U.S. Department of State Fiscal Year 2019 Agency Financial Report

Appendix A and Appendix C (regarding Payment Integrity), the FMFIA, and the GAO’s Green Book. Green Book requirements directly relate to testing entity-level controls, which is a primary step in operating an effective system of internal control. Entity-level controls reside in the control environment, risk assessment, control activities, information and communication, and monitoring components of internal control in the Green Book, which are further required to be analyzed by 17 underlying principles of internal control. For the Department, all five components and 17 principles were operating effectively and supported the Department’s FY 2019 unmodified Statement of Assurance. The 2019 Appendix A assessment did not identify any material weaknesses in the design or operation of the internal control over reporting. The assessment did identify several significant deficiencies in internal control over financial reporting that management is closely monitoring. The Department complied with the requirements in OMB Circular A-123 during 2019 while working to evolve our existing internal control framework to be more value-added and provide for stronger risk management for the purpose of improving mission delivery. The Department also places emphasis on the importance of continuous monitoring. It is the Department’s policy that any organization with a material weakness or significant deficiency must prepare and implement a corrective action plan to fix the weakness. The plan combined with the individual SoAs and Appendix A assessments provide the framework for monitoring and improving the Department’s management controls on a continuous basis. Management will continue to direct and focus efforts to resolve significant deficiencies in internal control identified by management and auditors. During 2019, the Department continued to take important steps to transform how the Department is implementing an Enterprise Risk Management (ERM) System. A principal element is to integrate better risk management into our everyday work across all of our operations. The Department’s Office of Management Policy, Rightsizing, and Innovation (M/PRI) leads the Department’s ERM implementation by supporting the Department’s Enterprise Governance Board. The Under Secretary for Management chairs the Board, and membership includes all six Under Secretaries and six advisory members. M/PRI also expanded membership in the ERM working group that collectively contributed toward developing policies and in updating the Department’s risk profile. M/PRI developed a Departmental governance structure for ERM, enterprise risk criteria for use in improving the risk profile, completed an analysis of the strategic plan and its relation to the risk profile, and made other improvements to the process including a full implementation timeline. F ederal F inancial M anagement I mprovement A ct The Federal Financial Management Improvement Act of 1996 (FFMIA) requires that Federal agencies’ financial management systems provide reliable financial data that complies with Federal financial management system requirements, applicable Federal accounting standards, and the U.S. Government Standard General Ledger (USSGL) at the transaction level. OMB Circular A-123, Appendix D, Compliance with the Federal Financial Management Improvement Act of 1996 , provides guidance the Department used in determining compliance with FFMIA. The Department considered results of OIG and GAO audit reports, annual financial statement audits, the Department’s annual Federal Information Security Modernization Act Report, and other relevant information. The Department’s assessment also relies upon evaluations and assurances under the Federal Managers’ Financial Integrity Act 36 | U nited S tates D epartment of S tate 2019 A gency F inancial R eport MANAGEMENT’S DISCUSSION AND ANALYSIS | MANAGEMENT ASSURANCES AND OTHER FINANCIAL COMPLIANCES