Skip to main content

Management Report: Improvements Needed in the Bureau of the Fiscal Service's Information Systems Controls

GAO-15-412R Published: Jun 25, 2015. Publicly Released: Jun 25, 2015.
Jump To:
Skip to Highlights

Highlights

What GAO Found

During GAO's audit of the Schedules of Federal Debt Managed by the Department of the Treasury's (Treasury) Bureau of the Fiscal Service (Fiscal Service) for the fiscal years ended September 30, 2014, and 2013, GAO identified nine new information systems general control deficiencies related to security management, access controls, and configuration management. In a separately issued Limited Official Use Only report, GAO communicated to Fiscal Service management detailed information regarding the nine new information systems general control deficiencies and made 10 recommendations to address these control deficiencies.

In addition, during GAO’s follow-up on the status of Fiscal Service’s corrective actions to address information systems control-related deficiencies and associated recommendations contained in GAO’s prior years’ reports that were open as of September 30, 2013, GAO determined that corrective actions were complete for 18 of the 22 open recommendations and corrective actions were in progress for each of the four remaining open recommendations related to three deficiencies in access controls and configuration management. In the Limited Official Use Only report, GAO communicated detailed information regarding actions taken by Fiscal Service to address the control deficiencies related to these open recommendations.

While GAO identified some continuing and new control deficiencies relating to information systems, it does not consider them individually or collectively to be material weaknesses or significant deficiencies. Nevertheless such control deficiencies warrant the attention and action of management. The potential effect of these new and continuing deficiencies on the Schedule of Federal Debt financial reporting for fiscal year 2014 was mitigated primarily by Fiscal Service’s compensating management and reconciliation controls designed to detect potential misstatements on the Schedule of Federal Debt.

Why GAO Did This Study

GAO is required to audit the consolidated financial statements of the U.S. government. Because of the significance of the federal debt held by the public to the government-wide financial statements, GAO audits Fiscal Service's Schedules of Federal Debt annually. As part of these audits, GAO performs a review of information systems controls over key Fiscal Service financial systems relevant to the Schedule of Federal Debt.

This report presents the deficiencies identified during GAO’s fiscal year 2014 testing of information systems controls over key Fiscal Service financial systems that are relevant to the Schedule of Federal Debt. This report also includes the results of GAO’s follow-up on the status of Fiscal Service’s corrective actions to address information systems control-related deficiencies and associated recommendations that remained from GAO’s prior years’ audits that were open as of September 30, 2013.

Recommendations

In a separately issued Limited Official Use Only report, GAO made 10 recommendations to address the nine new information systems general control deficiencies related to security management, access controls, and configuration management. In commenting on a draft of the separately issued Limited Official Use Only report, the Commissioner of the Bureau of the Fiscal Service stated that Fiscal Service is committed to information security and concentrated resources to mitigate the risks identified in GAO’s report. The Commissioner further stated that, subsequent to September 30, 2014, three of the nine new information systems control-related deficiencies, as well as one of the three deficiencies contained in our prior years’ reports, have been successfully remediated. Additionally, the Commissioner cited planned corrective actions to address the remaining open information systems control-related deficiencies.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Access control listComputer securityConfiguration controlData integrityFederal debtFinancial management systemsFinancial statement auditsInformation systemsInternal controlsRisk managementSystems designTesting