The information systems that keep tabs on the federal debt continue to show some weaknesses in their security, according to two new Government Accountability reports.
As part of its annual audit of the Schedules of Federal Debt — essentially the Treasury’s register of what the government owes to its creditors — the GAO also looks at the associated IT, which includes technology at the Treasury’s Bureau of the Fiscal Service (BFS) and also the Federal Reserve Banks. The GAO found new weaknesses in both.
At the BFS, the congressional watchdog agency reported that it “continued to identify deficiencies in Fiscal Service’s information system controls that, along with unresolved control deficiencies from prior audits, collectively represent a significant deficiency in internal control over financial reporting.” There were eight newly identified problems: Two were related to “access controls” and six were related to “configuration management,” the GAO said.
“Until these new and continuing control deficiencies, which collectively represent a significant deficiency, are fully addressed, there will be an increased risk of unauthorized access to, modification of, or disclosure of sensitive data and programs and disruption of critical operations,” the GAO said. “Therefore, these deficiencies warrant the attention and action of management.”
At the Federal Reserve Banks, the GAO reported that it identified “one new information system general control deficiency” related to a system maintained and operated by them. The problems in the banks’ system “did not contribute individually or collectively to the significant deficiency we identified” in the Fiscal Service’s system, the GAO said.
The reports, released Tuesday, don’t specify the exact nature of any of the new or previously identified problems. The GAO said it provided details to the Treasury and Federal Reserve Banks in reports that were for official use only. Information about the Schedules of Federal Debt is publicly available from the Bureau of the Fiscal Service, but given the importance of that data to the government and the U.S financial system, the GAO chose to restrict access to the descriptions of its IT concerns.
The Fiscal Service said that it “continues to work to address the 16 prior year recommendations that remained open as of September 30, 2018, and has established plans to address the nine new recommendations made in this year’s report,” the GAO said.
The Board of Governors of the Federal Reserve System, meanwhile, “stated that the agency takes control deficiencies seriously and that FRB management is currently in the process of addressing the new and continuing information system general control deficiencies,” the GAO said.