Skip to main content

Bureau of the Public Debt: Areas for Improvement in Information Systems Controls

GAO-13-416R Published: May 09, 2013. Publicly Released: May 09, 2013.
Jump To:
Skip to Highlights

Highlights

What GAO Found

During GAO's fiscal year 2012 audit of the Schedules of Federal Debt managed by the Department of the Treasury's (Treasury) Bureau of the Public Debt (BPD), GAO identified four new general information systems control deficiencies related to access controls and configuration management. In a separately issued Limited Official Use Only report, GAO communicated to the Commissioner of the Bureau of the Fiscal Service detailed information regarding the four new general information systems control deficiencies.

None of the control deficiencies GAO identified represented significant risks to BPD's financial systems. The potential effect of these deficiencies on the Schedule of Federal Debt financial reporting was mitigated by BPD's physical security measures and a program of monitoring user and system activity, as well as compensating management and reconciliation controls designed to detect potential misstatements of the Schedule of Federal Debt.

In addition, during GAO's follow-up on the status of BPD's corrective actions to address information systems control-related deficiencies and associated recommendations contained in GAO's prior years' reports and open as of September 30, 2011, GAO determined that corrective action was complete for 7 of the 16 open recommendations and corrective action was in progress for each of the 9 remaining open recommendations related to access controls, configuration management, and segregation of duties. In the Limited Official Use Only report, GAO communicated detailed information regarding actions taken by BPD to address the control deficiencies related to these open recommendations.

Why GAO Did This Study

GAO is required to audit the consolidated financial statements of the U.S. government. Because of the significance of the federal debt held by the public to the governmentwide financial statements, GAO audits BPD's Schedules of Federal Debt annually. As part of these audits, GAO performs a review of information systems controls over key BPD financial systems relevant to the Schedule of Federal Debt.

This report presents the deficiencies identified during GAO’s fiscal year 2012 testing of information systems controls over key BPD financial systems relevant to the Schedule of Federal Debt. This report also includes the results of GAO’s follow-up on the status of BPD’s corrective actions to address information systems control-related deficiencies and associated recommendations contained in GAO’s prior years’ reports and open as of September 30, 2011.

Recommendations

In a separately issued Limited Official Use Only report, GAO made four recommendations to address the four new general information systems control deficiencies related to access controls and configuration management. In commenting on a draft of the separately issued Limited Official Use Only report, the Commissioner of the Bureau of the Fiscal Service concurred with GAO’s conclusions.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Information systemsFederal debtConfiguration controlPublic debtHomeland securityFinancial statementsFinancial systems