Skip to main content

Management Report: Improvements Needed in the Bureau of the Fiscal Service's Information System Controls Related to the Schedule of Federal Debt

GAO-22-105569 Published: Mar 17, 2022. Publicly Released: Mar 17, 2022.
Jump To:

Fast Facts

Every year we audit the federal debt, which the Treasury Department's Bureau of the Fiscal Service manages. As of Sept. 30, 2021, total federal debt (as reported in the Schedule of Federal Debt) was about $28.4 trillion.

Fiscal Service made some progress since our last audit. However, information system weaknesses that we found in prior audits remain unresolved and continue to pose risks. These risks involve the potential for unauthorized access to, modification of, or disclosure of, sensitive data and programs.

computer code

Skip to Highlights


What GAO Found

During GAO's audit of the fiscal year 2021 and 2020 Schedules of Federal Debt managed by the Department of the Treasury's Bureau of the Fiscal Service, GAO determined that information system control deficiencies identified in prior audits that remained unresolved as of September 30, 2021, collectively represent a significant deficiency in Fiscal Service's internal control over financial reporting.

Though GAO identified recurring conditions associated with previously reported information system control deficiencies, it did not identify any new reportable information system control deficiencies in financial systems relevant to the Schedule of Federal Debt.

GAO determined that Fiscal Service completed corrective actions to close one of the 24 recommendations to address information system control deficiencies from GAO's prior audits that remained open as of September 30, 2020. Fiscal Service's corrective actions were still in progress for 23 open recommendations related to security management, access controls, and configuration management. These continuing information system control deficiencies, which collectively represent a significant deficiency, increase the risk of unauthorized access to, modification of, or disclosure of sensitive data and programs and disruption of critical operations. Fiscal Service mitigated the potential effect of these deficiencies on financial reporting for fiscal year 2021 with compensating management and reconciliation controls designed to detect potential misstatements on the Schedule of Federal Debt.

In the LIMITED OFFICIAL USE ONLY report, GAO communicated detailed information regarding actions that Fiscal Service took to address control deficiencies contained in prior years' reports that were not remediated as of September 30, 2020.

Why GAO Did This Study

GAO is required to audit the consolidated financial statements of the U.S. government. Because of the significance of the federal debt held by the public to the government-wide financial statements, GAO audits Fiscal Service's Schedules of Federal Debt annually. As part of these audits, GAO assesses key information system controls over Fiscal Service financial systems that are relevant to the Schedule of Federal Debt.

This report presents the results of GAO's fiscal year 2021 follow-up on the status of Fiscal Service's corrective actions to address information system control deficiencies contained in GAO's prior years' reports that were not remediated as of September 30, 2020.

For more information, contact Cheryl Clark at (202) 512-3406 or

Full Report

Office of Public Affairs


Federal debtFederal lawFinancial reportingFinancial statementsFinancial systemsInformation securityInformation systemsInternal controlsConfiguration controlSensitive data