Skip to main content

Management Report: Improvements Needed in the Bureau of the Fiscal Service’s Information System Controls Related to the Schedules of the General Fund

GAO-20-399R Published: Mar 31, 2020. Publicly Released: Mar 31, 2020.
Jump To:

Fast Facts

The Treasury Department’s Bureau of the Fiscal Service manages the General Fund, which finances the U.S. government’s operations. Trillions of dollars of cash activity are reported in the Schedules of the General Fund, along with the budget deficit.

Fiscal Service made progress since our last audit. However, unresolved information system weaknesses found in prior audits and new weaknesses found in our most recent work create greater risks. These risks involve the potential for unauthorized access to, modification of, or disclosure of, sensitive data and programs.

Coding language on a blue monitor

Coding language on a blue monitor

Skip to Highlights

Highlights

What GAO Found

During fiscal year 2019, GAO identified six new information system control deficiencies relevant to the Schedules of the General Fund: three related to access controls, one to configuration management, and two to segregation of duties. In a separately issued LIMITED OFFICIAL USE ONLY report, GAO communicated to Fiscal Service management detailed information regarding the new information system general and application control deficiencies and made six recommendations to address them. In addition, during GAO’s follow-up on the status of Fiscal Service’s corrective actions to address information system control–related deficiencies and associated recommendations contained in GAO’s prior year report that were open as of September 30, 2018, GAO determined that corrective action was complete for three of 14 open recommendations and corrective action was in progress for the remaining 11 open recommendations. In the LIMITED OFFICIAL USE ONLY report, GAO communicated detailed information regarding actions taken by Fiscal Service to address the control deficiencies related to the open recommendations.

While Fiscal Service management made progress addressing prior year deficiencies during fiscal year 2019, the majority of the deficiencies that led to the significant deficiency in internal control over certain Fiscal Service information systems for fiscal year 2018 were not remediated as of September 30, 2019. Until these information system control deficiencies are fully addressed, there is an increased risk of unauthorized access to, modification of, or disclosure of sensitive data and programs; unauthorized configuration changes; and disruption of critical operations. Continued and consistent management commitment will be essential to remediating the remaining deficiencies.

Why GAO Did This Study

GAO audits the consolidated financial statements of the U.S. government. Because of the significance of the General Fund of the United States to the government-wide financial GAO audits the consolidated financial statements of the U.S. government. Because of the significance of the General Fund of the United States to the government-wide financial statements, GAO audited the fiscal year 2018 Schedules of the General Fund. As part of that audit, GAO performed a review of information system controls over key Fiscal Service financial systems that are relevant to the Schedule of the General Fund.

As GAO reported in connection with its audit of the Schedules of the General Fund for the fiscal year ended September 30, 2018, certain significant deficiencies in internal control over financial reporting and other limitations on the scope of its work resulted in conditions that prevented GAO from expressing an opinion. Given the magnitude of some of GAO's findings, GAO did not conduct an audit of the Schedules of the General Fund as of and for the fiscal year ended September 30, 2019, in order to provide Fiscal Service an opportunity to implement remediation efforts. However, during fiscal year 2019, GAO followed up on the status of fiscal year 2018 deficiencies and performed testing of information system controls for key Fiscal Service financial systems to support its work on Fiscal Service's internal control over financial reporting relevant to the Schedules of the General Fund.

This report presents the deficiencies identified during GAO's fiscal year 2019 testing of information system controls over key Fiscal Service financial systems that are relevant to the Schedules of the General Fund. This report also includes the results of GAO's fiscal year 2019 follow-up on the status of Fiscal Service's corrective actions to address information system control deficiencies contained in GAO's prior report that were not remediated as of September 30, 2018.

Recommendations

In a separately issued LIMITED OFFICIAL USE ONLY report, GAO made six recommendations to address the new information system control deficiencies related to access controls, configuration management, and segregation of duties. In commenting on a draft of the separately issued LIMITED OFFICIAL USE ONLY report, Fiscal Service stated that it continues to work to address all prior year recommendations that remained open as of September 30, 2019, and has established plans to address the six new recommendations made in this year’s report. GAO plans to follow up to determine the status of corrective actions taken on these deficiencies and related recommendations during its audit of the fiscal year 2020 Schedules of the General Fund.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Budget deficitsConfiguration controlConsolidated Financial Statements of the U.S. GovernmentFederal debtFinancial auditsFinancial managementSystems verification and validationFinancial reportingFinancial statement auditsFinancial statementsFinancial systemsInformation securityInformation systemsInternal controlsPolicies and proceduresSensitive data