United States General Accounting Office
Internal Control
GAO
Exposure Draft
December 2000
Maintaining Effective Control Over Employee Time and Attendance
Reporting
GAO01186G
Abbreviations
INTRODUCTION
In recent years significant changes in work place habits and
technological advances have affected the manner in which time and
attendance (T&A) reporting is accomplished. For example, more
flexible work schedules and places, and the trend in government to
streamline operations have provided a major impetus for changes in
T&A systems. However, perhaps the most significant influence on
these changes is advancing technology and the increased use of
automation. The Government Paperwork Elimination Act (GPEA)
encourages the movement toward paperless applications and the use
of electronic signatures. Although GPEA focuses on electronic
systems regarding information obtained from and provided to sources
outside the government, it provides an additional impetus to
agencies to seek further applications of paperless systems and use
of electronic signatures.
Trends toward increased automation and workplace flexibility
have changed the operating environment. However, the need for good
internal control continues to exist. To keep abreast of the
changes, especially those in automation, we have revised this
document to emphasize the attention that should remain regarding
effective internal control in T&A systems. This document offers
suggestions for taking advantage of the advancements in automated
T&A systems and updates the previous guidance to incorporate
guidance offered in response to agency requests.1
As advancing technologies continue, managers have greater
flexibility in designing and implementing T&A systems best
suited for their agencies. In designing and implementing new
T&A systems or components of existing systems, management
should strive for costbeneficial systems and related internal
control.
The traditional work schedule followed by civilian employees
differs from those generally followed by members on active duty of
the armed services. Because traditional work schedules influence
internal control in T&A systems, this document contains two
major parts, the first dealing with civilian employees who are
expected to be "working," usually during certain times and the
second part dealing with members of the active duty armed services
who are expected to be in a "duty status" and thus on call 24 hours
a day. Part I, civilian employees, provides guidance for civilian
employees, and part II, military service members, provides guidance
for military service members. Employees who are paid regardless of
their presence or absence and who do not accrue leave under 5
U.S.C. 6301 et seq. (e.g., certain political appointees) are exempt
from the provisions of this document.2
Questions on or interpretations of any material in this document
may be submitted to the Managing Director, Financial Management and
Assurance, U.S. General Accounting Office, 441 G Street NW,
Washington, DC 20548.
1
When issued in final, this document will replace our 1996
revision to Title 6, "Pay, Leave, and Allowances," of the GAO
PolicyandProceduresManualforGuidanceofFederalAgencies.
2
See Comptroller General Decision B123698 (May 10, 1978).
(BLANK)
PART I: CIVILIAN EMPLOYEES
INTERNAL CONTROL OBJECTIVES IN T&A SYSTEMS
The primary objective of a T&A system is to ensure that
hours worked, hours in pay status, and hours absent are properly
reported. Reliable data are important to accurately compute and
account for computed pay, leave, and allowances. To achieve this
objective, management should have in place an internal control
system that provides reasonable assurance that (1) T&A
transactions are properly authorized and approved and (2) T&A
data are completely and accurately recorded and retained.
T&A Transactions Are Properly Authorized and Approved
The nature and extent of T&A transaction approvals and
controls can vary among T&A systems. Fully automated systems,
for example, may require fewer approvals than manual systems
because of automated edits and controls, and the use of automated
signatures. Nevertheless, the nature and extent of T&A
approvals must be such that management has assurance that
supervisors or other officials know they are accountable for the
approvals of an employee's work time and absences. This helps
ensure that accurate T&A information is recorded and reported
for the purposes of computing pay and allowances.
Primary responsibility for authorizing and approving T&A
transactions rests with the employee's supervisor, who approves the
employee's T&A reports. Timekeepers3 and supervisors must be
aware of the work time and absence of employees for whom they are
responsible to ensure the reliability of T&A data. To the
extent practical, changes to an employee's normal work schedule
should generally be approved prior to the change actually
occurring. Unanticipated changes should be reviewed for approval or
disapproval as soon as reasonably possible.
T&A Data Are Complete and Accurate
Because most federal civilian employees are paid on an hourly
basis (or fractions of an hour) and earn and charge leave on that
basis, a complete and accurate record of the time an employee works
must be retained as an official agency record available for review
or inspection. To provide a basis for pay, leave, and benefits, the
records must include aggregate hours of regular time, other time
(e.g., overtime, credit hours, or compensatory time), and leave.4
To help ensure accuracy, the completed records must be reviewed and
approved by the supervisor (or other equivalent official). In an
automated environment, system edits and other automated tests
can
3
The traditional T&A system normally involved a timekeeper
who was responsible for assisting supervisors in recording and
verifying employees' work time and absences. New T&A systems
can reduce or even eliminate timekeepers' duties and shift the
responsibilities to employees or supervisors. Regardless of the
changes made, recording accurate T&A information remains the
primary control objective.
4
Traditionally, daily arrival and departure times were required
to be recorded. Although it is not required that daily records be
maintained, agency management may choose to do so by using
signin/signout sheets or other means.
assist the supervisor in his or her review and verify that
recorded work time is accurate and allowable.
RELIANCE ON INTERNAL CONTROLS IN A T&A SYSTEM
As T&A systems evolve toward increasingly automated methods
of recording and reporting employee work and leave times, it is
important to implement and maintain a welldefined system that
provides management with the confidence that controls are working
as designed. This can be done by:
•
Having a welldefined organizational structure and flow of
T&A data with clearly written policies and procedures setting
forth the responsibilities of employees, timekeepers (if
applicable), and supervisors regarding recording, examining, and
approving T&A transactions.
•
Effectively applying available technology and concepts to
achieve efficient and effective T&A system processes in
accordance with applicable requirements and the environment in
which the agency operates.
•
Having the ability to record payroll costs by
appropriation, organizational code, and work activity to facilitate
application of required cost accounting for financial and program
management.
•
Reviewing and testing all aspects of the T&A systems'
processing procedures and controls in sufficient scope, depth, and
frequency to provide reasonable assurance that key procedures and
controls are working and effective and that data integrity is
maintained.
Agencies' T&A systems are subject to periodic review under
the Federal Managers' Financial Integrity Act of 1982 (FMFIA) (31
U.S.C. 3512(c), (d)).5
RECORDING AND MAINTAINING COMPLETE AND ACCURATE T&A
RECORDS
Required T&A Information
The following T&A information and documentation should be
recorded and maintained for each employee for each pay period:
1. employee name and unique identifying number (e.g., a social
security number),
5StandardsforInternalControlintheFederalGovernment(GAO/AIMD0021.3.1)
was revised in November 1999, and is available on the Internet, GAO
home page (www.gao.gov) under "Other Publications." It is also
available in hard copy by calling (202) 5126000 or at the U.S.
General Accounting Office, 700 4th Street NW, Room 1100,
Washington, D.C. In addition, the Office of Management and Budget
(OMB) requirements for evaluating financial systems and controls
are in OMB Circular A123, InternalControlSystems(June 1995)and OMB
Circular A127, FinancialManagementSystems(July 1993). These OMB and
GAO issuances establish the criteria and rules for assessing and
reporting annually on the status of agency systems and
controls.
2.
pay period number or dates,
3.
hours worked,
4.
hours of premium pay, by type, to which the employee is
entitled,
5.
dates and number of hours of leave (by type), credit
hours, and compensatory hours earned and used,6
6.
evidence of approval by an authorized official (usually
the supervisor),
7.
any required supporting documentation or records for
absences, and
8.
other information agencies believe necessary.
A T&A record containing all required data elements can be
(1) a manually completed hard copy document, (2) an automated file
retained electronically, or (3) a combination of automated and
manual records. The T&A information can be obtained using a
number of different methods, including but not limited to
preprinted or designed T&A forms; other standard forms;
internal memorandums; emails; employee, timekeeper, or supervisor
notations (for example, that might result from phone
conversations); or other formats so long as the documents are
controlled and retained as the official T&A record of
employees. The data contained in the T&A records should be
linked to accounting records and provide the necessary support for
financial reporting and allocation of costs.
Recording T&A Data
Agency policy must affix accountability for recording the
T&A data referred to in the previous section. The data may be
recorded by the
1.
individual employee,
2.
timekeeper,
3.
supervisor, or
4.
a combination of the three.
Agency policy must assign accountability for recording and
maintaining T&A data referred to in the previous section. If
the employee is not recording his or her T&A data, the basis
for recording the data could be (1) the timekeeper's or
supervisor's observation, (2) time clocks, or other automated
timekeeping devices, where not prohibited by law, or (3) other
applicable techniques. The person recording the T&A data
acknowledges responsibility for the accuracy of the recorded
data.
The point at which T&A data are recorded can vary among
different T&A systems. For example, T&A data may be
recorded (1) daily, (2) when deviations occur from an individual's
or agency's established work schedule, or (3) at the end of the pay
period. Regardless of the timing of recording T&A data,
management must have in place a system of control techniques that
gives reasonable assurance that the recorded information reflects
time worked, leave taken, or other absences.
6Cumulative balances of available leave by type per employee are
required to be maintained on record. Agencies may maintain these
cumulative balances on biweekly or pay period T&A records which
show the available balances for the pay period ending. Examples of
the types of leave on such T&A records include, but are not
limited to, annual, sick, and family friendly leave.
Supplementary T&A Records
Supplementary T&A records, containing information not
previously discussed, shall be completed and maintained. Examples
of such records include those for establishing (1) work schedules,7
(2) flexiplace arrangements,8 (3) cumulative leave balances
available for use by type,
(4)
overtime, (5) compensatory time earned and used, (6)
credit hours earned and used under an alternative work schedule,
and (7) number of unscheduled duty hours. The records must
show
(1)
an employee's pay period schedules indicating planned
start and stop work times and hours per day for an established work
schedule, (2) the aggregate hours (or fractions of hours) and days
the employees worked regular hours, worked overtime, took leave, or
used earned compensatory time or credit hours, and (3) the
supervisor's approval. In order for the agency to properly document
and calculate an employee's overtime pay entitlements under 5
U.S.C. chapters 55 and 61 and 29 U.S.C. 201 et seq., the records
must distinguish between regular overtime and irregular or
occasional overtime.
Employees Temporarily Assigned to Another Agency
When an employee is on temporary assignment to another agency,
the agency to which the employee is detailed must record T&A
data for the employee in accordance with these requirements. It
must also report the information to the employee's home agency
promptly to facilitate disbursement of pay by the home agency.
Access to T&A Information
Access to T&A information should be limited to those
authorized to access the information.
AUTHORIZING AND APPROVING T&A TRANSACTIONS
Attestations, Verifications, and Approvals
This section (1) defines attestations, verifications, and
approvals and (2) discusses how attestations, verifications, and
approvals can be achieved in a manual or automated T&A system
environment.
Attestation refers to an employee affirming T&A data to be
true, correct, and accurate. Verification is a confirmation,
usually by the timekeeper or supervisor, that recorded information
is true, correct, and accurate to the best of his/her knowledge.
Approval is the supervisor's, other equivalent official's, or
higher level manager's agreement, ratification, or concurrence
to
(1) a planned work schedule and leave of employee or (2) actual
T&A data. Such approvals represent that the actual work
schedule recorded by the employee or timekeeper is to the best
of
7
Federal agencies can allow employees to vary their daily arrival
and departure times and, under some options, to vary the length of
their workday or workweek. In all cases, fulltime employees are
required to work or otherwise account for 80 hours each biweekly
pay period (5 U.S.C. 6120 et seq.).
8
See Office of Personnel Management's (OPM) Memorandum for
Personnel Directors on the subject of Alternative Workplace
Arrangements, October 21, 1993.
the approving official's knowledge true, correct, and accurate,
and in accordance with applicable laws, regulations, and legal
decisions. The approving official acknowledges awareness and
understanding of his/her responsibility when approving T&A
data.
The evidence of attestations, verifications, and approvals will
of necessity differ between manual and automated systems. In manual
systems, attestations, verifications, and approvals are usually
shown by a signature or initial of an individual on a hard copy
document. In automated systems, they are represented by what can be
referred to generically as electronic signatures.9 There are many
types of electronic signature technologies offering different
degrees of confidence, control, and security. In selecting and/or
developing, and implementing a particular electronic signature
technology for an automated T&A application, management must
assess the risks associated with the loss, misuse, or compromise of
the electronic T&A information and signatures compared to the
benefits, costs, and effort associated with selecting and/or
developing and managing the automated systems and electronic
signatures.10 See the appendix for a further explanation about
electronic signatures and GAO's review of such applications.
Authorizing an Employee's Work Schedule
When (1) an employee's work schedule differs from the agencywide
schedule established by management or (2) reflects a flexible work
program, an employee's work schedule should be approved by the
supervisor or the official most knowledgeable of the employee's
schedule in advance of the period when the plan takes effect. If
the schedule is not approved in advance, the plan should be
approved as soon after the start of the pay period as possible.
Approval must be granted for overtime before the work has been
performed when feasible and, when not feasible, as soon as possible
after the work has been performed. Care must be taken to
distinguish between regular overtime and irregular overtime or
occasional overtime (or compensatory time in lieu of overtime,
where allowed) in order for the agency to properly document and
calculate an employee's overtime pay entitlements under 5 U.S.C.
chapters 55 and 61 and 29 U.S.C. 201 et seq.
Approval of Leave
Approval of leave should be made by the employee's supervisor
before the leave is taken. If leave is not approved in advance, it
should be reviewed for approval or disapproval as soon as
reasonably possible after taken.
9
The GPEA defines "electronic signature" as a method of signing
an electronic message that (1) identifies and authenticates a
particular person as the source of the electronic message and (2)
indicates such person's approval of the information contained in
the message.
10
GPEA requires agencies to comply with the guidance issued by OMB
regarding automated systems that maintain electronic information as
a substitute for paper and use of electronic signatures. OMB issued
the guidance in Memorandum M0010, dated April 25, 2000. A 29page
attachment to the memorandum contains the details of the guidance.
Also, as part of the OMB guidance, the Department of Justice was
charged with developing practical guidance on legal considerations
related to agencies' use of electronic filing and record keeping.
The department issued LegalConsiderationsinDesigningandImplementing
ElectronicProcesses:AGuideforFederalAgenciesin November 2000.
Attestation and Verification by Employees and Timekeepers
The employee and timekeeper, if any, are not required to attest
or verify T&A reports and related documents. However, if
management requires such attestations and/or verifications, they
should be performed as close to the end of the pay period as
possible. When not possible until after the end of the pay period,
a copy of the T&A report and related documents, when
applicable, should be provided to the employee promptly for
attestation and to the timekeeper promptly for verification. The
employee and/or timekeeper should promptly disclose any
discrepancies to the supervisor. The supervisor should promptly
resolve such discrepancies.
Approval of T&A Reports and Related Records
All T&A reports and related supporting documents (e.g.,
overtime pay authorizations) must be reviewed and approved by an
authorized official. Review and approval should be made by the
official, normally the immediate supervisor, most knowledgeable of
the time worked and absence of the employee involved. Approval of
T&A reports and related documents should be based on personal
observation, work output, timekeeper verification, checking data
against other independent sources, reliance on other controls, or a
combination of these methods.
The official most knowledgeable of the time worked should
approve any overtime or compensatory time. Care should be taken (1)
to ensure that the overtime was approved, preferably in advance,
and (2) that the amount and type of overtime (regular or
irregular), credit hours, and compensatory time is accurately
recorded.
If practical, T&A data must be approved at the end of the
last day of the pay period or later. When this is not feasible
because of payroll processing requirements to meet established
paydays, T&A data must be prepared and approved as close to the
end of the pay period as possible to still allow processing of the
payroll by payday.
Adjustment or Corrections After the T&A Period Ends
Adjustments or corrections required because of changes after
T&A data were approved must be made in the payroll system and
reflected in pay for the pay period to which the changes apply,
when possible. When not possible, adjustments must be made as soon
after discovery as practical. Any changes must be approved by an
authorizing official before being entered into the payroll
system.
SelfApproval of T&A Reports
In general, employees may not approve their own T&A data.
However, the head of an agency (or designee) may authorize
particular individuals to approve their own T&A data in certain
situations or if the individual is a high level manager (such as
the head of a large unit within the agency). In these situations,
an official authorized by the agency head (or designee) must grant
advance authority in writing, and the agency must ensure that
effective controls are in place to ensure the proper reporting of
T&A data.
Exceptions to the general prohibition of employees approving
their own T&A data are intended to apply when it is not
feasible to have T&A data approved by a supervisor. These
exceptions include but are not necessarily limited to (1) employees
working alone at a remote site for long periods and (2) employees
based at the same duty station as their supervisors or timekeepers
but frequently at work sites away from the duty station. In other
situations when it is not practical for the supervisor to approve
T&A data promptly, the employee may be paid and the supervisor
may subsequently review and approve the data.
TRANSMITTING T&A INFORMATION TO PAYROLL
T&A information must be transmitted to the payroll system
for all employees or, under exceptionbased systems, for employees
who have changes to their normal work schedules. While the choice
of methods used to transmit the T&A data may be based on
costeffectiveness and management information needs, the system used
to transmit the information must protect T&A data from
unauthorized change or alteration and must generate a record of any
change made. Any change to previously attested to and approved data
must be reviewed by and attested to by the employee whose data was
changed. The changed data must also be reviewed by and approved by
an authorized official.
EXCEPTIONBASED SYSTEMS
Exceptionbased T&A systems, as the name implies, require pay
period recording of arrival and departure times only if material
variances11 from preestablished work schedules occur. Employees'
schedules are established, either through management designated
work schedules or by mutual agreement between employees and
management. When employees' arrival and departure times for a pay
period are established, these schedules become the basis for
recorded T&A data unless material variances or deviations
occur. As previously noted, if no material variances occur, arrival
and departure times and hours worked per day need not be
recorded.
Material variances or deviations must be approved by the
supervisor before the change occurs, if feasible, or promptly after
occurring, if not feasible. As part of their approval of the
change, supervisors or designees must verify that the dates and
amounts of material changes have been recorded in the appropriate
T&A record. However, in either case (material variance or no
variance) each employee's T&A record must be approved by the
supervisor or comparable official.
Several alternatives exist for recording changes to established
schedules. Changes can be noted by recording arrival and departure
times directly on an employee's time sheet, recording arrival and
departure times on a centrally maintained timein/timeout log used
by many employees, or noting the number of hours and minutes of the
deviation in a record that the supervisor maintains. The method
selected by management to record the deviations should be the most
efficient and effective one under the circumstances.
Unless otherwise designated by management, material variances or
deviations from an established schedule for recording purposes are
those that differ by 1 hour or more during a planned workday or
flex day. However, if leave is used, a deviation of less than 1
hour could be considered material. For example, if an employee
arrives 30 minutes late, but works 30 minutes past the planned
departure time, this would be considered an immaterial variation
and need not be recorded. On the other hand, if the employee
chooses to request annual or sick leave rather than to work for the
time absent, then a material deviation for recording purposes has
occurred.
ALTERNATIVE WORKPLACE ARRANGEMENTS
Alternative workplace arrangements12 involve working at
locations other than the traditional government office. Locations
of alternative workplaces are usually the employee's home or
telecenters.13 Although numerous benefits exist for both the agency
and employees participating in alternative workplaces (such as
employee moral and lower commuting costs), flexible workplace is a
management option, not an employee benefit. Employees who work at
alternative work sites should have a written agreement with their
supervisors stipulating, among other items, the period of time the
agreement is in effect, days in which the employee will work at the
alternative site, work assignments and performance, work schedule,
and time and attendance.
As a basis for approving T&A data, supervisors are required
to obtain reasonable assurance that employees working at remote
sites are working when scheduled and that T&A information
accurately reflects time worked and absences from scheduled tours
of duty. Numerous techniques are available to the supervisor to
obtain this assurance. For example, reviewing the work output of
the employee and occasional phone call or visits to the
employee.
12
Other terms used to refer to alternative workplace arrangements
or locations of work are "flexible workplace," "flexiplace," and
"telecommuting."
13
Telecenters are facilities away from the traditional government
office that are equipped with workstations, telephones, and
computers among other items that are shared by employees of
multiple agencies.
PART II: MILITARY SERVICE MEMBERS
ACTIVE MILITARY PERSONNEL
Active military personnel are considered to be on duty 24 hours
a day. Because the nature of some military assignments makes a
confirmation of the presence at duty stations difficult, if not
impossible, the recording of presence for duty and of specific
hours during which duty is performed each day is not required. This
is similar to exceptionbased T&A systems explained earlier in
this document. Most active duty military personnel follow
exceptionbased systems. However, superiors are expected to be aware
of the presence and absence of service members for whom they are
responsible. When a service member is on temporary assignment to
another component of the armed services or to a civilian agency,
the entity to which the service member is detailed must provide
time and attendance recording for the service member and report the
information to his or her home component promptly to facilitate
payment of basic pay and allowances by (or through) the home
component.
Absence reports must be maintained daily to indicate those
service members who are to be charged leave and those who are not
present for duty but who should be. Examples of reports that might
contain such data are "morning" or "day" reports, strength reports,
unit diaries, and other similar reports.
Information on absences which affect pay should be compiled each
pay period and be transmitted to the payroll system. Without such
information, the payroll system may mistakenly pay the member for
unauthorized pay and allowances. The following requirements for
review and approval must be met:
1.
Reports of such information and related supporting
documents must be reviewed and approved by a designated authorizing
official. The official must be aware of the responsibilities he or
she is taking regarding the accuracy of the reports.
2.
Approvals of such reports will be made at the end of the
last day of the pay period whenever possible. When this is not
possible because of payroll processing requirements to meet
established paydays, documents must be approved as close to the end
of the pay period as possible.
3.
Approval must be done in accordance with guidance found
in the subsection "Attestations, Verifications, and Approvals" of
section "Authorizing and Approving T&A Transactions" of this
document.
4.
Any adjustments required because of changes in reported
absences after the reports were approved and transmitted to the
payroll system must be made and reflected in the pay period to
which the changes apply, when possible, or when not possible,
adjusted as soon as possible, preferably in the next pay
period.
Any changes must be approved by the authorizing official prior
to being entered into the payroll system. Service members may not
approve their own absence reports unless prior authority to do so
is granted in writing by an authorized official.
When feasible (as in an office setting or environment),
costeffective, and applicable, attendance reporting and related
internal controls set forth in "Part I: Civilian Employees" should
be instituted for service members to the extent management deems
appropriate.
MILITARY RESERVISTS
T&A controls for military reservists depend largely on the
nature of the work. If they have defined work schedules and are not
expected to be available for duty on a roundtheclock basis, the
T&A requirements for civilian employees are operative and
should be used. If however they are employed similar to those who
are on active duty or are actually on active duty, then the
controls in the subsection "Active Military Personnel" are
operative and should be used.
APPENDIX I: GAO'S REVIEW OF ELECTRONIC SIGNATURES
APPLICATIONS
GAO has been asked by several federal agencies to review
electronic signature systems used in financial management systems
and to discuss how such systems should be evaluated. Because of
some of the unique risks associated with highly automated
environments, traditional data integrity techniques, such as
password and user identification based systems, used to
authenticate an individual may not provide the same degree of
assurance as that provided by paperbased systems. For example, in a
paperbased system, an individual's signature on the paper document
is a timetested method of showing that an individual intended to be
bound by the terms and conditions in the paper document. However,
in an electronic world, where adequate controls have not been
implemented, the similar approach of having an individual's name
appended to a data record does not provide the same assurance
because, for example, the terms and conditions can be changed
without obtaining the individual's approval of the changes
made.
When reviewing electronic signature systems, we evaluate whether
a system generates electronic signatures that represent an
individual's or an entity's intent to be bound. To do this, we
determine whether the electronic signature system provides
reasonable assurance that the signature produced by the system is
(1) unique to the signer, (2) under the signer's sole control,
(3) capable of being verified, and (4) linked to the data in
such a manner that, if the data are changed, the signature is
invalidated. Adopting these criteria facilitates our evaluation of
how well the electronic signature system addresses its threats and
helps identify vulnerabilities that may be present in the system.
We have also found these criteria useful since they are technology
neutral (can be used regardless of the technology used to produce
the signature) and allow for a variety of implementation methods,
depending of the degree of risk associated with a given
application.
When deciding on an electronic signature system for T&A
data, agencies should identify and/or develop and document the
criteria used in the selection of the signature system and how the
criteria and the selected system complies with the GPEA definition
of an electronic signature. In addition, the agency's risk
assessment process (as called for in the OMB guidance14) should
disclose the risks considered that would prevent the system from
successfully complying with the criteria selected by the agency.
Without developing the criteria that the system should meet and
then effectively assessing the risks, agencies could adopt
signature systems that will not provide the necessary data
integrity.15
(922289)
14 See footnote 10.
A recently issued GAO report (InformationSecurity:
SeriousandWidespreadWeaknessesPersistat FederalAgencies.
GAO/AIMD00295, September 6, 2000) showed that in 24 agencies,
physical and logical access controls were not effective in
preventing or detecting system intrusions or misuse. These
weaknesses have a significant adverse impact on the ability of
automated systems to ensure the necessary data integrity.
Ordering Information
The first copy of each GAO report is free. Additional copies of
reports are $2 each. A check or money order should be made out to
the Superintendent of Documents. VISA and MasterCard credit cards
are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.
Orders by mail:
U.S. General Accounting Office
P.O. Box 37050 Washington, DC 20013
Orders by visiting: Room 1100 700 4th St. NW (corner of 4th and
G Sts. NW)
U.S. General Accounting Office Washington, DC
Orders by phone: (202) 512-6000 fax: (202) 512-6061 TDD (202)
512-2537
Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on how to
obtain these lists.
Orders by Internet: For information on how to access GAO reports
on the Internet, send an e-mail message with "info" in the body
to:
[email protected]
or visit GAO's World Wide Web home page at:
http://www.gao.gov
Contact one:
To Report Fraud,
• Web site: http://www.gao.gov/fraudnet/fraudnet.htm
Waste, or Abuse in
• e-mail: [email protected] •
1-800-424-5454 (automated answering system)
