oversight

DOD T&A System Controls: Military Leave Records and Approval of Leave Requests

Published by the Government Accountability Office on 1999-09-22.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

United States General Accounting Office                               Accounting and Information
Washington, DC 20648                                                        Management Division



          B-283050


          September Z&l999

          Colonel Richard B. Weathers
          Chief, Budget Division
          Directorate of the Comptroller
          Headquarters, Air Mobility Command
          Department of the Air Force

          Subject: DOD T&A Svstem Controls: Militarv Leave Records and Antxoval of
                   Leave Reauests

          Dear Colonel Weathers:

          This letter responds to your May 19,1999, request regarding the internal control
          requirements in Title 6, “Pay, Leave, and Allowances of the GAOPoficy and
          Procedures Manual for Guidance of Federal Agencies as they relate to the
          Department of Air Force’s Air Mobility Command’s (base) employee time and
          attendance (T&A) system.’ Specifically, you asked whether (1) military leave records
          must be maintained in paper form containing handwritten signatures and (2) an
          electronic signature on an electronic leave request record by the base finance offrice
          provides reasonable assurance that leave requests have been properly initiated and
          authorized.

          Your request was initiated because the design of a new automated T&A system,
          which will streamline and replace the current paper-driven system at Air Force bases
          in the near future, is near completion. Your proposed system is to be implemented at
          97 Air Force bases/sites. Each base has an average of about 5,000 employees
          including between 2,000 to 3,000 supervisors. To supplement the information
          contained in your letter, we contacted your staff to discuss the questions in more
          detail. Since we did not test your current or proposed system, our response only
          addresses your proposal conceptually.

          Essentially, you asked (I) whether it is acceptable to maintain electronic T&A
          records and (2) whether it is permissible to have the supervisor approve staff leave

          ‘Title 6 identifies a T&A system as the processes of authorizing and approving T&A
          transactions and recording T&A information. This letter addresses your questions on
          the proposed T&A system for Air Force bases with respect to
          employees’leave records.
                                                GAO/AIMD-99-283R DOD T&A System Controls
B-283050

requests by using a user identification code or a password in lieu of the electronic
signature required in Title 6. With respect to your first question, Title 6 does not
prescribe the form in which records must be maintained, but recognizes that agency
records of T&A data are maintained in hard copy, automated files, or a combination
of the two.

Regarding your second question, it is permissible for your proposed system to include
user identification codes and passwords for the supervisor. As your staff explained,
the cost of implementing electronic signatures meeting certain criteria is prohibitive
and not cost effective compared to the benefits such signatures provide? The
requirement in section 3.6 of Title 6 that supervisors use electronic signatures is
based on the risks associated with automated records and approvals. However, the
requirement is forward looking with a view toward evolving, affordable technology.
In the interim, before widespread application of cost effective electronic signatures is
readily available, T&A systems should be designed to ensure that approved T&A data
are protected against loss or alteration. You should also be aware that the
Government Paperwork Elimination Act (GPEA), passed in 1998,requires that
agencies comply with the guidance that the Director of the Office of Management and
Budget (OMB) issues regarding automated systems that maintain electronic
information as a substitute for paper and use electronic signatures. Your proposed
system can provide for compensating controls to minimize the risks of intentional or
unintentional alteration of approved T&A data and to ensure the accuracy of the data.

It is important that implementation of the proposed system be monitored closely to
ensure that it is operating effectively. Therefore, especially during the initial period
anchor the first full year of implementation, Federal Managers Financial Integrity Act
reviews should be directed at ensuring that the system is operating as designed and
that leave data are accurately maintained. Descriptions of your current and proposed
T&A system and an explanation of our views in detail are provided in the following
sections.

During the design of new systems, agencies should also consider broader aspects of
reengineering operations to maximiz e streamlining efforts to reduce costs, and
enhance processes, and take full advantage of technological advances. A related area
the Air Force should consider regarding the design and implementation of its
proposed T&A system is its internal organizational structure. We suggest the Air
Force consider assessing the feasibility of reducing the number of supervisors
designated to approve T&A records and the effect this may have on the affordability
of electronic signatures for supervisory approval of T&A data.

The Current    and ProDosed T&A &stem

Both the current and proposed T&A system, are exception-based systems whereby
employees are considered at work unless reported absent or on approved leave by
their supervisors. Unlike positive pay T&A systems where daily or periodic T&A

 ‘on the basis of estimates from vendors, your staff estimated the costs of
 implementing electronic signatures for all supervisors to be over $1 million per base.

 Page 2                                 GAO/A&ID-99-283R DOD T&A System Controls
B-283050

reports are completed by or for each employee for each pay period, your T&A
records are exception reports and documents showing absentees. Thus, both
supervisors’ absentee reports and approved leave requests are official supporting
documents.

The Current T&A &stem

Your staff explained the current system as follows in this and the next paragraph.
Under the current paper-based system, an employee prepares and signs a leave
request form which is given to his or her supervisor for review and approval.
Approval is signified by the supervisor’s handwritten signature on the form. The form
is then forwarded to the unit leave administrato$ who reviews the leave request,
assigns a leave number, and logs the request into a unit staffing book and leave log.
The staffing book is used by the unit commander to determine, among other things,
who is on leave and the location of certain individuals.

The approved leave form is then forwarded to the Air Force base finance office
where the leave information is manually keyed into a stand alone computer program
that creates an ASCII-based text filef’the paper form is then filed. The text-based file
is transmitted to the Defense Finance and Accounting Service (DFAS). The
electronic file from the base finance office provides information to DFAS to update
leave records and other information. A report file (an electronically readable file
containing reporting information only) is returned to the base finance office with
identification showing what information was processed by DFAS. The base finance
office prints the report from the file and forwards to each unit leave administrator
that portion of the report showing the unit’s employee absences. The administrator is
requiredJo reconcile the information in the report to the unit’s leave log and to
resolve any discrepancies. Subsequently, information is also sent by DFAS to the
employees containing, among other information, earnings and leave earned, charged,
and balances.

The Proposed T&A Svstem

This section includes the explanation of the proposed system as provided by your
staff- Under the proposed system, little or no paper is used. An employee wanting to
request leave logs into an information management system using a user identification
code and password. The same leave request information, currently completed on the
paper form, is entered into the automated system. The employee signs the leave
request by using his or her user code and password.


?Theleave administrator is responsible for maintaining the unit’s staffmg book, which
identifies the location of each present staff member and those staff members who are
absent.

“An ASCII-based text file is a universally readable file by most data processing
equipment. It is not specific to any system architecture and is needed for DFAS
processing.

Page 3                                 GAO/AI&ID-99-283RDOD T&A System Controls
B-283050

After the employee completes the automated leave request form and provides the
identification of the supervisor to approve the request, the system automatically
processes the request. The employee’s supervisor is notified by the system by an e-
mail containing a randomly generated tracking number that a leave request is
awaiting review and approval. After the supervisor logs into the system, he or she
can access the leave request by using the employee’s identification (name or
employee number) and the random generated tracking number which acts as a
password (both items of information provided in the e-mail). The supervisor reviews
the request and approves or denies it. If approved, the supervisor selects the
approval action and logs out of the system. The system automatically identifies the
supervisor by his or her user code and password. If the request is not approved, the
 supervisor selects the disapproval action and annotates the reason(s) for disapproval.

After approval or disapproval, the system generates an e-mail message of that
decision which is sent to the employee and to the supervisor. Creating or forwarding
the e-mail messagecannot be controlled by the employee or supervisor. Your staff
emphasized that the e-mail messageserves as a control (1) to notify the employee
and the supervisor of any actions taken related to the employee, (2) to notify the
employee of any incorrect requests for leave, or (3) to notify the supervisor of
changes occurring in the leave record after approval.

After the supervisor approves the leave, the system allows the appropriate unit leave
administrator access to the information to review all leave requests. The
administrator reviews the leave and based on unit policy and duty requirements,
approves or disapproves the leave electronically. Once approved by the
administrator, the system automatically assigns a system-generated leave number and
annotates the leave number in the unit on-line leave-tracking book (also called a
tracking log). Under the new system, the leave-tracking-book is automated. Also, the
supervisor and the employee automatically receive another system-generated e-mail
stating that the leave was approved or disapproved by the unit’s leave administrator.

After the leave request is approved by the leave administrator and a leave number is
assigned, the approved leave record is maintained by the system and available for
recall (by the employee, supervisor, and leave administrator) and processing by the
base finance office. The base finance office will processes the leave information
further during its periodic system update, normally done dtiy. During the system
update, the information management system generates two electronic files, one that
is an ASCII text file and one that contains the details of the approved leave; the
requestor, date and time of the request, period of leave, supervisor, date and time of
approval, the administrator, and the date and time of assignment of the leave number.
The ASCII text file is transmitted to DFAS for payroll processing and the second file
containing all traceable data is signed by an official in the base finance office by using
 an electronic signature. The file is retained by the base finance office.




 Page 4                                 GAO/AND-99-283R DOD T&A System Controls
B-283050

DFAS then returns a report files to the base finance office. The file contains (1) the
original data forwarded to DFAS and (2) evidence showing that DFAS used the data
to process payroll payments and update employees’permanent files it maintains. The
base finance of&e loads the file into the information management system where it is
automatically reconciled to transaction data previously forwarded to DFAS to ensure
that the information used by DFAS during its updating routines was accurate.
Discrepancies are required to be researched and resolved by the base fmance office
Staff.


Once the reconciliation is completed, the unit’s leave administrator can access
information on each unit. Each unit leave administrator is required to review all
transactions related to his or her unit’s leave book to ensure that ah leave was
accurately processed by DFAS and perform the reconciliation daily and to daily
resolve the discrepancies. As under the current T&A system, employees continue to
receive payroll statements from DFAS containing, among other information, earnings
and leave earned, charged, and balances.

After the employee returns from leave, he or she is required to log into the system,
retrieve the leave record, and record the date returned to work. If no adjustment to
the approved leave is needed, the system automatically generates an e-mail to the
supervisor giving written notice of the employee’s return.

Your staff stated that after the leave has been approved and processed, changes to
leave could occur. The employee can request an increase or decrease in the amount
of leave approved before, during, or after the leave is actually taken. Also, in unusua.l
cases, employees can be called to report to work or duty during leave, or have
approved leave canceled during emergencies or alerts. For any changes to the leave
(except in the case of the employee contacting the supervisor during the leave to
request an extension of the leave period and hours/days used), the previously
described process is followed. In the case where the employee contacts the
supervisor during the leave period to extend the leave, the supervisor will record the
extension on the leave record, approve the additional leave, and from that point
forward, the same process previously described would be followed.

Your staff explained that implementation of the new system is based on several
factors, primarily the availability of technology and the need to simplify and
streamline the existing system. By implementing the new system, your staff
estimates that each base can have annual cost savings of approximately $1.8 million.




“A report file is an ASCII-based file that has printing control characters imbedded in it
to allow printing on generic type printers.

Page 5                                 GAOMMD-99-283R DOD T&A System Controls
B-283050


GAO’s Position

Technological Advances Could Enhance
Internal Control and Data Integrity

The Federal Financial Management Improvement Act of 1996requires that agencies
implement and maintain financial -managementsystems that substantially comply
with federal financial management system requirements. The 3oint Financial
Management Improvement Program (JFMIP) has issued a series of system
requirements documents generally accepted as the systems standards by the federal
sector to be followed by agencies. In itsFramework for Federal man&l
Management Systems,JFMIP envisions systems with standardized information and
electronic data exchange to eliminate manual processes, reduce the risk of data loss
or errors, and.eliminate manual reentry and interpretation. In discussing the use of
technology for voucher certification, Title 7, “Fiscal Guidance,” of the GAO’sPoficies
and Procedures Manual states that agencies should endeavor to establish automated
processing techniques and controls whenever feasible so long as the interest of the
government is protected.

Regarding the specific questions you asked, we recognize the benefits of retaining
and storing records electronically rather than in hard copy, and the benefits of
electronic signatures over hand written signatures when transmitting data
electronically. Electronic records can help reduce storage and maintenance costs
and help ensure data integrity. In addressing whether government contracts
generated and stored electronically satisfied the statutory requirement that the
contract be “in writing,” a GAO decision6has held that electronic technology that
allows the data to be examined in human readable form, as on a monitor, stored on
electronic media, and recalled from storage to be reviewed in human readable form
can provide data integrity that is equal to that of a paper document and satisfies the
statutory requirement.

Because of the nature of electronic documents, Title 6 prefers electronic signatures
for supervisors approving electronic T&A data. Title 6 states that when these
signatures are unique to the signer, under the signer’s sole control, capable of
verification, and linked to the data, they provide the necessary control to reduce the
risk of intentional or unintentional data alteration by enhancing the integrity of T&A
data and ensuring that the pay and benefits of employees are accurate. The National
Institute of Standards (NIST)’ has established procedures for the evaluation and



‘71 Comp. Gen. 109 (1991).

 ‘Under the requirements of the Computer Security Act, NIST is responsible for
 establishing standards for federal government computer systems that process
 sensitive but unclassified data.


 Page 6                                 GAO/AIMD-99-283R DOD T&A System Controls
B-283050

approval of certain automated signature technique8 to ensure the integrity of the
data. The electronic signatures should conform with the requirements issued by
NIST and also use algorithms and techniques approved by NIST.

GPEA authorized OMB to direct and oversee agency acquisition and use of
information technology, including alternative inforrnation technologies that
provide for the maintenance of electronic information as a substitute for paper and
the use of electronic signatures. Pursuant to GPEA, OMB issued draft guidelines that
establish a framework for agency use of electronic documents and signatures.
Agencies’automated systems will have to be consistent witb OMB’s guidance.

We believe that electronic technology will continue to improve and evolve to have the
capabilities for providing electronic signatures meeting these criteria to all
supervisors at affordable prices to agencies. In the interim, until cost effective
technology is available to provide for widespread electronic signatures, automated
processes must be supplemented with other automated steps or manual procedures
to provide assurances that the government’s interest is protected.

Electronic Records of T&A Data

Your first question asked whether military leave records must be maintained in paper
form. Title 6 does not prescribe the form in which records must be maintained, but
recognizes that agency records of T&A data (including leave records) are maintained
in hard copy, electronic files, or a combination of the two. Both hard copy and
electronic records are subject to the same storage procedures and retention period.

Nevertheless, further assurance may be needed for electronic records to ensure that
data are not altered. Your staff stated that under the proposed new system, the
electronic signature executed at the base finance office meets the
criteria previously discussed and the NIST-approved techniques. Also, you will need
to ensure that the signature complies with the guidance OMB issues pursuant to
GPEA. However, until the electronic signature is executed, that is, from the point the
supervisor approves the leave request until it is assigned the leave number and
recorded in the staffing book, the data are only protected to the extent afforded by
passwords and user identification codes. At the base finance offrce after the
signature is executed, the data are protected against unauthorized or unintentional
alteration. Further, your staff explained that each unit’s leave administrator is
required to reconcile the approved leave information from the electronically signed
file to the unit’s staffing book, and this helps to ensure the integrity of the data from
the point in time the administrator approves the leave and a leave number is assigned
until the data are secured by the electronic signature at the finance office.

Your staff explained that the risk that the data on the approved leave request could be
altered before being given a leave number was very small, and in their opinion not
high enough to incur the cost of electronic signatures at the supervisor level. They

@Theseprocedures are contained in the Federal Information Processing Standards
(FIR3 PUB 186).

Page 7                                 GAO/AJMD-99-283RDOD T&A System Controls
B-283050

stated that the data are secured by an electronic signature nearly every day at the
base finance office, thereby limiting the time the data are -subject to undetected
alterations. Also, experience has shown that very few disputes with leave ever occur.
Rather, the problems that have occurred have usually been clerical errors caused by
the current system’s numerous manual processing steps. Examples of problems that
occur in the current paper-based system are misplaced leave forms and data entry
errors. The proposed system eliminates these error-prone processes. Further, your
staff explained that the proposed system provides a better audit trail and more cost-
effective environment to review leave processing activities. The proposed system
tracks all changes to the leave records including canceled leave requests (not done
under the current paper-driven system) making the review of all leave requests and
actions for each employee easy and accessible.

We concur with your opinion that the proposed system provides reasonable
assurance that the electronic leave records are accurately created and maintained
with minimal risk of loss or alteration. We note that OMB’s draft guidance states that
agencies are allowed to use passwords and user identification codes along with
electronic signatures to create a secure environment for electronic documents. Once
the implementation of the new automated system is begun, we believe that it should
be monitored closely to ensure that the system is operating as designed. Since the
1982 enactment of the Federal Managers’Financial Integrity Act (FMFIA), a3l
executive agencies have been required to annually review their systems of internal
control and to report material weaknesses. We believe that during the initia3 period
and/or the first full year of the proposed system’s implementation, FMFIA reviews
should be specifically directed at ensuring that the system is working as designed and
that the accuracy of the leave data is maintained.

Annroval of T&A Data

Title 6 requires that approval of T&A data, including leave data, be based on personal
observation, work output, timekeeper verification, checking data against independent
sources, reliance on other controls, or a combination of these methods. Approval is
usually done by an off&&l, normally the immediate supervisor, most knowledgeable
of the time worked and absence of employees involved. The approval function is
critical in ensuring that time &d attendance data, such as leave charges, are true,
correct, and accurate, and in accordance with applicable laws, regulations, and legal
decisions.

 In your proposed system, the supervisor approves a staff member’s leave request
 using a user identification code or password. Your staff stated that the risk of leave
 data being altered, either intentionally or unintentionally, is very small and the cost of
 adding the electronic signature control feature would far outweigh the very small
 additional benefit, if any, gamed from it.

 Your staff explained that the cost of implementing electronic signatures satisfying the
 NIST criteria for ah the base supervisors (estimated at between 2,000 to 3,000) would
 be cost prohibitive at $1 million per base.


                                         GAO/AIMD-99-283RDOD T&A System Controls
B-283050

In applying the Title 6 requirement for electronic signatures, agencies must weigh the
costs and benefits in assessingthe mitigation of risks of data being compromised. In
situations where there are many supervisors, as is the case at your bases, we believe
that until technology evolves further to provide cost effective, widespread electronic
signatures to agencies, interim measures can be taken to ensure the accuracy and
reliability of T&A data. The draft GPEA guidance published by OMB states that an
agency’s determination of which technology to use in an application should depend
upon the risks associated with the loss, misuse, or compromise of the electronic
documents and signatures compared to the cost and effort associated with
developing and managing that technology.

Your staff stated that the proposed system provides for compensating controls to
ensure that leave data are accurate. First, the automated reconciliation between the
unit administrator’s leave log and the staff’s leave data on the file returned to the
fmance office by DFAS provides assurance that the data are accurate from the point a
leave number is assigned the approved leave. Second, the proposed system is
designed to send a notice to the employee requesting leave and the supervisor who
approved it when the data are approved or any other changes to the data occur. The
Air Force believes that these procedures will make it difficult for any intentional or
unintentional alterations of the leave data to go undetected for other than very short
periods.

Based on your staffs explanation of the proposed T&A system, the approval of leave
requests as proposed in the new system will provide adequate assurances that
accurate leave data are included in employees’records. As we have previously
stated, agencies’automated systems must be consistent with the guidance that OMB
issues pursuant to GPEA. Implementation of the automated system should be
monitored closely to ensure that the system is operating as designed. Since the 1982
enactment of the Federal Managers’Financial Integrity Act (FMFIA), all executive
branch agencies have been required to annually review their systems of internal
control and to report material weaknesses. Especially during the initial period and/or
the first full year of the proposed system’s implementation, FMFIA reviews should be
specifically directed at ensuring that the system is working as designed and that the
accuracy of the leave data is maintained

We also suggest that the Air Force consider ex amining its internal organizational
structure and processes to assess the feasibility of reducing the number of
supervisors and the related effect on the affordability of using electronic signatures
for supervisory approval of T&A data. Reengineering internal processes, with costs,
benefits, and risks factored in, is often essential to take full advantage of the benefits
of technology.
                                          -----




Page 9                                  GAO/AIMD-99-283R DOD T&A System Controls
B-283050

We have discussed the contents of this letter with Master Sergeant Raymond Kelly of
your staff. If you or your staff have any questions, please contact Chris Martin,
Assistant Director, Computer and Information Technology Assessment, at (202) 512-
9481, or Assistant Director Bruce Michelson of my star@at (202) 512-9406.

Sincerely yours,




Robert W. Gramling
Director, Corporate Audits
 and Standards




 (922270)

 Page 10                              GAO/AIMD-99-283R DOD T&A System Controls
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by 8 check or money order
made out to the Superintendent   of Documents, when
necessary. VISA and Mastercard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting   Office
P.O. Box 37050
Washington, DC 20013

or visit:

Boom 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information       on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with %.fo” in the body to:

iufo@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

htt@*.gao.gov
United States
General Accounting Office
Washington, D.C. 20548-0001


Official Business
Penalty for Private   Use $300
Address Correction    Requested