Skip to main content

Management Report: Improvements Needed in the Bureau of the Fiscal Service's Information System Controls Related to the Schedule of Federal Debt

GAO-20-376R Published: Mar 31, 2020. Publicly Released: Mar 31, 2020.
Jump To:

Fast Facts

Every year we audit the federal debt, which the Treasury Department’s Bureau of the Fiscal Service manages. The Schedule of Federal Debt reported that as of Sept. 30, 2019, it was about $22.8 trillion.

Fiscal Service made some progress since our last audit. However, unresolved information system weaknesses found in prior audits and new weaknesses found in our most recent work create greater risks. These risks involve the potential for unauthorized access to, modification of, or disclosure of, sensitive data and programs.

Computer code on a blue monitor

Computer code on a blue monitor

Skip to Highlights

Highlights

What GAO Found

During GAO's audit of the Schedules of Federal Debt managed by the Department of the Treasury's Bureau of the Fiscal Service (Fiscal Service) for the fiscal years ended September 30, 2019, and 2018, GAO determined that information system control deficiencies—primarily unresolved deficiencies from prior audits—collectively represent a significant deficiency in Fiscal Service's internal control over financial reporting. GAO identified two new deficiencies related to security management and configuration management. In a separately issued LIMITED OFFICIAL USE ONLY report, GAO communicated to Fiscal Service management detailed information regarding the two new information system general control deficiencies and made three recommendations to address them. During GAO's follow-up on the status of Fiscal Service's corrective actions to address information system control deficiencies contained in GAO's prior years' reports that were not remediated as of September 30, 2018, GAO determined that Fiscal Service completed corrective actions for seven of the 25 open recommendations, and its corrective actions were still in progress for 18 open recommendations related to security management, access controls, and configuration management. In the LIMITED OFFICIAL USE ONLY report, GAO communicated detailed information regarding actions taken by Fiscal Service to address the control deficiencies that were not remediated as of September 30, 2018. These new and continuing information system control deficiencies, which collectively represent a significant deficiency, increase the risk of unauthorized access to, modification of, or disclosure of sensitive data and programs and disruption of critical operations. Fiscal Service mitigated the potential effect of these new and continuing deficiencies on the Schedule of Federal Debt financial reporting for fiscal year 2019 by its compensating management and reconciliation controls designed to detect potential misstatements of the Schedule of Federal Debt.

Why GAO Did This Study

GAO is required to audit the consolidated financial statements of the U.S. government. Because of the significance of the federal debt held by the public to the government-wide financial statements, GAO audits Fiscal Service's Schedules of Federal Debt annually. As part of these audits, GAO assesses key information system controls over Fiscal Service financial systems that are relevant to the Schedule of Federal Debt. This report presents the deficiencies identified during GAO's fiscal year 2019 testing of key information system controls over Fiscal Service financial systems that are relevant to the Schedule of Federal Debt. This report also includes the results of GAO's fiscal year 2019 follow-up on the status of Fiscal Service's corrective actions to address information system control deficiencies contained in GAO's prior years' reports that were not remediated as of September 30, 2018.

Recommendations

In a separately issued LIMITED OFFICIAL USE ONLY report, GAO made three recommendations to address the two new information system general control deficiencies related to security management and configuration management. In commenting on a draft of the separately issued LIMITED OFFICIAL USE ONLY report, Fiscal Service stated that it continues to work toward resolving the prior year deficiencies related to the 18 recommendations that remained open as of September 30, 2019, and has established plans to address the two new deficiencies. GAO plans to follow up to determine the status of corrective actions taken to address these deficiencies during its audit of the fiscal year 2020 Schedule of Federal Debt.

Full Report

Office of Public Affairs

Topics

Compliance oversightConfiguration controlConsolidated Financial Statements of the U.S. GovernmentData elementsFederal debtFinancial auditsFinancial reportingFinancial systemsInformation securityInformation systemsInternal controlsMaterial weaknessesSecurity policiesSensitive dataUnauthorized access