General Fund: Improvements Needed in Controls over Retention of Key System Security and Cash Activity Documentation
Fast Facts
We audit the General Fund, which finances daily and long-term government operations and is managed by Treasury's Fiscal Service.
During our FY 2024 audit, we identified issues with Fiscal Service's internal control over financial reporting. For instance, we found that Fiscal Service didn't maintain documentation to support certain cash transactions. Additionally, the agency didn't fully document all of its IT controls in its security plans. Our new recommendations address these issues.
We also found that Fiscal Service has not yet fully addressed 82% of our recommendations from previous reports.
Highlights
What GAO Found
During audits of the fiscal year 2024 Schedules of the General Fund, GAO identified two new deficiencies in internal control over financial reporting due to inadequate information system security plan documentation and insufficient support for certain cash transactions. Although GAO did not consider these two new deficiencies to be material weaknesses or significant deficiencies, they nonetheless warrant the attention of the Department of the Treasury's Bureau of the Fiscal Service management. By addressing these deficiencies, Fiscal Service can make it more likely that its management and staff will prevent, or detect and correct, misstatements in the Schedules of the General Fund.
GAO's audits included following up on the status of Fiscal Service's corrective actions to address 11 recommendations related to internal control over financial reporting from GAO's prior years' reports that remained open as of March 2023. GAO found that Fiscal Service took action to close two, and as of the completion of GAO's fiscal year 2024 audits, nine remained open.
Concurrent with GAO's fiscal year 2024 audits, Treasury's Office of Inspector General contracted with an independent public accounting firm to audit Treasury's fiscal year 2024 and 2023 consolidated financial statements. Treasury took action to close four information system control deficiencies relevant to the Schedules of the General Fund, and as of September 30, 2024, six remained open.
Why GAO Did This Study
The General Fund of the U.S. government, an entity that the Fiscal Service manages, is responsible for the accounting and reporting on the cash activity fundamental to funding the federal government. The General Fund consists of assets and liabilities used to finance the daily and long-term operations of the U.S. government. The preparation of and audit assurance over the Schedules of the General Fund is necessary to account for and eliminate General Fund intragovernmental activity and balances with other reporting entities in the consolidated financial statements of the U.S. government. In connection with GAO's audit of the fiscal year 2024 consolidated financial statements, GAO reported that the federal government's inability to adequately account for intragovernmental activity and balances between federal entities represented a material weakness in internal control over financial reporting.
To evaluate Fiscal Service's internal control over financial reporting, GAO reviewed Fiscal Service policies and procedures; interviewed Fiscal Service management and staff; observed controls in operation; and tested certain controls to determine whether they were designed, implemented, and operating effectively.
Recommendations
GAO is recommending that Fiscal Service (1) reasonably assure that agency policy related to information system security documentation is fully implemented for each system relevant to the General Fund and (2) coordinate with the Federal Reserve Banks (FRB) to design and implement procedures to be executed by the FRBs to maintain documentation to support FRB-initiated transactions.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Bureau of the Fiscal Service |
Priority Rec.
The Commissioner of Fiscal Service should reasonably assure that agency policy related to information system security documentation, including SSPs and interconnection agreements, is fully implemented for the systems relevant to the Schedules of the General Fund. (Recommendation 1) |
As of March 2026, Fiscal Service provided evidence that 1) it communicated the control implementation statement requirements to the Information System Security Officers (ISSO); 2) training was provided to the ISSOs on what constitutes an adequate control implementation statement; and 3) created a dashboard to monitor for specific conditions, such as blanks fields and certain special characters. As it relates to interconnection agreements, Fiscal Service updated one of its controls to require annual information exchange agreement reviews and updates to be performed on an as needed basis, rather than requiring updates every three years. Fiscal Service anticipates resolving this recommendation during fiscal year 2026.
|
| Bureau of the Fiscal Service |
Priority Rec.
The Commissioner of Fiscal Service, in coordination with the FRBs, should design and implement procedures to be executed by the FRBs to maintain and periodically review documentation to support TAS and BETC attributes for FRB-initiated transactions to reasonably assure that FRB-initiated transactions are properly recognized in the Schedules of the General Fund. (Recommendation 2) |
As of March 2026, Fiscal Service documented procedures to maintain and periodically review documentation to support Treasury Account Symbol (TAS) and Business Event Type Code (BETC) attributes for Federal Reserve Bank (FRB) initiated transactions. Fiscal Service is coordinating with the FRB to prepare the supporting documentation for these transactions and anticipates resolving this recommendation in fiscal year 2026.
|