Management Report: Continued Improvements Needed in the Bureau of the Fiscal Service's Information System Controls Related to the Schedule of Federal Debt
Fast Facts
Treasury's Fiscal Service issues debt to borrow money for federal operations, and reports the debt on financial statements called the Schedules of Federal Debt.
We audit and issue opinions annually on the Schedules and on related internal controls (e.g., processes to reasonably assure that transactions are properly authorized and recorded).
In FY 2022, Fiscal Service addressed 8 of our previous recommendations to correct weaknesses in Treasury's controls over information systems. But 15 related recommendations remain unresolved—posing risks, such as unauthorized access to, modification of, or disclosure of sensitive information.
Highlights
What GAO Found
During its audit of the fiscal year 2022 and 2021 Schedules of Federal Debt managed by the Department of the Treasury's Bureau of the Fiscal Service, GAO determined that Fiscal Service sufficiently addressed control deficiencies in security management, access controls, and configuration management such that GAO no longer considers the remaining control deficiencies in information system controls, individually or collectively, to represent a significant deficiency as of September 30, 2022.
GAO identified recurring conditions associated with previously reported information system control deficiencies. However, GAO did not identify any new reportable financial information system control deficiencies relevant to the Schedule of Federal Debt.
GAO determined that corrective actions were complete for eight recommendations and in process for the remaining 15 open recommendations. Specifically, additional actions are needed to resolve six recommendations related to security management, one recommendation related to access controls, and eight recommendations related to configuration management. These remaining information system control deficiencies increase the risk of unauthorized access to, modification of, or disclosure of sensitive data and programs and disruption of critical operations. Fiscal Service mitigated the potential effect of these deficiencies on financial reporting for fiscal year 2022 with compensating management and reconciliation controls designed to detect potential misstatements on the Schedule of Federal Debt. It will be important for Fiscal Service management to continue focusing efforts on timely addressing the remaining recommendations, some of which have been open for several years, related to these information system control deficiencies.
In the LIMITED OFFICIAL USE ONLY report, GAO communicated detailed information regarding actions Fiscal Service took to address recommendations that were open as of September 30, 2021.
Why GAO Did This Study
GAO is required to audit the consolidated financial statements of the U.S. government. Because of the significance of the federal debt held by the public to the government-wide financial statements, GAO audits Fiscal Service's Schedules of Federal Debt annually. As part of these audits, GAO assesses key controls over Fiscal Service financial information systems that are relevant to the Schedules of Federal Debt.
This report presents (1) any information system control deficiencies identified during GAO's fiscal year 2022 audit of the Schedule of Federal Debt and (2) the status of Fiscal Service's corrective actions to address recommendations related to information system control deficiencies identified in GAO's prior reports that were open as of September 30, 2021.
For more information, contact Cheryl E. Clark at (202) 512-3406 or clarkce@gao.gov.