U.S. Department of State Fiscal Year 2020 Agency Financial Report

requirements of the FMFIA and various Federal laws and regulations. To that end, the Department has dedicated considerable resources to administer a successful management control program. The Department’s Office of Management Controls employs an integrated process to perform the work necessary to meet the requirements of OMB Circular A-123’s Appendix A and Appendix C (regarding Payment Integrity), the FMFIA, and the GAO’s Green Book. Green Book requirements directly relate to testing entity-level controls, which is a primary step in operating an effective system of internal control. Entity-level controls reside in the control environment, risk assessment, control activities, information and communication, and monitoring components of internal control in the Green Book, which are further required to be analyzed by 17 underlying principles of internal control. For the Department, all five components and 17 principles were operating effectively and supported the Department’s FY 2020 unmodified Statement of Assurance. The 2020 Appendix A assessment did not identify any material weaknesses in the design or operation of the internal control over reporting. The assessment did identify several significant deficiencies in internal control over reporting that management is closely monitoring. The Department complied with the requirements in OMB Circular A-123 during 2020 while working to evolve our existing internal control framework to be more value-added and provide for stronger risk management for the purpose of improving mission delivery. The Department also places emphasis on the importance of continuous monitoring. It is the Department’s policy that any organization with a material weakness or significant deficiency must prepare and implement a corrective action plan to fix the weakness. The plan combined with the individual SoAs and Appendix A assessments provide the framework for monitoring and improving the Department’s management controls on a continuous basis. Management will continue to direct and focus efforts to resolve significant deficiencies in internal control identified by management and auditors. During 2020, the Department continued taking important steps to advance its Enterprise Risk Management (ERM) program. The Enterprise Governance Board (EGB), which is comprised of the Deputy Secretary and all Under Secretaries, serves as the Enterprise Risk Management Council. In this capacity, the EGB reviews the Department’s risk profile at least once per year. The Department’s Office of Management Strategy and Solutions (M/SS) serves as the Executive Secretariat to the EGB and manages the Department’s overall risk management program. It is the Department’s policy that advancement of U.S. foreign policy objectives inherently involves diverse types of risk, and the Department recognizes that taking considered risks can be essential to creating value for our stakeholders. The EGB reviewed the Department’s ERM processes and risk posture during 2020. The EGB endorsed updates to the Department’s overarching governance structure that sets the tone and direction for risk management policies, communications, and training throughout the organization. The EGB clarified roles and responsibilities with regard to risk and also updated the Department’s “Risk Principles” to provide a more common understanding of how Department employees and leaders should approach risk decisions. The EGB also recognized that Department bureaus have risk management built into a wide range of existing procedures and manage risk in a variety of ways, and incorporate mitigation strategies into strategic planning processes. The Department looks forward to continued development of ERM policies in 2021. 2020 A gency F inanci al R eport U ni ted S tates D epartment of S tate | 35 MANAGEMENT ASSURANCES AND OTHER LEGAL COMPLIANCES | MANAGEMENT’S DISCUSSION AND ANALYSIS