United States General Accounting Office Accounting and Information Washington, DC 20648 Management Division B-283050 September Z&l999 Colonel Richard B. Weathers Chief, Budget Division Directorate of the Comptroller Headquarters, Air Mobility Command Department of the Air Force Subject: DOD T&A Svstem Controls: Militarv Leave Records and Antxoval of Leave Reauests Dear Colonel Weathers: This letter responds to your May 19,1999, request regarding the internal control requirements in Title 6, “Pay, Leave, and Allowances of the GAOPoficy and Procedures Manual for Guidance of Federal Agencies as they relate to the Department of Air Force’s Air Mobility Command’s (base) employee time and attendance (T&A) system.’ Specifically, you asked whether (1) military leave records must be maintained in paper form containing handwritten signatures and (2) an electronic signature on an electronic leave request record by the base finance offrice provides reasonable assurance that leave requests have been properly initiated and authorized. Your request was initiated because the design of a new automated T&A system, which will streamline and replace the current paper-driven system at Air Force bases in the near future, is near completion. Your proposed system is to be implemented at 97 Air Force bases/sites. Each base has an average of about 5,000 employees including between 2,000 to 3,000 supervisors. To supplement the information contained in your letter, we contacted your staff to discuss the questions in more detail. Since we did not test your current or proposed system, our response only addresses your proposal conceptually. Essentially, you asked (I) whether it is acceptable to maintain electronic T&A records and (2) whether it is permissible to have the supervisor approve staff leave ‘Title 6 identifies a T&A system as the processes of authorizing and approving T&A transactions and recording T&A information. This letter addresses your questions on the proposed T&A system for Air Force bases with respect to employees’leave records. GAO/AIMD-99-283R DOD T&A System Controls B-283050 requests by using a user identification code or a password in lieu of the electronic signature required in Title 6. With respect to your first question, Title 6 does not prescribe the form in which records must be maintained, but recognizes that agency records of T&A data are maintained in hard copy, automated files, or a combination of the two. Regarding your second question, it is permissible for your proposed system to include user identification codes and passwords for the supervisor. As your staff explained, the cost of implementing electronic signatures meeting certain criteria is prohibitive and not cost effective compared to the benefits such signatures provide? The requirement in section 3.6 of Title 6 that supervisors use electronic signatures is based on the risks associated with automated records and approvals. However, the requirement is forward looking with a view toward evolving, affordable technology. In the interim, before widespread application of cost effective electronic signatures is readily available, T&A systems should be designed to ensure that approved T&A data are protected against loss or alteration. You should also be aware that the Government Paperwork Elimination Act (GPEA), passed in 1998,requires that agencies comply with the guidance that the Director of the Office of Management and Budget (OMB) issues regarding automated systems that maintain electronic information as a substitute for paper and use electronic signatures. Your proposed system can provide for compensating controls to minimize the risks of intentional or unintentional alteration of approved T&A data and to ensure the accuracy of the data. It is important that implementation of the proposed system be monitored closely to ensure that it is operating effectively. Therefore, especially during the initial period anchor the first full year of implementation, Federal Managers Financial Integrity Act reviews should be directed at ensuring that the system is operating as designed and that leave data are accurately maintained. Descriptions of your current and proposed T&A system and an explanation of our views in detail are provided in the following sections. During the design of new systems, agencies should also consider broader aspects of reengineering operations to maximiz e streamlining efforts to reduce costs, and enhance processes, and take full advantage of technological advances. A related area the Air Force should consider regarding the design and implementation of its proposed T&A system is its internal organizational structure. We suggest the Air Force consider assessing the feasibility of reducing the number of supervisors designated to approve T&A records and the effect this may have on the affordability of electronic signatures for supervisory approval of T&A data. The Current and ProDosed T&A &stem Both the current and proposed T&A system, are exception-based systems whereby employees are considered at work unless reported absent or on approved leave by their supervisors. Unlike positive pay T&A systems where daily or periodic T&A ‘on the basis of estimates from vendors, your staff estimated the costs of implementing electronic signatures for all supervisors to be over $1 million per base. Page 2 GAO/A&ID-99-283R DOD T&A System Controls B-283050 reports are completed by or for each employee for each pay period, your T&A records are exception reports and documents showing absentees. Thus, both supervisors’ absentee reports and approved leave requests are official supporting documents. The Current T&A &stem Your staff explained the current system as follows in this and the next paragraph. Under the current paper-based system, an employee prepares and signs a leave request form which is given to his or her supervisor for review and approval. Approval is signified by the supervisor’s handwritten signature on the form. The form is then forwarded to the unit leave administrato$ who reviews the leave request, assigns a leave number, and logs the request into a unit staffing book and leave log. The staffing book is used by the unit commander to determine, among other things, who is on leave and the location of certain individuals. The approved leave form is then forwarded to the Air Force base finance office where the leave information is manually keyed into a stand alone computer program that creates an ASCII-based text filef’the paper form is then filed. The text-based file is transmitted to the Defense Finance and Accounting Service (DFAS). The electronic file from the base finance office provides information to DFAS to update leave records and other information. A report file (an electronically readable file containing reporting information only) is returned to the base finance office with identification showing what information was processed by DFAS. The base finance office prints the report from the file and forwards to each unit leave administrator that portion of the report showing the unit’s employee absences. The administrator is requiredJo reconcile the information in the report to the unit’s leave log and to resolve any discrepancies. Subsequently, information is also sent by DFAS to the employees containing, among other information, earnings and leave earned, charged, and balances. The Proposed T&A Svstem This section includes the explanation of the proposed system as provided by your staff- Under the proposed system, little or no paper is used. An employee wanting to request leave logs into an information management system using a user identification code and password. The same leave request information, currently completed on the paper form, is entered into the automated system. The employee signs the leave request by using his or her user code and password. ?Theleave administrator is responsible for maintaining the unit’s staffmg book, which identifies the location of each present staff member and those staff members who are absent. “An ASCII-based text file is a universally readable file by most data processing equipment. It is not specific to any system architecture and is needed for DFAS processing. Page 3 GAO/AI&ID-99-283RDOD T&A System Controls B-283050 After the employee completes the automated leave request form and provides the identification of the supervisor to approve the request, the system automatically processes the request. The employee’s supervisor is notified by the system by an e- mail containing a randomly generated tracking number that a leave request is awaiting review and approval. After the supervisor logs into the system, he or she can access the leave request by using the employee’s identification (name or employee number) and the random generated tracking number which acts as a password (both items of information provided in the e-mail). The supervisor reviews the request and approves or denies it. If approved, the supervisor selects the approval action and logs out of the system. The system automatically identifies the supervisor by his or her user code and password. If the request is not approved, the supervisor selects the disapproval action and annotates the reason(s) for disapproval. After approval or disapproval, the system generates an e-mail message of that decision which is sent to the employee and to the supervisor. Creating or forwarding the e-mail messagecannot be controlled by the employee or supervisor. Your staff emphasized that the e-mail messageserves as a control (1) to notify the employee and the supervisor of any actions taken related to the employee, (2) to notify the employee of any incorrect requests for leave, or (3) to notify the supervisor of changes occurring in the leave record after approval. After the supervisor approves the leave, the system allows the appropriate unit leave administrator access to the information to review all leave requests. The administrator reviews the leave and based on unit policy and duty requirements, approves or disapproves the leave electronically. Once approved by the administrator, the system automatically assigns a system-generated leave number and annotates the leave number in the unit on-line leave-tracking book (also called a tracking log). Under the new system, the leave-tracking-book is automated. Also, the supervisor and the employee automatically receive another system-generated e-mail stating that the leave was approved or disapproved by the unit’s leave administrator. After the leave request is approved by the leave administrator and a leave number is assigned, the approved leave record is maintained by the system and available for recall (by the employee, supervisor, and leave administrator) and processing by the base finance office. The base finance office will processes the leave information further during its periodic system update, normally done dtiy. During the system update, the information management system generates two electronic files, one that is an ASCII text file and one that contains the details of the approved leave; the requestor, date and time of the request, period of leave, supervisor, date and time of approval, the administrator, and the date and time of assignment of the leave number. The ASCII text file is transmitted to DFAS for payroll processing and the second file containing all traceable data is signed by an official in the base finance office by using an electronic signature. The file is retained by the base finance office. Page 4 GAO/AND-99-283R DOD T&A System Controls B-283050 DFAS then returns a report files to the base finance office. The file contains (1) the original data forwarded to DFAS and (2) evidence showing that DFAS used the data to process payroll payments and update employees’permanent files it maintains. The base finance of&e loads the file into the information management system where it is automatically reconciled to transaction data previously forwarded to DFAS to ensure that the information used by DFAS during its updating routines was accurate. Discrepancies are required to be researched and resolved by the base fmance office Staff. Once the reconciliation is completed, the unit’s leave administrator can access information on each unit. Each unit leave administrator is required to review all transactions related to his or her unit’s leave book to ensure that ah leave was accurately processed by DFAS and perform the reconciliation daily and to daily resolve the discrepancies. As under the current T&A system, employees continue to receive payroll statements from DFAS containing, among other information, earnings and leave earned, charged, and balances. After the employee returns from leave, he or she is required to log into the system, retrieve the leave record, and record the date returned to work. If no adjustment to the approved leave is needed, the system automatically generates an e-mail to the supervisor giving written notice of the employee’s return. Your staff stated that after the leave has been approved and processed, changes to leave could occur. The employee can request an increase or decrease in the amount of leave approved before, during, or after the leave is actually taken. Also, in unusua.l cases, employees can be called to report to work or duty during leave, or have approved leave canceled during emergencies or alerts. For any changes to the leave (except in the case of the employee contacting the supervisor during the leave to request an extension of the leave period and hours/days used), the previously described process is followed. In the case where the employee contacts the supervisor during the leave period to extend the leave, the supervisor will record the extension on the leave record, approve the additional leave, and from that point forward, the same process previously described would be followed. Your staff explained that implementation of the new system is based on several factors, primarily the availability of technology and the need to simplify and streamline the existing system. By implementing the new system, your staff estimates that each base can have annual cost savings of approximately $1.8 million. “A report file is an ASCII-based file that has printing control characters imbedded in it to allow printing on generic type printers. Page 5 GAOMMD-99-283R DOD T&A System Controls B-283050 GAO’s Position Technological Advances Could Enhance Internal Control and Data Integrity The Federal Financial Management Improvement Act of 1996requires that agencies implement and maintain financial -managementsystems that substantially comply with federal financial management system requirements. The 3oint Financial Management Improvement Program (JFMIP) has issued a series of system requirements documents generally accepted as the systems standards by the federal sector to be followed by agencies. In itsFramework for Federal man&l Management Systems,JFMIP envisions systems with standardized information and electronic data exchange to eliminate manual processes, reduce the risk of data loss or errors, and.eliminate manual reentry and interpretation. In discussing the use of technology for voucher certification, Title 7, “Fiscal Guidance,” of the GAO’sPoficies and Procedures Manual states that agencies should endeavor to establish automated processing techniques and controls whenever feasible so long as the interest of the government is protected. Regarding the specific questions you asked, we recognize the benefits of retaining and storing records electronically rather than in hard copy, and the benefits of electronic signatures over hand written signatures when transmitting data electronically. Electronic records can help reduce storage and maintenance costs and help ensure data integrity. In addressing whether government contracts generated and stored electronically satisfied the statutory requirement that the contract be “in writing,” a GAO decision6has held that electronic technology that allows the data to be examined in human readable form, as on a monitor, stored on electronic media, and recalled from storage to be reviewed in human readable form can provide data integrity that is equal to that of a paper document and satisfies the statutory requirement. Because of the nature of electronic documents, Title 6 prefers electronic signatures for supervisors approving electronic T&A data. Title 6 states that when these signatures are unique to the signer, under the signer’s sole control, capable of verification, and linked to the data, they provide the necessary control to reduce the risk of intentional or unintentional data alteration by enhancing the integrity of T&A data and ensuring that the pay and benefits of employees are accurate. The National Institute of Standards (NIST)’ has established procedures for the evaluation and ‘71 Comp. Gen. 109 (1991). ‘Under the requirements of the Computer Security Act, NIST is responsible for establishing standards for federal government computer systems that process sensitive but unclassified data. Page 6 GAO/AIMD-99-283R DOD T&A System Controls B-283050 approval of certain automated signature technique8 to ensure the integrity of the data. The electronic signatures should conform with the requirements issued by NIST and also use algorithms and techniques approved by NIST. GPEA authorized OMB to direct and oversee agency acquisition and use of information technology, including alternative inforrnation technologies that provide for the maintenance of electronic information as a substitute for paper and the use of electronic signatures. Pursuant to GPEA, OMB issued draft guidelines that establish a framework for agency use of electronic documents and signatures. Agencies’automated systems will have to be consistent witb OMB’s guidance. We believe that electronic technology will continue to improve and evolve to have the capabilities for providing electronic signatures meeting these criteria to all supervisors at affordable prices to agencies. In the interim, until cost effective technology is available to provide for widespread electronic signatures, automated processes must be supplemented with other automated steps or manual procedures to provide assurances that the government’s interest is protected. Electronic Records of T&A Data Your first question asked whether military leave records must be maintained in paper form. Title 6 does not prescribe the form in which records must be maintained, but recognizes that agency records of T&A data (including leave records) are maintained in hard copy, electronic files, or a combination of the two. Both hard copy and electronic records are subject to the same storage procedures and retention period. Nevertheless, further assurance may be needed for electronic records to ensure that data are not altered. Your staff stated that under the proposed new system, the electronic signature executed at the base finance office meets the criteria previously discussed and the NIST-approved techniques. Also, you will need to ensure that the signature complies with the guidance OMB issues pursuant to GPEA. However, until the electronic signature is executed, that is, from the point the supervisor approves the leave request until it is assigned the leave number and recorded in the staffing book, the data are only protected to the extent afforded by passwords and user identification codes. At the base finance offrce after the signature is executed, the data are protected against unauthorized or unintentional alteration. Further, your staff explained that each unit’s leave administrator is required to reconcile the approved leave information from the electronically signed file to the unit’s staffing book, and this helps to ensure the integrity of the data from the point in time the administrator approves the leave and a leave number is assigned until the data are secured by the electronic signature at the finance office. Your staff explained that the risk that the data on the approved leave request could be altered before being given a leave number was very small, and in their opinion not high enough to incur the cost of electronic signatures at the supervisor level. They @Theseprocedures are contained in the Federal Information Processing Standards (FIR3 PUB 186). Page 7 GAO/AJMD-99-283RDOD T&A System Controls B-283050 stated that the data are secured by an electronic signature nearly every day at the base finance office, thereby limiting the time the data are -subject to undetected alterations. Also, experience has shown that very few disputes with leave ever occur. Rather, the problems that have occurred have usually been clerical errors caused by the current system’s numerous manual processing steps. Examples of problems that occur in the current paper-based system are misplaced leave forms and data entry errors. The proposed system eliminates these error-prone processes. Further, your staff explained that the proposed system provides a better audit trail and more cost- effective environment to review leave processing activities. The proposed system tracks all changes to the leave records including canceled leave requests (not done under the current paper-driven system) making the review of all leave requests and actions for each employee easy and accessible. We concur with your opinion that the proposed system provides reasonable assurance that the electronic leave records are accurately created and maintained with minimal risk of loss or alteration. We note that OMB’s draft guidance states that agencies are allowed to use passwords and user identification codes along with electronic signatures to create a secure environment for electronic documents. Once the implementation of the new automated system is begun, we believe that it should be monitored closely to ensure that the system is operating as designed. Since the 1982 enactment of the Federal Managers’Financial Integrity Act (FMFIA), a3l executive agencies have been required to annually review their systems of internal control and to report material weaknesses. We believe that during the initia3 period and/or the first full year of the proposed system’s implementation, FMFIA reviews should be specifically directed at ensuring that the system is working as designed and that the accuracy of the leave data is maintained. Annroval of T&A Data Title 6 requires that approval of T&A data, including leave data, be based on personal observation, work output, timekeeper verification, checking data against independent sources, reliance on other controls, or a combination of these methods. Approval is usually done by an off&&l, normally the immediate supervisor, most knowledgeable of the time worked and absence of employees involved. The approval function is critical in ensuring that time &d attendance data, such as leave charges, are true, correct, and accurate, and in accordance with applicable laws, regulations, and legal decisions. In your proposed system, the supervisor approves a staff member’s leave request using a user identification code or password. Your staff stated that the risk of leave data being altered, either intentionally or unintentionally, is very small and the cost of adding the electronic signature control feature would far outweigh the very small additional benefit, if any, gamed from it. Your staff explained that the cost of implementing electronic signatures satisfying the NIST criteria for ah the base supervisors (estimated at between 2,000 to 3,000) would be cost prohibitive at $1 million per base. GAO/AIMD-99-283RDOD T&A System Controls B-283050 In applying the Title 6 requirement for electronic signatures, agencies must weigh the costs and benefits in assessingthe mitigation of risks of data being compromised. In situations where there are many supervisors, as is the case at your bases, we believe that until technology evolves further to provide cost effective, widespread electronic signatures to agencies, interim measures can be taken to ensure the accuracy and reliability of T&A data. The draft GPEA guidance published by OMB states that an agency’s determination of which technology to use in an application should depend upon the risks associated with the loss, misuse, or compromise of the electronic documents and signatures compared to the cost and effort associated with developing and managing that technology. Your staff stated that the proposed system provides for compensating controls to ensure that leave data are accurate. First, the automated reconciliation between the unit administrator’s leave log and the staff’s leave data on the file returned to the fmance office by DFAS provides assurance that the data are accurate from the point a leave number is assigned the approved leave. Second, the proposed system is designed to send a notice to the employee requesting leave and the supervisor who approved it when the data are approved or any other changes to the data occur. The Air Force believes that these procedures will make it difficult for any intentional or unintentional alterations of the leave data to go undetected for other than very short periods. Based on your staffs explanation of the proposed T&A system, the approval of leave requests as proposed in the new system will provide adequate assurances that accurate leave data are included in employees’records. As we have previously stated, agencies’automated systems must be consistent with the guidance that OMB issues pursuant to GPEA. Implementation of the automated system should be monitored closely to ensure that the system is operating as designed. Since the 1982 enactment of the Federal Managers’Financial Integrity Act (FMFIA), all executive branch agencies have been required to annually review their systems of internal control and to report material weaknesses. Especially during the initial period and/or the first full year of the proposed system’s implementation, FMFIA reviews should be specifically directed at ensuring that the system is working as designed and that the accuracy of the leave data is maintained We also suggest that the Air Force consider ex amining its internal organizational structure and processes to assess the feasibility of reducing the number of supervisors and the related effect on the affordability of using electronic signatures for supervisory approval of T&A data. Reengineering internal processes, with costs, benefits, and risks factored in, is often essential to take full advantage of the benefits of technology. ----- Page 9 GAO/AIMD-99-283R DOD T&A System Controls B-283050 We have discussed the contents of this letter with Master Sergeant Raymond Kelly of your staff. If you or your staff have any questions, please contact Chris Martin, Assistant Director, Computer and Information Technology Assessment, at (202) 512- 9481, or Assistant Director Bruce Michelson of my star@at (202) 512-9406. Sincerely yours, Robert W. Gramling Director, Corporate Audits and Standards (922270) Page 10 GAO/AIMD-99-283R DOD T&A System Controls Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by 8 check or money order made out to the Superintendent of Documents, when necessary. VISA and Mastercard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC 20013 or visit: Boom 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with %.fo” in the body to: email@example.com or visit GAO’s World Wide Web Home Page at: htt@*.gao.gov United States General Accounting Office Washington, D.C. 20548-0001 Official Business Penalty for Private Use $300 Address Correction Requested
DOD T&A System Controls: Military Leave Records and Approval of Leave Requests
Published by the Government Accountability Office on 1999-09-22.
Below is a raw (and likely hideous) rendition of the original report. (PDF)