Summary:
What GAO FoundDuring GAO's fiscal year 2012 audit of the Schedules of Federal Debt managed by the Department of the Treasury's (Treasury) Bureau of the Public Debt (BPD), GAO identified two new general information systems control deficiencies related to security management. In a separately issued Limited Official Use Only report, GAO communicated to Federal Reserve Bank (FRB) management detailed information regarding the two new general information systems control deficiencies.
None of the control deficiencies GAO identified represented significant risks to the financial systems maintained and operated by FRBs on behalf of Treasury. The potential effect of these deficiencies on the Schedule of Federal Debt financial reporting was mitigated by FRBs' physical security measures and a program of monitoring user and system activity and BPD's compensating management and reconciliation controls designed to detect potential misstatements of the Schedule of Federal Debt.
In addition, during GAO's follow-up on the status of FRBs' corrective actions to address information systems control-related deficiencies and associated recommendations contained in GAO's prior years' reports and open as of September 30, 2011, GAO determined that corrective action was complete for two of the three open recommendations and corrective action was in progress for the remaining open recommendation related to access controls. In the Limited Official Use Only report, GAO communicated detailed information regarding actions taken by FRBs to address the control deficiency related to this open recommendation.
Why GAO Did This StudyGAO is required to audit the consolidated financial statements of the U.S. government. Because of the significance of the federal debt held by the public to the governmentwide financial statements, GAO audits BPD's Schedules of Federal Debt annually. As part of these audits, GAO performs a review of information systems controls over key financial systems maintained and operated by FRBs on behalf of Treasury relevant to the Schedule of Federal Debt.
This report presents the deficiencies identified during GAO’s fiscal year 2012 testing of information systems controls over key financial systems maintained and operated by FRBs on behalf of Treasury relevant to the Schedule of Federal Debt. This report also includes the results of GAO’s follow-up on the status of FRBs’ corrective actions to address information systems control-related deficiencies and associated recommendations contained in GAO’s prior years’ reports and open as of September 30, 2011
What GAO RecommendsIn a separately issued Limited Official Use Only report, GAO made two recommendations to address the two new general information systems control deficiencies related to security management. In commenting on a draft of the separately issued Limited Official Use Only report, the Director of Reserve Bank Operations and Payments Systems, on behalf of the Board of Governors of the Federal Reserve System, concurred with GAO’s conclusions.
For more information, contact Gary T. Engel at (202) 512-3406 or engelg@gao.gov.
