Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

The FDIC's Preparedness Efforts to Implement the Requirements of the DATA Act

This is the accessible text file for FDIC OIG report number AUD-16-006 entitled 'The FDIC’s Preparedness Efforts to Implement the Requirements of the DATA Act'.

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments.

We have maintained the structural and data integrity of the original printed product in this text file to the extent possbile. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

Federal Deposit Insurance Corporation

Office of Inspector General

Office of Audits and Evaluations

Report No.AUD-16-006 September 2016

Executive Summary

Why We Did The Audit

Why We Did The Audit

The Digital Accountability and Transparency Act of 2014 (the DATA Act) expanded the Federal Funding Accountability and Transparency Act of 2006 (FFATA) to increase accountability and transparency in federal spending, and for other purposes. Under the DATA Act, federal Inspectors General (IG) are required to (1) review a statistically valid sample of spending data submitted by their agency pursuant to the statute and (2) report on the completeness, timeliness, quality, and accuracy of the data as well as the implementation and use of government-wide data standards. A total of three IG reports are required by the statute, the first of which is due in November 2016, and the remaining two are due in November 2018 and November 2020.

A timing anomaly exists, however, with respect to the IG reports. Specifically, agencies are not required to report financial and payment information in accordance with the data standards established under the DATA Act until May 2017. As a result, IGs cannot report on the spending data submitted under the Act by November 2016, as the data will not exist until the following year. To address this issue, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) notified congressional leaders on December 22, 2015 that IGs plan to provide the Congress with their first required reports in November 2017, representing a 1-year delay from the statutory due date, followed by two additional reports in November 2019 and November 2021.

As an interim measure, CIGIE encouraged IGs to conduct readiness reviews of their agencies’ efforts to address the requirements of the DATA Act in advance of the first required report in November 2017. Accordingly, we conducted this audit, the objective of which was to determine the status of the FDIC’s preparedness efforts to report financial and payment information in accordance with the DATA Act and related guidance issued by the Office of Management and Budget (OMB) and the Department of the Treasury (the Treasury).

Background The DATA Act required OMB and the Treasury to jointly develop government-wide data standards that include common data elements for reporting financial and payment information and to issue guidance to federal agencies to assist in carrying out their DATA Act reporting requirements. Subsequent to the enactment of the statute, OMB and the Treasury identified 57 data elements that required standardized definitions, consisting of eight new data elements required by the DATA Act and 49 existing data elements from FFATA. In addition, OMB issued various memoranda containing guidance and the Treasury published the DATA Act Implementation Playbook (the Playbook) containing eight recommended steps that agencies can take as they develop their methodology for DATA Act implementation.

The audit consisted of an assessment of the FDIC’s implementation activities to address Steps 1-4 of the Playbook. We did not evaluate the FDIC’s efforts to address Steps 5-8 of the Playbook because components of these steps were not scheduled to be fully addressed until late 2016 or early 2017. We did, however, identify and summarize the status of the FDIC’s planned and completed implementation activities pertaining to Steps 5-8 of the Playbook. The Table on the following page summarizes the eight steps in the Playbook.

Table: Summary of Playbook Steps

Row 1 Step: 1) Organize Team Description: Create a DATA Act work group (team) that includes impacted business areas and identify a senior accountable officer (SAO) responsible for the agency’s implementation of the DATA Act.

Row 2 Step: Review Elements Description: Review the DATA Act elements (including the standardized definitions) and determine how they relate to the agency’s business operations, information technology systems, and organization.

Row 3 Step: Inventory Data Description: Create an inventory of data and associated business processes, and identify appropriate source systems to extract needed data and understand gaps.

Row 4 Step: Design and Strategize Description: Plan changes to systems and business processes and develop a comprehensive implementation plan that includes addressing gaps in agency data.

Row 5 Step: Prepare Data for Submission to the Broker* Description: Review the DATA Act schema; extract data from source systems; map agency data to the DATA Act schema; and implement system changes as needed to collect and link data.

Row 6 Step: Test Broker Implementation Description: Test Broker implementation outputs and ensure the data are valid.

Row 7 Step: Update Systems Description: Update the information and systems as needed.

Row 8 Step: Submit Data Description: Submit required data to the Treasury for posting on USASpending.gov.

Source: OIG Analysis of the Playbook. * A Broker is an intermediary system used to standardize data formatting and assist agencies in validating their data submissions before the data are submitted to the Treasury. [End of Table]

The FDIC’s Legal Division determined that although FFATA applies to the FDIC, only federal awards involving the use of funds obtained through the appropriations process are intended to be subject to the Act’s reporting requirements. Because the FDIC is not subject to an annual appropriation, the Legal Division concluded that the Corporation is not subject to the reporting requirements of FFATA. The Legal Division also determined that the FDIC is subject to the reporting requirements of the DATA Act. Therefore, the FDIC plans to report on the eight data elements added by the DATA Act, but not the 49 existing data elements from FFATA that OMB determined required standardization.

In its report entitled DATA TRANSPARENCY: Oversight Needed to Address Underreporting and Inconsistencies on Federal Award Website (Report No. GAO-14-476, dated June 2014), the Government Accountability Office (GAO) noted that the USASpending.gov website states that expenditures made with non-appropriated funds are not to be reported. The GAO report also noted that USASpending.gov does not define what constitutes appropriated funds, and recommended that the OMB Director, in collaboration with the Treasury, clarify guidance on agency responsibilities for reporting awards funded by non-annual appropriations. The OMB Director agreed with the recommendation and, as of the close of our fieldwork, OMB was deliberating the matter and the recommendation remained open.

Audit Results

The FDIC has completed the first four steps recommended in the Playbook for implementing the requirements of the DATA Act. Specifically, the FDIC: - established a DATA Act team comprised of subject matter experts and appointed an SAO who has overall responsibility for implementing the DATA Act.

- reviewed the standardized data elements and determined which data elements the FDIC must report.

- created a data inventory and identified associated business processes, determined the source systems to extract needed data, and identified potential gaps.

- developed a plan to address minimal required changes to systems and business processes and submitted to OMB, and effectively carried out, an implementation plan.

Further, in response to our informal feedback during the audit, the Division of Finance (DOF), which had overall corporate responsibility for implementing the DATA Act, took actions to strengthen controls over the FDIC’s preparedness efforts to implement the requirements of the DATA Act. Such actions included, for example, documenting the roles and responsibilities for each DATA Act team member, recording key decisions and actions from team meetings, and formalizing the review and approval of deliverables submitted to OMB and the Treasury.

With respect to the remaining four steps in the Playbook, we noted that the FDIC developed a project plan and initiated various activities, such as: (1) updating the mapping of agency data to the DATA Act schema; (2) implementing information system changes and extracting data; (3) testing Broker outputs to ensure data were complete, accurate, and reliable; and (4) establishing a schedule to process data submissions. The DATA Act team was continuing to address the remaining Playbook steps at the close of our fieldwork.

Overall, the FDIC’s preparedness efforts were being impacted by delays in receiving guidance and clarification on key issues from OMB and the Treasury, and by slippage in Treasury’s scheduled release of the production-ready version of the Broker. Further, OMB, in collaboration with the Treasury, had not yet addressed GAO’s recommendation to clarify existing guidance on agency responsibilities for reporting awards funded through a non-annual appropriations process. Further delays in the release of the production-ready Broker and/or changes in OMB’s guidance regarding federal awards funded through non-annual appropriations could affect the FDIC’s ability to begin reporting spending data in accordance with established standards by the government-wide implementation date of May 9, 2017.

Because the FDIC took action to address the concerns we identified during the audit, our report contains no recommendations. Consistent with our oversight responsibilities under the DATA Act, we will continue to review and report on the FDIC’s efforts to implement the requirements of the DATA Act in the coming years.

Corporation Comments

Our report contains no recommendations, and the Director, DOF, elected not to provide a written response.

[End of Executive Summary]

Contents

Background Requirements Imposed on OMB, the Treasury, Inspectors General, and GAO OMB and Treasury Guidance Applicability of FFATA and the DATA Act to the FDIC

Overall Results

Organization of the DATA Act Team Review of Data Elements, Creation of a Data Inventory and Business Processes, and Identification of Source Systems and Gaps

Planned Changes to Business Processes and IT Systems and Development of an Implementation Plan

Next Steps and Remaining Challenges

Corporation Comments and OIG Evaluation

Appendices 1. Objective, Scope, and Methodology 2. Glossary of Terms 3. Abbreviations and Acronyms

Tables 1. Agency 8-Step Plan 2. Summary of Applicability of FFATA and the DATA Act 3. The FDIC’s Planned Implementation Activities for Steps 5-8 of the Playbook

[End of Contents]

[FDIC OIG Letterhead, Federal Deposit Insurance Corporation, Office of Inspector General, Office of Audits and Evaluations, 3501 Fairfax Drive, Arlington, Virginia 22226]

DATE: September 23, 2016

MEMORANDUM TO: Craig R. Jarvill, Director, Division of Finance

FROM: Mark F. Mulholland, Assistant Inspector General for Audits /Signed/

SUBJECT: The FDIC’s Preparedness Efforts to Implement the Requirements of the DATA Act (Report No. AUD-16-006)

This report presents the results of our audit of the FDIC’s preparedness efforts to implement the requirements of the Digital Accountability and Transparency Act of 2014 (the DATA Act). Among other requirements, the DATA Act directs federal Inspectors General (IG) to (1) review a statistically valid sample of spending data submitted by their agency pursuant to the statute and (2) report on the completeness, timeliness, quality, and accuracy of the data as well as the implementation and use of government-wide data standards. The Background section of this report describes a timing anomaly associated with this statutory review and reporting requirement and the approach that federal IGs, including the FDIC IG, plan to take to address their responsibilities under the DATA Act.

The objective of the audit was to determine the status of the FDIC’s preparedness efforts to report financial and payment information in accordance with the DATA Act and related guidance issued by the Office of Management and Budget (OMB) and the Department of the Treasury (the Treasury). The audit followed the methodology and approach outlined in the DATA Act Readiness Review Guide that was developed by the IG community to promote consistency in IG oversight of agency implementation of the DATA Act. The audit included an assessment of the governance structure, plans, and control activities that the FDIC had implemented or was working to implement to report financial and payment information in accordance with the DATA Act. This report does not contain recommendations, thus a written response from FDIC management was not required.

We conducted this performance audit in accordance with generally accepted government auditing standards. Appendix 1 of this report includes additional details about our objective, scope, and methodology; Appendix 2 contains a glossary of terms; and Appendix 3 contains a list of abbreviations and acronyms.

Background

In December 2014, the Comptroller General testified before the Congress that the federal government spends more than $3.5 trillion annually, but data on this spending lacks transparency.1 Moreover, the data are often incomplete or have quality limitations. To address these issues, several statutes have been enacted over the last decade, including the Federal Funding Accountability and Transparency Act of 2006 (FFATA) and the DATA Act.2 FFATA was enacted to increase transparency and accountability of federal contracts and financial assistance awards. Among other things, the statute required OMB to establish a website to provide information on grant and contract awards, and sub-awards. The website, USASpending.gov, was launched in December 2007.3 The DATA Act was enacted in May 2014 to, among other things:

Footnote 1: Testimony before the Committee on Oversight and Government Reform, United States House of Representatives, entitled FEDERAL DATA TRANSPARENCY: Effective Implementation of the DATA Act Would Help Address Government-wide Management Challenges and Improve Oversight, (Report No. GAO-15-241T, dated December 3, 2014).

Footnote 2: The DATA Act (Public Law No. 113-101, 128 Stat. 1146, dated May 9, 2014) amended FFATA (Public Law No. 109-282, 120 Stat. 1186, dated September 26, 2006).

Footnote 3: As required by FFATA, federal agencies post federal award (i.e., financial assistance and contract) data on USAspending.gov. Such data includes the name of the entity receiving the award, the amount of the award, the recipient’s location, the primary location of performance under the award, as well as other information.

- expand FFATA by disclosing direct federal agency expenditures and linking federal contract, loan, and grant spending information to programs of federal agencies to enable taxpayers and policymakers to track federal spending more effectively; - establish Government-wide data standards for financial data and provide consistent, reliable, and searchable Government-wide spending data that is displayed accurately for taxpayers and policymakers on USASpending.gov (or a successor system); and - improve the quality of data by holding federal agencies accountable for the completeness and accuracy of the data submitted.

Within the FDIC, the Division of Finance (DOF) has overall responsibility for implementing the DATA Act.

Requirements Imposed on OMB, the Treasury, Inspectors General, and GAO

The DATA Act imposes specific requirements on OMB, the Treasury, IGs, and the Government Accountability Office (GAO). Among other things, the statute requires OMB and the Treasury to establish, by May 2015, government-wide data standards that include common data elements for reporting financial and payment information. This involves (1) establishing definitions that describe what is to be included in each data element required to be reported under the DATA Act with the aim of ensuring that information will be consistent and comparable and (2) creating a data exchange standard with technical specifications that describes the format, structure, tagging, and transmission of each data element (also known as the DATA Act schema).4 The data exchange standard is also intended to depict the relationships between standardized data elements.

Footnote 4: Certain terms that are underlined when first used in this report are defined in Appendix 2, Glossary of Terms.

Under FFATA, applicable federal agencies reported 259 data elements to USASpending.gov. Subsequent to the enactment of the DATA Act, the Treasury and OMB identified 57 data elements that required standardized definitions, consisting of eight new data elements required by the DATA Act and 49 existing elements from FFATA. The DATA Act also requires that the Treasury, in consultation with OMB, ensure financial data are accurately posted and displayed on USASpending.gov by May 9, 2017, and that OMB and the Treasury ensure that data standards are applied to the data made available on the website.

IGs are required to perform three reviews of a statistically valid sampling of spending data submitted under the DATA Act by their agencies and to submit to the Congress and make publicly available a report assessing the completeness, timeliness, quality, and accuracy of the data sampled and the implementation and use of data standards by their agencies. The IG report is due in November 2016, and two additional reports are due in November 2018 and November 2020. However, federal agencies are not required to report financial and payment information in accordance with the data standards established under the DATA Act until May 2017. As a result, IGs cannot report on the spending data submitted under the Act by November 2016 as the data will not exist until the following year.

To address this timing anomaly, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) notified congressional leaders on December 22, 2015 of the approach that IGs plan to take to satisfy their reporting responsibilities under the DATA Act. Specifically, IGs plan to provide the Congress with their first required reports in November 2017, representing a 1-year delay from the statutory due date, followed by two additional reports in November 2019 and November 2021. As an interim measure, CIGIE encouraged IGs to conduct readiness reviews of their agencies’ efforts to address the requirements of the DATA Act well in advance of the first required report in November 2017.

The DATA Act also requires GAO to submit a series of reports to the Congress that assess data completeness, timeliness, quality, and accuracy. The reports are due in November 2017, November 2019, and November 2021. In addition, the DATA Act requires GAO to assume an oversight and consultative role for DATA Act implementation. This includes working with CIGIE to develop common audit procedures across the federal accountability community to avoid duplication; ensuring Treasury’s implementation efforts follow good consultative practices and that the views from both federal and non-federal stakeholders are appropriately considered; evaluating the data standards to ensure they are complete, clear, and at the right level of specificity; and reviewing upcoming IG reports on the quality of agency spending data and use of data standards in compliance with the DATA Act. As of the close of our field work, GAO had issued several interim reports on the progress being made in implementing the DATA Act.5

Footnote 5: See Appendix 1, Objective, Scope, and Methodology, for a listing of these reports.

OMB and Treasury Guidance

OMB and the Treasury have developed data standards and issued guidance to assist agencies in carrying out their reporting requirements under the DATA Act. Working in coordination with the Treasury, OMB issued Memorandum M-15-12, Increasing Transparency of Federal Spending by Making Federal Spending Data Accessible, Searchable and Reliable, dated May 8, 2015. The OMB memorandum provided guidance on FFATA reporting requirements and expanded reporting requirements pursuant to the DATA Act. It also directed agencies to develop and submit to OMB a DATA Act Implementation Plan (Implementation Plan) that would, among other things, propose an implementation timeline, estimate resource requirements, and describe any foreseeable challenges and solutions.

In June 2015, the Treasury issued the DATA Act Implementation Playbook, Version 1.0, that contained eight recommended steps that agencies can take as they develop their methodology for DATA Act implementation. On June 24, 2016, the Treasury issued Version 2.0 of the Playbook, which included revisions consistent with the progress that had been made since the issuance of Version 1.0. We collectively refer to Versions 1.0 and 2.0 in this report as “the Playbook.” Table 1 below summarizes the steps in the Playbook.

Table 1: Agency 8-Step Plan

Row 1; Step: 1) Organize Team; Description: Create a DATA Act work group (team) that includes impacted business areas (e.g., information technology (IT), procurement, accounting, etc.) and identify a senior accountable officer (SAO) who is responsible for the agency’s implementation of the DATA Act.

Row 2; Step: Review Elements; Description:Review the DATA Act elements (including the standardized definitions) and determine how they relate to the agency’s business operations, IT systems, and organization.

Row 3; Step: Inventory Data; Description: Create an inventory of data and associated business processes, and identify appropriate source systems to extract needed data and understand gaps.

Row 4; Step: Design and Strategize; Description: Plan changes to systems and business processes (e.g., link data contained in financial and management systems via an Award ID*) and develop an Implementation Plan that includes addressing gaps in agency data.

Row 5; Step: Prepare Data for Submission to the Broker*; Description: Review the DATA Act schema; extract data from source systems; map agency data to the DATA Act schema; and implement system changes as needed to collect and link data.

Row 6; Step: Test Broker Implementation; Description: Test Broker implementation outputs and ensure the data are valid.

Row 7; Step: Update Systems; Description: Update the information and systems as needed (e.g., establish linkages between program and financial data, and capture any new data).

Row 8; Step: Submit Data; Description: Submit required data to the Treasury for posting on USASpending.gov or a successor system.

Source: OIG Analysis of the Playbook.

* The unique identifier of the specific award being reported (i.e., Federal Award Identification Number for financial assistance or Procurement Instrument Identifier for procurements).

** A Broker is an intermediary system used to standardize data formatting and assist agencies in validating their data submissions before the data are submitted to the Treasury.

[End of Table 1]

To date, the Treasury has offered agencies opportunities to test two versions of the Broker. The Treasury released the alpha version of the Broker in April 2016, the beta version in July 2016, and anticipates releasing a production-ready version in the fall of 2016. The alpha version of the Broker that allows the Treasury to test the product with a small group of users to, in part, (1) test the design approach, (2) test the technology, and (3) allow users to gain an understanding of the service. The beta version allows a target audience to test working software. Changes are implemented based on user behaviors and feedback.

The scope of our audit consisted of an assessment of the FDIC’s implementation activities to address Steps 1-4 of the Playbook. We did not evaluate the FDIC’s efforts to address Steps 5-8 of the Playbook because components of these steps were not scheduled to be fully addressed until late 2016 or early 2017. We did, however, identify and summarize the status of the FDIC’s planned and completed implementation activities pertaining to Steps 5-8 of the Playbook later in this report.

On May 3, 2016, OMB issued Management Procedures Memorandum No. 2016-03, Additional Guidance for DATA Act Implementation: Implementing Data-Centric Approach for Reporting Federal Spending Information. The memorandum includes new federal prime award reporting requirements, expectations for agencies to provide reasonable assurance that their controls support the reliability and validity of the data they submit to the Treasury, and authoritative sources for agency reporting of various types of data.

Applicability of FFATA and the DATA Act to the FDIC

The FDIC’s Legal Division determined that FFATA applies to the FDIC. However, the Legal Division noted that only federal awards (including contracts and grants over $25,000) that involve the use of funds obtained by a federal agency through the appropriations process are intended to be subject to the Act’s reporting requirements. The FDIC does not obtain its funding through the annual appropriations process. Rather, the FDIC’s operating expenses, including the operating expenses of the FDIC OIG, are paid by assessments levied by the FDIC on insured financial institutions. Therefore, the FDIC’s Legal Division concluded that the Corporation is not subject to the reporting requirements of FFATA.

Further, Section 2(c)(1) of FFATA states that the following three data systems may be used as sources of data: the Federal Procurement Data System (FPDS), the Federal Assistance Award Data System, and Grants.gov. The FDIC does not report under these systems because the Corporation does not provide grants or financial assistance to recipients and is not subject to the Office of Federal Procurement Policy Act (OFPPA) which established FPDS. Moreover, OFPPA applies only to goods and services acquired with appropriated funds.

The Legal Division determined that the FDIC is subject to the reporting requirements of the DATA Act since it requires federal agencies, including the FDIC, to report financial information relating to any federal funds made available to, or expended by, federal agencies and entities receiving federal funds in accordance with government-wide data standards. The Legal Division also noted that the DATA Act did not explicitly make the existing contract and grant reporting requirements of FFATA applicable to agencies, like the FDIC, that are: (1) not funded by appropriations, (2) have independent contracting authority, and (3) have not been reporting to OMB under FFATA. Therefore, the FDIC plans to report on the eight new data elements in the DATA Act. Table 2 on the next page summarizes the applicability of FFATA and the DATA Act to the FDIC.

Table 2: Summary of Applicability of FFATA and the DATA Act

Row 1; Statute: FFATA Applicable to the FDIC?: Yes, but the FDIC is exempt from the statute’s reporting requirements. Reason(s): The scope of th;e statute is limited to the use of appropriated funds for federal awards.

Row 2; Statute: The DATA Act; Applicable to the FDIC?: Yes, specifically with respect to the eight data elements required under the DATA Act that were not required under FFATA. Reason(s): The statute and OMB guidance do not explicitly make the existing contract and grant reporting requirements of FFATA applicable to agencies that are: (1) not funded by appropriations, (2) have independent contracting authority, and (3) have not been report

Source: OIG analysis of documentation provided by the FDIC’s Legal Division.

[End of Table 2]

In its report entitled DATA TRANSPARENCY: Oversight Needed to Address Underreporting and Inconsistencies on Federal Award Website (Report No. GAO-14-476, dated June 2014), GAO noted that the USASpending.gov website states that expenditures made with non-appropriated funds are not to be reported. The report states that officials from three federal agencies (including the FDIC) had informed GAO that their agencies’ contracts were awarded using funds available outside of annual appropriations and, therefore, the agencies were considered to be nonappropriated and exempt from reporting. Each of these three agencies receives a form of appropriation other than through an annual appropriation act.

Because USASpending.gov does not define what constitutes appropriated funds, GAO concluded that it was unclear whether agencies making awards using funds received on the basis of an appropriation other than an annual appropriation are required to report. Further, without clear guidance from OMB that defines the type of appropriated funds exempt from reporting, it is unclear whether justifications from the three agencies for not reporting their contracts are appropriate. As a result, GAO recommended that the OMB Director, in collaboration with the Treasury, clarify guidance on agency responsibilities for reporting awards funded by non-annual appropriations. The OMB Director agreed with this recommendation. According to information in GAO’s Recommendations Database as of the close of our fieldwork, OMB was deliberating the matter and the recommendation remained open.6

Footnote 6: GAO’s Recommendations Database can be found at: http://www.gao.gov/recommendations.

Overall Results

The FDIC has completed the first four steps recommended in the Playbook for implementing the requirements of the DATA Act. Specifically, the FDIC has:

- Established a DATA Act team comprised of subject matter experts and appointed an SAO who has overall responsibility for implementing the DATA Act. The SAO’s responsibilities include overseeing the governance and progress of the DATA Act team’s work.

- Reviewed the standardized data elements and determined which data elements the FDIC must report.

- Created a data inventory and identified associated business processes; determined the source systems to extract needed data; and identified potential gaps.

- Developed a plan to address minimal required changes to systems and business processes and submitted to OMB, and effectively carried out, an Implementation Plan.

Further, in response to our informal feedback during the audit, DOF took actions to strengthen controls over its preparedness efforts to implement the requirements of the DATA Act. Such actions included, for example, documenting the roles and responsibilities for each DATA Act team member, recording key decisions and actions from team meetings, and formalizing the review and approval of deliverables submitted to OMB and the Treasury.

With respect to the remaining four steps in the Playbook, we noted that the FDIC developed a project plan and initiated various activities, such as: (1) updating the mapping of agency data to the DATA Act schema; (2) implementing IT system changes and extracting data; (3) testing Broker outputs to ensure data were complete, accurate, and reliable; and (4) establishing a schedule to process data submissions. The DATA Act team was continuing to address these four remaining Playbook steps at the close of our fieldwork.

Overall, the FDIC’s preparedness efforts were being impacted by delays in receiving guidance and clarification on key issues from OMB and the Treasury, and by slippage in Treasury’s scheduled release of the production-ready Broker. Further, as discussed in the Background section of this report, OMB, in collaboration with the Treasury, has not yet addressed a key recommendation made by GAO in June 2014 to clarify existing guidance on agency responsibilities for reporting awards funded through a non-annual appropriations process. Further delays in the release of the production-ready Broker and/or changes in OMB’s guidance regarding federal awards funded through non-annual appropriations could affect the FDIC’s ability to begin reporting spending data in accordance with established standards by the government-wide implementation date of May 9, 2017.

Because the FDIC took action to address the concerns we identified during the audit, our report contains no recommendations. Consistent with our oversight responsibilities under the DATA Act, we will continue to review and report on the FDIC’s efforts to implement the requirements of the DATA Act in the coming years.

Organization of the DATA Act Team

Step 1 of the Playbook recommends that agencies create a DATA Act team comprised of subject matter experts and appoint an SAO. Additionally, the DATA Act Readiness Review Guide suggests that IGs determine if the agency’s governance structure is sufficient to facilitate the successful implementation of the DATA Act.

We found that the FDIC formed a DATA Act team, appointed an SAO (and project manager to serve as the SAO’s designee), and established a governance structure consistent with guidance issued by OMB and the Treasury to facilitate successful implementation of the DATA Act. As of February 2016, the DATA Act team was comprised of 11 individuals from DOF and the Division of Information Technology. These individuals fulfilled various roles, such as program management (e.g., coordinating DATA Act activities), providing subject matter expertise on financial matters, providing IT technical guidance, and serving as advisors on an as-needed basis. We did note, however, that the roles and responsibilities of each DATA Act team member had not been formally defined. In response to our informal feedback during the audit, DOF representatives documented the roles and responsibilities of the DATA Act team members.

The DATA Act team generally held weekly meetings to discuss project implementation issues, milestones, and tasks. However, minutes of these meetings were not routinely prepared. In our view, maintaining records of key decisions and action items stemming from these meetings is an important internal control. In response to our informal feedback during the audit, the project manager began preparing minutes of the DATA Act team meetings.

We also noted that the DATA Act team had not established a formal process to document the review and approval of key deliverable products, such as the Implementation Plan. Based on our informal feedback during the audit, the Director, DOF, implemented a protocol whereby key deliverables are now formally reviewed and approved by senior management officials by signing an accompanying Form 1211/40, Official Routing and Clearance Sheet.7

Footnote 7: Senior management officials included the Director, DOF; Deputy Director, DOF; Special Assistant to the Director, DOF; and the SAO.

In addition, the DATA Act team routinely attended OMB and Treasury informational meetings and maintained project documents and records of stakeholder communications in a centralized location accessible to the team members.

Review of Data Elements, Creation of a Data Inventory and Business Processes, and Identification of Source Systems and Gaps

Steps 2 and 3 of the Playbook recommend that agencies (1) review OMB and Treasury’s finalized list of DATA Act elements and standardized definitions to determine how they relate to the agencies’ business operations, IT systems, and organization; (2) create an inventory of agency data and associated business processes to understand and document how DATA Act elements can be extracted from the agency’s financial and management systems; and (3) identify gaps, if any, in agency systems and processes.

As discussed in the Background section of this report, the FDIC’s Legal Division has determined that the FDIC is not subject to the reporting requirements of FFATA, but is subject to the reporting requirements of the DATA Act. Accordingly, in its Implementation Plan, dated December 7, 2015, the FDIC informed OMB that the FDIC plans to report only the eight data elements required by the DATA Act. The FDIC does not plan to report the remaining 49 data elements originating from FFATA. The eight standardized data elements that the FDIC plans to report are:

- Obligation

- Appropriations Account

- Unobligated Balances

- Program Activity

-Object Class

- Outlay

- Budget Authority Appropriated

- Other Budgetary Resources

With respect to the Budgetary Authority Appropriated data element, DOF officials informed us that it will be reported as “not applicable” as the FDIC is not subject to an annual appropriations process. In addition, the Other Budgetary Resources data element will be reported as “not applicable” because the data element would only have a potential value if there was a systemically important financial institution failure that required the FDIC to borrow funds from the Treasury to resolve the institution.

We confirmed that the FDIC conducted an inventory based on the eight applicable data elements and determined that the Corporation’s New Financial Environment (NFE) was the primary source system to extract needed data. NFE is the FDIC’s enterprise-wide, integrated financial system that provides accounting, reporting, and management data. As discussed in more detail in the next section of this report, the FDIC anticipates minimal changes to its business processes and IT systems to address gaps based on its creation of a data inventory.

Between June 2015 and June 2016, the FDIC had a number of communications with OMB and Treasury officials aimed at seeking guidance and clarification on the application of the DATA Act to the FDIC. As part of these communications, the FDIC sought OMB and Treasury’s concurrence on the FDIC’s plan to report only those data elements required by the DATA Act. On June 21, 2016, OMB informed the FDIC’s DATA Act project manager via email that OMB did not object at that time to the FDIC’s plans for reporting under the DATA Act. As discussed more fully in the next section of this report, delays in receiving guidance and a final determination from OMB on the appropriateness of the FDIC’s planned approach impacted the Corporation’s ability to provide OMB with a timely Implementation Plan.

Planned Changes to Business Processes and IT Systems and Development of an Implementation Plan

Step 4 of the Playbook recommends that agencies (1) plan changes to systems and business processes (e.g., link data contained in financial and management systems via an Award ID) and (2) develop a comprehensive Implementation Plan that includes solutions for addressing gaps in agency data. OMB Memorandum M-15-12, Increasing Transparency of Federal Spending by Making Federal Spending Data Accessible, Searchable and Reliable, provides guidance on what agency Implementation Plans should contain. Among other things, the plans should include a timeline of milestones; a cost estimate to implement the milestones; a detailed narrative that explains the required milestones, identifies underlying assumptions, and outlines the potential challenges and risks to successful implementation of the plan; and a detailed project plan that the agency develops over time.

The FDIC anticipates that minimal changes to its business processes and IT systems will be required to implement the DATA Act. The FDIC plans to utilize its current Government-wide Treasury Account System submission reports as the basis for producing and submitting a quarterly DATA Act schema report. To satisfy the requirement in the DATA Act to report on the Object Class data element on a quarterly basis, the FDIC will use an analytic and reporting tool called WebFOCUS to build an expense-object class table within NFE. The FDIC currently captures and reports expenses by Object Class on an annual basis, and the process is manual. The FDIC expects to finalize the expense-object class table by September 2016.

In September 2015, the FDIC sought and obtained an extension from OMB and the Treasury for submitting its Implementation Plan. The extension was needed, in part, because of delays in receiving guidance from OMB and the Treasury on which data elements the FDIC was required to report. The FDIC submitted its initial Implementation Plan on November 30, 2015, approximately 2 months later than the official due date in the Playbook. The FDIC subsequently updated its Implementation Plan on December 7, 2015.

The Treasury OIG’s report, entitled Treasury’s Government-wide DATA Act Implementation Continues, But Project Management Concerns Remain (Report No. OIG-16-047, dated June 22, 2016) indicates that such delays were not unique to the FDIC. The report states that the Treasury and OMB lacked controls to ensure prompt responses to federal agency DATA Act questions. The report noted that while some agency questions were addressed immediately, others were not addressed for a lengthy period of time. The Treasury OIG report also indicated that although the Treasury continued to make progress in implementing the DATA Act, Treasury’s project management practices could, if not addressed, hinder the timely, comprehensive, governmentwide implementation of the program.

Our review of the FDIC’s December 2015 Implementation Plan found that it was generally consistent with relevant OMB and Treasury guidance. In addition, the project plan portion of the Implementation Plan was being regularly reviewed and updated by the DATA Act project manager. Based on our informal feedback during the audit, the DATA Act team enhanced the project plan to define the individual responsible for, and the status of, each task and milestone. Further, we reviewed selected items in the Implementation Plan identified as completed as of March 25, 2016 and confirmed that the items were, in fact, completed, documented, and consistent with applicable guidance. Selected items that we reviewed included draft mapping documents and project governance documentation.

Recognizing that agency Implementation Plans may have changed based on recently issued DATA Act guidance, on June 15, 2016, OMB and the Treasury requested that Chief Financial Officers (CFO) Act agencies submit updates to key components of their Implementation Plans by August 12, 2016. Such updates were to include milestones explaining the agency’s progress to date and path to implementation pursuant to the Playbook; a summary-level statement regarding funds the agency has spent on the effort to date, as well as estimated total future spending; and a written explanation of the milestones included in the updated timeline as well as risks and a risk mitigation strategy, as applicable. The FDIC informed OMB and the Treasury on June 16, 2016 that it did not plan to provide an updated Implementation Plan at that time given that the FDIC is not a CFO Act agency and was engaged in ongoing communications with OMB and the Treasury through other channels.

Next Steps and Remaining Challenges

As previously discussed, we did not evaluate the FDIC’s efforts to address Steps 5-8 of the Playbook. We noted, however, that the FDIC had developed a project plan that addressed Steps 5-8 of the Playbook. The project plan includes key activities in the Playbook and subtasks for each activity. It also reflects assigned responsibilities for the completion of each subtask and associated deadlines. Table 3 summarizes key activities and subtasks for Steps 5-8 of the Playbook as of July 11, 2016. As reflected in the Table, the FDIC has addressed the majority of subtasks related to Step 5 of the Playbook and is on schedule to address the remaining steps prior to the May 2017 reporting deadline. The remaining milestones are contingent upon the Treasury’s completion and roll-out of the production-ready Broker.

Table 3: The FDIC’s Planned Implementation Activities for Steps 5-8 of the Playbook

Row 1; Activity: 5) Prepare Data for Submission to the Broker; Subtask: Map FDIC data to the DATA Act schema; meet with Treasury and OMB officials to verify that mapping matches requirements; and make adjustments as necessary. Validate mapping document against the alpha Broker. Build WebFocus report that will populate the DATA Act schema.; Expected Completion Date*: N/A; Key Dependency: Release of final Data Act schema (April 29, 2016); Status as of July 2016: Completed

Row 2; Activity: 5) Prepare Data for Submission to the Broker; Subtask: Build validation and submission process.; Expected Completion Date*: 12/31/16; Key Dependency: Release of the production Broker (expected in the fall of 2016); Status as of July 2016: On schedule

Row 3; Activity: 6) Test Broker Implementation; Subtask: Test mapping to DATA Act schema. Test submission process to the Treasury.; Expected Completion Date*: 3/1/17, 4/1/17 respectively; Key Dependency: Release of the production Broker; Status as of July 2016: On schedule

Row 4; Activity: 7) Update Systems; Subtask: Revise report, if necessary, to meet submission standards.; Expected Completion Date*: 4/1/17; Key Dependency: ; Status as of July 2016: On schedule;

Row 5; Activity: 8) Submit data; Subtask: Submit DATA Act report to the Treasury.; Expected Completion Date*: 5/1/17; Key Dependency: ; Status as of July 2016: On schedule;

Source: OIG Analysis of FDIC’s July 11, 2016 Project Plan.

* Dates reflect revisions to original milestones in the December 7, 2015 Implementation Plan due to delays in receiving finalized OMB and Treasury guidance.

[End of Table 3]

The Treasury finalized the DATA Act schema, Version 1.0, on April 29, 2016, almost 4 months after its estimated release date of December 31, 2015. This delayed the FDIC’s progress in completing Step 5 of the Playbook, which includes the mapping of data from source systems to the DATA Act schema. In addition, the Treasury’s production-ready Broker and related documentation had not been released as of the close of our audit. The original release date for the production-ready Broker, as reflected in the Playbook, Version 1.0, was February 2016. As a result of this delay, the FDIC revised the milestones in its Implementation Plan for Steps 5-7 of the Playbook.

Further, as discussed more fully in the Background section of this report, GAO recommended that OMB, in collaboration with the Treasury, clarify guidance on agency responsibilities for reporting awards funded by non-annual appropriations. A decision by OMB that the FDIC would have the same reporting requirements for contract awards as agencies subject to annual appropriations would significantly impact the FDIC’s ability to begin reporting spending data in accordance with established standards by the government-wide implementation date of May 9, 2017. Consistent with our oversight responsibilities under the DATA Act, we will continue to review and report on the FDIC’s efforts to implement the requirements of the DATA Act in the coming years.

Corporation Comments and OIG Evaluation

Our report contains no recommendations, and the Director, DOF, elected not to provide a written response.

Appendix 1

Objective, Scope, and Methodology

Objective

The audit objective was to determine the status of the FDIC’s preparedness efforts to report financial and payment information in accordance with the DATA Act and related guidance issued by OMB and the Treasury.

We conducted this performance audit from January through July 2016 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective. Except as noted in the report, our findings and conclusions are as of July 20, 2016.

Scope and Methodology

The scope of the audit included an assessment of the FDIC’s DATA Act implementation activities that address Steps 1-4 of the Playbook, Versions 1.0 and 2.0. These steps included the FDIC’s efforts to (1) organize a cross-functional team and appoint an SAO who is responsible for the implementation of the requirements of the DATA Act; (2) review the 57 standardized data elements and determine which data elements the FDIC is required to report; (3) review agency data inventory and business processes to identify gaps; and (4) develop a comprehensive Implementation Plan. We did not evaluate the FDIC’s efforts to address Steps 5-8 of the Playbook because components of these steps were not scheduled to be fully addressed until late 2016 or early 2017. We did, however, identify and summarize the status of the FDIC’s planned and completed implementation activities pertaining to Steps 5-8 of the Playbook.

To achieve the audit objective, we:

- identified and reviewed relevant criteria, including Public Law 109-282, Federal Funding Accountability and Transparency Act of 2006, dated September 26, 2006; Public Law 113-101, Digital Accountability and Transparency Act of 2014, dated May 9, 2014; OMB Memorandum M-15-12, Increasing Transparency of Federal Spending by Making Federal Spending Data Accessible, Searchable and Reliable, dated May 8, 2015; the DATA Act Implementation Playbook, Version 1.0, dated June 2015; the DATA Act Implementation Playbook, Version 2.0, dated June 24, 2016; OMB Management Procedures Memorandum No. 2016-03, Additional Guidance for DATA Act Implementation: Implementing Data-Centric Approach for Reporting Federal Spending Information, dated May 3, 2016.

- reviewed the following GAO reports on DATA Act Implementation and Transparency: DATA ACT: Improvements Needed in Reviewing Agency Implementation Plans and Monitoring Progress (Report No. GAO-16-698, dated July 2016); Data Transparency, Oversight Needed to Address Underreporting and Inconsistencies on Federal Award Website (Report No. GAO-14-476, dated June 2014); Federal Data Transparency, Effective Implementation of the DATA Act Would Help Address Government-wide Management Challenges and Improve Oversight (Report No. GAO-15-241T, dated December 3, 2014); DATA ACT: Progress Made in Initial Implementation but Challenges Must be Addressed as Efforts Proceed (Report No. GAO-15- 752T, dated July 29, 2015); DATA ACT, Data Standards Established, but More Complete and Timely Guidance Is Needed to Ensure Effective Implementation (Report No. GAO-16-261, dated January 29, 2016); and DATA ACT: Progress Made but Significant Challenges Must Be Addressed to Ensure Full and Effective Implementation (Report No. GAO-16-556T, dated April 19, 2016).

- reviewed the Treasury OIG report, entitled Treasury’s Government-wide DATA Act Implementation Continues, But Project Management Concerns Remain, (Report No. OIG-16-047, dated June 22, 2016).

- contacted officials in OMB, the Treasury, and GAO to obtain their perspectives on DATA Act requirements and guidance.

- interviewed FDIC officials to determine their roles, responsibilities, and perspectives related to the DATA Act and to discuss the FDIC’s DATA Act implementation efforts. Such officials included the:

o Special Assistant to the Director, DOF;

o DATA Act team members that are primarily in DOF; and

o Legal Division personnel familiar with the DATA Act and FFATA.

- participated in meetings of the Federal Audit Executive Council’s DATA Act Working Group—a group of IGs from across the federal government established to promote consistency in IG oversight of agency implementation of the DATA Act. A key deliverable of this working group is the DATA Act Readiness Review Guide that was initially issued in December 2015 (Version 1.0) and updated in June 2016 (Version 2.0) to provide IGs with suggested audit steps and procedures for completing their readiness reviews. We followed the methodology and approach outlined in the guide in conducting this audit.

Regarding compliance with laws and regulations, we reviewed the FDIC’s compliance with relevant provisions of the DATA Act and the above-referenced OMB and Treasury guidance. In addition, we assessed the risk of fraud and abuse related to our audit objective in the course of evaluating audit evidence.

We performed our work at the FDIC Headquarters offices at Virginia Square in Arlington, Virginia.

Appendix 2

Glossary of Terms

Appropriations Account

The basic unit of an appropriation generally reflecting each unnumbered paragraph in an appropriation act. An appropriation account typically encompasses a number of activities or projects and may be subject to restrictions or conditions applicable to only the account, the appropriation act, titles within an appropriation act, other appropriation acts, or the Government as a whole.

Budget Authority Appropriated

A provision of law (not necessarily in an appropriations act) authorizing an account to incur obligations and to make outlays for a given purpose. Usually, but not always, an appropriation provides budget authority.

Chief Financial Officers (CFO) Act Agency

Major executive departments and agencies, which are codified, as amended in section 901of Title 31, U.S.C., that are required to establish chief financial officers to oversee financial management activities in accordance with the CFO Act, Pub. L. No.101-576 (Nov. 15, 1990).

DATA Act Schema

On April 29, 2016, the Treasury released the DATA Act Information Model Schema v1.0, which provides an overall view of the hundreds of distinct data elements used to tell the story of how federal dollars are spent. The schema organizes these elements into a structure that further defines, groups, and relates them to each other. The schema also includes artifacts that provide technical guidance for federal agencies about what data to report to the Treasury, including the authoritative sources of the data elements and the submission format. In addition, the schema provides clarity on how the public can better understand the inherent complexity of the data.

Federal Audit Executive Council One of three subgroups established by the Council of the Inspectors General on Integrity and Efficiency to aid in the accomplishment of their mission.

Object Class Categories in a classification system that presents obligations by the items or services purchased by the federal government. Each specific Object Class is defined in OMB Circular A-11, Preparation, Submission, and Execution of the budget.

Obligation A legally binding agreement that will result in outlays, immediately or in the future. When an order is placed, a contract is signed, a grant awarded, a service purchased, or other actions are taken that require the government to make payments to the public or from one government account to another, an obligation is incurred.

Other Budgetary Resources New borrowing authority, contract authority, and spending authority from offsetting collections provided by the Congress in an appropriations act or other legislation, or unobligated balances of budgetary resources made available in previous legislation, to incur obligations and to make outlays.

Outlay Payments made to liquidate an obligation (other than the repayment of debt principals or other disbursements that are “means of financing” transactions). Outlays are generally equal to cash disbursements but also are recorded for cash-equivalent transactions, such as the issuance of debentures to pay insurance claims, and in a few cases are recorded on an accrual basis such as interest on public issues of the public debt. Outlays are a measure of Government spending.

Program Activity A specific activity or project as listed in the program and financing schedules of the annual budget of the United States Government.

Readiness Review As it relates to the DATA Act, a review which enables IGs to gain an understanding of the processes, systems, and controls the agency has implemented or plans to implement, in accordance with the requirements of the DATA Act.

Systemically Important Financial Institution Section 165(d) of the Dodd-Frank Wall Street Reform and Consumer Protection Act requires certain financial companies designated as systemically important to report to the FDIC on their plans for a rapid and orderly resolution under the Bankruptcy Code in the event of material financial distress or failure. For purposes of this report, we refer to these insitutions as Systemically Important Financial Institutions.

Unobligated Balances The cumulative amount of budget authority that remains available for obligations under law in unexpired accounts at a point in time.

Appendix 3 Abbreviations and Acronyms

CIGIE Council of the Inspectors General on Integrity and Efficiency CFO Chief Financial Officer DATA Act The Digital Accountability and Transparency Act of 2014 DOF Division of Finance FDIC Federal Deposit Insurance Corporation FFATA Federal Funding Accountability and Transparency Act of 2006 FPDS Federal Procurement Data System GAO Government Accountability Office IT Information Technology IG Inspector General NFE New Financial Environment OFPPA Office of Federal Procurement Policy Act OIG Office of Inspector General OMB Office of Management and Budget SAO Senior Accountable Official Treasury Department of the Treasury

[End of Report]

Print Print
Close