oversight

Management Report: Improvements Are Needed to Strengthen the American Battle Monuments Commission's Internal Controls and Accounting Procedures

Published by the Government Accountability Office on 2012-07-26.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

United States Government Accountability Office
Washington, DC 20548



           July 26, 2012


           The Honorable Max Cleland, Secretary
           American Battle Monuments Commission
           Courthouse Plaza II, Suite 500
           2300 Clarendon Boulevard
           Arlington, Virginia 22201

           Subject: Management Report: Improvements Are Needed to Strengthen the American Battle
                    Monuments Commission’s Internal Controls and Accounting Procedures


           Dear Mr. Secretary:


           In March 2012, we issued our report on the results of our audit of the financial statements of
           the American Battle Monuments Commission (the Commission) as of, and for the fiscal
           years ending September 30, 2011 and 2010, and on the effectiveness of its internal control
           over financial reporting as of September 30, 2011. 1 We also reported our conclusions on the
           Commission’s compliance with provisions of selected laws and regulations.

           Our report concluded that although certain internal controls could be improved, the
           Commission maintained, in all material respects, effective internal control over financial
           reporting as of September 30, 2011. However, we did report a significant deficiency 2 in the
           Commission’s internal control over its payroll processes for its non-U.S. citizen employees
           (foreign employees). 3 The purpose of this report is to present additional information on the
           control issues that we identified during our audit of the Commission’s fiscal year 2011
           financial statements that constituted the significant deficiency and to provide our
           recommended actions to address those issues. Also, we identified an additional internal
           control issue that while not considered to be either a material weakness or a significant
           deficiency, nonetheless warrants management’s attention. This report provides our
           recommendations to address this internal control issue as well. In addition, we are providing
           an update on the status of recommendations we made to address internal control issues

           1
             GAO, Financial Audit: American Battle Monuments Commission’s Financial Statements for Fiscal Years 2011
           and 2010, GAO-12-404 (Washington, D.C.: Mar. 1, 2012).
           2
             A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe
           than a material weakness, yet important enough to merit the attention of those charged with governance. A
           deficiency in internal control exists when the design or operation of a control does not allow management or
           employees, in the normal course of performing their assigned functions, to prevent, or detect and correct
           misstatements on a timely basis. A material weakness is a deficiency, or combination of deficiencies, in internal
           control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements
           will not be prevented, or detected and corrected on a timely basis.
           3
             During fiscal year 2011, the Commission used a total of 396 full-time equivalent positions. Of these, 73
           positions were held by U.S. citizens, while the remaining 323 positions were held by non-U.S. citizens employed
           at the Commission’s regional offices and at the cemeteries in the countries where the Commission operates.


                                                                              GAO-12-830R ABMC 2011 Management Report
identified during our prior years’ financial statement audits of the Commission and related
financial management reports.

Results in Brief

During our audit of the Commission’s fiscal years 2011 and 2010 financial statements, we
identified the following internal control deficiencies that, collectively, constituted a significant
deficiency in the Commission’s internal control over financial reporting as of September 30,
2011.

    •    Access controls over foreign employee payroll systems. The Commission’s
         controls were not fully effective in appropriately segregating duties of the systems
         administrators responsible for the foreign employee (non-U.S. citizen employees)
         payroll systems. In addition, controls were not effective in ensuring that critical
         system updates and patches to the Commission’s servers were made, leaving them
         vulnerable to unauthorized access. 4 These issues increase the risk that unauthorized
         users could access and make changes in the foreign employee payroll systems
         without the Commission’s knowledge.

     • Policies and procedures for processing foreign payroll. The Commission did not
       have written policies and procedures in place detailing key tasks, roles, and
       responsibilities related to processing foreign payroll transactions. This increased the
       risk of (1) errors or irregularities in foreign employee payroll records, (2)
       misstatements in the Commission’s financial statements, and (3) noncompliance
       with relevant laws, regulations, and Commission policies.

In addition, we found the following deficiency in the Commission’s internal control as of
September 30, 2011.


    •    Physical inventory counts. The Commission’s policy for conducting biennial
         physical inventories of equipment was not followed, and procedures for conducting
         the physical inventories had not been developed. These conditions increased the risk
         that safeguarding of assets could be compromised and that errors or misstatements
         could exist in the Commission’s inventory and financial records as well as the
         financial statements and not be promptly detected and corrected.

At the end of our discussion of each issue, we present our recommendations for
strengthening the Commission’s internal control. We are making seven new
recommendations that, if effectively implemented, should address the internal control
deficiencies we identified. These recommendations are intended to bring the Commission
into conformance with its own policies, the Standards for Internal Control in the Federal




4
  Patches are additional pieces of code that have been developed to address specific problems or flaws in
existing software. Vulnerabilities are flaws that can be exploited, enabling unauthorized access to information
technology systems or enabling users to have access to greater privileges than authorized. A server represents
a computer running administrative software that controls access to all or part of the network and its resources,
such as disk drives or printers. A computer acting as a server makes resources available to computers acting as
workstations on the network.


Page 2                                                          GAO-12-830R ABMC 2011 Management Report
Government, 5 and guidance issued by the National Institute of Standards and Technology
(NIST). 6

As a result of our fiscal years 2007 through 2010 audits of the Commission’s financial
statements, we have provided the Commission with 170 recommendations to improve its
internal control, accounting procedures, and information systems. Through February 21,
2012, the date of our completion of the fiscal year 2011 audit, the Commission had
implemented 127 recommendations, or about 75 percent of the recommendations we have
made from the 2007 through 2010 audits.

In commenting on a draft of this report, the Commission stated it agreed with the issues
raised and would respond more fully at a later date. The Commission’s response is reprinted
in its entirety in enclosure II.

Scope and Methodology

This report addresses internal control deficiencies we identified during our audit of the
Commission’s fiscal years 2011 and 2010 financial statements. As part of our audit, we
tested the Commission’s internal control over financial reporting. 7 We designed our audit
procedures to test relevant controls, including those for proper authorization, execution,
accounting, and reporting of transactions. In conducting the audit, we reviewed applicable
Commission policies and procedures, assessed controls over the recording and processing
of transactions, examined relevant documents and records, and interviewed management
and staff. We also performed a targeted general controls and security review of the
Commission’s critical computer systems using applicable sections of GAO’s Federal
Information System Controls Audit Manual (FISCAM). 8

We performed our audit of the Commission’s fiscal years 2011 and 2010 financial
statements in accordance with U.S. generally accepted government auditing standards. We
believe that our audit provided a reasonable basis for our conclusions in this report. Further
details on our audit scope and methodology are presented in enclosure I.




5
  GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.:
November 1999), contains the internal control standards to be followed by executive agencies in establishing
and maintaining systems of internal control as required by 31 U.S.C. § 3512 (c), (d) (commonly referred to as the
Federal Managers’ Financial Integrity Act of 1982).
6
  The Federal Information Security Management Act (FISMA) requires each agency to develop, document, and
implement an agencywide information security program for the information and information systems that support
the operations and assets of the agency, using a risk-based approach to information security management.
FISMA assigned to NIST the responsibility for developing standards and guidelines that include minimum
information security requirements. See 15 U.S.C. § 278g-3.
7
  An entity’s internal control over financial reporting is a process effected by those charged with governance,
management, and other personnel, the objectives of which are to provide reasonable assurance that (1)
transactions are properly recorded, processed, and summarized to permit the preparation of financial statements
in accordance with U.S. generally accepted accounting principles, and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition and (2) transactions are executed in accordance with the laws
governing the use of budget authority and other laws and regulations that could have a direct and material effect
on the financial statements.
8
  GAO, Federal Information System Controls Audit Manual (FISCAM), GAO-09-232G (Washington, D.C.:
February 2009).


Page 3                                                          GAO-12-830R ABMC 2011 Management Report
Significant Deficiency

Access Controls over Foreign Employee Payroll Systems


During our fiscal year 2011 financial statement audit, we identified deficiencies in controls
over the Commission’s foreign employee payroll systems. These deficiencies increased the
risk of unauthorized access to, and alteration of, payroll-related information that would not
be detected by Commission management.


Specifically, we found that two system administrators had inappropriate system access,
allowing them to not only make system changes but to alter data in systems for which they
were responsible. These administrators were responsible for (1) developing, (2) testing, and
(3) implementing the foreign payroll systems and any changes to them, which included the
systems used to process their own payroll. This amounted to the administrators having the
ability to read, change, and delete any data in the foreign payroll systems without oversight
or verification by Commission management. This included the ability to alter their own wage
and earnings and other data before the payroll files are sent to the U.S. Department of the
Treasury (Treasury) for the disbursement of wages and to the Commission’s financial
management system for recording in the general ledger. 9 Such access authority increases
the risk that administrators could add or alter payroll data without authorization and that
such changes would not be readily detectable by Commission management. The systems
administrators were able to perform these inappropriate functions because the Commission
had not developed, documented, and implemented policies and procedures for assigning
and segregating roles and responsibilities for staff members involved in the administrative
functions of the foreign payroll systems.


We also found that the Commission had not installed critical updates and patches on
several of its servers as outlined in its Computer Security Plan. Patch management is a
critical process to securing computing systems and data processed in those systems. 10
Up-to-date patch installation helps mitigate flaws in software code that could be exploited to
cause significant damage and enable malicious individuals to read, modify, or delete
sensitive information or disrupt operations. 11 By not installing critical system updates and
patches, unauthorized users could gain full administrator-level access to the Commission’s
systems through a server that communicates with the Internet. This, in turn, could allow
unauthorized users to gain administrator-level access to the foreign employee payroll
systems. Based on our discussions with Commission staff, we were informed that the critical
updates were not installed primarily because of an oversight when the servers were
converted to a virtualized environment during fiscal year 2010. 12 This oversight also
contributed to the Commission’s Computer Security Plan not being updated to reflect the

9
  Payroll for the Commission’s federal employees (U.S. citizens) is managed by the General Services
Administration, and these employees are paid using electronic funds transfers from Treasury. Payroll for the
majority of its foreign employees is managed by the Commission in three separate payroll systems. These
systems generate payroll files that are used to initiate wage disbursements from Treasury and record entries in
the Commission’s general ledger.
10
   GAO, Information Security: Continued Action Needed to Improve Software Patch Management, GAO-04-706
(Washington, D.C.: June 2, 2004).
11
   GAO, Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements,
GAO-12-137 (Washington, D.C.: Oct. 3, 2011).
12
   Virtualization is a process by which several operating systems can be run in parallel on a single central
processing unit. This parallelism tends to reduce overhead costs and differs from multitasking, which involves
running several programs on the same operating system.


Page 4                                                          GAO-12-830R ABMC 2011 Management Report
virtualized environment. By not updating the security plan to reflect the current information
technology environment, the Commission’s ability to adhere to established operational and
security controls was impaired.


Internal control standards state that key duties and responsibilities need to be divided or
segregated among different people to reduce the risk of error or fraud. 13 No one individual
should control all key aspects of a transaction or event. Similarly, no single system
administrator should have the ability to develop, test, and implement a financial information
system without appropriate mitigating controls. In addition, NIST standards suggest that an
organization separate duties of individuals, as necessary, to prevent malevolent activity
without collusion. Further, NIST provides that organizations should promptly install security-
relevant software updates (such as patches). By not ensuring that operational and computer
security controls are designed to limit access to authorized users, the Commission increases
the risk of unauthorized access and manipulation of its information systems and related data
and misstatements in the financial statements.

Recommendations for Executive Action


We recommend that the Commission direct the appropriate officials to take the following
actions:
      •   Establish and implement written policies and procedures to identify and appropriately
          segregate the roles and responsibilities of staff involved in developing, testing, and
          implementing changes to and maintenance of the foreign employee payroll systems
          to reduce the risk of malevolent activity without collusion.
      •   Perform a review of the Commission’s computer systems and servers to assess
          whether all patches and critical updates are current. For any systems and servers
          found without the most current patch or update, establish a process to ensure
          immediate installation.
      •   Establish a mechanism to monitor implementation of existing procedures requiring
          timely installation of all patches and critical updates as outlined in the Commission’s
          Computer Security Plan.
      •   Update the Commission’s Computer Security Plan to reflect the current state of the
          Commission’s information technology environment.


Policies and Procedures for Processing Foreign Payroll

During our fiscal year 2011 financial statement audit, we found that the Commission did not
have effective controls to minimize the risk of errors in processing payroll actions for its
foreign employees. Specifically, we found that the Commission did not have policies and
procedures clearly delineating the responsibilities of both the Human Resources and
Finance Directorates with respect to ensuring accurate and complete payroll information for
foreign employees.

The Human Resources Directorate is responsible for processing all foreign employee
personnel actions, such as promotions, salary increases, and benefit changes. The Finance
Directorate is responsible for verifying and approving foreign employee information in the

13
     GAO/AIMD-00-21.3.1.


Page 5                                                   GAO-12-830R ABMC 2011 Management Report
payroll systems, including the certification of time charges and verification of salary and
benefits information. We found that the Commission did not have procedures that set out
required steps to be followed by the Human Resources Directorate to communicate
employee actions that it approved and processed to the Finance Directorate. The lack of
such sufficiently detailed procedures regarding the roles and responsibilities of each
directorate increased the risk of undetected errors in the reporting of payroll information.

For example, during our testing of foreign payroll expenditures, we were unable to trace the
amounts in the foreign payroll systems to the general ledger. When we asked the
Commission’s Finance Directorate for a reconciliation of the amounts, officials were unable
to readily provide the supporting documentation and related explanations describing the
differences. Although the support and explanations were subsequently provided, we found
that during the course of the staff’s day-to-day operations, written instructions or directives
were not available outlining the key tasks, roles, and responsibilities of each directorate
involved in processing foreign payroll. Moreover, during our testing of a statistical sample of
payroll expenditures, we found two instances where payroll information was incorrect. These
findings and errors were consistent with the results of similar testing in prior years’ audits. 14
The lack of written policies and procedures clearly outlining the tasks, roles, and
responsibilities of the Human Resources and Finance Directorates for processing foreign
payroll contributed to the errors we identified.

Internal control standards state that control activities must be clearly documented,
periodically updated, and readily available for examination. 15 Control activities are an
integral part of an entity’s planning, implementing, reviewing, and accountability for
stewardship of government resources and achieving effective results. However, to be
effective, the policies and procedures used to carry out the Human Resources and Finance
Directorates’ functions should be clearly documented to ensure that all transactions are
completely and accurately recorded and that management’s directives are carried out in an
effective and efficient manner to accomplish control objectives. Without clear policies and
procedures and a formal means to communicate payroll actions, earnings and leave
changes and other amounts involved in processing foreign payroll could be unsupported,
duplicated, or omitted, resulting in errors in the payroll records for foreign employees. This
increases the risk of misstatements in the financial statements and noncompliance with
relevant laws, regulations, and Commission policies.


Recommendation for Executive Action

We recommend that the Commission direct the appropriate officials to establish written
policies and procedures outlining the key tasks, roles, and responsibilities of both the
Human Resources Directorate and the Finance Directorate, including a formal mechanism
for communicating all decisions and actions related to processing payroll for foreign
employees.




14
   GAO, American Battle Monuments Commission: Improvements Needed in Internal Controls and Accounting
Procedures – Fiscal Year 2010, GAO-11-577R (Washington, D.C.: July 28, 2011), and Management Report:
Improvements Needed in American Battle Monuments Commission’s Internal Controls and Accounting
Procedures, GAO-10-596R (Washington, D.C.: July 23, 2010).
15
   GAO/AIMD-00-21.3.1.


Page 6                                                     GAO-12-830R ABMC 2011 Management Report
Other Control Deficiencies


Physical Inventory Counts


During our fiscal year 2011 financial audit, we identified deficiencies in the Commission’s
internal controls over reporting and safeguarding of property, plant, and equipment.
Specifically, we found that although the Commission had a policy to perform biennial
physical inventory counts of all equipment over $500, this policy was not adhered to during
fiscal year 2011. We were told that the policy had not been followed because of (1) an
oversight or other tasks being given a higher priority and (2) written procedures for
performing such physical inventory counts not being developed. A physical inventory count
helps ensure that assets, such as the heavy equipment (e.g., tractors and mowers)
purchased to maintain cemetery grounds and facilities, are accurately recorded, exist at a
given point in time, and are properly safeguarded. This verification also helps ensure that
information in the inventory records and general ledger, and ultimately the financial
statements, is accurate, complete, and reliable.


Internal control standards state that control activities, including policies and procedures, help
ensure that management’s directives are carried out in an effective and efficient manner to
accomplish control objectives. 16 They are also an integral part of planning, implementing,
reviewing, and accountability for stewardship of government resources and achieving
effective results. Further, the standards state that an agency must establish physical control
to safeguard vulnerable assets and these assets should be periodically counted and
compared to control records. Because the Commission has not developed procedures for
performing a physical inventory count of equipment, there is an increased risk that the
inventory counts will not be (1) performed, (2) conducted properly, or (3) used as a control to
detect theft of assets. This, in turn, increases the risk that misstatements in the financial
statements may not be promptly detected and corrected and that assets are not effectively
safeguarded from theft or loss.


Recommendations for Executive Action


We recommend that the Commission direct the appropriate officials to take the following
actions:
              •   Establish and implement written procedures for conducting all physical
                  inventory counts of equipment. These procedures, at a minimum, should
                  outline the processes for (1) planning and executing the physical inventory
                  count and (2) analyzing and documenting the results.
              •   Establish a mechanism to monitor implementation of existing Commission
                  policy to perform biennial physical inventory counts of all items of equipment
                  with an obligated balance of $500 or more.




16
     GAO/AIMD-00-21.3.1.



Page 7                                                  GAO-12-830R ABMC 2011 Management Report
Status of Prior Years’ Recommendations

As a result of our fiscal years 2007 through 2010 audits of the Commission’s financial
statements, we have provided the Commission with 91 recommendations to improve its
internal control and accounting procedures. As summarized in table 1, as of February 21,
2012, the date of audit completion for the fiscal year 2011 audit, the Commission had
implemented 66, or about 73 percent, of our recommendations related to our prior years’
findings on internal control and accounting procedure issues.
Table 1: Status of Fiscal Years 2007 through 2010 Internal Control and Accounting Procedure
Recommendations
 Fiscal year ended                Total number of          Number of closed           Number of open
 Sept. 30                       recommendations           recommendations           recommendations

 2007                                            5                      5                         0
 2008                                           26                     23                         3
 2009                                           45                     33                        12
 2010                                           15                      5                        10
 Total                                          91                     66                        25
Source: GAO analysis as of February 21, 2012.



The Commission stated that it has actions under way to address the remaining 25
recommendations related to internal control and accounting procedure issues.

Also, as a result of our fiscal years 2007 through 2010 audits of the Commission’s financial
statements, we have provided the Commission with 79 recommendations related to
information systems control issues. As summarized in table 2, as of February 21, 2012, the
date of audit completion for the fiscal year 2011 audit, the Commission had implemented 61,
or about 77 percent, of our recommendations related to our prior years’ findings on
information systems.

Table 2: Status of Fiscal Years 2007 through 2010 Information Systems Recommendations
 Fiscal year ended                Total number of        Number of closed         Number of open
 Sept. 30                       recommendations          recommendations        recommendations

 2007                                            8                      8                         0
 2008                                           18                     18                         0
 2009                                           37                     24                        13
 2010                                           16                     11                         5
 Total                                          79                     61                        18
Source: GAO analysis as of February 21, 2012.



The Commission stated that it has actions under way to address the remaining 18
recommendations related to information systems issues.


In total, of the 170 recommendations we made to improve its internal control, accounting
procedures, and information system controls, the Commission had implemented 127, or
about 75 percent, of our recommendations from the fiscal years 2007 through 2010 financial
audits. We will evaluate the status of the Commission’s actions to address all of the prior
year recommendations that remain open, as well as the new recommendations we are
making in this report, in future audits of the Commission’s financial statements.




Page 8                                                    GAO-12-830R ABMC 2011 Management Report
Commission Comments and Our Evaluation

In its written comments, reprinted in enclosure II, the Commission Secretary agreed with the
issues raised in the report and stated that the Commission would provide a full response to
each recommendation as part of its 31 U.S.C. § 720 letter to the Congress, which is due 60
days after the issuance of the report. As part of our fiscal year 2012 financial statement
audit, we will follow up on all of these matters to determine the status of related corrective
actions.
                                              *****
This report contains recommendations to the Commission. The head of a federal agency is
required by 31 U.S.C. § 720 to submit a written statement on actions taken on these
recommendations. You should submit your statement to the Senate Committee on
Homeland Security and Governmental Affairs and to the House Committee on Oversight
and Government Reform within 60 days of the date of this report. A written statement must
also be sent to the House and Senate Committees on Appropriations with the Commission’s
first request for appropriations made more than 60 days after the date of this report.
Furthermore, to ensure that we have accurate, up-to-date information on the status of the
Commission’s actions on our recommendations, we request that you also provide us with a
copy of the Commission’s statement of actions taken on open recommendations. Please
send your statement of actions to Steven Sebastian, Managing Director, at
sebastians@gao.gov or John D. Sawyer, Assistant Director, at sawyerj@gao.gov.

This report is intended for use by the management of the Commission. We are sending
copies of this report to interested congressional committees and the Acting Director of the
Office of Management and Budget. In addition, the report is available at no charge on the
GAO website at http://www.gao.gov.

We acknowledge and appreciate the cooperation and assistance provided by Commission
management and staff during our audit of the Commission’s fiscal years 2011 and 2010
financial statements. If you have any questions about this report or need assistance in
addressing these issues, please contact Steven Sebastian at (202) 512-3406 or
sebastians@gao.gov or Nabajyoti Barkakati at (202) 512-4499 or barkakatin@gao.gov.
Contact points for our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. GAO staff who made major contributions to this report are
listed in enclosure III.

Sincerely yours,




Steven J. Sebastian
Managing Director
Financial Management and Assurance



Nabajyoti Barkakati
Chief Technologist
Applied Research and Methods

Enclosures – 3



Page 9                                                GAO-12-830R ABMC 2011 Management Report
Enclosure I: Scope and Methodology


To fulfill our responsibilities as the auditor of the financial statement of the American Battle
Monuments Commission (the Commission), our audit work included the following:


     •    Examined, on a test basis, evidence supporting the amounts and disclosures in the
          financial statements. This included selecting statistical samples of payroll and
          nonpayroll expenditures. 17

     •    Assessed the accounting principles used and significant estimates made by
          Commission management.

     •    Evaluated the overall presentation of the financial statements.

     •    Obtained an understanding of the Commission and its operations, including its
          internal control over financial reporting.

     •    Considered the Commission’s process for evaluating and reporting on internal
          control over financial reporting that the Commission is required to perform by 31
          U.S.C. § 3512 (c), (d), commonly known as the Federal Managers’ Financial Integrity
          Act of 1982.

     •    Assessed the risk that a material misstatement exists in the financial statements and
          the risk that a material weakness exists in internal control over financial reporting.

     •    Evaluated the design and operating effectiveness of internal control over financial
          reporting based on the assessed risk.

     •    Tested relevant internal control over financial reporting.

     •    Tested compliance with selected provisions of the following laws and regulations: the
          Commission’s enabling legislation codified in 36 U.S.C. Chapter 21; public laws
          applicable to the World War II Memorial Fund; Buffalo Soldiers Commemoration Act
          of 2005; Continuing Appropriations Resolution, 2010; Consolidated Appropriations
          Act, 2010; Continuing Appropriations Act, 2011; Full-Year Continuing Appropriations
          Act, 2011; Antideficiency Act; Pay and Allowance System for Civilian Employees;
          and Prompt Payment Act.

     •    Performed audit site work at Commission headquarters in Arlington, Virginia; its
          Paris Overseas Office in Garches, France; and its Brookwood and Cambridge
          American Cemeteries in London, England.

Our audit work was conducted from May 3, 2011, through February 21, 2012, pursuant to
our authority to conduct an annual audit of the Commission’s financial statements under
36 U.S.C. § 2103. We performed our audit of the Commission’s fiscal years 2011 and 2010
financial statements in accordance with U.S. generally accepted government auditing
standards. We believe that our audit provided a reasonable basis for our conclusions in this
report.



17
  These statistical samples were selected primarily to determine the validity of activities reported in the
Commission’s financial statements. We projected any errors in dollar amounts to the population of transactions
from which they were selected. In testing some of these samples, certain attributes were identified that indicated
deficiencies in the design or operation of internal control. These attributes, where applicable, were statistically
projected to the appropriate populations.


Page 10                                                           GAO-12-830R ABMC 2011 Management Report
Enclosure II: Comments from the American Battle Monuments Commission




Page 11                                     GAO-12-830R ABMC 2011 Management Report
Enclosure III: GAO Contacts and Staff Acknowledgments

GAO Contacts

Steven J. Sebastian, (202) 512-3406 or sebastians@gao.gov
Nabajyoti Barkakati, (202) 512-4499 or barkakatin@gao.gov

Staff Acknowledgments

In addition to the contacts named above, John D. Sawyer and Edward Alexander, Assistant
Directors; Mark Canter; Taya R. Tasse; and Tory Wudtke made key contributions to this
report.




(196260)


Page 12                                           GAO-12-830R ABMC 2011 Management Report
This is a work of the U.S. government and is not subject to copyright protection in the
United States. The published product may be reproduced and distributed in its entirety
without further permission from GAO. However, because this work may contain
copyrighted images or other material, permission from the copyright holder may be
necessary if you wish to reproduce this material separately.
                      The Government Accountability Office, the audit, evaluation, and
GAO’s Mission         investigative arm of Congress, exists to support Congress in meeting its
                      constitutional responsibilities and to help improve the performance and
                      accountability of the federal government for the American people. GAO
                      examines the use of public funds; evaluates federal programs and
                      policies; and provides analyses, recommendations, and other assistance
                      to help Congress make informed oversight, policy, and funding decisions.
                      GAO’s commitment to good government is reflected in its core values of
                      accountability, integrity, and reliability.

                      The fastest and easiest way to obtain copies of GAO documents at no
Obtaining Copies of   cost is through GAO’s website (www.gao.gov). Each weekday afternoon,
GAO Reports and       GAO posts on its website newly released reports, testimony, and
                      correspondence. To have GAO e-mail you a list of newly posted products,
Testimony             go to www.gao.gov and select “E-mail Updates.”

Order by Phone        The price of each GAO publication reflects GAO’s actual cost of
                      production and distribution and depends on the number of pages in the
                      publication and whether the publication is printed in color or black and
                      white. Pricing and ordering information is posted on GAO’s website,
                      http://www.gao.gov/ordering.htm.
                      Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
                      TDD (202) 512-2537.
                      Orders may be paid for using American Express, Discover Card,
                      MasterCard, Visa, check, or money order. Call for additional information.
                      Connect with GAO on Facebook, Flickr, Twitter, and YouTube.
Connect with GAO      Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts.
                      Visit GAO on the web at www.gao.gov.
                      Contact:
To Report Fraud,
Waste, and Abuse in   Website: www.gao.gov/fraudnet/fraudnet.htm
                      E-mail: fraudnet@gao.gov
Federal Programs      Automated answering system: (800) 424-5454 or (202) 512-7470

                      Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-
Congressional         4400, U.S. Government Accountability Office, 441 G Street NW, Room
Relations             7125, Washington, DC 20548

                      Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
Public Affairs        U.S. Government Accountability Office, 441 G Street NW, Room 7149
                      Washington, DC 20548




                        Please Print on Recycled Paper.