Treasury's System Tracking Federal Debt Still Needs Security Improvements, GAO Says
The watchdog found continued “information system control deficiencies,” despite Treasury’s progress on prior recommendations.
Ongoing deficiencies in the systems that track government financial data at the Treasury Department’s Bureau of the Fiscal Service pose a risk to the agency’s financial reporting process, even as the bureau has taken steps to address many of the weaknesses previously identified in its systems, according to an audit released by the Government Accountability Office on March 16.
GAO’s audit examined the accuracy of the bureau’s fiscal year 2022 Schedule of Federal Debt—financial statements which provide “monthly and fiscal year-to-date changes in federal debt”—as well as “key controls over Fiscal Service financial information systems that are relevant” to the production of the reports. Treasury uses the bureau’s financial statements to make decisions regarding debt management, interest payments and the allocation of temporary funding to federal agencies.
The report found that, of “23 recommendations related to control deficiencies” identified in previous GAO audits of the Schedules of Federal Debt, the bureau had taken steps to fully implement eight recommendations, and was in the process of taking corrective action on the remaining 15 open recommendations. GAO added that Fiscal Service has “sufficiently addressed control deficiencies in security management, access controls and configuration management.”
Despite the bureau’s progress, GAO said that “remaining information system control deficiencies increase the risk of unauthorized access to, modification of, or disclosure of sensitive data and programs and disruption of critical operations.”
“Fiscal Service mitigated the potential effect of these deficiencies on financial reporting for fiscal year 2022 with compensating management and reconciliation controls designed to detect potential misstatements on the Schedule of Federal Debt,” the audit said. “It will be important for Fiscal Service management to continue focusing efforts on timely addressing the remaining recommendations, some of which have been open for several years, related to these information system control deficiencies.”
GAO noted, however, that it “did not identify any new reportable financial information system control deficiencies,” and was not making any additional recommendations to the bureau.
In comments to GAO, the Fiscal Service “committed to having effective internal controls for its information technology systems” and cited “planned corrective actions to address the remaining open information systems control deficiencies.”
GAO said that it would follow up to determine the status of the bureau’s efforts during its audit of the fiscal year 2023 Schedule of Federal Debt.