. First you redirect the effort you are now making into developing systems, instead of explaining to cer- tain people what went wrong. Second, and far more important, the potential savings, not only in dollars but the real savings in accom- plishing effectively your program objectives on a reasonable time frame, would more than offset any additional cost in my judgment. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 I would be hard pressed to identify any report that I have known of in 30 years of Government service that would be more cost effective than the report required by this legislation. Mr. BUTLER. I am sorry the chairman did not hear that com- ment. I would appreciate your looking at the legislation. If you have any suggestions which might cull out unnecessary paper require- ments, we would like to have the benefit of your judgment in that regard. Mr. ABBADESSA. Yes, sir. Mr. BUTLER. Thank you. Mr. HORTON. Thank you very much, Mr. Abbadessa, and thank you, Mr. Simonetti. The next witness will be Mr. John K. Watsen. Mr. Watsen is director of auditing of the Federal National Mortgage Association, here in Washington, D.C., a position he has held since April 1974. Prior to that time, he was associated for 12 years with Price Waterhouse and Co. Mr. Watsen is testifying as a representative of the International Institute of Internal Auditors. He is a member of that organiza- tion's Professional Standards and Responsibilities Committee and serves as president of its Washington, D.C., chapter. We are happy to have you with us and we look forward to your testimony. STATEMENT OF JOHN K. WATSEN ON BEHALF OF THE INSTITUTE OF INTERNAL AUDITORS Mr. WATSEN. Thank you, Mr. Chairman. My name is John Watsen. I am president of the Washington chapter of the Institute of Internal Auditors and director of audit- ing of the Federal National Mortgage Association. Today, I am appearing before you as the authorized spokesman for the Institute of Internal Auditors, Inc., an international organi- zation consisting of more than 23,000 members, most of whom are located in the United States and Canada. We are pleased to count among our members several hundred who are employees of the Federal Government in the various agency audit groups. The institute has long been concerned with the adequacy of systems of internal accounting and administrative control and with the process of evaluating the effectiveness of internal control sys- tems, both in Government and in the private sector. You might say it is the No. 1 occupational activity of our members. We are, therefore, very pleased to have been invited to testify before this committee on the subject of the Federal Managers' Accountability Act of 1981. We wholeheartedly endorse the concept of annual reporting on internal controls by Federal agency executives for the following reasons: One, numerous audit reports issued by the General Accounting Office and statements made by Comptroller General Elmer B. Staats have cited serious deficiencies in Federal agency internal control systems. Similarly, the American press has frequently re- ported these deficiencies and numerous actual instances of major abuse or mismanagement of Government programs. Thus, there Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 would appear to be both a real need to strengthen agency control systems and an equally important need to demonstrate to the public that the Government is acting responsibly to curtail waste of the American taxpayer's resources. Two, in view of the aforementioned real and perceived problems, it appears necessary to reaffirm the Federal agency executive's responsibility and accountability for maintaining effective internal accounting and administrative controls. Three, by requiring that formal annual reports on internal con- trols be submitted to the President and made available to Congress, the relative importance of maintaining effective internal control systems, in relation to other aspects of agency operations, is greatly and properly increased. Thus, this aspect of the agency executive's responsibility will receive greater attention. Four, finally and perhaps most importantly, the required disclo- sure of any inadequacy or material weakness in internal controls will improve Federal executive and congressional awareness of the existence of any major problems in the systems, and the means of solving those problems. This requirement will also facilitate the tracking of future improvements in the internal control systems. We would also like to express our support for provisions in the proposed legislation which require investigation of any allegation that false or misleading information was provided in connection with the evaluation of internal control systems or in connection with the preparation of the annual report on internal controls. Such provisions serve to underscore the seriousness of internal control evaluations and reports, and improve the reliability of such evaluations and reports. We also agree with the provisions in the proposed legislation which require budgetary disclosure of the amount of appropriations requested by the Office of the Inspector General of the Federal department, together with the changes made in such requests by the head of the department and any further changes made prior to submission of the budget to Congress. We believe these procedures will improve the ability of Congress to monitor the adequacy of funding available for evaluations of internal controls by the Offices of Inspector General and serve to further underscore the impor- tance of this vital function. Finally, although not directly related to any specific provisions of the proposed legislation, we thought it might be useful to this committee for us to state some of the major conclusions relating to internal control systems which we have developed by working with them in the private sector. We have found that the most important determinant of the effectiveness of an internal control system is top management atti- tude concerning the importance of controls. When top management actively participates in establishing oganizational controls and pro- cedures and insists upon prompt correction of any deficiencies dis- closed by their internal auditors or others, the control conscious- ness of the entire organization is enhanced and the system of internal control functions more effectively. Also, in well-managed organizations it is common to establish a senior executive position with specific responsibility for financial management and control. The typical title for this position is vice Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 president, finance, and the position is usually filled by someone having a strong background in accounting and management. The key to success is to designate an appropriately qualified senior executive whose primary responsibility is financial management and control. We believe the Financial Managers' Accountability Act of 1981 will promote improved agency executive attitudes toward the im- portance of maintaining effective internal control systems, and, thereby, foster increased attention toward identification and correc- tion of any deficiencies in such systems. Accordingly, we strongly support the introduction and passage of this legislation. For further information concerning the Institute of Internal Auditors' views on management reporting on internal controls, I refer you to chapter 4 of a recent publication by the Foundation for Auditability, Research and Education, Inc., entitled "A Focus on the Role of the Internal Auditor." Mr. Chairman, that completes my prepared statement. I will be pleased to respond to any questions that you or the other members of the committee may have. I would like to have this document inserted in the record, Mr. Chairman. Mr. HORTON. Without objection. [The material follows:] Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 The Internal Auditor "A FOCUS ON THE ROLE OF THE INTERNAL AUDITOR Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 A FOCUS ON THE ROLE OF THE INTERNAL AUDITOR: The Foreign Corrupt Practices Act, Management Representations on Control, & the Internal Auditor an assessment of roles, relationships, and directions to better utilize the internal auditor in support of the organization Foundation for Auditability Research and Education, Inc. Altamonte Springs, Florida Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 108 Copyright ? 1979 by Foundation for Auditability Research and Education, Inc., 249 Maitland Avenue, Altamonte Springs, Florida 32701. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means - electronic, mechanical, photocopying, recording, or otherwise - without prior written permission of the publisher. ISBN 0-89413-079-x Library of Congress Catalog Card No. 79-55763 79135N-79 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 109 ACKNOWLEDGMENTS The major part of this book was prepared and written by William E. Thompson of Birmingham, Alabama, the senior vice president and director of internal auditing for the Alabama Bancorporation, Alabama's largest bank holding company. A Certified Internal Auditor (CIA) and a Chartered Bank Auditor (CBA), Thompson has served The Institute of Internal Auditors, Inc., in a number of capacities, including: chapter president; member of a chapter board of governors; seminar leader; conference speaker; vice president of the southern region; member of the international budget and finance committee; chairman of the international research committee; international treasurer, and member of the executive committee. Members of the Professional Practices Committee of The Institute of Internal Auditors, Inc., and the trustees of the Foundation for Auditability Research & Education (FARE) served as the review committee for this publication. Trustees of FARE 1978-1979 John D. Bradt Frank F. George Stanley C. Gross David V. Dunbar James R. Kelly William E. Thompson D. Eugene Shaeffer William E. Perry Members of the Professional Practices Committee 1978-1979 Frank F. George William E. Swanson Stanley C. Gross Victor Z. Brink Robert L. Richmond W. James Harmeyer (Ex-Officio) Charles L. Brown (Ex-Officio) Edward R. Cheramy (Special Advisor) Leonard H. Greess (Special Advisor) Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 INTRODUCTION The passage of the Foreign Corrupt Practices Act of 1977 and proposed SEC requirements for management reporting have heightened management's awareness of the quality of the internal accounting control system and the means of evaluating its effectiveness. This book is designed to help management and the internal auditor evaluate the internal accounting control system to comply with the law and reporting rules. It also may be used as a briefing for executive management and audit committee members. It broadly discusses the management reporting issues related to the Foreign Corrupt Practices Act and assesses the roles and relationships of the parts of the organization which are involved in meeting these requirements. The directions to be taken in meeting these requirements and the roles the internal auditor plays in the evaluation process are also discussed. Implications of the law and the regulatory requirements are presented. Particular attention is given to the "environment" of internal accounting control. A broad description of the techniques the internal auditor and others use in evaluating the internal accounting control system is also provided. The term "internal auditor" used throughout this book is based on the assumption that the operations of the internal auditor are in compliance with the Standards for the Professional Practice of Internal Auditing as adopted by The Institute of Internal Auditors, Inc. (IIA). Appendix A includes a brief description of IIA and its professional standards. The author recognizes that the prime duty of the internal auditor is to support the organization and its management in assuring a sound and effective control system. While performing this duty, the internal auditor can have a critical involvement in the evaluation of the internal accounting control system to aid the organization in assuring compliance with the law and to support management's representations on the internal accounting control system. FARE The Foundation for Auditability Research and Education (FARE) is a public foundation (501)(c)(3) established by members of The Institute of Internal Auditors, Inc., to promote research and education in internal auditing. As a public foundation, FARE conducts public discussions, forums, and conferences to inform the public about the value and scope of internal auditing. It can also award scholarships, grants, and certificates to organizations or individuals undertaking educational or research projects in internal auditing, which will increase the public's knowledge of the profession. FARE is funded solely by voluntary grants, gifts, and bequests. Corporations, foundations, and individuals interested in extending internal auditing research and educational activities are the principal sources of FARE's financial support. Government grants for specific projects represent another source of funding. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 CONTENTS CHAPTER 1 PROPOSED SEC RULES ..................................................... Implications of the proposed rules of the SEC requiring management statements on internal accounting controls CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 CHAPTER 6 ENVIRONMENT ............................................................. 5 Environmental issues which impact the system of internal accounting control and the internal auditor INTERNAL AUDITOR ........................................................ 7 The specific system of internal accounting control and the relationship of the internal auditor MANAGEMENT REPORTING ................................................ . 11 Approaches which may be used to support the management statement METHODOLOGY ............................................................ 15 Broad descriptions of methodology used in evaluation THE FUTURE ................................................................ 17 Future literature and research into methodologies of evaluation and control guidelines APPENDIX A A brief description and history of The Institute of Internal Auditors, Inc . .......................................................... 21 APPENDIX B The Foreign Corrupt Practices Act, Accounting Standards Section (102) ........................................................ 23 ASR 242 of the Securities and Exchange Commission (SEC Release #34-14478) ........................................................ 24 Proposed rules of the Securities and Exchange Commission entitled, Statement of Management on Internal Accounting Control (SEC Release #34-15772) ................................................ 27 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 1 PROPOSED SEC RULES Implications of the proposed rules of the SEC requiring management statements on internal accounting controls Capsule: The Foreign Corrupt Practices Act requires the maintenance of an internal accounting control system that meets the broad objectives of the Act. Proposed rules of the Securities and Exchange Commission will require management representation on the internal accounting control system. Accomplishment of these requirements necessitates the evaluation, documen tation, correction, and continued monitoring of the internal accounting control system. Guidance is needed to assist in the accomplishment of these responsibilities. In December of 1977, the Foreign Corrupt Practices Act of 1977 was signed into law. The Accounting Standards Section of that law, as announced by Accounting Standards Release (ASR) 242 of the Securities and Exchange Commission (SEC), requires certain standards of internal accounting control for registered issuers of securities, (See Appendix B for a copy of the relevant sections of the Act and ASR 242.) The standards set forth in the Act are taken from long existing auditing literature,' and are desired objectives of all types of enterprises and organizations. However, the enactment of this law is the first time that these objectives have been required with judicial penalty for noncompliance. In May of 1979, the SEC proposed rules which require that managements of registered issuers report on their internal accounting control systems by specific statements in the company's annual report and Form 10 K. (See Appendix B for a copy of SEC Release 3415772 proposing rules for reporting by management on internal accounting control.) To meet the requirements of the law and SEC rules, managements of registered companies will need to accomplish a (an): I. evaluation of the system of internal accoun- ting control American Institute of Certified Public Accountants, Inc, Codifica tion of Statements on Auditing Standards (Chicago: Commerce Clearing House, Inc, 1976), Section 320.28. z In the test of this book, the term "monitoring" means (a) the ongoing evaluation of the strengths, weaknesses, and adequacy of the internal accounting control system, an "audit" function and (b) the reaction to and correction of specific exception conditions, errors, or regularities disclosed by the system, a "management" function. This is discussed further in Chapter 3. 2. documentation of the evaluation 3, correction of any disclosed weaknesses 4. continued monitoring of the system of internal accounting control to assure ongoing compliance Managements, directors, public accountants, after neys, and internal auditors are concerned that, not only most the system of internal accounting control be adequate to protect the organization, but also management most be able to support its representation of compliance in public reports. A number of professional firms and groups are attempting to explain to clients and potential clients what is involved in determining and documenting compliance. Virtually all of these efforts are based on known and proven techniques of evaluation and documentation. However, the added pressures of public representation have resulted in sophistication of these techniques and improved skill in their use. The most recent product of this effort is the development of specific criteria by which an organization measures its success in meeting pre- scribed control objectives. These criteria have generally evolved over time through the interchange of ideas among individuals charged with the responsibility of establishing, implementing, or evaluating controls, and through the work of organizations formed to educate and provide research for the practitioner with control responsibilities. There is a continuing need to establish guidelines on the actual evaluation process. These guidelines form the necessary link between control criteria and the organization's success in accomplishing the control objectives. In addition to understanding and approving the evaluation techniques and the criteria used in the Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 evaluation, management is confronted with determining who should perform the initial evaluation of the system and how to provide for the monitoring or ongoing evaluation that will assure that needed controls continue. The evaluation and monitoring of the control system require individuals or groups that have unique knowledge and skills. The skills required include: 1. analysis methodology and techniques 2. documentation methodology and techniques 3. skill and experience in evaluating controls 4. offering constructive recommendations for improvement of weaknesses The evaluation and monitoring of the control system require that individuals have knowledge of the: 1. control principles 2. operating and control system of the organi- zation being evaluated 3. organization's control environment 4. control requirements or criteria which should be applied to an evaluation of the control system in each particular organization 5. means and methods by which control improvements can be effected In its proposed rules for statements of management on internal accounting control, the SEC recognized that central agencies would not find it practical "to prepare a comprehensive list of internal accounting control procedures . . . which would be appropriate for all organizations."3 By issuing such a statement, the SEC gives managements the opportunity to explore the internal accounting control system within the confines of their own company to determine the most effective and efficient control procedures to assure a properly functioning system of internal accounting control. The proposed rules do, however, give some very direct guidance on the conceptual elements that should be included in the appraisal. Just as the Commission avoided establishing an all inclusive list of control procedures, it also avoided the trap of indicating that there was only one correct way to perform the evaluation. The Commission said "that specific methods of approaching and implementing evaluations of systems of internal accounting control will vary from company to company. Accordingly, the proposed rules do not specify the method of or procedures to be performed in an evaluation of infernal accounting control."4 This portion of the rules went on to highlight certain areas that should be encompassed in the evaluation process, including the following: "First, evaluation of the overall control environ. ment; second, translation of the broad objectives ' Securities and Exchange Commission, Statement of Management on Internal Accounting Control (Washington, D.C: Securities and Exchange Commission, April 30, 1979) Release #3415772, p. 29. of internal accounting control into specific control objectives applicable to the particular business, organizational and other characteristics of the individual company; third, consideration Cf the specific control procedures and individual envi- ronmental factors which should contribute to achievement of the specific control objectives; fourth, monitoring of the control procedures and consideration of whether they are functioning as intended; and finally, consideration of the benefits (consisting of reduction in the risk of failing to achieve the objective) and costs of additional or alternative controls."s While this advice from the Commission appears extremely prescriptive in making an evaluation, a great deal of latitude exists within each of the five elements just mentioned. The first element of environment will be discussed in the next chapter. The second element about the translation of "broad" internal accounting control objectives (the specific provisions of the Foreign Corrupt Practices Act) into "specific" control objectives applicable to the particular business or company is of special interest. There is a definite need for organizations or groups which have explicit control knowledge of specific industries to consider this element of evaluation. Industry groups could serve member organizations by assembling groups of auditors and/or comptrollers to analyze and outline the types of specific control objectives which are generally recognized within their industry. In its report, the AICPA Special Advisory Committee on Internal Accounting Control (advisory commttee) included an appendixs of specific illustrative objectives for a hypothetical manufacturing company. The advisory committee indicated that this was not an all-inclusive list for every industry and that certain objectives and attendant control procedures were for illustrative purposes. Any business or industry group needing a codification of their industry's objectives can find guidance from the advisory committee report. Element three as defined by the Commission calls for careful consideration. At this stage, the organization translates the specific objectives of control into procedures to assure their accomplishment. While specific objectives of control might be common to companies within a particular industry, the detail procedures used and the environmental factors affecting the determination of those procedures are derived from characteristics of the individual organiza- tion. A certain control procedure which may work for one company in its environment may not be an effective ' Special Advisory Committee on Internal Accounting Control, Report of the Special Advisory Committee on Internal Accounting Control New York: American Institute of Certified Public Accountants, Inc., 1979), Appendix. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 alternative procedure for another company in another environment. Moreover, the composition of functional units within an organization may dictate the use of different procedures because of the nature or characteristics of the organizational unit. Consider for example, two subsidiaries, engaged in similar operations but of different size, or staffing and employing different operating systems. Each separate fact and condition indicates a need for careful consideration of different control procedures to accomplish the specific objectives of control. Management and the evaluation personnel should give careful consideration to the selection of the individual control procedures. Effectiveness and cost//benefits judgments should also be considered and documented. The process (shown in element four and element five from the SEC) for determining which control procedures to use and whether their cost exceeds their benefit, must be performed by each company within the confines of their organization and operations. The methodology of evaluation and documentation of decision is a very important consideration. The control system should be displayed so that it can be followed by any other person of equal competence. Decisions weighing cost-to-benefits are more easily made and records kept if proper evaluation techniques are used. The SEC stressed the need for appropriate documentation in each element of the evaluation process (1-5 above). When evaluations and documentation are complete, management is able to make representations in its annual report and Form 10 K. The SEC has proposed two specific phases in its proposed rules for making this representation. After December 15, 1979, and prior to December 16, 1980, management is required to include: 1. Management's opinion as to whether, as of the date of such audited balance sheet, the systems of internal accounting control of the registrant and its subsidiaries provide reason- able assurances that specified objectives of internal accounting control were achieved; and 2. A description of any material weaknesses in internal accounting control communicated by the independent accounts of the registrant or its subsidiaries which have not been corrected and a statement of the reasons why they have not been corrected."' [Emphasis supplied.] This first phase of reporting places the sole burden on management for determination and representation or opinion on the internal accounting control system, as of the date of the audited balance sheet. Although independent accountants who have uncovered material ' Securities and Exchange Commission, Statement of Management, p. 27 weaknesses will have some direct input into the representation, the prime responsibility will belong to management. As structured in the proposed rules, the second tier is for periods ending after December 16, 1980. The second phase calls for representation to be made for periods for which audited statements of income are required. Man- agement's statement on internal accounting controls would include their opinion as to whether the system of internal accounting control provided reasonable assurances that specific control objectives were achieved. In addition, however, management's state ment on internal accounting control must be examined and reported on by an independent accountant for such periods While the proposed rules do not specifically describe the methodology to be used by the independent accountant, the SEC did request comment on two proposed alternatives. The first requires an exami- nation that would sufficiently enable the public accountant to express an opinion as to whether management's representations were reasonable. The Commission's report states, "In effect this would require the independent public accountant to reach independent conclusions as to whether the systems of internal accounting control provided reasonable assurances (cost-benefit judgments not limited to material amounts) of achievement of the broad objectives of internal accounting control."t The second alternative does not require such an extensive examination by an independent public accountant. The independent accountant would review the statement made by management and require the filing of a report "if an affirmative statement is made."' Though the difference seems subtle, an independent examination providing independent conclusions, as required in proposal number one, undoubtedly calls for more extensive work by the independent accountant than proposal number two. The Commission points out that professional standards for conducting an examina- tion under either proposal do not exist and would have to be prepared. It seems reasonable to believe that under proposal number two, the independent accountant would be concerned with an examination of the soundness and methodology used in evaluation, the documentation of the findings of that evaluation, and the actions taken by management as a result of the findings. The review by the independent accountant would be aimed at the evaluation process rather than at the control system itself. Consequently, this case would heighten the need for an organized, structured, and defendable evaluation process. In addition, the proposed instructions for the preparation of Form 10 K state that the independent Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 accountant should be able to express specific, independent opinion on material items.1? For many years internal auditors have been concerned with evaluation of the control system: the control system's adequacy, efficiency, and effective- ness. In so doing, the internal auditor has also become accustomed to being examined by his fellow professional, the independent public accountant. The experience and expertise of the internal auditor can be advantageous for both the organization and the independent public accountant. The benefit will pass through them to all of the persons and agencies who are beneficiaries of the renewed and heightened interest in internal accounting control. While the proposed rules may be amended or modified before their final adoption, it is safe to assume that any planning to meet the proposed rules would be adequate to meet the final rules. The rules, once adopted, will no doubt be subject to later revision, modification, and amendment. Hence, the means and methods to assure compliance with these rules should be soundly based on an understanding of the underlying reasons for the rules. With that understanding, future revisions will not produce traumatic changes in the original plan. A copy of the proposed rules will be found in Appendix B. Reading the entire text will provide better insight into the Commission's thinking and aims at the time these rules were proposed. Summary: The FCPA and proposed public reporting rules of the SEC have created a need for management to develop a supporting framework on which to base statements representing the quality and soundness of its system of internal accounting control. The framework will consist of the evaluation, documentation, and monitoring of the system. The presentation statements will be in one format fiscal year ends 12-15-79 through 12-15-80, and in an expanded form after 12-16-80, due to the addition of CPA association with the statement and expansion of the statements to cover the entire reporting periods. The internal auditor has developed considerable knowledge and skills which can provide management with the necessary assurance that it is fulfilling its responsibilities under the Act and provide a sound basis for public reporting on the adequacy of control systems. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 2 ENVIRONMENT Environmental issues which impact the system of internal accounting control and the internal auditor Capsule:: The control environment is key to the success or failure of the entire internal control system. The nature of the environment and the impact of the environment on the internal auditing function are discussed in this chapter. One of the concepts receiving increased emphasis in the study of internal accounting control is the "control environment" concept. To define the environment within which the internal control system operates, it may be beneficial to draw an analogy to the biological environment within which the human organism exists. The biological environment is made up of a number of elements necessary for the existence of life. Air, water, shelter, food, and heat are essential for the organism's continued existence. In combination with other desirable, yet not necessary elements, they comprise the environment. Their simple existence, however, is not the only important measure when examining the environment. The quality of the elements and of the combination of the elements determines the "quality of life." Likewise, the environment within the internal accounting control system is also comprised of a number of elements. These elements are important not only in their existence, but also in the quality of that existence. In describing the first element of evaluation (the evaluation of the overall control environment), the SEC described the environment as follows: "The Commission recognizes that such evalua- tions will require a careful exercise of manage- ment's judgment, generally involving consider- ation of matters such as the organizational structure, including the role of the board of directors; communication of corporate proce- dures, policies and related codes of conduct; communication of authority and responsibility; competence and integrity of personnel; accounta- bility for performance and for compliance with policies and procedures; and the objectivity and effectiveness of the internal audit function. The role of the board of directors in overseeing the establishment and maintenance of a strong control environment, and in overseeing the procedures for evaluating a system of internal accounting control, is particularly important."" "It is unlikely that management can have reasonable assurance that the broad objectives of internal accounting control are being met unless the company has an environment that establishes an appropriate level of control consciousness."'" The control environment and the level of control consciousness within the organization provide an umbrella structure under which the entire internal control system including internal accounting control exists. The organization can expect no higher level of compliance with the codified control system than the level practiced by management. Therefore, the evaluation of the organization's control environment is the first logical step in the evaluation. To facilitate the overall evaluation of the environ- ment, a documentation should be made of all the steps taken by the organization. Once recorded, the organization can determine the sufficiency of the measures already established and implemented. Any weakness that is found and any action that is taken to correct the weakness should also be carefully documented. For the internal auditor, the control environment is a strong and underlying issue impacting on the objectivity and effectiveness of an internal audit function. The commitment of management and the board of directors, or its audit committee, to an adequate control system obviously has great impact on an internal audit department. In addition, the organization's recognition 12 Special Advisory Committee on Internal Accounting Control, Report, p 12. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 that without appropriate controls financial success may be short lived or even ineffective, is a key element in establishing proper control consciousness. The extent that the organization incorporates rewards for meeting control objectives as well as operating objectives can be instrumental in strengthening the audit department's effectiveness. An atmosphere which recognizes the elements of the control environment which facilitate the most effective operation of an internal audit department will assure that the internal audit department is equipped to aid management in its representation on the internal accounting control system. A high-caliber professional internal audit department, operating in an appropriate atmosphere, can supply a major portion of the evaluation information which management needs for its representation. In monitoring compliance with control procedures, the SEC recognized that "an objective, effective internal audit function can play an important role in monitoring compliance." 13 Internal auditors should employ the methodology or methodologies which are most appropriate for performing the evaluation and monitoring of the control system. Chapter five offers methodologies for making control evaluations. In order to provide proper support to management in documenting and evaluating the internal control system, management should require that internal auditors are skilled in evaluation methodology. Internal auditors should strive to deliver services which match management's expectations. n Securities and Exchange Commission, Statement of Management, p. 32. Summary: The control environment consists of discernable, assessable parts, which should be documented and appraised. The existence of the environment and the quality of its parts is important to the functioning of the internal accounting control system. In addition, the environment involves, includes and heavily impacts the internal auditor. In a proper environment, the internal auditor can and should aid management in the process of evaluation of the system as a natural by-product of the role currently being fulfilled by the internal auditor. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 3 INTERNAL AUDITOR The specific system of internal accounting control and the relationship of the internal auditor Capsule: This section discusses some of the specifics of an internal accounting control system and the development of those specific provisions. The relationship of the internal auditor as an appraiser and evaluator of that system is discussed. One of the great dangers now is attempting to closely define the exact scope of the system of internal accounting control. The scope of the internal accounting control system will vary markedly from one industry to another. For example, the pervasiveness of the accounting system in a banking organization is much greater than the accounting system of a manufacturing concern. While the importance of the accounting system and the need for competent personnel to deal with it are no greater, the percentage of the personnel which are in direct contact with the accounting system is far greater in a banking concern than in a manufacturing concern. Although the exact scope of internal accounting control is not defined, a number of characteristics which apply to internal accounting control systems can be identified. One of the recognized texts about the characteristics of an internal control system is the Ninth Edition of Montgomery's Auditing. 14 This text discusses the definition, objectives, characteristics, conditions, and basic types of controls expected in the system. In addition, a number of public accounting firms have recently published works on expected control system attributes. It has become increasingly important that financial managers and auditors reemphasize their efforts to know and contribute to the improvement of current literature on the control system. The internal auditor should be a primary expert on control technique and methodology within the organization. The role of the internal auditor is to appraise the control system throughout the organi- zation as a function. The auditor and other personnel with control responsibilities should thoroughly under- stand the control systems within the organization. These individuals should be aware that the control system is interactive with and complementing the operating system. The control system should assure that the operating system is functioning properly. ,< Philip L Detliese et al., Montgomery's Auditing, 9th ed. (New York: The Ronald Press Company, 1975). In chapter one it was noted that the term "monitoring" can be divided into two specific activities. These can be defined, for convenience, as a "management" process and an "audit" process. In this context, the management process refers to that portion of management which has the direct supervisory responsibility over the operations of the control system and its basic design. It is management's function to design an internal accounting control system which provides reasonable assurance. Management will then implement the system and administer it on a day to-day basis. Management also has a responsibility to maintain the system and assure by periodic inspections that the system is functioning as designed. As conditions change within the organization, management is responsible for correcting the system to operate with the new conditions. Management also must inform individuals engaged in the system's operations of the proper procedures and any necessary changes. Management has to also react to exceptions or anomalies which arise in the system's operations. It is a function of the system to discover errors and irregularities by surfacing exceptions and anomalies in the system's operations. In system monitoring, the audit function is the periodic evaluation of the system to assure that it is achieving the objectives of internal accounting control. Although internal auditing is a part of the management function, it will be identified here as separate from the management function. An audit tests the system; checks it for operation in accordance with management's plan; and evaluates the system's effectiveness and efficiency. An audit should also review the system, appraise its adequacy, and recommend any needed improvements to management. Audits also advise management on the means and methods for effecting improvements. In general, the audit function is a periodic appraisal and evaluation of the system which generates recommendations for the system's improvement. The relationships of these two functions are illustrated in Figure 1. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 119 FIGURE I DEFINITION OF MONITORING Relation of Management and Audit Functions Management responsibi- libes on a continuous basis ? Establish requirements ? Design the system ? Implement the system ? Administer the system ? Maintain the system ? Instruct employees on the system ? Correct weaknesses in the system ? Amend the system in changing conditions ? Supervise activity in the system ? React to system output and excep- tions INTERNAL AUDIT RESPONSIBILITIES ON A PERIODIC BASIS . Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 The concept of "reasonable assurance" recognizes that it is not in the interest of the organization, or its shareholders, for the cost of internal control to exceed the benefits which may be derived therefrom. Such benefits, and in many cases such costs, are not likely to be precisely quantifiable. Therefore, many decisions on reasonable assurance will necessarily depend, in part, on estimates and judgments by management. Consideration of the benefits of internal accounting control will generally involve some estimation of the possible effect and likelihood of future conditions and events. In addition, the benefits considered may often include not only "quantitative" benefits, such as reduction in exposure to the theft of assets, but also "qualitative" benefits, such as the company's reputation and its management. The concept of reasonable assurance, as cited by the SEC in its proposed rules, has long been recognized within the areas of control and auditing expertise. It has, however, gained renewed emphasis with the passage of the Foreign Corrupt Practices Act which specifically embodies the reasonable assurance concept. The renewed interest in the concepts and practicalities of the control system calls for those responsible for either the control system or its evaluation to sharpen their skills. Senior management and the board of directors and its audit committee should expect continued and up-to-date insight into the concepts and practice of control from such individuals within their organization. A definition of the scope of internal accounting control is not provided here because a precise definition of internal accounting control has considerable dependence on the type of business to which the definition is applied. Probably one of the cardinal issues in determining compliance with the Foreign Corrupt Practices Act over the next few years will be a more precise definition of the scope of internal accounting controls within specific industries. Managements will undoubtedly find that such definitions will best be determined and codified by industry groups who have unique knowledge and insight into the operations of companies in their specific type of business. Summary: The specific boundaries for internal accounting control are not well defined. They must be interpreted within individual organizations. The responsibility for establishment and maintenance of an adequate system of internal accounting control rests with management. Such a system must be sufficient to provide reasonable assurance that the specific objectives of internal accounting control are achieved, while ensuring that the costs of control do not exceed the benefits to be derived. The internal auditor can play an important separate role in monitoring the system (evaluating, appraising, and reporting) to aid management in fulfillment of its responsibilities. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 4 MANAGEMENT REPORTING Approaches which may be used to support the management statement Capsule: A number of different approaches have been suggested for accomplishing the evaluation, documentation and monitoring of the control system. This chapter will explore some of the facets of structuring a group to undertake this effort. The process of evaluating, documenting, and monitoring the internal accounting system provides the proper support for management's representations on the system. From company to company, the approach will vary somewhat depending on the number of individuals employed in this process and the qualifications of the individuals within the organization. Certainly, five groups of people should be strongly considered because of their individual areas of skill and expertise. They are: 1. financial management (controller, etc.) 2. operating management 3. legal counsel 4. internal auditors 5. public accountants Each organization must determine the number and mix of these individuals. A principle concern must be the ability of individual team members to contribute to the process. It is doubtful that any one of these groups will be given total and complete responsibility for this process; although the nature of certain organizations may demand that the process is assigned to only one such group. Internal auditors have unique expertise that can be used in a number of capacities in the process. They may be coequal partners within a composite group, advisors to a group of individuals or those having the primary responsibility with other groups acting as advisors. The internal auditing profession has developed standards, certification programs, research facilities, education courses, conferences, and seminars to assure that the members of the profession are experts in their field. Through the activities of The Institute of Internal Auditors, Inc., internal auditors receive effective support to help them provide the best possible service for management and the directorate of their particular employing organization. Through such professional development, and in the changing requirements of employers, internal auditors have become the resident experts in internal controls within the organizations. Internal auditors are uniquely qualified to evaluate and monitor control systems because this has been their primary interest through their careers. While the purpose of their evaluation may be shifting from solely responding to management's internal organizational concerns to include a support of management's public responsibilities, the methodology, documentation, and analysis required will remain basically the same. Because internal auditors work within one corporation or organizational structure, they are very familiar with the operating and control systems of that enterprise. Therefore, they are able to advise on many of the cost/benefits decisions made in an evaluation monitoring process. While internal auditors are certainly not the only ones within the organization that know about the control system and operating environment, they are unique because their full-time dedication is the appraisal of control systems. Their knowledge and experience include not only the specifics of the internal accounting control system as set forth in the Foreign Corrupt Practices Act, but also the company's total internal control system. Thus, they are able to meet any demands arising from extended definitions of the Foreign Corrupt Practices Act's language. Economy is another advantage that internal auditors offer compared to outside sources. Internal auditors are thoroughly versed in every facet of the company's operation and this almost certainly assures a more efficient and effective process. Internal auditors employ methodology and techniques at least as advanced as those used by outside sources. Thus management confidently relies on internal auditors to see that savings are not achieved at the sacrifice of quality. Once the initial evaluation is made, it is imperative that the system of internal accounting control be continually monitored and evaluated on an ongoing basis. Certainly, in this capacity, the internal auditor is the company's most qualified resource. In the proposed SEC rules, the requirements for Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 122 Figure 2 THEORETICAL SCHEMATIC FOR COMPLIANCE PROJECT INTERNAL FINANCIAL OPERATING LEGAL INDEPENDENT MANAGEMENT COUNSEL ACCOUNTANTS FAMILIARIZE WITH REQUIREMENTS DEVELOP ACTION PLAN ASSEMBLE ACTION TEAM & CHARTER THE TEAM EVALUATE THE CONTROL ENVIRONMENT CODIFY SPECIFIC OBJECTIVES RECOMMENDATIONS DETERMINE PROCEDURES NEEDED TO ACHIEVE SPECIFIC OBJECTIVES DETERMINE THAT PROCEDURES ARE IN PLACE CONTINUE TO MONITOR Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 management reporting of the ongoing system evaluation make the internal audit function a naturally identified resource. In fact, the function is recognized within the proposed SEC rules. The ability of the audit function to evaluate, document, and provide management with immediate feedback on the status of controls, is the most economical means of performing an effective ongoing evaluation. Therefore, the internal audit function is an important part of the evaluation process in its initial stages and may be an even more instrumental part of the ongoing evaluation process in the future. Management should expect its internal audit department to have a natural command of the evaluation methodologies that are most beneficial to the organization. Management should also expect the internal audit department to be aware of the means of proper documentation to support the required representations and be experienced in consulting with members of the legal, financial control, and public accounting disciplines in order to provide a resource for their efforts. There is no "perfect" means or method of constructing a compliance project. A theoretical schematic of the compliance project is shown in Figure 2. It should be noted that the broken path line at the bottom of the figure indicates that the monitoring will continue into the future. The project itself is to be a never-ending evaluation to assure the proper maintenance of a sound internal accounting control system. Some argue that the more available the documenta- tion, the more ammunition is given to anyone who questions the decisions made. It has been convincingly proved by auditors, however, that the documentation of the decision-making process makes it far easier to display the thought process and support the logic of decisions. Not only should the system be documented, but also the considerations leading to the system's individual parts. With this documentation available, the organization can show that its control procedures were carefully considered. Cost/benefits judgments which are made should be documented for an easier recall later. The impact of environmental factors on the chosen procedures should be recorded also. Summary: There are varied compositions of resources which can be employed to accomplish the evaluation. The internal auditor can interface with a number of different structures, and in so doing, the internal auditor can be a very cost- productive resource. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 5 METHODOLOGY Broad descriptions of methodology used in evaluation Capsule: Various techniques for control evaluation are briefly described. They include Cycle, Flowcharting, Matrix Analysis, Checklist, and EDP Concerns. Definition The purpose of this section is to review various recognized methodologies the internal auditor uses when performing the evaluation. The descriptions are cursory and rudimentary representations for these systems and provide a basis for interaction between the parties involved. Techniques Cycle Approach: This technique for the analysis of a control system has been introduced with varying modifications by several public accounting firms and by the Special Advisory Committee on Internal Accounting Controls of the AICPA. This approach is based on the review of transactions as they pass through the accounting system. Transactions are grouped together into definable groups called "cycles" for the purpose of analysis. As an example, the revenue cycle begins with the acceptance of a customer and continues to include credit, shipping, sales, sales deductions, receivables, cash receipts, allowance for doubtful accounts, sales warranties, and so forth. Other cycles include expenditures, production or conversion, financing, and external financial reporting. The transactions and their handling are measured against prescribed guidelines. In many cases, this system's publications also include flowcharting and risk identification in the total evaluation process. Flowcharting: Flowcharting has long been recognized in the internal audit profession as a productive means of evaluating administrative, operational, and accounting controls. It involves the graphic representation of operations through recognized symbolic recording. Very often, the flowchart will incorporate parallel narrative descriptions of the system. Flowcharting enjoys the advantage of being adaptable to cyclical, organizational, or functional perspectives. Flowcharting has also been very commonly used in data processing programming circles. Matrix Analysis: The matrix analysis technique reviews the internal control system as a network of interactive controls in relationship to an organization's existing risks. It recognizes the concept of employing controls to minimize risk and the cross relationship of individual control procedures to supply backup controls with minimum redundancy. It supports investigation of cost/benefits. This technique uses a matrix to measure all controls in a functional, cyclical, or organizational unit against the risks in that unit to establish the relationship and effectiveness of the individual procedures and the network of procedures. It is also designed to be responsive to the dynamics of changing organizations because of the ease of updating and amending. EDP: Because of the unique nature of electronic data processing, the techniques of audit and control analysis require specialized tools and especially skilled auditors. Therefore, in this description EDP audit and control evaluation will be treated as a separate subject. Some of the techniques described above will be used with specialized techniques in control and evaluation examinations of electronic data processing facilities. The pervasiveness of computers in all kinds of organizations brings a special concern to the control evaluation process. The computer once viewed as a high-powered adding machine, is now an integral part of the operations and control systems. The evaluation of controls in computer operation, programming, and administration concerns not only the control procedures in the direct operations of the data processing department, but also the environment which is created throughout the organization because of the use of computers. Systems Auditability and Control (SAC), one of the foremost research reports on computer control and related auditing techniques, was recently published by IIA. This three-volume publication, developed under the sponsorship of IBM, is the backbone of the evaluation guide. Checklist: Internal control checklist is a review and analysis technique that is particularly useful in a highly structured situation where control procedures are highly manualized and the exact procedures are used at several locations. This is particuarly true for retail Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 locations that are highly standardized as to their would have documented standard procedures for each complete operations. For example, a corporation with location. In these cases an internal control checklist a large number of franchised locations that basically could be a valuable tool for verifying that the location had the same size, volume, and number of employees is in compliance with such procedures. Summary: Corporations have several recognized techniques, which may be employed singularly or in concert, to initially evaluate the internal accounting control system, to document the system and its evaluation, and to employ in the ongoing monitoring of the system. Management should be generally familiar with the methodologies available and should discuss with the review committee (described in Chapter 4) the rationale for the use of any method or combination of methods for conducting their evaluation. The professional internal auditor should supply management and the review committee with an ongoing monitoring program designed to evaluate and document the system in accordance with the agreed methodology. This will provide management and the board of directors with an assurance that the internal accounting control system is appropriately documented and effectively monitored. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 6 THE FUTURE Future literature and research into methodologies of evaluation and control guidelines Capsule: A discussion of specific future needs to support the evaluation process and management representations. Just before December, 1977, it became apparent that the Foreign Corrupt Practices Act with its current provisions would be passed into law. Since that time heightened efforts have been made to identify and codify the mechanical processes or methodologies used in the evaluation and documentation process. Most notably, the advisory committee and the larger public accounting firms have expended considerable re- sources in money and manpower to provide manage- ment, internal auditors, and the public accounting firms' staffs, with improved methodology for evaluating control systems. While some variation does exist among these groups. a basic thread tends to run through their work. They appear to be aimed at an approach which may be too casually accepted as a "laundry list." The firms which have developed these systems, and the person or company astutely studying their work, will recognize that the analytical process is far deeper and more significant than a simple "laundry list" of all of the control procedures which should be ideally employed. In the previous chapter, several analytical approach- es were described which direct even the most casual observer into the analytical process. It is not only desirable, but necessary, to continue study and development in order to devise and refine even more improved systems of control evaluation. A system of control evaluation which facilitates the cost/benefits decisions in this process is greatly needed. The Institute of Internal Auditors, Inc., is developing and publishing texts on at least two analysis methodologies: flowcharting and matrix analysis. In addition, texts on documentation and the reporting of evaluation results are also being published by The Institute. While all of these texts are generally aimed at the internal auditor, they should be helpful to any organization. An industry codification of the specific objectives of the internal accounting control system is critically needed for facilitating the evaluation of the control system. Industry's development of such specific objectives would serve as guidance for individual companies and as an authoritative body of knowledge for such industries. While individual companies are at some variance over the specific control procedures employed in companies within an industry, the objectives of the control system should not vary markedly. Any two companies in the same industry should be able to cite the same control objectives while still having latitude to differ broadly on the control procedures that meet their own organizational and operating philosophy. Several groups now existing within industry or trade associations competently deal with the formation of their industry's specific objectives. The Institute is trying to identify professionally competent groups and encourage them to undertake this task. The Institute cannot accept responsibility, however, for the commitment of such associations. 11A believes that such industry groups and associations can provide their members with a meaningful service by undertaking these efforts. Any group desiring to participate in such an effort should contact the president of The Institute of Internal Auditors, Inc., in Altamonte Springs, Florida. Corpo- rations with memberships in such trade and industry associations should involve their colleagues in such an undertaking in order to serve their industry and individual companies within it. Summary: Through a broadened understanding of the Foreign Corrupt Practices Act and the related reporting requirements, individual organizations will hopefully find the means and incentives to make this a productive process. This book has tried to stimulate the reader's thinking about the organized undertaking of evaluation documentation and the monitoring of the internal accounting control system. When property reviewed and used, the internal accounting control system Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 can be an exceedingly beneficial part of any organization's total structure. It is hoped that internal auditors will help make the organization aware of the law's requirements and regulations and will help prepare and f"tate compliance with them. The Institute of Internal Auditors, Inc., continues to provide members of its profession with the tools to assist in this effort. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 APPENDICES Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003ROO0200010014-0 APPENDIX A A Brief Description and History of The Institute of Internal Auditors, Inc. How often has it been said: They didn't know what they were getting themselves into." Such a statement will never be made about the handful of dedicated men who in 1941 founded The Institute of Internal Auditors, Inc. Nearly three months before the actual incor- poration, this handful of men met and drafted a letter to prospective charter members. The letter welcomed those interested in promoting internal auditing and stated the following objectives for The Institute: ? Furtherance of the generally acknowledged professional status of the internal auditor; ? Development of the member's individual status through the personal and technical aspects of The Institute's activities; ? Education of other corporate officers and businessmen in general to an understanding of the true scope and potentialities of internal auditing; ? Study of the problems of internal auditing and provision of the needed professional literature in this field; . ? Cooperation with The American Institute of Accountants, The Controllers Institute, and other recognized professional groups in contiguous or closely related fields. In general, that same letter stated the need for an association to advance the professional status of internal auditors and to further the public under- standing of internal auditing. No doubt they knew what they were doing, those founding fathers. For a belief in those broad and comprehensive objectives and purposes by many other internal auditors down through the years has helped The Institute grow from that dedicated handful - 24 charter members gathered in New York City - to more than 20,000 members in 85 countries. Today it's still growing, not simply in numbers but also in productivity, resources, and prestige. One reason why IA membership has more than doubled in the past five years is that those founding fathers saw the growth of the internal auditing function as a response to new management needs resulting from the increasing size and complexity of corporate and governmental organizations. That belief is as valid today as it was 38 years ago. In the early years, growth was slow but steady By 1947 IA membership had increased to 1,322 and 20 chapters in the United States and Canada had been established. By 1962 the membership had grown to more than 5,000, and the number of chapters had more than tripled to 73. Nine years later, in 1971, membership totals stood at more than 8,000 in 97 chapters. The headquarters staff numbered 13. In 1966 a director of technical services, heading research, educational and publication activi- ties, was appointed. In 1968 the Cadmus Educational Foundation (CEF) under a director of education was formed. While IIA headquarters remained in New York, the CEF office was located in Winter Park, Florida. Th e formation of the educational foundation was a major development in IIA history. By 1971, the Cadmus Educational Foundation, administering a new internal auditing educational program, was sponsoring 24 seminars that attracted more than 500 registrants. In 1977, Institute membership had grown to more than 14,000 with 125 chapters. The IIA staff now numbered more than 40. Such dynamic growth, both in numbers of members and in staff activities, ultimately led to the acquisition of the site of The Institute's present headquarters - two three-story office buildings on more than five acres of land in Altamonte Springs, just northeast of Orlando. Growth in membership and staff has been only one aspect in the evolution of The Institute. In order to keep pace with the increasing demands of the profession, IIA's seminar program, which only eight years ago attracted 500 registrants to 24 seminars, emerged to the point where it now services more than ? 2,000 auditors through specialized seminars. IA's conference program has also kept pace with overall Institute growth and needs. Annual conferences began in 1942 with the first four held in New York. In 1947 the site shifted to Detroit and the conference drew a record 560 people. Today's international confer- ences, the educational and social highlights of the IA year, draw easily four times that many people. Specialized conferences, to help practitioners keep abreast of their constantly changing environment, are also a major ingredient of IIA's continuing education program. Last year nearly 2,000 people participated in IA educational conferences. Research, like education, has always held top priority within The Institute. Provisions for doing research in the field of internal auditing were made as early as 1942. Perhaps the first major research project involved the development of the Statement of Approved For Release 2008/10/29: CIA-RDP85-00003ROO0200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Responsibilities for Internal Auditors. The statement covers the nature of internal auditing, objectives and related activities, scope of authority and responsibility, and independence. Approved by IIA's Board of Directors in 1947, the statement has been revised twice and provided the foundation upon which the present Standards for the Professional Practice of Internal Auditing were built. While the research carried on by The Institute covers a wide range of subjects, one landmark project deserves special note. Funded by a $500,000-grant from the IBM Corporation and working with the Stanford Research Institute and a 47-member advisory group, IIA embarked in 1975 on a two-year project to explore the role of the internal auditor in data processing. In 1977 The Institute published the findings in a three- volume Systems Auditability and Control (SAC) report. The widely-acclaimed SAC reports - for executive management, auditors, and EDP practi- tioners - provide practical solutions to current problems associated with computer audit and control. Certainly the SAC project was a major break- through for The Institute in the EDP auditing area, but it was only the beginning. IIA fully realizes the need to understand the EDP aspect and to carry out internal auditing in the evolving EDP environment. Such an understanding has prompted The Institute to take a leadership role in providing the technology for internal auditing in EDP. Among top IIA priorities is the continuing establish- ment of internal auditing courses in college and university curricula. With the development and publication of more adequate text and teaching materials, The Institute is making more progress in this area. In fact, The Institute has long been concerned about publications, not only for use in colleges, but also for the practicing internal auditor. IIA's publication catalog now lists the foremost sources of information or. modern internal audit theory, training, and practice available. These include textbooks, research reports, handbooks, and references written by leading internal auditors with an emphasis on the practical application of internal audit knowledge. Another facet of professional development in which The Institute has assumed a leadership role is its certification program. Early planning for the certifi- cation program began in the mid-1960s and important landmarks along the way included the adoption of a Code of Ethics in 1968 and the identification of a Common Body of Knowledge, on which to base the examination for certification. In 1973 The Institute made its debut in governmental and public affairs, when it committed to assist to improve management practice in public administration and nonprofit institutions through auditing. The area of governmental and public affairs is obviously one of emerging importance. The Institute's increasing emphasis on research and education led to the establishment in 1976 of the Foundation for Auditability, Research, and Education (FARE). FARE is a separate, legal entity. It is a fully approved, tax-exempt corporation permitted to re- ceive grants and contributions for promoting and furthering education in internal auditing. FARE has already put such contributions to good use by cosponsoring, along with The Institute, a pair of conferences dealing with the Foreign Corrupt Prac- tices Act. Much has been accomplished in 38 years, thanks to thousands of IIA members working on a voluntary basis for the advancement of their profession and The Institute. And, thanks also to the founding fathers' farseeing goals, much will be accomplished in the future. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 131' APPENDIX B Accounting Standards Assets, Sec. 102. Section 13(b) of the Securities Exchange Act of 1934 transactions and (15 U.S.C. 78q(b)) is amended by inserting "(1)" after "(b)" and by adding dispositions. at the end thereof the following; 15 U.S.C. 78m. 15 U.S.C. 78/ "(2) Every issuer which has a class of securities registered pursuant Post p.1500. to section 12 of this title and every issuer which is required to file reports pursuant to section 15(d) of this title shall - Records, "(A) make and keep books, records, and accounts which in reasonable maintenance. detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer; and Internal accounting controls, "(B) devise and maintain a system of internal accounting controls establishment. sufficient to provide reasonable assurances that - "(i) transactions are executed in accordance with management's general or specific authorization; "(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets; "(iii) access to assets is permitted only in accordance with management's general or specific authorization; and "(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences." Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Securities and Exchange Commission [Release No. 34-14478; ASR 242] NOTIFICATION OF ENACTMENT OF FOREIGN CORRUPT PRACTICES ACT OF 1977 Agency: Securities and Exchange Commission. Action: Notification of enactment of Foreign Corrupt Practices Act of 1977. Summary: The Commission wishes to call to the attention of issuers, accountants, attorneys and other interested persons the enactment of the Foreign Corrupt Practices Act of 1977. The Act, which is described in detail below, requires issuers subject to the registration and reporting provisions of the Securities Exchange Act of 1934, as amended, among other things to comply with certain accounting standards. It also makes unlawful the use of any means of instrumentality of interstate commerce by any such issuer, or by any domestic concern not subject to the Securities Exchange Act, in furtherance of any offer, payment, promise to pay or authorization of the payment of any money, or offer, gift, promise to give or authorization of the giving of anything of value, to foreign officials and certain other persons for certain corrupt practices. For further information contact: Frederick B. Wade, Office of the General Counsel (202/755-1229), Barbara L. Leventhal, Division of Corporation Finance (202/755-1750), or Edward R. Cheramy, Office of Chief Accountant (202/376-8020), Securities and Exchange Commission, 500 North Capitol Street, Washington, D.C. 20549. Supplementary information: The Securities and Exchange Commission wishes to call to the attention of issuers, attorneys, accountants and other interested persons, the recent enactment of the Foreign Corrupt Practices Act of 1977 (the "Act"). i The Act, which was signed by the President on December 19, 1977, and became effective on that date, amends Section 13(b) of the Securities Exchange Act of 1934 [15 U.S.C. The Act is contained in Title I of Public Law No. 95213 (Dec 19, 1977)_ Title II of the legislation, the Domestic and Foreign Investment Improved Disclosure Act of 1977, amends Section 13 of the Securities Exchange Act of 1934 (15 U.SC 78m) to require expanded disclosure by persons who acquire or possess beneficial ownership of more than 5 percent of a class of securities which is registered pursuant to Section 12 of the Exchange Act, or any equity security of rance company, which would have been required to be so registered except for the exemption contained in Section 12(g)(2)(G) any equity security issued by a closed end investment company registered under the Investment Company Act of 1940. Rulemaking to implement Section l3(g) as part of a uniform integrated approach to disclosure under Sections 13(d),(f( and (g) is under consideration and will be the subject of a separate release. 78m(b)] to require every issuer which has a class of securities registered pursuant to Section 12 of the Securities Exchange Act, and every issuer which is required to file reports pursuant to Section 15(d) of the Securities Exchange Act, to comply with certain accounting standards. The Act also makes it unlawful for such issuers, or any domestic concern not subject to the Securities Exchange Act, to engage in certain corrupt practices with respect to foreign officials. Because the Act became effective upon signing, it is important that issuers subject to the new requirements review their accounting procedures, systems of internal accounting controls and business practices in order that they may take any actions necessary to comply with the requirements contained in the Act. A. ACCOUNTING STANDARDS Section 13(b) of the Securities Exchange Act is amended by renumbering existing subsection (b) as paragraph (b)(1) of Section 13, and by adding two new paragraphs to that subsection. New paragraph 13)b)(2) applies to issuers which have a class of securities registered pursuant to Section 12 of the Securities Exchange Act, and issuers required to file reports pursuant to Section 15(d) of the Securities Exchange Act (hereinafter referred to collectively as "reporting companies"). It requires reporting companies to make and keep books, records and accounts which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer. The maintenance of accurate books and records by publicly-held companies is a necessary concomitant of the existing requirement for full, fair and accurate periodic reports. Inaccurate books, off- the-book accounts, and related practices are pro scribed by the Act. Reporting companies are also required to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that: (i) Transactions are executed in accordance with management's specific authorization; )u) Transactions are recorded as necessary: (a) to permit preparation of financial statements in conformity with generally accepted ac- counting principles or other applicable criteria; and (b) to maintain accountability for its assets; (iii) Access to assets is permitted only in Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 accordance with management authorization, and (iv) The recorded accountability for assets is compared with existing assets at reasonable intervals and appropriate action is taken with respect to any differences. New paragraph 13(b)(3) of the Securities Exchange Act provides that, with respect to "matters concerning the national security of the United States, no duty or liability under paragraph (2) * * * shall be imposed upon any person acting in cooperation with the head of any Federal department or agency responsible for such matters if such act in cooperation with such head of a department or agency was done upon the specific, written directive of the head of such department or agency pursuant to Presidential authority to issue such directives." Each such directive shall expire one year after it is issued unless it is renewed in writting. B. FOREIGN CORRUPT PRACTICES BY ISSUERS Pursuant to the Act, a new Section 30A has been added to the Securities Exchange Act, which makes it unlawful for any reporting company, or any officer, director, employee, or agent of the company, or any shareholder acting on behalf of such a company, to make use of the mails or any means or instrumen- talities of interstate commerce, corruptly, in further- ance of an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give or authorization of the giving of anything of value, to three classes of persons: 1. An official of a foreign government or instrumentality of a foreign government; 2. A foreign political party-or-official thereof, or any candidate for a foreign political office; or 3. Any other person where the reporting company knows, or has reason to know, that all or a portion of such money or thing of value will be offered, given or promised, directly or indirectly to any foreign official, foreign political party or official thereof, or any candidate for a foreign political office. New Section 30A applies to payments made for the purpose of influencing an act or decision of a foreign official, foreign political party or candidate for foreign political office (including a decision not to act), or inducing such a person or party to use his or its influence to affect any government act or decision, in order to assist an issuer in obtaining, retaining or directing business to any person. A "foreign official" is defined to mean any officer or employee of a foreign government or any department, agency or instru- mentality thereof, or any person acting in an official capacity for or on behalf of such government. The term does not include employees whose duties are essentially ministerial or clerical. C. THE COMMISSIONS ENFORCEMENT RESPONSIBILITIES The legislative history of the Act reflects that the Commission's enforcement responsibilities extend to conducting investigations, bringing civil injunctive actions, commencing administrative proceedings if appropriate, including public or private disciplinary proceedings pursuant to Rule 2(e) of the Commission's Rules of Practice,2 and referring cases to the Justice Department for criminal prosecution where warranted, just as the Commission currently does with respect to its existing responsibilities under the federal securities laws.3 In addition, as is true with respect to violations of other provisions of the Securities Exchange Act, controlling persons of an issuer may be liable for violations of the new requirements,4 and a negligence standard will govern civil injunctive actions brought to enforce the Act.5 The legislative history of the Act also contemplates that private rights of action properly could be implied under the Act on behalf of persons who suffer injury as a result of prohibited corporate bribery.? In the case of an individual, the penalties for each criminal violation of the corrupt practices provisions of new Section 30A are a fine of up to $10,000 or imprisonment for up to 5 years, or both; in the case of a corporation, the penalties for violation of the Section include a fine of up to $1,000,000. In this regard, the Act provides that any fines imposed upon individuals may not be paid directly or indirectly by an issuer. D. FOREIGN CORRUPT PRACTICES BY DOMESTIC CONCERNS The Act also subjects any domestic business concern, other than one subject to the reporting requirements of the Securities Exchange Act, and any officer, director or agent of such a domestic business concern or any natural person in control of such a domestic concern to the same prohibitions and penalties that are applicable to reporting companies. The provisions applicable to domestic concerns will be administered and enforced by the Justice Department rather than the Commission. E. IMPACT ON DISCLOSURE POLICIES While the Act imposes new requirements on reporting companies with respect to the maintenance of internal accounting controls, and outlaws certain foreign corrupt practices, it does not alter the existing obligation of such companies to adequately disclose s 17 CFR 201.2(e). s S. Rep. No. 95114, 95th Cong., 1st Sess. (1977) at 12; H R. Rep. No. 95-640, 95th Cong., 1st Sess. (1977) at to. See Section 20 of the Securities Exchange Act, 15 US C. 78t, H.R. Rep. No. 95640, 95th Cong., 1st Sess. (1977) at 10. Id Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 material questionable and illegal corporate payments and practices. In addition to providing all information called for by the specific disclosure requirements of the various registration and reporting forms promulgated pursuant to the Securities Act of 1933 and the Securities Exchange Act of 1934, registrants have a continuing obligation to disclose all material information and all information necessary to prevent other disclosures made from being misleading with respect to such transactions.? Although the legality or illegality of a particular transaction is one of the factors that must be assessed in determining its materiality, other factors must also be considered. A transaction which is not unlawful under the Act may still be material to investors and therefore required to be disclosed under the federal securities laws. For guidance in determining whether or not a specific fact is material, attention is directed to the discussion of materiality contained in Securities and Exchange Commission, Report on Questionable and Illegal Corporate Payments and Practices, which was submitted to the Senate Committee on Banking, Housing and Urban Development on May 12, 1976, at 16-32 ("Report"). F. EFFECT ON OUTSTANDING RULE PROPOSALS On January 19, 1977, the Commission published for comment a series of rulemaking proposals designed to promote the reliability and completeness of financial information, prevent concealment of questionable or illegal corporate payments and practices, and provide information to investors concerning management ? See e.g., 17 CFR 230.405(1); 17 CFR 230.408; 17 CFR 240.126-20; 17 CFR 240.106.2; 17 CFR 240.14a-9. involvement in such transactions.s The proposals were substantially similar to a legislative proposal submitted by the Commission to the Senate Committee on Banking, Housing and Urban Affairs on May 12, 1976, parts of which were ultimately incorporated in the Act9 The Commission is considering the numerous comments it has received on these proposals and will determine whether to adopt, modify or withdraw those rule making proposals.i0 In view of the extensive comments which already have been received no further comments on these proposals are being solicited. An appropriate announcement respecting the Commis- sion's determination with respect to these rules proposals will be published in the near future. x Securities Exchange Act Release No. 13185 (Jan 19, 1977) 11 SEC Docket 1514 (1977). ? The proposals were contained in the Commission's Report, supra, at 63, which is, accordingly, a part of the legislative history of the Act The Commission's proposals were originally introduced by Senator Proxmire, Chairman of the Senate Committee on Banking, Housing and Urban Al lrs, as 5.3418. Following hearings, the committee referred a bill to the senate floor - S 3664 - which embodied the Commission's recommendations as well as certain other proposals S.3664 was passed by the Senate unanimously on September 15, 1976. The House of Representatives, however, was unable to complete work on the legislation before adjournment sine die on October 2, 1976. The substance of the Commission's proposals was again included in 5.305, which was passed by the Senate on May 2, 1977, but two of the proposals were deleted in the joint conference committee appointed to reconcile the differences in the Senate and House versions of the bill, prior to enactment of the legislation 1? The accounting provisions in the new law, which are described above, are similar to proposed Rules 13b-1 and 13b-2. The rulemaking proposals not incorporated in the legislation include proposed Rule 13b3, which would prohibit the falsification of corporate books or records; proposed Rule 136 .4, which would prohibit the making of false or misleading statements to an accountant; and proposed Item 6(d) of Schedule 14A relating to disclosure of management involvement in questionable or illegal payments or practices. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Securities and Exchange Commission (17 CFR Parts 211, 229, 240, 249) (Release No. 34-15772, File No. S7-779) STATEMENT OF MANAGEMENT ON INTERNAL ACCOUNTING CONTROL Summary: Since the enactment of the Foreign Corrupt Practices Act of 1977, interest in the effectiveness of internal accounting controls has been enhanced. To provide information about the effectiveness of systems of internal accounting control, the Commission is proposing for comment rules which would require inclusion of a statement of management on internal accounting control in annual reports on Form 10-K filed with the Commission under the Securities Exchange Act of 1934, and in annual reports to security holders furnished pursuant to the proxy rules. The Commission also is proposing that such statement be examined and reported on by an independent public accountant. Dates: Comments should be received by the Commission on or before July 31, 1979. Address: Comments should be submitted in triplicate to George A. Fitzsimmons, Secretary, Securities and Exchange Commission, 500 North Capitol Street, Washington, D.C. 20549. Comment letters should refer to File No. S7-779. All comments received will be available for public inspection and copying in the Commission's Public Reference Room, 1100 L Street, N. W., Washington, D. C. 20549. For further information contact: James J. Doyle, (202-472-3782), Office of the Chief Accountant, Securities and Exchange Commission, 500 North Capitol Street, Washington, D.C. 20549. Supplementary information: The Securities and Exchange Commission is proposing for public comment amendments to Form 10-K (17 CFR 249.310); Regulation 14A (17 CFR 240.14a-1 et seq.); and Regulation S-K (17 CFR 229.20). The proposed amendments, if adopted, would require inclusion of a statement of management on internal accounting control in Forms 10-K and in annual reports to security holders furnished pursuant to Rule 14a-3 117 CFR 240.14a-3]. To standardize the disclosure requirements, the information to be included in the statement of management on internal accounting control would be specified in proposed new Item 7 of Regulation S-K. The amendments are proposed to be adopted in two stages. As of dates after December 15, 1979 and prior to December 16, 1980 for which audited balance sheets are required, the statement of management on internal accounting control would be required to include the following: 1. Management's opinion as to whether, as of the date of such audited balance sheet, the systems of internal accounting control of the registrant and its subsidiaries provided reasonable assurances that specified objectives of internal accounting control were achieved; and 2. A description of any material weaknesses in internal accounting control communicated by the independent accountants of the registrant or its subsidiaries which have not been corrected, and a statement of the reasons why they have not been corrected. For periods ending after December 15, 1980 for which audited statements of income are required, the statement of management on internal accounting control would be required to include management's opinion as to whether, for such periods, the systems of internal accounting control of the registrant and its subsidiaries provided reasonable assurances that the specified objectives of internal accounting control were achieved. In addition, the statement of management on internal accounting control would be required to be examined and reported on by an independent public accountant for such periods. Thus, initially the management opinion which would be required would extend only to conditions existing as of the balance sheet date, and the statement of management would not be required to be examined and reported on by an independent accountant. There would be a specific disclosure requirement relating to any material weaknesses in internal accounting control communicated by the independent accountants which have not been corrected. After the initial stage, the management opinion which would be required would extend to conditions which existed during the periods for which audited statements of income are required, and the statement of management would be required to be examined and reported on by an independent public accountant. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 1. BACKGROUND AND BASIS FOR PROPOSED RULES In December 1977, Congress enacted the Foreign Corrupt Practices Act of 1977 ("FCPA").' Among other things, the FCPA requires that issuers subject to the registration and reporting provisions of the Securities Exchange Act of 1934, as amended, devise and maintain a system of internal accounting control sufficient to provide reasonable assurances that (i) transactions are executed in accordance with management's general or specific authorization; (ii) transactions are recorded as necessary (a) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (b) to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management's general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences3 While the FCPA, which was effective upon enactment,3 contains a specific statutory requirement that certain issuers devise and maintain an effective system of internal accounting control, the establishment and maintenance of such a system have always been important responsibilities of management. An effective system of internal accounting control has always been necessary to produce reliable financial statements and other financial information generated from the accounting system, as well as to assure that assets and transactions of the business are adequately controlled. The Commission believes that information regarding the effectiveness of an issuer's system of internal accounting control may be necessary to enable investors to better evaluate management's performance of its stewardship responsibilities and the reliability of interim financial statements and other unaudited financial information generated from the accounting system, and that, therefore, the proposed rules may be a These internal accounting control provisions of the FCPA are codified in Sectlon13fb11211B1 of the Securities Exchange Act of 1934, 15 US.C. 78m(b)(2)IBI The Comission discussed the enactment of the FCPA in Accounting Smeries Release No. 242 (Securities Exchange Act Release No 14478, February 16, 1978. 43 FR 7752), in which it stated: Because the Act became effective upon signing, it is important that issuers subject to the new requirements review their accounting procedures, systems of internal accounting controls and business practices in order that they may take any actions necessary to comply with the requirements con, in the Act The Commission also discussed the provisions of the FCPA in Securities Exchange Act Release No. 34-15570 (44 FR 10964), February 15, 1979. necessary to the interests of investors and other users of financial information." In proposing to require a statement of management on internal accounting control, the Commission is not setting forth detailed, prescriptive rules for control procedures and techniques which will ensure compliance with the internal accounting control provisions of the FCPA. The Commission believes that the control procedures and techniques which will provide for compliance with those provisions must be determined in the context of the circumstances of each issuer, and it is the responsibility of management to make those determinations. As noted above, the Commission is proposing that, for periods ending after December 15, 1980 for which audited statements of income are required, the statement of management on internal accounting control be examined and reported on by an independent public accountant. Because of the independent public accountant's expertise with respect to internal accounting control and the fact that internal accounting control is integral to preparation of financial statements, the Commission believes that an examination by an independent public accountant of a statement of management on internal accounting control would result in increased reliability of such a statement. It should be emphasized, however, that the independent accountant's responsibility will be more limited than that of management. The responsibility for complying with the substantive internal accounting control provisions of the FCPA, as well as with the disclosure requirements of these proposed rules, rests with the issuer and its management. The Commission notes that increasing attention recently has been focused on the need for a "management report" directed to management responsibilities for financial reporting. The principal initiative in this regard was taken by the Cohen Commission, which recommended, among other things, that companies include with the financial statements a report that acknowledges management's responsibilities with respect to the financial information reported.' The Financial Executives Institute ("FEI") responded to the Cohen Commission's recommenda- tion by endorsing the furnishing of a management report and, in June 1978, issued suggested guidelines for preparation of a management report. Those guidelines generally follow the recommendations of the ? The Commission on Auditor's Responsibilities ("Cohen Commis on") concluded that users of financial information are interested in whether controls are adequate to reduce the risk of loss of assets through unauthorized use misappropriation and to produce reliable financial information, and that users may need to be informed, as part of adequate disclosure, about the condition of controls. See the Commission on Auditor's Responsibilities "Report, Conclusions, and Recommendations" (1978) (hereinafter cited as "Cohen Commission Report"), p. 55. See also MV Brown, "Auditors and Intemal Controls: An Analyst's View," CPA Journal 47 (September, 1977), pp. 2731. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Cohen Commission. In addition, the American Institute of Certified Public Accountants ("AICPA") formed the Reports by Management Special Advisory Committee, consisting of financial executives, attorneys, a financial analyst, and other users of financial information, to consider the Cohen Commission's recommendations pertaining to management reports and to develop guidance on matters that should be included in a management report. In December 1978, the Reports by Management Special Advisory Committee issued, for public comment, a report of its tentative conclusions and recommendations.6 The Cohen Commission's report, the FEI guidelines, and the AICPA Special Advisory Committee's tentative report each contain the suggestion that a management report include an assessment of the company's system of internal accounting control.? This aspect of a management report has received significantly more attention than any other, in large part as a result of the enactment of the FCPA. It should be noted that the management statement which the Commission is proposing today does not involve matters other than internal accounting control that might be included in a management report. The Commission intends to follow closely the further initiatives of the private sector and will consider the need to propose additional rules relating to such other matters. In the meantime, the Commission encourages issuers to provide meaningful disclosure regarding management responsibilities. At this time, however, the Commission is proposing to require only the more limited management statement discussed and set forth below. 11. DISCUSSION OF PROPOSED RULES A. Management Opinion Proposed Item 7(a) of Regulation S-K would require a statement of management's opinion as to whether, as of any date after December 15, 1979 and prior to December 16, 1980 for which an audited balance sheet is required, and for periods ending after December 15, 1980 for which audited statements of income are required, the systems of internal accounting control of the registrant and its subsidiaries provided reasonable assurances that: 1. Transactions were executed in accordance with management's general or specific authorization; 6 Tentative Conclusions and Recommendations of the Reports by Management Special Advisory Committee, AICPA, December 8, 1978. r The example of a management representation regarding assessment of the company's system of urtemal accounting control contained in the tentative report of the Reports by Management Special Advisory Committee is limited to "errors or irregularities that could be material to the financial statements" Id. at p. 5.). As discussed herein, neither the internal accounting control provisions of the FCPA nor the representations which would be required in the proposed statement of management on internal accounting control are so limited. See also Securities Exchange Act Release No. 15570, supra., n. 3. 2. Transactions were recorded as necessary (a) to permit preparation of financial statements in conformity with generally accepted accounting principles (or other applicable criteria), and (b) to maintain accountability for assets; 3. Access to assets was permitted only in accordance with management's general or specific authorization; and 4. The recorded accountability for assets was compared with the existing assets at reasonable intervals and appropriate action was taken with respect to any differences. 1. Objectives of Internal Accounting Control Proposed Item 7(a) is based upon the broad objectives of internal accounting control stated in the FCPA. In this regard, the Commission recognizes that systems of internal accounting control must be designed to fit individual circumstances. Numerous factors, such as the types of products or services provided, types of customers, degree of centralization, and methods of data processing, will affect the choice of control procedures that may be necessary or appropriate to achieve the broad control objectives. Consequently, it is not practicable to prepare a comprehensive list of internal accounting control procedures, nor is it possible to prepare a list of certain internal accounting control procedures which would be appropriate for all organizations. 2. . Internal Accounting Controls The Commission believes that it is important to emphasize that the scope of internal accounting control cannot be defined in terms of types of control procedures or in terms of organizational or functional departments. Any factors within an organization which affect the achievement of the objectives of internal accounting control must be considered in evaluating the effectiveness of a system of internal accounting control, and may often include factors which also are concerned with what the authoritative auditing literature defines as "administrative control."e In this connection, the AICPA's Special Advisory Committee on Internal Accounting Control emphasized the importance to the effectiveness of systems of internal accounting control of factors in addition to specific internal accounting control procedures: The internal accounting control environment established by management has a significant impact on the selection and effectiveness of a company's accounting control procedures and techniques. The control environment is shaped by several 8 See Statement on Auditing Standards No. 1, AJCPA, Section 320.27, for the definition of administrative control. That statement also recognizes, at Section 32029, that administrative controls and accounting controls are not mutually exclusive. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 factors. Some are clearly visible, like a formal corporate conduct policy statement or an internal audit function. Some are intangible, like the competence and integrity of personnel. Some, like organizational structure and the way in which management communicates, enforces, and reinforces policy, vary so widely among companies that they can be contrasted more easily than they can be compared. Although it is difficult to measure the significance of each factor, it is generally possible to make an overall evaluation. The committee believes that an overall evaluation of a company's internal accounting control environment is a necessary prelude to the evaluation of control procedures and techniques. A poor control environment would make some accounting controls inoperative for all intents and purposes because, for example, individuals would hestitate to challenge a management override of a specific control procedure. On the other hand, a strong control environment, for example, one with tight budgetary controls and an effective internal audit function, can have an important bearing on the selection and effectiveness of specific accounting control procedures and techniques' The Commission concurs with the foregoing statements of the Special Advisory Committee regarding the importance of the control environment to the effectiveness of a system of internal accounting control. The Commission also agrees that, in addition to the overall importance of an environment which provides a high level of control consciousness, individual environmental factors, such as strong budgetary controls and an effective objective internal audit function, can contribute directly to achievement of internal accounting control objectives and must be considered in evaluating whether reasonable assurance of achievement of such objectives is provided. 3. Reasonable Assurance Like the specified objectives of internal accounting control, the phrase "reasonable assurance" is contained in the FCPA. The concept of reasonable, as opposed to absolute, assurance is incorporated in the proposed rules in recognition that it is not in the interest of shareholders for the cost of internal accounting control to exceed the benefits thereof. Such benefits, and in many cases such costs, are not likely to be precisely quantifiable. Therefore, many decisions on reasonable Tentative Report of the Special Advisory Committee on Internal Accounting Control, AICPA, September 15, 1978 (hereinafter cited as "Tentative Report"), p. 9. See generally pp. 9-12 for a discussion of the control environment. The Special Advisory Committee was formed to develop criteria for evaluating internal accounting controls. The Tentative Report was issued to solicit comments horn interested parties and, thus, is not the final work product of the Special Advisory Committee. The Special Advisory Committee plans to issue a final report in the near future. assurance will necessarily depend in part on estimates and judgments by management which are reasonable under the circumstances. Consideration of the benefits of internal accounting controls generally will involve some degree of estimation of the possible effects and the likelihood of occurrence of various future conditions and events. In addition, the benefits to be considered often may include not only quantitative benefits, such as redution in exposure to theft of assets, but also qualitative benefits, such as the reputation of the company and its management. For example, the benefits to be considered in connection with evaluating controls intended to prevent bribes and other illegal payments cannot be measured solely by the amounts of such payments which might be prevented. Rather, as the Commission repeatedly has emphasized,10 the relationship between such illegal payments, and other questionable activities - whether or not the amounts are significant - and the reputation of the company and integrity of its management is a significant benefit to be considered. The Commission recognizes that placing a value on such qualitative factors will almost invariably involve judgments by management. Many managements may decide that it is desirable to discuss in the statement on internal accounting control the concept of reasonable assurance and the extent to which decisions on reasonable assurance depend on management estimates and judgments. Some may believe that such a discussion is essential for informed use of the statement.'] Comments are requested on whether such a discussion should be required in all statements of management on internal accounting control. The Commission recognizes that there are limitations upon the effectiveness of any system of internal accounting control.iv However, limitations upon the effectiveness of a system of internal accounting control do not limit the responsibility of registrants to maintain a system of internal accounting control which provides reasonable assurances that the objectives of internal accounting control are achieved. Indeed, the fact that errors may arise as a result of human frailties, that systems of internal accounting control may be circumvented as a result of collusion or overridden by 10 See generally Report of the Securities and Exchange Commission on Questionable and Illegal Payments and Practices Submitted to the Committee on Banking, Housing and Urban Affairs, United States Senate (May 12, 1976). Also se e.g., S.E.C. o. Sharon Steel Corporation, Civil No. 771631 (D.C.D.C., September 20, 1977) and S.E.C. v. Ormond Industries, Inc., Civil No. 77-0790 (D.C. D.C., May 9, 1977). 11 The Cohen Commission's example of a management report includes such a discussion. See Cohen Commission Report, p. 79. 12 Limitations of internal accounting control are discussed in Statement on Auditing Standards No. 1, AICPA, Section 320.4. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 management,13 and that changes in conditions may require changes in control procedures, mandates ongoing review and monitoring of any internal accounting control system if such reasonable assurance is to be provided. 4. Evaluation of Internal Accounting Controls a. Conceptual Elements The Commission believes that specific methods of approaching and implementing evaluations of systems of internal accounting control will vary from company to company. Accordingly, the proposed rules do not specify the method of or procedures to be performed in an evaluation of internal accounting control. However, the Commission believes that evaluations by managements of systems of internal accounting control should encompass certain conceptual elements.14 Determination of whether a system of internal accounting control provides reasonable assurances that the broad objectives of internal accounting control are achieved generally will involve the following: ? First, evaluation of the overall control environment; ? Second, translation of the broad objectives of internal accounting control into specific control objectives applicable to the particular business, organizational and other characteristics of the individual company ; ? Third, consideration of the specific control procedures and individual environmental factors which should contribute to achievement of the specific control objectives; ? Fourth, monitoring of control procedures and consideration of whether they are functioning as intended; and oo In this regard, in February 1979 the Commission adopted Regulation 13B 2, which expressly prohibits the falsification of corporate books, records, or accounts and prohibits the officers and directors of an issuer from making false, misleading or incomplete statements to any accountant in connection with any audit or examination of the issuer's financial statements or the preparation of required reports. See Securities Exchange Act Release No. 15570, supra., n. 3. u The Commission believes that the conceptual elements discussed herein also are reflected in the Tentative Report of the AICPA's Special Advisory Committee on Internal Accounting Control (see Note 11, supra). The Commission believes that the work of the Special Advisory Committee should be very useful to managements by providing a framework which win be helpful to all companies in establishing an approach, or appraising the effectiveness of an existing approach, to evaluate whether the broad objectives of internal accounting control are achieved. However, the Special Advisory Committee's Tentative Report does not represent a manual that can be followed by companies in evaluating their accounting control systems. This was recognized by the Special Advisory Committee (at p. 8 of the Tentative Report): ITlhe approach to an evaluation suggested in this report is not the only way an evaluation can be performed, and the criteria included . not and cannot be detailed rules. However, the committee believes that the recommendations in this report should help management in its continuing evaluation and monitoring of internal accounting control. ? Finally, consideration of the benefits (consisting of reductions in the risk of failing to achieve the objectives) and costs of additional or alternative controls. The first element of such a determination is evaluation of the overall control environment. The Commission recognizes that such evaluations will require a careful exercise of management's judgment, generally involving consideration of matters such as the organizational structure, including the role of the board of directors; communication of corporate procedures, policies and related codes of conduct; communication of authority and responsibility; competence and integrity of personnel; accountability for performance and for compliance with policies and procedures; and the objectivity and effectiveness of the internal audit function. The role of the board of directors in overseeing the establishment and maintenance of a strong control environment, and in overseeing the procedures for evaluating a system of internal accounting control, is particularly important. The Commission has often stressed the importance of audit committees to enable boards of directors to better fulfill their oversight responsibilities with respect to an issuer's accounting, financial reporting and control obligations. 15 A strong control environment will not, in itself, provide a basis for reasonable assurance that the broad objectives of internal accounting control are achieved. However, the Commission agrees with the AICPA's Special Advisory Committee on Internal Accounting Control that fill is unlikely that management can have reasonable assurance that the broad objectives of internal accounting control are being met unless the company has an environment that establishes an appropriate level of control consciousness. is For that reason, an evaluation of the overall control environment is a necessary first step in evaluating a system of internal accounting control. The second and third conceptual elements of an evaluation of a system of internal accounting control might be characterized as review of the system. The effectiveness of the design of control procedures in place cannot be evaluated without first relating the broad objectives of internal accounting control to the particular circumstances of a company. The AICPA's Special Advisory Committee on Internal Accounting is See Securities Exchange Act Release No. 14970 (43 FR 31945), July 18, 1978, in which the Commission proposed rules requiring issuers to state whether they have an audit committee and whether it performs "customary functions" of such committees, and which includes a discussion of previous Commission actions regarding audit committees. The Commission adopted the proposal in Securities Exchange Act Release No. 15394 (43 FR 58522), December 6, 1978, after amending it to require disclosure of the functions which the audit committee actually performs. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Control found a transaction cycle approach a convenient way to develop illustrative specific control objectives and examples of specific control procedures and techniques.17 Some companies might use a transaction cycle approach in reviewing the system; others might organize a review of the system by functional area within the organization or use some other approach or combination of approaches. Regardless of the way in which the review of the system is organized, what is important is that the specific control objectives appropriate for the company, and the specific control procedures and individual environmental factors which should contribute to achievement of those specific objectives, are identified and considered. The fourth conceptual element of an evaluation of a system of internal accounting control might be characterized as monitoring compliance with control procedures. Management must have reasonable assurance not only that the system of internal accounting control is appropriately designed, but also that it is functioning as designed. In addition, knowledge that adherence to company policies and procedures will be monitored is an important element of an overall control environment. Monitoring compliance with control procedures may take place through observation and supervision and through testing of controls in effect. An objective, effective internal audit function can play an important role in monitoring compliance. The final conceptual element of an evaluation of a system of internal accounting control might be characterized as determination of reasonable assurance. As discussed previously, determining whether reasonable assurance of achievement of control objectives is provided often will depend in part on estimates and judgments by managements, b. Documentation Appropriate documentation is important to each aspect of an evaluation of internal accounting control. The overall control environment often will be enhanced by written policies and procedures, formalized reporting responsibilities within the organization, and written descriptions of authority and responsibility. Very few, if any, registrants could perform an effective review of their systems of internal accounting control without documenting their specific control objectives and the control procedures in place which should contribute to achieving those objectives. Documentation of tests of controls in effect is necessary to determine that the tests were appropriately planned and performed and that the results of the tests were appropriately considered. Because of the judgmental aspects of cost-benefit analyses, a record of the bases for management's conclusions with respect to reasonable assurance considerations may be particularly important. c. Performance of Evaluation Procedures Because of the interaction of numerous factors both within and outside the organization which affects the choice of control procedures necessary to obtain reasonable assurances that the broad objectives of internal accounting control have been achieved, control systems are necessarily dynamic. As a result of this dynamic nature and the possibilities that controls may be circumvented or overridden and that compliance with control procedures may deteriorate, evaluation of any system of internal accounting control requires ongoing review of the system and monitoring compliance with control procedures. It should be emphasized that the management opinion which would be required by proposed Item 7(a) for periods ending after December 15, 1980 would encompass reasonable assurances of achievement of the broad objectives of internal accounting control during the periods for which audited statements of income are required. The Commission believes that effective, ongoing evaluations of systems of internal accounting control often may result in identification of the need for and implementation of improvements in a system. To the extent that such improvements are necessitated by changing circumstances (including both circumstances which affect the benefits of controls by changing the risks of failing to achieve the broad objectives of internal accounting control and circumstances which change the costs of controls) and are made on a timely basis, the Commission believes that they do not indicate that the system did not provide reasonable assurances of achievement of the objectives of internal accounting control. In this connection, the Commission encourages the process of interaction between registrants and their independent accountants whereby independent accountants suggest ways in which management might improve its internal accounting controls. On the other hand, weaknesses which have existed but have not been identified on a timely basis as a result of inadequate procedures for review and monitoring of the system of internal accounting control would indicate that the system did not provide reasonable assurances of achievement of the objectives of internal accounting control throughout the period and, therefore, would preclude an unqualified management opinion under proposed Item 7(a) for periods ending after December 15, 1980. Of course, any weaknesses which have been identified but not appropriately corrected also would preclude such an unqualified opinion. The Commission recognizes that some registrants may conclude that maintenance of review and monitoring procedures which will be sufficient to obtain reasonable assurances that the objectives of internal accounting control are achieved does not require performance of all such procedures at all locations in each reporting period. Because of the dynamic nature of internal accounting control and the resultant continuing nature of the evaluation process, the extent Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003ROO0200010014-0 and timing of the review and monitoring of a system of internal accounting control are among the cost-benefit judgments involved in the concept of reasonable assurance. In its determinations regarding the need to take enforcement action with respect to the internal accounting control provisions of the FCPA, among other things the Commission will consider the nature of weaknesses in a system of internal accounting control and efforts to identify and correct such weaknesses. B. "Material Weaknesses" in Internal Accounting Control Proposed Item 7(b) of Regulation S-K would require that statements of management on internal accounting control as of dates after December 15, 1979 and prior to December 16, 1980 include a description of any "material weaknesses" in internal accounting control which have been communicated by the independent accountants of the registrant or its subsidiaries which have not been corrected and a statement of the reasons why they have not been corrected. Present auditing standards with respect to internal accounting control are directed to, and were developed in the context of, examinations of financial statements. Under generally accepted auditing standards, the auditor's purpose in reviewing and evaluating internal accounting control is not to determine whether the broad objectives of internal accounting control have been achieved, but rather to form a basis for determining the scope of the examination of the financial statements. Under present auditing star dards,18 the responsibility of an independent public accountant for reporting on the results of the review and evaluation of internal accounting control performed in connection with an examination of financial statements is limited to reporting to management and the board of directors or audit committee "material weaknesses" which came to the accountant's attention.19 The examination by an independent public accountant of the statement of management on internal accounting control which would be required by proposed Item 7(c) of Regulation S-K would be required initially for periods ending after December 15, 1980. The Commission believes it is appropriate in the first, more limited, stage of the proposed rules, wherein an examination by an independent public accountant would not be required by the proposed rules, to require disclosure by management relating to any uncorrected " A "nwterid weakness" s dined in Statement on Auditing Standards No. 1, AICPA, Section 320.68, as la) condition in which the au6tw believes the prescribed procedures or the degree of compliance with them does not provide reasonable assurance that errors or irregularities in annunta that would be material in the financial statement, being audited would be prevented or detected within a timely period by employees in the nornai course of performing that assigned tunctim. 141 "material weaknesses" communicated by independent accountants as a result of their present responsibilities with respect to examinations of financial statements, including disclosure of the reasons why such "material weaknesses" were not corrected. It should be noted that the independent accountant will have certain responsibilities, including revision of his report on the financial statements to include an explanatory paragraph, in the event management does not appropriately disclose uncorrected "material weaknesses" under proposed Item 7(b)1? C. Examination by Independent Public Accountant Proposed Item 7(c) of Regulation S-K would require that, for periods ending after December 15, 1980, the statement of management on internal accounting control be examined and reported on by an independent public accountant. Independent public accountants have long been involved with internal accounting control. The auditing professions's second standard of field work states: There is to be a proper study and evaluation of the existing internal control as a basis for reliance thereon and for the determination of the resultant extent of the tests to which auditing procedures are to be restricted.21 In addition, the objectives of internal accounting control set forth in the FCPA, which are the same as those in proposed Item 7(a) of Regulation S-K, were taken directly from Section 320.28 of Statement on Auditing Standards No. 1. Because of the independent public accountant's expertise with respect to internal accounting control and the fact that internal accounting control is integral to preparation of financial statements, the Commission believes that an examination by an independent public accountant of a statement of management on internal accounting control would result in increased reliability of such a management statement. 1. Objectives of Examination Proposed Item 7(c) specifies that the examination be sufficient to enable the independent public accountant to express an opinion as to (1) whether the representations of management in response to proposed Item 7(a) are consistent with the results of management's evaluation of the systems of internal accounting control, and (2) whether such management representations are, in addition, reasonable with respect to transactions and assets in amounts which w Statement on Auditing Standards No. 8, AICPA, set, forth the independent accountant's reapauibikies when the accountants aware of any naterial orcorristencinn or material nustatementa of fact in documents containing audited financial statements. Approved For Release 2008/10/29: CIA-RDP85-00003ROO0200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 would be material when measured in relation to the registrant's financial statements. The proposed examination by an independent public accountant of the statement of management on internal accounting control would, therefore, require expansion of the independent public accountant's present responsibilities with respect to internal accounting control. To reach an opinion, as would be required by proposed Item 7)c)(1), as to whether the management representations were consistent with the results of management's evaluation of the systems of internal accounting control, the independent public accountant would have to review management's procedures for reviewing, monitoring and evaluating the systems of internal accounting control and the results thereof. The purposes of this review would be to determine whether the management representations recognized any conditions which indicated that reasonable assurances of achievement of the objectives of internal accounting control were not provided, and to determine that management's procedures for reviewing, monitoring and evaluating the systems of internal accounting control were not insufficient as a basis for its representations. Although the independent accountant would not necessarily be required to perform independent tests to reach the opinion which would be required under proposed Item 7(c))1), that opinion would, of course, also have to reflect any other knowledge which the accountant may have as a result of an examination of the financial statements, as a result of the more extensive examination procedures which would be required under proposed Item 7(c)(2), or through other means. The independent public accountant's responsibilities under proposed Item 7(c)(2) would be more extensive. To reach the reasonableness opinion which would be required under proposed Item 7(c)(2) the independent accountant would, in effect, have to reach independent conclusions as to whether the systems of internal accounting control provided reasonable assurances that transactions were recorded as necessary to permit preparation of annual and interim financial statements in conformity with generally accepted accounting principles; that transactions in amounts which would be material when measured in relation to the registrant's financial statements were appropriately authorized; and that assets in amounts which would be material when measured in relation to the registrant's financial statements were appropriately safeguarded, and there was appropriate accountability for such assets. The independent public accountant would, therefore, have to independently evaluate and test the underlying bases for management's conclusions as to the effectiveness of the design and functioning of the systems of internal accounting control and as to cost- benefit considerations, to the extent that those conclusions relate to reasonable assurances of achievement of the objectives of internal accounting control with respect to transactions and assets in amounts which would be material when measured in relation to the registrant's financial statements. It should be emphasized that the materiality limitation contained in proposed Item 7(c)(2) would apply only to the objectives and scope of the independent public accountant's examination. The proposed materiality limitation reflects a cost-benefit judgment by the Commission with respect to the appropriate extent of the independent accountant's examination for purposes of the proposed rule. In contrast, the management representations which would be required by proposed Item 7(a) would not be, and the internal accounting control provisions of the FCPA are not, so limited. Rather each extends to reasonable assurances that the broad objectives of internal accounting control were achieved, without regard to materiality of amounts. 2. Examination and Reporting Standards The Commission recognizes that examinations by independent public accountants of statements of management on internal accounting control will require development of appropriate professional standards with respect to such matters as examination procedures; procedures for consideration of other knowledge, gained from the accountant's examination of the financial statements or other means, which may be inconsistent with management's representations; and procedures when the accountant believes that management does not have a sufficient basis for its representations. The Commission notes that a task force of the AICPA's Auditing Standards Board is currently considering the general issue of reporting to the public on internal accounting control. The Commission believes that it is appropriate to continue its past policy of permitting the accounting profession to determine the standards and procedures underlying accountants' reports as long as this policy is consistent with the interests of investors, the federal securities laws, and the Commission's rules and regulations thereunder. Since the standards applicable to reporting should be integrated with those applicable to the conduct of the examination, the Commission also believes that it is appropriate to allow the accounting profession to take the lead in determining the standards applicable to the specific form and content of an accountant's report on an examination of a statement of management on internal accounting control. Accordingly, the Commission urges the AICPA's Auditing Standards Board to continue its study of reporting on internal accounting control in the light of the Commission's proposed requirement for an examination by an independent public accountant of a statement of management on internal accounting control, and to be prepared to adopt, on a timely basis, an authoritative pronouncement which sets forth the standards and procedures to be followed in connection with such an examination, and the form and content of a report thereon. The Commission intends to follow this Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 work closely. If it appears that sufficient progress is not being made toward development of appropriate standards and procedures, the Commission will undertake to develop such standards and procedures. III. OTHER ISSUES A. Costs of Proposed Rules The Commission is aware that in most cases an expansion of the independent accountant's work with respect to internal accounting control would be necessitated by this proposal. While such an expansion of work would probably result in additional costs to registrants,22 the Commission believes that such costs likely would be in large part of an initial rather than a continuing nature. In addition, the Commission believes that in many instances the additional work of the independent accountant with respect to internal accounting control would result in reductions in costs of the examination of the financial statements, as independent accountants would be able to place more reliance on internal accounting control 23 The Commission believes that the additional costs of the proposed requirement that the statement of management on internal accounting control be examined by an independent public accountant would be outweighed by the increased reliability of the statement of management which would result from such examination. The Commission believes that the benefits of new requirements to present and prospective investors should outweigh any additional costs involved. Since the benefits of the proposed examination by an independent public accountant of the statement of management on internal accounting control are not subject to quantification, and the measurement of costs includes many variables which are highly uncertain, the weighing of costs and benefits of such an examination will inevitably require the Commission's judgment. The Commission specifically requests comments on the costs and benefits of the proposed requirement for examination by an independent public accountant, including possible alternatives to the proposed scope of such examination. In particular, comments are requested on the costs and benefits of the following alternatives to the proposed examination by an independent public accountant: 1. A requirement for an examination which would be sufficient to enable the independent 22 As to the basic proposal fora statement of management on internal accounting control, the Commission believes that this proposal will not establish requirements for maintenance of systems of internal accounting control which exceed those already required by the FCPA. Consequently, the costs of providing the proposed statement of management on internal accounting control should not be substantial. 23 However, registrants' selections of independent accountants for examinations of statements of management on internal accounting control would not be restricted to the same independent accountants who are engaged to examine the financial statements. public accountant to express an opinion as to whether the representations of management in response to proposed Item 7(a) are reasonable. In effect, this would require the independent public accountant to reach independent conclusions as to whether the systems of internal accounting control provided reasonable assurances (cost-benefit judgments not limited to material amounts) of achievement of the broad objectives of internal accounting control. 2. No requirement for an examination by an independent public accountant. Rather, re- quire registrants to state whether or not the statement of management on internal accoun- ting control had been examined by an independent public accountant, and require the filing of the related accountant's report if an affirmative statement is made. This would, of course, also require development of professional standards for examinations by independent public accountants of statements of management on internal accounting control. It might also necessitate specific professional standards for responsibilities of an independent accountant as a result of association with such a statement of management which accompanies audited financial statements. To the extent possible, commentators are requested to supply empirical data in support of their comments. In addressing this issue, commentators also are requested to consider whether certain registrants should be exempted from the requirement that the proposed statement of management be examined and reported on by an independent public accountant. The costs of such an examination may fall with the greatest severity on smaller registrants; however, systems of internal accounting control of smaller registrants may be generally less sophisticated and less well docu- mented so that examination by an independent public accountant may be particularly needed. As part of its response to issues relating to the impact on small businesses of the disclosure requirements of the federal securities laws, the Commission recently announced the adoption of a simplified form, Form S- 18, under the Securities Act.Yt Form S-18 is available to issuers not subject to the Commission's continuous reporting requirements when they register securities to be sold for cash not exceeding an aggregate offering amount of $5 million. Comments are also specifically requested on whether a registrant filing on Form S-18, and thereby becoming subject to the reporting provisions of section 15(d) of the Securities Exchange Act, should be exempt from the requirement for an examination by an independent public accountant with Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003ROO0200010014-0 respect to the statement of management on internal accounting control contained in its initial annual report on Form 10-K.25 B. Disclosure of Basis for Management Opinion In addition to the opinion which would be required by proposed Item 7(a) of Regulation S-K (and, in the initial stage, the disclosures relating to uncorrected "material weaknesses" which would be required by proposed Item 7(b)), registrants are encouraged to include in the statement of management on internal accounting control whatever information they believe would make the statement most useful. Some may believe that disclosure of the basis for the management opinion, including a description of the general approach applied in evaluating internal accounting controls and the extent to which the procedures comprised by such approach were performed in the periods encompassed by such opinion, should be required. Comments on this issue are specifically requested. C. Signing of Management Statement Some may believe that the statement of management should be required to be signed by a certain representative or representatives of management, such as the chief executive officer or the chief financial officer. Comments on this issue are specifically requested. IV. PROPOSED EFFECTIVE DATES The Commission recognizes that the enactment of the FCPA has prompted many registrants to reevaluate their procedures for reviewing, monitoring and evaluating their systems of internal accounting control and that issuance of these rule proposals may provide additional focus for such reevaluation. The Commission also recognizes that, as a result of recently establishing sound procedures for reviewing, monitoring and evaluating their systems of internal accounting control, some registrants may have identified and corrected conditions which had not provided reasonable assurance of achievement of the objectives of internal accounting control. Accordingly, these amendments are proposed to be effective with respect to reports for fiscal periods ending after December 15, 1979. Statements of management on internal accounting control would not be required for reports for periods ending prior to December 15, 1979. In addition, by proposing to adopt these amendments in two stages as discussed herein, representations regarding the effectiveness of systems of internal accounting control would be required to encompass only conditions existing as of and after the xe Similarly, the Commission has amended its requirements to permit Form S-18 registrants to include in their initial filing on Form 10 K. in lieu of similar information called for by Form 10-K, information concerning the registrant's business, the remuneration of its officers and drectors, and the interest of management and others in certain transactions which had been provided in the registration statement on Form 5-18. end of the first fiscal period for which the amendments would be effective. Nevertheless, it again should be emphasized that the FCPA was effective upon enactment in December 1977. Registrants would be well advised to ensure that any weaknesses in internal accounting control are identified and corrected on the most timely basis. V. AUTHORITY FOR, AND REQUEST FOR COMMENT ON SCOPE OF, PROPOSED AMENDMENTS The Commission is not at this time proposing to require the disclosures outlined in this release in registration statements filed pursuant to the Securities Act of 1933. The Commission recognizes, however, that much of the rationale which supports the furnishing of this information to investors in Securities Exchange Act filings may apply with equal force to Securities Act registration statements. The Commission therefore invites comments concerning whether these proposals should be extended to filings under that Act. In that connection, the Commission invites commentators to consider whether the applicability of these proposals to Securities Act registration statements would have any impact - whether favorable or unfavorable - on the capital formation process and whether the Commission should consider exempting any category of issuers from those requirements, should it determine to extend them to Securities Act registration statements. The Commission also invites comment concerning whether it would be appropriate to extend these requirements to Forms N-1 and N-2 for use by open- end and closed end management investment compa- nies; Form N-1R for annual reports of registered management investment companies; Form N-5R for annual reports of small business investment companies; and to Forms USA, USB, U5S, and U-6B-Z promulgated under the Public Utility Holding Company Act of 1935. Similarly, commentators are requested to consider whether these disclosure items should be incorporated in Forms 20 and 20-K for use by certain foreign private issuers. The Commission is proposing these amendments pursuant to its general rulemaking authority contained in Section 23(a) of the Securities Exchange Act of 1934, 15 U.S.C. 78w(a). That provision empowers the Commission to promulgate "such rules and regulations as may be necessary or appropriate to implement the provisions" of the Act. The internal accounting control requirements of the Foreign Corrupt Practices Act - which these amendments would, in part, implement - appear in Section 13(b)(2)[B) of the Securities Exchange Act, 15 U.S.C. 78m(b)(2). The various disclosure forms and schedules which these proposals would amend have been promulgated pursuant to Sections 12, 13, 14 and 15(d) of the 1934 Act, 15 U.S.C. 781, 78m, 78n, 78o. Section 23(a) of the Securities Exchange Act requires the Commission to consider the impact which any Approved For Release 2008/10/29: CIA-RDP85-00003ROO0200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 proposed rule would have on competition. While the Commission is not aware of any competitive impact likely to result from the proposals described in this release, commentators are invited to address that issue. VI. REQUEST FOR COMMENTS All interested persons are invited to submit their views and comments on the foregoing in triplicate to George A. Fitzsimmons, Secretary, Securities and Exchange Commission, Washington, D.C. 20549 on or before July 31, 1979. Such communications should refer to File S7-779 and will be available for public inspection. VII. TEXT OF PROPOSED RULES In consideration of the foregoing, it is proposed to amend 17 CFR Chapter 11 as follows: PART 229 -STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933 AND SECURITIES EXCHANGE ACT OF 1934 - REGULATION S-K 1. By amending ?229.20 by adding Item 7 to read as follows: ?229.20 Information required in document. Item 7. Statement of management on internal accounting control. (a) State management's opinion as to whether, as of any date after December 15, 1979, and prior to December 16, 1980, for which an audited balance sheet is required, and for periods ending after December 15, 1980, for which audited statements of income are required, the systems of internal accounting control of the registrant and its subsidiaries provided reasonable assurances that: (1) Transactions were executed in ac- cordance with management's general or specific authorization; (2) Transactions were recorded as nec- essary (i) to permit preparation of financial statements in conformity with generally accepted accounting principles (or other applicable criteria), and (ii) to maintain accountability for assets; (3) Access to assets was permitted only in accordance with management's general or specific authorization; and (4) The recorded accountability for assets was compared with the existing assets at reasonable intervals and appropriate action was taken with respect to any differences. (b) For statements of management on internal accounting control as of dates after December 15, 1979, and prior to December 16, 1980, describe any material weaknesses in internal accounting control which have been communicated by the independent accountants of the registrant or its subsidiaries which have not been corrected, and state the reasons why they have not been corrected. (c) For periods ending after December 15, 1980, the statement of management on internal accounting control shall be examined and reported on by an independent public accountant. The examination shall be sufficient to enable the independent public accountant to express an opinion as to (1) whether the representations of management in response to paragraph (a) are consistent with the results of management's evaluation of the systems of internal accounting control; and (2) whether such representations of management are, in addition, reasonable with respect to transactions and assets in amounts which would be material when measured in relation to the registrant's financial statements. Instructions. 1. The statement of. management on internal accounting control should accompany the financial statements. 2. The independent public accountant's report of examination shall accompany or be included within the accountant's report on the financial statements. PART 240 - GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 2. By amending ?240.14a-3 by adding anew paragraph (b)(4), renumbering present paragraphs (b)(4) to (12) as (b)(5) to (13), and amending the references to the renumbered paragraphs as follows (changes italicized): ?240.14a-3 Information to be furnished to security holders. (b) (4) The report shall contain a statement of management on internal accounting control prepared in accordance with the provisions of Item 7 of Regulation S-K. (5) Note 1: Subparagraph (b)(11) permits (6) (No change.) (7) Note: Subparagraph (b)(11) permits .... (8) (No change.) (9) (No change.) (10) Note: Pursuant to the undertaking required by the above paragraph, (b)(10) (11) Subject to the foregoing requirements, the report may be in any form deemed Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 suitable by management and the information * * ? + required by subparagraphs (b)(5) to (b)(10) Item 13. Statement of Management on Internal (12) Subparagraphs (b)(5) through (b)(11) Accounting Control. A statement of management on shall not apply. . . internal accounting control shall be furnished in (13) (No change.) accordance with the provisions of Item 7 of Regulation S-K. PART 249 - FORMS, SECURITIES EXCHANGE ACT OF 1934 By the Commission. 3. By amending ?249.310 by renumbering Items 13-15 of Part 11 as Items 14-16 and by adding a new Item 13 to George A. Fitzsimmons Part I to read as follows: Secretary ?249.310 Form 10-K, annual report pursuant to section 13 or 15d of the Securities Exchange Act of 1934. April 30, 1979 Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 SUGGESTED READINGS ON FOREIGN CORRUPT PRACTICES ACT OF 1977 * Reports and Committee on Corporate Law and Accounting, Section of Corporation, Banking, and Business Law, A Guide to the New Section 13(b)(2) Accounting Requirements of the Securitites Exchange Act of 1934 (Section 102 of the Foreign Corrupt Practices Act of 1977). Chicago: American Bar Association, August 18, 1978. Special Advisory Committee on Internal Accounting Control, Report of the Special Advisory Committee on Internal Accounting Control, New York: American Institute of Certified Public Accountants, Inc., 1979. Ernst & Whinney. Foreign Corrupt Practices Act of 1977 - An Overview of the Law and its Implications. Ernst & Whinney. The Foreign Corrupt Practices Act - Focus on Internal Controls. Ernst & Whinney. Evaluating Internal Control - A Guide for Management and Directors. Ernst & Whinney. Evaluating Internal Control - Documentation Supplement. Copies of the following reports and publications can be obtained by contacting the local offices of the companies. Arthur Andersen & Co. A Guide for Studying and Evaluating Internal Accounting Controls. Arthur Andersen & Co. An Analysis of the Foreign Corrupt Practices Act of 1977. Arthur Andersen & Co. Internal Accounting Controls. What Are They? What Should Management Do About Them? Arthur Young & Company. Foreign Corrupt Practices Act of 1977 - Toward Compliance With the Accounting Provisions. Arthur Young & Company. Internal Control and the Foreign Corrupt Practices Act. An Executive Briefing. Coopers & Lybrand. Coping With the Foreign Corrupt Practices Act: A Management Plan for 1979. Deloitte Haskins & Sells. Internal Accounting Control - Current Developments and Implications of the Foreign Corrupt Practices Act. Peat, Marwick, Mitchell & Co. Evaluating Internal Accounting Controls. Peat, Marwick, Mitchell & Co. Action Plan for Reviewing Internal Accounting Controls. Price Waterhouse & Co. Overview of Management and Directors' Responsibilities for Monitoring Compli- ance With Control Systems Under the Foreign Corrupt Practices Act. Price Waterhouse & Co. A Discussion of Management and Directors' Responsibilities for Monitoring Compli- ance With Control Systems Under the Foreign Corrupt Practices Act. Price Waterhouse & Co. Guide to Accounting Controls. Establishing, Evaluating and Monitoring Control Systems. A series of nine booklets. Touche Ross & Co. The New Management Imperative - Compliance With the Accounting Requirements of the Foreign Corrupt Practices Act. ? Supplied by the Los Angeles Chapter, The Institute of Internal Auditors, Inc., May, 1979. Baruch, Hurd. "The Foreign Corrupt Practices Act." Harvard Business Review, January-February 1979. Beresford, David R., and Bond, James D. "The Foreign Corrupt Practices Act - Its Implication to Financial Management." Financial Executive, August, 1978. Cook, J. Michael, and Kelley, Thomas P. "Internal Accounting Control: A Matter of Law." Journal of Accountancy, January, 1979. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Estey, John S., and Marston, David W. "Pitfalls (and Loopholes) in the Foreign Bribery Law." Fortune, October 9, 1978. Guttry, Jr., Harvey V, and Foster, Jesse R. "Internal Controls and the Financial Executive." Financial Executive, April, 1978. Hershman, Arlene. "New Accounting Headache." Dun's Review, September, 1978. Marsh, Hugh L. "The Foreign Corrupt Practices Act: A Corporate Plan for Compliance." The Internal Auditor, April, 1979. Martin, Jr., Albert S., and Johnson, Kenneth P. "Assessing Internal Accounting Control: A Workable Approach." Financial Executive, May, 1978. MacKay, A. E. "Management Control in a Changing Environment." Financial Executive, March, 1979. Ricchiute, David N. "Foreign Corrupt Practices: A New Responsibility for Internal Auditors." The Internal Auditor, December, 1978. Mautz, Robert K., and White, Bennard, Jr. "Internal Control - A Management Viewpoint." Financial Executive, June, 1979. Proceedings The Institute of Internal Auditors, Inc., Proceedings of the Conferences on U.S. Foreign Corrupt Practices Act of 1977, Altamonte Springs, Florida: 1979. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Mr. HoRTON. We want to thank you for your testimony. It has been very succinct, precise, and helpful. We certainly thank you for the support of your organization. On behalf of Chairman Brooks, I have a couple questions which I would like to submit to you and you can perhaps give us answers in writing for the record. Mr. WATSEN. Very well. [The questions and submissions follow:] The Institute of Internal Auditors Washington Chapter P. O. Box 14013 JOHN K. WATSEN Ben Franklin Station VI. Ftrs.,0p.0.. FRANCIS J. KENNEY Washington, D.C. 20044 W.P-M -t-Ed ..tw MICHAEL StACHTA.JP_ s.eue.e FRANCIS A. NAUGHTON Tn.._ JEROME I. SUBKOW Committee on Government Operations Legislation and National Security Subcommittee House of Representatives Room B-373 Rayburn Office Building Washington, DC 20515 RECEIVED 1PR 24 1981 Legislation and National Security Subcommittee The following are my responses to the two questions submitted by you regarding H.R. 1526. Question 1 - The Accounting and Auditing Act of 1950 mandated that agencies maintain internal administrative and control systems approved by the GAO. How will the requirements of this legislation correlate with that Act? Response - Neither The Institute of Internal Auditors nor I are especially well qualified to comment on the techni- calities of this legislation, including how it would correlate with the Accounting and Auditing Act of 1950. It is my impression, however, that H.R. 1526 neither con- flicts with nor duplicates the provisions of the earlier Act. H.R 1526 seems to provide a method whereby com- pliance with the provisions of the earlier Act can be monitored by the President and by Congress. Question 2 - Can you give us examples of the type of ques- tionable practices which might develop as a result of ineffective or lax Internal controls? Response - Yes; however, it is not practicable to compile a comprehensive list, because the possibilities are so numerous. Here are a few examples of questionable prac- tices which might develop as a result of ineffective or lax controls: -- Agency personnel could fail to obtain competitive bids on contracts or purchases, and thereby fail to obtain the most favorable prices or terms. it # Jt The Nation's Capital Chapter: Your Host For The 1982 International Conference it it it - "D.C. and YOU in '82" - Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 Agency personnel could fail to independently verify information on various benefit application forms, and thereby cause improper disbursements to unquali- fied applicants. Agency personnel could fail to follow procedures for following up on delinquent loan repayments, which could lead to inability to collect the amounts owed to the government. Agency personnel could fail to periodically inventory equipment and supplies on hand, thereby causing unnec- essary purchases. C JJdfin K. Watsen President Mr. HORTON. Mr. Butler? Mr. BUTLER. We have a question of stating an opinion. Is the word "opinion" a word of art? If we simply required a report versus an opinion as to the adequacy, would that have any significance and would it be sufficient? Mr. WATSEN. I think either term would be appropriate in this legislation. That would be my own opinion. I do think there are some advantages in requiring the executive agency head to state whether or not he believes his system of internal controls is suffi- cient to meet control objectives and needs of his agency. In that sense of the word, "opinion" adds something to the requirement. Mr. BUTLER. It has higher dignity than "report." Mr. WATSEN. I think it adds something to what is being required in this legislation. Otherwise, he simply would be required to report on whatever the status of the internal control system is and not express a personal opinion as to whether or not he feels it is sufficient. Mr. BUTLER. It is your perception of the word "opinion" that that is the personal opinion of the agency head? Mr. WATSEN. I would say it should be the opinion of the agency and the head of the agency in effect expressing that opinion on behalf of the agency. Mr. BUTLER. You spent some time in law school, too? Mr. WATSEN. No. Mr. BUTLER. Maybe with the State Department. I have no further questions, Mr. Chairman. Mr. HORTON. Thank you very much. Thank you, Mr. Watsen. This concludes the hearings today on H.R. 1526. The subcommit- tee does plan to hold hearings on our overseas security enhance- ment program on March 24. Since it is likely that sensitive matters Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 will be discussed at the hearing, I would entertain a motion that the hearing be closed. Mr. BUTLER. Mr. Chairman, I move the subcommittee hearings to be held on March 24 be closed to the public in accordance with rule 13 of the committee. Mr. HORTON. Without objection, it is so ordered. That concludes the meeting today. [Whereupon, at 3:35 p.m., the subcommittee adjourned, to recon- vene subject to the call of the Chair.] Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 APPENDIX MATERIAL SUBMITTED FOR THE RECORD AICPA American Institute of Certified Public Accountants 1620 Eye Street, N. W, Washington, D. G 20006 (202) 872-8190 The Honorable Jack Brooks Chairman Committee on Government operations U.S. House of Representatives Washington, D.C. 20515 RECEIVED MAR 2 71981 Legisiation and National Security Sub ommittee Dear Chairman Brooks: Re: H.R. 1526 "The Federal Managers' Accountability Act of 1981" The American Institute of Certified Public Accountants (AICPA) is the national professional organization representing over 165,000 CPAs in public practice, industry, goverment and education. The AICPA, through the efforts of volunteers working within 160 boards, committees and task forces, is devoted to organizing the body of accounting knowledge, conducting research, and enforcing the technical and ethical standards of the profession along lines that serve the broadest public interest. Accordingly, we are constantly monitoring federal legislation which has the potential to affect accounting and auditing. In this vein, we are interested in the proposed bill H.R. 1526, "The Federal Managers' Accountability Act of 1981." The AICPA has long recognized the importance of internal control as a means of safeguarding assets against loss, unauthorized use, or misappropriation and has undertaken many projects and studies in this area. Our auditing literature contains a definition of internal control as well as procedures and guidelines dealing with studying, evaluating and reporting on internal accounting control. In 1978, the Commission on Auditors' Responsibilities, an independent csnnission established by the AICPA, recommended that corporate management issue a report on the financial statements and suggested that the report present management's assessment of the company's accounting system and controls over it.* It is becoming more common for companies to include a "management report" in their annual report to shareholders. Such reports typically include Dements on the system of internal accounting control. Accordingly, the AICPA supports the concept of reporting on internal control by federal managers as provided in H.R. 1526, "The Federal Managers' Accountability Act of 1981," (introduced by you *Commission on Auditors' Responsibilities, Report, Conclusions and Recommendations (New York: AICPA, 1978), p. 76. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 154 The Honorable Jack Brooks Page Two March 27, 1981 on February 2, 1981) and applauds your efforts in this matter. As a result of our substantial interest and involvement in this area, we wish to submit certain comments which we believe will further clarify the intent of Congress and assist in achieving the desired objectives. Our major suggestion relates to the form of the manager's opinion and the use of the terms "adeguacy" and "inadequacy." We believe these terms are vague and undefined. Since the internal control system is designed to acconPTis specific objectives, we believe that the manager should state whether or not his stem is sufficient to irov~ reasonba Te assurance o3^meeting those objec- #ives~.. Therefore,_._we su to read: ggest that lines 5-~ on page be changed ..shall prepare a report stating his opinion on whether the agency's system of internal accounting and administrative control is sufficient to provide reasonable assurance of meeting the objectives of such a system [as specified in subsection (d)(4) of this section]. We also suggest deleting the term "inadequacy" on page 3, lines 11 and 17. Since material weakness is specifically defined in auditing literature as any weakness that prevents reasonable assurance of achieving the objectives of a system of internal control, using the term inadequacy may cause confusion. In addition, we believe the report should permit the manager the opportunity to state, if appro- priate, why a material weakness has not or will not be corrected. Accordingly, page 3, line 17 may be modified as follows: ...the plans and schedule for correcting or the reasons for not correcting any such weakness described in detail. We also have a question about how many years the managers will be required to subanit this report. The wording on page 2, lines 7 and 8 seems to imply that the report is only due on December 31, 1982 and 1983. We understand that this is to be an annual report. Since we believe that it is extremely difficult or impossible for any system to provide reasonable assurance that "all" transactions are safeguarded or properly recorded, we are attaching for your conve- nience our suggested revision of section (d) (4) dealincr with the definition of internal accounting and administrative controls. In addition, we are suggesting the following definitions for the terms "transactions" and "reasonable assurance" which may be included in the appropriate section of the bill: Transactions include the exchange of assets or services Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 The Honorable Jack Brooks Page Three March 27, 1981 or the incurrence of obligations with parties outside the executive agency and transfer or use of assets within the agency. Reasonable assurance is that level of assurance that gives recognition to principle that the costs of a system of internal control should not exceed the benefits expected to be derived. The benefits are reduction in the risk of failing to achieve the objectives of a system of internal control of an executive agency. Such objectives include the objectives of internal accounting control and those aspects of administrative control that relate to c zipliance with applicable law and avoidance of waste and loss. We hope that this information will be useful to you and appreciate the opportunity to express our views on this important topic. We would be pleased to meet with you and members of your staff to elaborate further on our o eu ents. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 156 I "(d)(1) To ensure that the requirements of subsection 2 (a)(3) of this section are fully complied with, the head of each 3 executive agency which the Director of the Office of Manage- 4 meat and Budget determines to be covered byyt~hissh ssurbsection 5 shall prepare a report stating his/her. on the adecrtacy-of- 6 the agency's systems of internal accounting and administra- is sufficient to provide reasonable assurance of meeting the objectives of 7 tive control\by December 31, 1982, and by December 31 of such a systan [as specified in subsection (d)(4) of this 8 the succeeding year. section] 9 "(2) The reports shall be signed by the head of each 10 executive agency and addressed to the President. Such re- 11 ports shall also be made available to Congress and the public. 12 "(3) By December 31, 1981, the Comptroller General, 13 in consultation with the Director of the Office of Management 14 and Budget, shall establish a system of reporting and guide- 15 lines for the agencies in performing evaluations on their svs- 16 tems of internal accounting and administrative control. The 17 Comptroller General, in consultation with the Director, may 18 modify the system for reporting or the guidelines for 19 conducting the evaluations from time to time as deemed 20 necessary. 21 "(4) Internal accounting and administrative controls 22 shall be established in accordance with standards prescribed carprise the plan of organization and the 23 by the Comptroller General, and~a4a1~?pras dam r~uesxt+rble 24 procedures and records that are concerned with- Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 157 AICPA Suggested Language/H.R. 1526 o Safeguarding of funds, property and other assets against waste, loss, unauthorized use, or misappropriation; o Reliability of financial and statistical reports; and o Compliance with applicable laws; and that, accordingly, are designed to provide reasonable assurance that the following objectives are achieved: i. Transactions are executed in accordance with (a) management's general or specific authorization and (b) applicable law. ii. Transactions are recorded as necessary - (a) To permit the preparation of financial and statistical reports in conformity with generally accepted accounting principles or other applicable criteria and (b) to maintain accountability for assets. iii. Access to assets is permitted only in accordance with appropriate authorization. iv. The recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 AICPA Suggested Language/H.R. 1526 1 LL(i}?ali-orblig-rtimt~- ?and nrnts n2~re-irr?eonllrlianee 2 with applicabir-lam 3 (iii1~ fund; -property ~trd-ot~3er-aete~e 4 safeguarded against- waste,?doss-?~tnatrtharized?ttse;-or 5 rnisa~pro~ri~6iarr;rxl 6 'hii)-all re~entre - rrn1- expenditures ~pplic-thie to 7 agerrey-erpera i merepro sy-reeord arx e ee Hrt 8 ed fer-to-pern t?-the?prepretioo- .f?ac +r}ts-aid-reli- 9 able-financial and staCisticaf reperts and to-rmairrtain 10 aeeetr-rta~ility o~er?the?arets. 11 Any irtadegeaey-oe material weaknesses in an agency's sys- 12 tems of internal accounting and administrative control which 13 prevents the head of the agency from stating that the 14 agency's systems of internal accounting and administrative 15 control provided reasonable assurances that each of the ob- 16 jectives specified above were achieved shall be identified and or the reasons for not correcting 17 the plans and schedule for correctin any such i3radeCtrraey weakness 18 described in detail. 19 "(5)(A) The Inspector General of an executive agency 20 or, if no Inspector General exists for an agency, the head of 21 the internal audit staff, shall receive and investigate any alle- 22 gation that an employee of the agency provided false or mis- 23 leading information in connection with the evaluation of the 24 agency's systems of internal accounting and administrative 25 control or in connection with the preparation of the annual Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 159 STATEMENT OF ROBERT G. CRONSON ON BEHALF OF NATIONAL STATE AUDITORS ASSOCIATION BEFORE THE SUBCOMMITTEE ON LEGISLATION AND NATIONAL SECURITY COMMITTEE ON GOVERNMENT OPERATIONS U.S. HOUSE OF REPRESENTATIVES MARCH 27, 1981 My name is Robert G. Cronson. I am the Auditor General of the State of Illinois and President of the National State Auditors Association, which is the national association of the post audit officials of state government throughout the United States. I appreciate the opportunity to present our views on H.R. 1526, "The Federal Managers'Accountability Act of 1981." H.R. 1526 would contribute to improved accountability, ef- ficiency and effectiveness in the administration of govern- ment programs. Further it is consistent with general practice of state auditors in the conduct of audits at the state level. It is basic to almost any state audit of a state agency or program to include a review of the systems of internal accounting and control. This review is essential to the ability to certify financial statements and is equally essential to a review of the administrative structure under which the agency or program is conducted. Accordingly, we support this proposal to impose a clear requirement for the development of sound systems of in- ternal control. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0  Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0 The bill in its present form would require the head of an executive agency to issue an opinion on the adequacy of the agency systems of internal accounting and control on an annual basis. Further, the General Accounting Office would be called upon to establish a system of reporting and guidelines for agency use in evaluating their own systems of internal accounting and control. We would suggest that this system of reporting and guide- lines should be established solely by the Office of Management and Budget. Further we would suggest that the General Accounting Office be authorized or mandated to conduct periodic evaluations and reviews of the systems of internal accounting and control and report the results of such evaluations and reviews to the Congress. We would suggest that the evaluation and review be in in- tervals of no less than three years or of such shorter period as your Committee deems appropriate. We would further suggest that the system of reporting and guidelines be established by the Office of Management and Budget rather than by the Comptroller General. This would leave the Comptroller General in a position of total independence in his ability to report on the implementation of systems within the individual executive agencies, and on the system and guidelines established by the Office of Management and Budget. Approved For Release 2008/10/29: CIA-RDP85-00003R000200010014-0