United States Government Accountability Office Washington, DC 20548 July 26, 2012 The Honorable Max Cleland, Secretary American Battle Monuments Commission Courthouse Plaza II, Suite 500 2300 Clarendon Boulevard Arlington, Virginia 22201 Subject: Management Report: Improvements Are Needed to Strengthen the American Battle Monuments Commission’s Internal Controls and Accounting Procedures Dear Mr. Secretary: In March 2012, we issued our report on the results of our audit of the financial statements of the American Battle Monuments Commission (the Commission) as of, and for the fiscal years ending September 30, 2011 and 2010, and on the effectiveness of its internal control over financial reporting as of September 30, 2011. 1 We also reported our conclusions on the Commission’s compliance with provisions of selected laws and regulations. Our report concluded that although certain internal controls could be improved, the Commission maintained, in all material respects, effective internal control over financial reporting as of September 30, 2011. However, we did report a significant deficiency 2 in the Commission’s internal control over its payroll processes for its non-U.S. citizen employees (foreign employees). 3 The purpose of this report is to present additional information on the control issues that we identified during our audit of the Commission’s fiscal year 2011 financial statements that constituted the significant deficiency and to provide our recommended actions to address those issues. Also, we identified an additional internal control issue that while not considered to be either a material weakness or a significant deficiency, nonetheless warrants management’s attention. This report provides our recommendations to address this internal control issue as well. In addition, we are providing an update on the status of recommendations we made to address internal control issues 1 GAO, Financial Audit: American Battle Monuments Commission’s Financial Statements for Fiscal Years 2011 and 2010, GAO-12-404 (Washington, D.C.: Mar. 1, 2012). 2 A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit the attention of those charged with governance. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis. A material weakness is a deficiency, or combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. 3 During fiscal year 2011, the Commission used a total of 396 full-time equivalent positions. Of these, 73 positions were held by U.S. citizens, while the remaining 323 positions were held by non-U.S. citizens employed at the Commission’s regional offices and at the cemeteries in the countries where the Commission operates. GAO-12-830R ABMC 2011 Management Report identified during our prior years’ financial statement audits of the Commission and related financial management reports. Results in Brief During our audit of the Commission’s fiscal years 2011 and 2010 financial statements, we identified the following internal control deficiencies that, collectively, constituted a significant deficiency in the Commission’s internal control over financial reporting as of September 30, 2011. • Access controls over foreign employee payroll systems. The Commission’s controls were not fully effective in appropriately segregating duties of the systems administrators responsible for the foreign employee (non-U.S. citizen employees) payroll systems. In addition, controls were not effective in ensuring that critical system updates and patches to the Commission’s servers were made, leaving them vulnerable to unauthorized access. 4 These issues increase the risk that unauthorized users could access and make changes in the foreign employee payroll systems without the Commission’s knowledge. • Policies and procedures for processing foreign payroll. The Commission did not have written policies and procedures in place detailing key tasks, roles, and responsibilities related to processing foreign payroll transactions. This increased the risk of (1) errors or irregularities in foreign employee payroll records, (2) misstatements in the Commission’s financial statements, and (3) noncompliance with relevant laws, regulations, and Commission policies. In addition, we found the following deficiency in the Commission’s internal control as of September 30, 2011. • Physical inventory counts. The Commission’s policy for conducting biennial physical inventories of equipment was not followed, and procedures for conducting the physical inventories had not been developed. These conditions increased the risk that safeguarding of assets could be compromised and that errors or misstatements could exist in the Commission’s inventory and financial records as well as the financial statements and not be promptly detected and corrected. At the end of our discussion of each issue, we present our recommendations for strengthening the Commission’s internal control. We are making seven new recommendations that, if effectively implemented, should address the internal control deficiencies we identified. These recommendations are intended to bring the Commission into conformance with its own policies, the Standards for Internal Control in the Federal 4 Patches are additional pieces of code that have been developed to address specific problems or flaws in existing software. Vulnerabilities are flaws that can be exploited, enabling unauthorized access to information technology systems or enabling users to have access to greater privileges than authorized. A server represents a computer running administrative software that controls access to all or part of the network and its resources, such as disk drives or printers. A computer acting as a server makes resources available to computers acting as workstations on the network. Page 2 GAO-12-830R ABMC 2011 Management Report Government, 5 and guidance issued by the National Institute of Standards and Technology (NIST). 6 As a result of our fiscal years 2007 through 2010 audits of the Commission’s financial statements, we have provided the Commission with 170 recommendations to improve its internal control, accounting procedures, and information systems. Through February 21, 2012, the date of our completion of the fiscal year 2011 audit, the Commission had implemented 127 recommendations, or about 75 percent of the recommendations we have made from the 2007 through 2010 audits. In commenting on a draft of this report, the Commission stated it agreed with the issues raised and would respond more fully at a later date. The Commission’s response is reprinted in its entirety in enclosure II. Scope and Methodology This report addresses internal control deficiencies we identified during our audit of the Commission’s fiscal years 2011 and 2010 financial statements. As part of our audit, we tested the Commission’s internal control over financial reporting. 7 We designed our audit procedures to test relevant controls, including those for proper authorization, execution, accounting, and reporting of transactions. In conducting the audit, we reviewed applicable Commission policies and procedures, assessed controls over the recording and processing of transactions, examined relevant documents and records, and interviewed management and staff. We also performed a targeted general controls and security review of the Commission’s critical computer systems using applicable sections of GAO’s Federal Information System Controls Audit Manual (FISCAM). 8 We performed our audit of the Commission’s fiscal years 2011 and 2010 financial statements in accordance with U.S. generally accepted government auditing standards. We believe that our audit provided a reasonable basis for our conclusions in this report. Further details on our audit scope and methodology are presented in enclosure I. 5 GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999), contains the internal control standards to be followed by executive agencies in establishing and maintaining systems of internal control as required by 31 U.S.C. § 3512 (c), (d) (commonly referred to as the Federal Managers’ Financial Integrity Act of 1982). 6 The Federal Information Security Management Act (FISMA) requires each agency to develop, document, and implement an agencywide information security program for the information and information systems that support the operations and assets of the agency, using a risk-based approach to information security management. FISMA assigned to NIST the responsibility for developing standards and guidelines that include minimum information security requirements. See 15 U.S.C. § 278g-3. 7 An entity’s internal control over financial reporting is a process effected by those charged with governance, management, and other personnel, the objectives of which are to provide reasonable assurance that (1) transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in accordance with U.S. generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition and (2) transactions are executed in accordance with the laws governing the use of budget authority and other laws and regulations that could have a direct and material effect on the financial statements. 8 GAO, Federal Information System Controls Audit Manual (FISCAM), GAO-09-232G (Washington, D.C.: February 2009). Page 3 GAO-12-830R ABMC 2011 Management Report Significant Deficiency Access Controls over Foreign Employee Payroll Systems During our fiscal year 2011 financial statement audit, we identified deficiencies in controls over the Commission’s foreign employee payroll systems. These deficiencies increased the risk of unauthorized access to, and alteration of, payroll-related information that would not be detected by Commission management. Specifically, we found that two system administrators had inappropriate system access, allowing them to not only make system changes but to alter data in systems for which they were responsible. These administrators were responsible for (1) developing, (2) testing, and (3) implementing the foreign payroll systems and any changes to them, which included the systems used to process their own payroll. This amounted to the administrators having the ability to read, change, and delete any data in the foreign payroll systems without oversight or verification by Commission management. This included the ability to alter their own wage and earnings and other data before the payroll files are sent to the U.S. Department of the Treasury (Treasury) for the disbursement of wages and to the Commission’s financial management system for recording in the general ledger. 9 Such access authority increases the risk that administrators could add or alter payroll data without authorization and that such changes would not be readily detectable by Commission management. The systems administrators were able to perform these inappropriate functions because the Commission had not developed, documented, and implemented policies and procedures for assigning and segregating roles and responsibilities for staff members involved in the administrative functions of the foreign payroll systems. We also found that the Commission had not installed critical updates and patches on several of its servers as outlined in its Computer Security Plan. Patch management is a critical process to securing computing systems and data processed in those systems. 10 Up-to-date patch installation helps mitigate flaws in software code that could be exploited to cause significant damage and enable malicious individuals to read, modify, or delete sensitive information or disrupt operations. 11 By not installing critical system updates and patches, unauthorized users could gain full administrator-level access to the Commission’s systems through a server that communicates with the Internet. This, in turn, could allow unauthorized users to gain administrator-level access to the foreign employee payroll systems. Based on our discussions with Commission staff, we were informed that the critical updates were not installed primarily because of an oversight when the servers were converted to a virtualized environment during fiscal year 2010. 12 This oversight also contributed to the Commission’s Computer Security Plan not being updated to reflect the 9 Payroll for the Commission’s federal employees (U.S. citizens) is managed by the General Services Administration, and these employees are paid using electronic funds transfers from Treasury. Payroll for the majority of its foreign employees is managed by the Commission in three separate payroll systems. These systems generate payroll files that are used to initiate wage disbursements from Treasury and record entries in the Commission’s general ledger. 10 GAO, Information Security: Continued Action Needed to Improve Software Patch Management, GAO-04-706 (Washington, D.C.: June 2, 2004). 11 GAO, Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements, GAO-12-137 (Washington, D.C.: Oct. 3, 2011). 12 Virtualization is a process by which several operating systems can be run in parallel on a single central processing unit. This parallelism tends to reduce overhead costs and differs from multitasking, which involves running several programs on the same operating system. Page 4 GAO-12-830R ABMC 2011 Management Report virtualized environment. By not updating the security plan to reflect the current information technology environment, the Commission’s ability to adhere to established operational and security controls was impaired. Internal control standards state that key duties and responsibilities need to be divided or segregated among different people to reduce the risk of error or fraud. 13 No one individual should control all key aspects of a transaction or event. Similarly, no single system administrator should have the ability to develop, test, and implement a financial information system without appropriate mitigating controls. In addition, NIST standards suggest that an organization separate duties of individuals, as necessary, to prevent malevolent activity without collusion. Further, NIST provides that organizations should promptly install security- relevant software updates (such as patches). By not ensuring that operational and computer security controls are designed to limit access to authorized users, the Commission increases the risk of unauthorized access and manipulation of its information systems and related data and misstatements in the financial statements. Recommendations for Executive Action We recommend that the Commission direct the appropriate officials to take the following actions: • Establish and implement written policies and procedures to identify and appropriately segregate the roles and responsibilities of staff involved in developing, testing, and implementing changes to and maintenance of the foreign employee payroll systems to reduce the risk of malevolent activity without collusion. • Perform a review of the Commission’s computer systems and servers to assess whether all patches and critical updates are current. For any systems and servers found without the most current patch or update, establish a process to ensure immediate installation. • Establish a mechanism to monitor implementation of existing procedures requiring timely installation of all patches and critical updates as outlined in the Commission’s Computer Security Plan. • Update the Commission’s Computer Security Plan to reflect the current state of the Commission’s information technology environment. Policies and Procedures for Processing Foreign Payroll During our fiscal year 2011 financial statement audit, we found that the Commission did not have effective controls to minimize the risk of errors in processing payroll actions for its foreign employees. Specifically, we found that the Commission did not have policies and procedures clearly delineating the responsibilities of both the Human Resources and Finance Directorates with respect to ensuring accurate and complete payroll information for foreign employees. The Human Resources Directorate is responsible for processing all foreign employee personnel actions, such as promotions, salary increases, and benefit changes. The Finance Directorate is responsible for verifying and approving foreign employee information in the 13 GAO/AIMD-00-21.3.1. Page 5 GAO-12-830R ABMC 2011 Management Report payroll systems, including the certification of time charges and verification of salary and benefits information. We found that the Commission did not have procedures that set out required steps to be followed by the Human Resources Directorate to communicate employee actions that it approved and processed to the Finance Directorate. The lack of such sufficiently detailed procedures regarding the roles and responsibilities of each directorate increased the risk of undetected errors in the reporting of payroll information. For example, during our testing of foreign payroll expenditures, we were unable to trace the amounts in the foreign payroll systems to the general ledger. When we asked the Commission’s Finance Directorate for a reconciliation of the amounts, officials were unable to readily provide the supporting documentation and related explanations describing the differences. Although the support and explanations were subsequently provided, we found that during the course of the staff’s day-to-day operations, written instructions or directives were not available outlining the key tasks, roles, and responsibilities of each directorate involved in processing foreign payroll. Moreover, during our testing of a statistical sample of payroll expenditures, we found two instances where payroll information was incorrect. These findings and errors were consistent with the results of similar testing in prior years’ audits. 14 The lack of written policies and procedures clearly outlining the tasks, roles, and responsibilities of the Human Resources and Finance Directorates for processing foreign payroll contributed to the errors we identified. Internal control standards state that control activities must be clearly documented, periodically updated, and readily available for examination. 15 Control activities are an integral part of an entity’s planning, implementing, reviewing, and accountability for stewardship of government resources and achieving effective results. However, to be effective, the policies and procedures used to carry out the Human Resources and Finance Directorates’ functions should be clearly documented to ensure that all transactions are completely and accurately recorded and that management’s directives are carried out in an effective and efficient manner to accomplish control objectives. Without clear policies and procedures and a formal means to communicate payroll actions, earnings and leave changes and other amounts involved in processing foreign payroll could be unsupported, duplicated, or omitted, resulting in errors in the payroll records for foreign employees. This increases the risk of misstatements in the financial statements and noncompliance with relevant laws, regulations, and Commission policies. Recommendation for Executive Action We recommend that the Commission direct the appropriate officials to establish written policies and procedures outlining the key tasks, roles, and responsibilities of both the Human Resources Directorate and the Finance Directorate, including a formal mechanism for communicating all decisions and actions related to processing payroll for foreign employees. 14 GAO, American Battle Monuments Commission: Improvements Needed in Internal Controls and Accounting Procedures – Fiscal Year 2010, GAO-11-577R (Washington, D.C.: July 28, 2011), and Management Report: Improvements Needed in American Battle Monuments Commission’s Internal Controls and Accounting Procedures, GAO-10-596R (Washington, D.C.: July 23, 2010). 15 GAO/AIMD-00-21.3.1. Page 6 GAO-12-830R ABMC 2011 Management Report Other Control Deficiencies Physical Inventory Counts During our fiscal year 2011 financial audit, we identified deficiencies in the Commission’s internal controls over reporting and safeguarding of property, plant, and equipment. Specifically, we found that although the Commission had a policy to perform biennial physical inventory counts of all equipment over $500, this policy was not adhered to during fiscal year 2011. We were told that the policy had not been followed because of (1) an oversight or other tasks being given a higher priority and (2) written procedures for performing such physical inventory counts not being developed. A physical inventory count helps ensure that assets, such as the heavy equipment (e.g., tractors and mowers) purchased to maintain cemetery grounds and facilities, are accurately recorded, exist at a given point in time, and are properly safeguarded. This verification also helps ensure that information in the inventory records and general ledger, and ultimately the financial statements, is accurate, complete, and reliable. Internal control standards state that control activities, including policies and procedures, help ensure that management’s directives are carried out in an effective and efficient manner to accomplish control objectives. 16 They are also an integral part of planning, implementing, reviewing, and accountability for stewardship of government resources and achieving effective results. Further, the standards state that an agency must establish physical control to safeguard vulnerable assets and these assets should be periodically counted and compared to control records. Because the Commission has not developed procedures for performing a physical inventory count of equipment, there is an increased risk that the inventory counts will not be (1) performed, (2) conducted properly, or (3) used as a control to detect theft of assets. This, in turn, increases the risk that misstatements in the financial statements may not be promptly detected and corrected and that assets are not effectively safeguarded from theft or loss. Recommendations for Executive Action We recommend that the Commission direct the appropriate officials to take the following actions: • Establish and implement written procedures for conducting all physical inventory counts of equipment. These procedures, at a minimum, should outline the processes for (1) planning and executing the physical inventory count and (2) analyzing and documenting the results. • Establish a mechanism to monitor implementation of existing Commission policy to perform biennial physical inventory counts of all items of equipment with an obligated balance of $500 or more. 16 GAO/AIMD-00-21.3.1. Page 7 GAO-12-830R ABMC 2011 Management Report Status of Prior Years’ Recommendations As a result of our fiscal years 2007 through 2010 audits of the Commission’s financial statements, we have provided the Commission with 91 recommendations to improve its internal control and accounting procedures. As summarized in table 1, as of February 21, 2012, the date of audit completion for the fiscal year 2011 audit, the Commission had implemented 66, or about 73 percent, of our recommendations related to our prior years’ findings on internal control and accounting procedure issues. Table 1: Status of Fiscal Years 2007 through 2010 Internal Control and Accounting Procedure Recommendations Fiscal year ended Total number of Number of closed Number of open Sept. 30 recommendations recommendations recommendations 2007 5 5 0 2008 26 23 3 2009 45 33 12 2010 15 5 10 Total 91 66 25 Source: GAO analysis as of February 21, 2012. The Commission stated that it has actions under way to address the remaining 25 recommendations related to internal control and accounting procedure issues. Also, as a result of our fiscal years 2007 through 2010 audits of the Commission’s financial statements, we have provided the Commission with 79 recommendations related to information systems control issues. As summarized in table 2, as of February 21, 2012, the date of audit completion for the fiscal year 2011 audit, the Commission had implemented 61, or about 77 percent, of our recommendations related to our prior years’ findings on information systems. Table 2: Status of Fiscal Years 2007 through 2010 Information Systems Recommendations Fiscal year ended Total number of Number of closed Number of open Sept. 30 recommendations recommendations recommendations 2007 8 8 0 2008 18 18 0 2009 37 24 13 2010 16 11 5 Total 79 61 18 Source: GAO analysis as of February 21, 2012. The Commission stated that it has actions under way to address the remaining 18 recommendations related to information systems issues. In total, of the 170 recommendations we made to improve its internal control, accounting procedures, and information system controls, the Commission had implemented 127, or about 75 percent, of our recommendations from the fiscal years 2007 through 2010 financial audits. We will evaluate the status of the Commission’s actions to address all of the prior year recommendations that remain open, as well as the new recommendations we are making in this report, in future audits of the Commission’s financial statements. Page 8 GAO-12-830R ABMC 2011 Management Report Commission Comments and Our Evaluation In its written comments, reprinted in enclosure II, the Commission Secretary agreed with the issues raised in the report and stated that the Commission would provide a full response to each recommendation as part of its 31 U.S.C. § 720 letter to the Congress, which is due 60 days after the issuance of the report. As part of our fiscal year 2012 financial statement audit, we will follow up on all of these matters to determine the status of related corrective actions. ***** This report contains recommendations to the Commission. The head of a federal agency is required by 31 U.S.C. § 720 to submit a written statement on actions taken on these recommendations. You should submit your statement to the Senate Committee on Homeland Security and Governmental Affairs and to the House Committee on Oversight and Government Reform within 60 days of the date of this report. A written statement must also be sent to the House and Senate Committees on Appropriations with the Commission’s first request for appropriations made more than 60 days after the date of this report. Furthermore, to ensure that we have accurate, up-to-date information on the status of the Commission’s actions on our recommendations, we request that you also provide us with a copy of the Commission’s statement of actions taken on open recommendations. Please send your statement of actions to Steven Sebastian, Managing Director, at firstname.lastname@example.org or John D. Sawyer, Assistant Director, at email@example.com. This report is intended for use by the management of the Commission. We are sending copies of this report to interested congressional committees and the Acting Director of the Office of Management and Budget. In addition, the report is available at no charge on the GAO website at http://www.gao.gov. We acknowledge and appreciate the cooperation and assistance provided by Commission management and staff during our audit of the Commission’s fiscal years 2011 and 2010 financial statements. If you have any questions about this report or need assistance in addressing these issues, please contact Steven Sebastian at (202) 512-3406 or firstname.lastname@example.org or Nabajyoti Barkakati at (202) 512-4499 or email@example.com. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in enclosure III. Sincerely yours, Steven J. Sebastian Managing Director Financial Management and Assurance Nabajyoti Barkakati Chief Technologist Applied Research and Methods Enclosures – 3 Page 9 GAO-12-830R ABMC 2011 Management Report Enclosure I: Scope and Methodology To fulfill our responsibilities as the auditor of the financial statement of the American Battle Monuments Commission (the Commission), our audit work included the following: • Examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements. This included selecting statistical samples of payroll and nonpayroll expenditures. 17 • Assessed the accounting principles used and significant estimates made by Commission management. • Evaluated the overall presentation of the financial statements. • Obtained an understanding of the Commission and its operations, including its internal control over financial reporting. • Considered the Commission’s process for evaluating and reporting on internal control over financial reporting that the Commission is required to perform by 31 U.S.C. § 3512 (c), (d), commonly known as the Federal Managers’ Financial Integrity Act of 1982. • Assessed the risk that a material misstatement exists in the financial statements and the risk that a material weakness exists in internal control over financial reporting. • Evaluated the design and operating effectiveness of internal control over financial reporting based on the assessed risk. • Tested relevant internal control over financial reporting. • Tested compliance with selected provisions of the following laws and regulations: the Commission’s enabling legislation codified in 36 U.S.C. Chapter 21; public laws applicable to the World War II Memorial Fund; Buffalo Soldiers Commemoration Act of 2005; Continuing Appropriations Resolution, 2010; Consolidated Appropriations Act, 2010; Continuing Appropriations Act, 2011; Full-Year Continuing Appropriations Act, 2011; Antideficiency Act; Pay and Allowance System for Civilian Employees; and Prompt Payment Act. • Performed audit site work at Commission headquarters in Arlington, Virginia; its Paris Overseas Office in Garches, France; and its Brookwood and Cambridge American Cemeteries in London, England. Our audit work was conducted from May 3, 2011, through February 21, 2012, pursuant to our authority to conduct an annual audit of the Commission’s financial statements under 36 U.S.C. § 2103. We performed our audit of the Commission’s fiscal years 2011 and 2010 financial statements in accordance with U.S. generally accepted government auditing standards. We believe that our audit provided a reasonable basis for our conclusions in this report. 17 These statistical samples were selected primarily to determine the validity of activities reported in the Commission’s financial statements. We projected any errors in dollar amounts to the population of transactions from which they were selected. In testing some of these samples, certain attributes were identified that indicated deficiencies in the design or operation of internal control. These attributes, where applicable, were statistically projected to the appropriate populations. Page 10 GAO-12-830R ABMC 2011 Management Report Enclosure II: Comments from the American Battle Monuments Commission Page 11 GAO-12-830R ABMC 2011 Management Report Enclosure III: GAO Contacts and Staff Acknowledgments GAO Contacts Steven J. Sebastian, (202) 512-3406 or firstname.lastname@example.org Nabajyoti Barkakati, (202) 512-4499 or email@example.com Staff Acknowledgments In addition to the contacts named above, John D. Sawyer and Edward Alexander, Assistant Directors; Mark Canter; Taya R. Tasse; and Tory Wudtke made key contributions to this report. (196260) Page 12 GAO-12-830R ABMC 2011 Management Report This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. The Government Accountability Office, the audit, evaluation, and GAO’s Mission investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no Obtaining Copies of cost is through GAO’s website (www.gao.gov). Each weekday afternoon, GAO Reports and GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, Testimony go to www.gao.gov and select “E-mail Updates.” Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, http://www.gao.gov/ordering.htm. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO on Facebook, Flickr, Twitter, and YouTube. Connect with GAO Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts. Visit GAO on the web at www.gao.gov. Contact: To Report Fraud, Waste, and Abuse in Website: www.gao.gov/fraudnet/fraudnet.htm E-mail: firstname.lastname@example.org Federal Programs Automated answering system: (800) 424-5454 or (202) 512-7470 Katherine Siggerud, Managing Director, email@example.com, (202) 512- Congressional 4400, U.S. Government Accountability Office, 441 G Street NW, Room Relations 7125, Washington, DC 20548 Chuck Young, Managing Director, firstname.lastname@example.org, (202) 512-4800 Public Affairs U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548 Please Print on Recycled Paper.
Management Report: Improvements Are Needed to Strengthen the American Battle Monuments Commission's Internal Controls and Accounting Procedures
Published by the Government Accountability Office on 2012-07-26.
Below is a raw (and likely hideous) rendition of the original report. (PDF)