Management Report: Areas for Improvement in the Federal Reserve Banks' Information Systems Controls
What GAO Found
During GAO's audit of the Schedules of Federal Debt Managed by the Department of the Treasury's (Treasury) Bureau of the Fiscal Service (Fiscal Service) for the fiscal years ended September 30, 2014, and 2013, GAO identified and communicated to the Federal Reserve Banks' (FRB) management certain new deficiencies in information systems controls over key financial systems maintained and operated by the FRBs on behalf of Treasury relevant to the Schedule of Federal Debt, but did not consider them significant enough to include in this report.
Consequently, GAO did not make any new recommendations to address these deficiencies, but assessed the status of FRBs' corrective actions to address previously identified information systems control-related deficiencies and associated recommendations contained in GAO's prior years' reports that were open as of September 30, 2013. GAO determined that corrective action was complete for four of the six open recommendations and corrective actions were in progress for the remaining two open recommendations related to security management.
The potential effect of these continuing control deficiencies on the Schedule of Federal Debt financial reporting for fiscal year 2014 was mitigated primarily by FRBs' program of monitoring user and system activity and Fiscal Service's compensating management and reconciliation controls designed to detect potential misstatements of the Schedule of Federal Debt.
In the Limited Official Use Only report, GAO communicated detailed information regarding actions taken by FRBs to address the control deficiencies related to these open recommendations.
Why GAO Did This Study
GAO is required to audit the consolidated financial statements of the U.S. government. Because of the significance of the federal debt held by the public to the government-wide financial statements, GAO audits Fiscal Service's Schedules of Federal Debt annually. As part of these audits, GAO performs a review of information systems controls over key financial systems maintained and operated by FRBs on behalf of Treasury relevant to the Schedule of Federal Debt.
This report includes the results of GAO's follow-up on the status of FRBs' corrective actions to address information systems control-related deficiencies and associated recommendations contained in GAO's prior years' reports and open as of September 30, 2013.
GAO is making no new recommendations at this time, but reported on the status of two previously recommended actions that GAO determined had not yet been fully addressed and thus remained open. In commenting on a draft of the separately issued Limited Official Use Only report, the Director of Reserve Bank Operations and Payment Systems, on behalf of the Board of Governors of the Federal Reserve System, stated that the agency takes control deficiencies seriously and that FRB management has since addressed one of the remaining open recommendations and corrective actions are in progress for the remaining recommendation.