Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

The FDIC’s Compliance with the Digital Accountability and Transparency Act of 2014

This is the accessible text file for FDIC OIG report number AUD-18-003 entitled 'The FDIC’s Compliance with the Digital Accountability and Transparency Act of 2014' .

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments.

We have maintained the structural and data integrity of the original printed product in this text file to the extent possbile. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

Federal Deposit Insurance Corporation Office of Inspector General

Office of Program Audits and Evaluations Report No. AUD-18-003

The FDIC’s Compliance with the Digital Accountability and Transparency Act of 2014

November 2017

Executive Summary

Why We Did The Audit

The Digital Accountability and Transparency Act of 2014 (DATA Act) expanded the Federal Funding Accountability and Transparency Act of 2006 (FFATA) to increase accountability and transparency in federal spending, and for other purposes. Among other requirements, the DATA Act directs federal Inspectors General (IG) to review a statistically valid sample of spending data submitted by their agency pursuant to the statute and report the results to Congress. Consistent with the Act, our objective was to assess the (1) completeness, timeliness, quality, and accuracy of the financial and award data submitted for the second quarter of Fiscal Year 2017 and published on USASpending.gov and (2) FDIC's implementation and use of the government-wide financial data standards established by the Office of Management and Budget (OMB) and the Department of the Treasury (Treasury).

Background

The DATA Act expanded on previous federal transparency legislation by requiring the disclosure of federal agency expenditures and linking agency spending information to federal program activities. In doing so, both policymakers and the public can more effectively track federal spending. To improve the quality of information, the DATA Act requires that agency-reported award and financial information comply with new data standards established by the OMB and Treasury. These standards specify the items to be reported under the DATA Act and define and describe what agencies must include in each element with the aim of ensuring that information will be consistent and comparable.

Among other things, the OMB established 57 standardized data element definitions for reporting federal spending information (49 of which are established under FFATA and 8 of which are established under the DATA Act). Treasury, in turn, issued guidance to agencies explaining how to standardize the way financial assistance awards, contracts, and other financial and non-financial data will be collected and reported under the DATA Act. A key component of the reporting framework is the DATA Act Broker which is a Treasury-developed system for standardizing data formatting and assisting reporting agencies in validating their data submissions.

The FDIC determined that the Corporation is not subject to the FFATA reporting requirements because those data elements relate to an annual appropriations process, which is not applicable to the FDIC as a separately funded Corporation. However, the FDIC determined that it is subject to the reporting requirements of the DATA Act, which requires agencies to report on eight additional data elements that are primarily related to budgeting and outlays or expenditures.

Audit Results We concluded that the FDIC could reasonably rely on its source financial system for the DATA Act submission for the second quarter of fiscal year 2017. However, the FDIC incorrectly reported certain data elements obtained from its source financial system when submitting its files. Therefore, although the FDIC’s data submission was timely and complete, the data lacked quality and was inaccurate in certain respects. Specifically, we identified three reporting errors:

- The FDIC should have reported a certain value as $1.067 billion and, instead, reported it as zero. - The FDIC incorrectly overstated another data element by $10.9 million. - The FDIC misclassified another data element, which led to an understatement in one object class and an overstatement in another.

We found that the FDIC did not correctly implement all data definitions as evidenced by the errors in the DATA Act submissions.

We also identified control weaknesses in FDIC processes that contributed to the reporting inaccuracies. For example, the FDIC should strengthen controls around the submission process, including enhancing written procedures, defining roles and responsibilities of individuals tasked with DATA Act submissions, and establishing adequate segregation of duties and back-up resources. Without such control improvements, the FDIC is at risk for further inaccurate and lesser quality DATA Act submissions.

During and after our audit fieldwork, the FDIC was in the process of enhancing its procedures and had clarified roles and responsibilities and established segregation of duties of its DATA Act team members.

Recommendations and Corporation Comments

We made six recommendations to the Director of the Division of Finance (DOF) to enhance DATA Act procedures, establish a mapping between DATA Act reporting requirements and financial system data elements, strengthen segregation of duties, train DATA Act team members and back-up resources, document quality review of DATA Act submissions, and correct and recertify the DATA Act submission for the second quarter of 2017. DOF concurred with our recommendations and proposed actions to be completed by November 2017.

[End of Executive Summary]

Contents

Background Audit Results Reliability of Source Financial System 7 DATA Act Submission Was Inaccurate and Lacked Quality The FDIC Did Not Correctly Implement Data Standards Internal Control Weaknesses Contributed to Inaccuracies and Should Be Strengthened

Conclusion and Recommendations Corporation Comments and OIG Evaluation

Appendices 1. Objective, Scope, and Methodology 2. Glossary of Terms 3. Acronyms and Abbreviations 4. Corporation Comments 5. Summary of the Corporation’s Corrective Actions

Figure Overview of the DATA Act Broker

[End of Contents]

[FDIC letterhead, Federal Deposit Insurance Corporation, Office of Inspector General Office of Program Audits and Evaluations, 3501 Fairfax Drive, Arlington, VA 22226]

DATE: November 8, 2017

MEMORANDUM TO: Craig R. Jarvill, Director, Division of Finance

/Signed/ FROM: E. Marshall Gentry, Assistant Inspector General for Program Audits and Evaluations

SUBJECT: The FDIC’s Compliance with the Digital Accountability and Transparency Act of 2014 (Report No. AUD-18-003)

This report presents the results of our audit of the FDIC’s Compliance with the Digital Accountability and Transparency Act of 2014 (DATA Act), Public Law No. 113-101. Congress enacted the Federal Funding Accountability and Transparency Act of 2006 (FFATA), Public Law No. 109-282, to increase transparency and accountability of federal contracts and financial assistance awards. Among other things, FFATA required the Office of Management and Budget (OMB) to establish a website to provide information on grant and contract awards and sub-awards. The OMB launched the website, USASpending.gov, in December 2007.1

Footnote 1: As required by FFATA, federal agencies are to post federal award (i.e., financial assistance and contract) data on USASpending.gov to give the American public access to information on how their tax dollars are spent. Such data includes the name of the entity receiving the award, the amount of the award, the recipient’s location, the primary location of performance under the award, as well as other information. FFATA is not legally binding on the FDIC, according to the Corporation.

The DATA Act was enacted on May 9, 2014, to expand on the reporting requirements of FFATA. Among other things, the purposes of the DATA Act are to:

- mandate disclosure of direct federal agency expenditures and link federal contract, loan, and grant spending information to federal agency programs to enable taxpayers and policymakers to track federal spending more effectively;

- establish government-wide data standards for financial data to provide consistent, reliable, and searchable government-wide spending data that is displayed accurately for taxpayers and policymakers on USASpending.gov (or a successor system); and

- improve the quality of data by holding federal agencies accountable for the completeness and accuracy of the data submitted.

The DATA Act also directs federal Inspectors General (IG) to review a statistically valid sample of spending data submitted by their agency pursuant to the statute and report the results to Congress. Consistent with the Act, our objective was to assess the (1) completeness,2 timeliness, quality, and accuracy of the financial and award data submitted for the second quarter of Fiscal Year 2017 and published on USASpending.gov and (2) FDIC’s implementation and use of the government-wide financial data standards established by the OMB and Department of the Treasury (Treasury).

Footnote 2: Certain terms that are underlined when first used in this report are defined in Appendix 2, Glossary of Terms.

To address the objective, we:

- reviewed federal statutes and regulations, and government-wide policy and guidance; - assessed the FDIC’s controls over the DATA Act program; - reviewed and tested financial data elements reported to Treasury under the DATA Act; and - interviewed officials in the FDIC’s Division of Finance (DOF) who were responsible for administering and implementing the DATA Act.

We conducted this performance audit in accordance with generally accepted government auditing standards. Appendix 1 of this report includes additional details about our objective, scope, and methodology. Appendix 2 contains a glossary of key terms. Appendix 3 contains a list of abbreviations and acronyms.

Background

The DATA Act expanded on previous federal transparency legislation by requiring the disclosure of federal agency expenditures and linking agency spending information to federal program activities so that both policymakers and the public can more effectively track federal spending. The DATA Act requires government-wide reporting on a variety of federal funds, such as budget and financial information, as well as tracking of these funds at multiple points in the federal spending lifecycle. To improve the quality of these data, the DATA Act requires that agency-reported award and financial information comply with new data standards established by the OMB and Treasury. These standards specify the items to be reported under the DATA Act and define and describe what is to be included in each element with the aim of ensuring that information will be consistent and comparable.

The DATA Act identifies the OMB and Treasury as the two agencies responsible for leading government-wide implementation. Toward that end, the OMB has taken a number of steps to help agencies meet their reporting requirements, including establishing 57 standardized data element definitions for reporting federal spending information, issuing guidance to implement selected standards and clarify agency reporting requirements, and meeting with agencies to assess their readiness to meet the reporting requirements under the DATA Act.

Treasury also led efforts to develop the technical guidance and reporting systems to facilitate agency reporting. In April 2016, Treasury released the DATA Act Information Model Schema (DATA Act Schema), which provides information on how to standardize the way financial assistance awards, contracts, and other financial and non-financial data will be collected and reported under the DATA Act. As described in the Government Accountability Office (GAO) Report No. GAO-17-496, DATA Act: As Reporting Deadline Nears, Challenges Remain That Will Affect Data Quality, dated April 2017, a key component of the reporting framework is the DATA Act Broker, which is a Treasury-developed system for standardizing data formatting and assisting reporting agencies in validating their data submissions. The Figure on the next page depicts how the data submission process is intended to work. Agencies submit three files (Files A, B, and C) based on information in their existing financial management systems. The DATA Act Broker extracts award and sub-award information from government-wide award reporting systems that contain award data covering federal assistance, including grants and loans, as well as procurements (Files D1, D2, E, and F) as shown in the Figure.3

Footnote 3: Treasury published two guides on DATA Act submissions: (1) the Reporting Submission Specification (RSS), which contains information about the file format, content scope, and file organization agencies should use to extract information from their financial systems to complete required Files A, B, and C, and (2) the Interface Definition Document (IDD), which provides guidance for completing required Files D through F, including what information the DATA Act Broker will extract from government-wide feeder systems for procurement and financial assistance awards.

Figure: Overview of the DATA Act Broker

Data Act Broker

File A: Appropriations Account File D1: Procurement File D2: Financial Assistance File E: Additional Awardee Attributes File B: Object Class and program activity File F: Sub-award attributes File C: Award Financial

File D1 (Procurement) will be extracted from the Federal Procurement Data System (FPOS-NG)

File D2 (Financial Assistance) from the Award Submissions Portal (ASP)

File E (Additional Awardee Attributes) from the System for Award Management (SAM)

File F (Sub-award attributes) from the Federal Funding Accountability and Transparency Act Subrecipient Reporting System (FSRS).

Validation of data in files A, B, C Files D1, D2, E, and F will not be validated in the broker. Checks include field length and data type to ensure data are consistent and comparable.

Agency certification Senior Accountable Officials (SAO) document their assurance of data reliability and accuracy

Treasury data store Storage architecture designed to hold data extracted from transactional systems, operational data stores, and external sources

Treasury data store data feeds into USASpending.gov (or successor system)

Data submission from agencies: File A, B, and C

Data extracted from existing award data system: File D1, D2, E, and F

Source: GAO Report No. GAO-16-824R, DATA Act: Initial Observations on Technical Implentation, dated August 3, 2016



[End of Figure]

Requirements for Inspectors General

The Act also requires agencies’ IGs and the GAO to assess and report on the completeness, timeliness, quality, and accuracy of spending data submitted by federal agencies. The DATA Act required IGs to issue the first reports by November 2016. However, according to the DATA Act, agencies were not required to submit spending data until May 2017, thus making it impossible for the IGs to report on the spending data in November 2016. To address the IG reporting date anomaly, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) communicated to Congress the IGs’ plan to provide the first required reports by November 8, 2017, a 1-year delay from the statutory due date, with two subsequent reports, each following on a 2-year cycle.4

Footnote 4: On December 22, 2015, CIGIE’s chair issued a letter memorializing the strategy for addressing the IG reporting date anomaly and communicated it to the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Oversight and Government Reform.

CIGIE encouraged the IGs to undertake assessments of their respective agencies’ readiness to submit spending data in accordance with DATA Act requirements. CIGIE established the Federal Audit Executive Council DATA Act Working Group (Working Group) to assist the IG community in understanding and meeting its DATA Act oversight requirements. The Working Group issued the DATA Act Readiness Review Guide (version 2.0) on June 2, 2016, to guide IGs in conducting their readiness reviews.

We conducted a readiness review and issued a report in September 2016.5 The report noted that the FDIC had completed the first four of eight steps recommended for implementing the requirements of the DATA Act. Specifically, the FDIC had established a DATA Act team, including appointing a Senior Accountable Official (SAO), who has overall responsibility for implementing the DATA Act; reviewed the standardized data elements and determined which data elements the FDIC must report; created a data inventory and identified associated business processes; and determined the source systems to extract needed data. At the time the review concluded, the FDIC DATA Act team was still addressing the remaining four steps, which included the mapping of agency data to the DATA Act Schema.

Footnote 5: FDIC OIG Report No. AUD-16-006, The FDIC’s Preparedness Efforts to Implement the Requirements of the DATA Act.

CIGIE, in consultation with the GAO, developed an Inspectors General Guide6 to set a baseline framework for the required reviews performed by the IG community and to foster a common methodology for performing these mandated reviews. We used this guide to conduct our audit.

Footnote 6: Inspectors General Guide to Compliance Under the DATA Act, dated February 27, 2017.

Applicability of FFATA and the DATA Act to the FDIC

The FFATA requires federal agencies to report agency cost information for 49 data elements to the OMB. The DATA Act expanded FFATA to include reporting of eight new data elements. The FDIC has determined that FFATA applies to the FDIC. However, the FDIC noted that only federal awards (including contracts and grants over $25,000) that involve the use of funds obtained by a federal agency through the appropriations process are intended to be subject to the FFATA’s reporting requirements. The FDIC does not obtain its funding through the annual appropriations process. Rather, the FDIC’s operating expenses are paid from the Deposit Insurance Fund, which is funded by deposit insurance assessments levied on FDIC-insured financial institutions. Therefore, the FDIC concluded that the Corporation is not subject to the reporting requirements of FFATA.

The FDIC determined that it is subject to the reporting requirements of the DATA Act since it requires federal agencies, including the FDIC, to report financial information relating to any federal funds made available to, or expended by, federal agencies and entities receiving federal funds in accordance with government-wide data standards. The FDIC also noted that the DATA Act did not explicitly make the existing contract and grant reporting requirements of FFATA applicable to agencies, like the FDIC, that are: (1) not funded by appropriations, (2) have independent contracting authority, and (3) have not been reporting to the OMB under FFATA. Between June 2015 and June 2016, the FDIC had a number of communications with the OMB

and Treasury officials aimed at seeking guidance and clarification on the application of the DATA Act to the FDIC. The FDIC issued a DATA Act Implementation Plan, dated December 7, 2015, informing the OMB that the FDIC planned to report only the eight data elements required by the DATA Act. On June 21, 2016, the OMB conveyed that it did not object at that time to the FDIC’s plans for the reduced reporting under the DATA Act.7

Footnote 7: In a June 2014 report (GAO Report No. GAO-14-476, DATA TRANSPARENCY Oversight Needed to Address Underreporting and Inconsistencies on Federal Award Website), GAO noted that the USASpending.gov website states that expenditures made with non-appropriated funds are not to be reported and that officials from three federal agencies (including the FDIC) had informed GAO that their agencies’ contracts were awarded using funds available outside of annual appropriations and, therefore, the agencies were considered to be non-appropriated and exempt from reporting. GAO recommended that the OMB Director, in collaboration with the Treasury, clarify guidance on agency responsibilities for reporting awards funded by non-annual appropriations. The OMB Director agreed with this recommendation. The OMB was still considering this matter at the conclusion of our fieldwork.

The eight standardized data elements that the FDIC reports follow and are defined in Appendix 2, Glossary of Terms.

- Obligation - Appropriations Account - Unobligated Balances - Outlay - Program Activity8 - Object Class9 - Budget Authority Appropriated - Other Budgetary Resources

Footnote 8: Program activity is defined in Title 31 of the United States Code, Section 1115(h), as a specific activity or program as listed in the program and financing schedule of the annual budget of the United States Government. FDIC Budget Management reports capture expenses by program, which are defined as Supervision, Insurance, Receivership Management, and General and Administrative.

Footnote 9: Object class is a category in the classification system that presents obligations by the items or services purchased by the Federal Government. Each specific object class is defined in OMB Circular A-11, Preparation, Submission, and Execution of the Budget. The FDIC has determined that Circular A-11 is not legally binding on the FDIC, but the FDIC partially complies with the Circular.

The FDIC’s DOF has overall responsibility for implementing the requirements of the DATA Act. The FDIC has prepared procedures for DATA Act reporting to USASpending.gov that include processes for the quarterly production, review, and submission of DATA Act-required files. The FDIC prepares these files from general ledger data currently available in its financial system. Submitting data for the DATA Act is a four-step process, which includes activities related to

1. Reviewing DATA Act Schema documents, to identify the data to be submitted and the format for packaging data for submission; 2. Validating the uploaded and extracted data to the DATA Act Broker; 3. Reviewing warnings and error reports generated by the DATA Act Broker and correcting and resubmitting data, if necessary; and 4. Certifying the data in the DATA Act Broker for publication on USASpending.gov.

Since the FDIC is not required to report award information for the DATA Act, the FDIC submits Files A and B to the DATA Act Broker quarterly. File A contains appropriation summary-level data and File B includes obligations and outlay information at the program activity and object class level.10 File C, which is also an agency-submitted file and presents obligations at the award level, is not applicable for the FDIC because the FDIC does not make such awards. Files D through F data are extracted from intermediary government-wide systems. The SAO is responsible for reviewing Files A through F information for accuracy and completeness.

Footnote 10: File A and B presents cumulative, fiscal year information.

Audit Results

We concluded that the FDIC could reasonably rely on its source financial system11 for the DATA Act submission for the second quarter of fiscal year 2017. However, the FDIC incorrectly reported certain data elements obtained from its source financial system when submitting its files. Therefore, although the FDIC’s data submission was timely and complete, the data lacked quality and was inaccurate in certain respects. Additionally, while the FDIC implemented data definition standards established by the OMB and Treasury, it did not correctly use all data definitions, as evidenced by the errors in the DATA Act submissions. The FDIC should enhance controls over DATA Act reporting to reduce inaccuracies.

Footnote 11: The FDIC’s source financial system is subject to external annual audits by the GAO and internal assessments.

Reliability of Source Financial System

OMB Memorandum M-17-04, Additional Guidance for DATA Act Implementation: Further Requirements for Reporting and Assuring Data Reliability,12 states that agencies should have internal controls in place over all of the data reported for display on USASpending.gov in accordance with OMB Circular A-123, Management’s Responsibility for Internal Control. As prescribed in the Inspectors General Guide, we relied on the FDIC’s internally prepared Assurance Statements and external audit reports when assessing internal controls over the FDIC’s source financial system and financial reporting.

Footnote 12: The FDIC considers this Memorandum as providing guidance and not as creating new requirements.

The FDIC’s Assurance Statement process requires the head of the agency to prepare a statement annually on the adequacy of internal, management, and financial system controls. The assurance statement addresses compliance with applicable internal control standards and provides reasonable assurance that, among other things, operations and programs are effective and efficient; financial data and reporting are reliable; laws and regulations are followed; internal controls are sufficient to minimize exposure to waste, fraud, and mismanagement; and key current procedures are documented. The FDIC’s 2016 Assurance Statement stated that the FDIC’s management controls, as a whole, provided reasonable assurance that the agency achieved its management control objectives during 2016 and identified no material weaknesses. The Assurance Statement identified several non-material challenges that did not directly relate to DATA Act reporting. The FDIC will complete its 2017 Assurance Statement in late 2017, after the release of this report.

We also reviewed the FDIC’s Financial Statement audit report for Calendar Year 2016 and supporting report on information technology controls prepared by the GAO, the FDIC’s independent auditor. GAO concluded that the FDIC maintained, in all material respects, effective internal controls over financial reporting. However, GAO identified deficiencies in the FDIC’s information system controls related to system access and configuration management that collectively represented a significant deficiency. The results of the 2017 financial audit will not be available until early 2018. We also reviewed process memoranda issued by FDIC, which document various accounting processes and controls, to ensure there were no significant control changes made during 2017.

Our review of these documents gave us a reasonable level of assurance that the FDIC could rely on the source financial system as an authoritative source for data reported under the DATA Act.

DATA Act Submission Was Inaccurate and Lacked Quality

We compared the elements prescribed in the OMB DATA Act guidance in the RSS to the elements presented in File A and File B to ensure these files were complete and accurate. We found that File A and File B were complete, in that they included the eight required data elements. Files A and B were inaccurate, however, and therefore, lacked quality in certain respects. The FDIC incorrectly reported three data elements for File B, as follows:

- The FDIC erroneously reported one data element as zero when the value should have been reported as $1.067 billion. The element—Gross Outlays, Delivered Orders Paid— represented total cash disbursements for the reporting period October 2016 through March 2017.13 We reviewed a File B data mapping document, which details the definition and accounts associated with the data element and noted that there should have been a value reported for this element. An FDIC official stated that he did not report the value because it seemed duplicative of another reported data element—Delivered Orders Obligations Paid.

Footnote 13: Although our testing involved the second quarter of the fiscal year, Files A and B are cumulative, and thus include the period October 2016 through March 2017.

- Another incorrectly reported data element resulted in a $10.9 million overstatement of that data element, which represented about 1 percent of the account balance. The data element—Obligations—represented the amount of obligations incurred for the reporting period October 2016 through March 2017.

- The FDIC misclassified another File B data element. This misclassification led to the understatement of one object class and the overstatement of another object class. Specifically, the FDIC reported benefits for former employees as benefits for current employees.

As a result, data reported to USASpending.gov was inaccurate. We believe that had the FDIC followed appropriate segregation of duties and had adequate reviews of the information prior to submission to USASpending.gov, the File B submission might have avoided these errors.

The FDIC Did Not Correctly Implement Data Standards

As stated earlier in the report, the OMB and Treasury identified 57 data elements that required standardized definition, 8 of which were new data elements required by the DATA Act. We found that the FDIC reviewed the definition of the standardized data elements and determined which data elements the FDIC must report. However, even though it used the technical guidance document included in the DATA Act Schema, the FDIC misreported DATA Act information as stated above. We concluded that these reporting errors occurred because the FDIC had not developed and followed a matrix document that would map the financial system accounts to the Data Act Schema. Such a mapping would help ensure that financial system accounts were properly matched to the Data Act Schema, could be repeated from year to year, and could easily be reviewed for accuracy.

Internal Control Weaknesses Contributed to Inaccuracies and Should Be Strengthened

OMB Management Procedures Memorandum No. 2016-03, Additional Guidance for DATA Act Implementation: Implementing Data-Centric Approach for Reporting Federal Spending Information, states agency DATA Act SAOs must provide a quarterly assurance that their agency’s internal controls support the reliability and validity of the agency account-level and award-level data reported for display on USASpending.gov. We found that the FDIC had established some controls to promote timely, complete, quality, and accurate reporting under the DATA Act. Such controls included written procedures to comply with the DATA Act and the appointment of a DATA Act SAO. However, the FDIC could improve practices, better document its procedures, enhance segregation of duties, and enhance its training of DATA Act team members. Such practices will further mitigate program risks and ensure program consistency and continuity in the event of staffing changes.

The GAO Standards for Internal Control in the Federal Government states policies, procedures and guidance are an important control for ensuring that processes are repeatable, consistent, and disciplined, and for reducing operational risk associated with changes in staff. We found that the FDIC should strengthen its procedures for the quarterly production, review, and submission of the DATA Act report. For example, procedures did not reflect that data element balances were based on specifications presented in the RSS, did not name the preparer of the reports, and did not include steps for resolution of any potential reporting discrepancies.

Further, the GAO Standards for Internal Control in the Federal Government states that management should design control activities to achieve objectives and respond to risks. Segregation of duties is one internal control that reduces the risk that inaccurate data may be submitted and remain undetected. We found deficiencies in segregation of duties controls over the data management and reporting of the second quarter 2017 DATA Act submission. Specifically, an FDIC official informed us that he prepared, reviewed, submitted, and certified the second quarter 2017 DATA Act submission, without having a secondary review completed of these actions to ensure accuracy. The FDIC official stated that he completed all these tasks because no one else was trained to perform these duties and the SAO had difficulty in obtaining his system certification credential. We concluded that the FDIC should identify and train backup resources to respond when faced with the unavailability of the primary FDIC official responsible for the DATA Act submission.

In addition, we found that the FDIC did not document its review of the data submission. According to the SAO, the FDIC is establishing procedures to document review of the data submissions. Without addressing these control weaknesses, the FDIC is at greater risk of submitting inaccurate, incomplete data to USASpending.gov, which is contrary to the intent of the DATA Act to increase accountability and transparency in federal spending for the American public.

After the second quarter 2017 DATA Act submission and prior to the certification of the third quarter 2017 DATA Act submission, the SAO obtained his credentials and now has the ability to certify the report. In addition, during the course of the audit, the FDIC changed the roles and responsibilities of various DATA Act team members to ensure segregation of duties, among other things.

Conclusion and Recommendations

While DOF has established some controls over DATA Act management and reporting, the FDIC needs to improve controls by enhancing procedures, increasing segregation of duties, and training back-up resources. We recommend that the Director, DOF:

1. Enhance DATA Act reporting procedures to reflect all tasks and documents to produce the DATA Act submission to USASpending.gov, define roles and responsibilities, and include steps for resolving reporting discrepancies.

2. Enhance DATA Act reporting practices by developing a mapping of RSS reporting requirements to financial system data elements.

3. Establish appropriate segregation of duties between the preparer, reviewer, and certifier roles to reduce the risk of errors not being detected.

4. Train DATA Act team members in the various DATA Act roles to address the agency’s need to respond to personnel changes that affect the internal control system.

5. Document the quality review of DATA Act submissions to ensure all required elements are accurate and complete.

6. Correct and re-certify the FDIC DATA Act report submission for the second quarter of 2017.

Corporation Comments and OIG Evaluation

The Director, DOF, provided a written response dated October 31, 2017, to a draft of this report. The response is presented in its entirety in Appendix 4. DOF concurred with the report’s six recommendations, proposed actions in response to the recommendations, and targeted completion dates through November 15, 2017. DOF reported that it had completed action on recommendations 2 and 3. The report recommendations will remain open until we confirm that the planned actions have been completed and are responsive. A summary of the Corporation’s corrective actions is presented in Appendix 5.

Appendix 1

Objective, Scope, and Methodology

Objective

Our objective was to assess the (1) completeness, timeliness, quality, and accuracy of the financial and award data submitted for the second quarter of Fiscal Year 2017 and published on USASpending.gov and (2) FDIC’s implementation and use of the Government-wide financial data standards established by the OMB and Treasury.

We conducted this performance audit from May through September 2017 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.

Scope and Methodology

The scope of our audit covered Fiscal Year 2017 second quarter financial data the FDIC submitted for publication on USASpending.gov. We followed the Inspectors General Guide in conducting our audit. Consistent with that guide, this included an assessment of the FDIC’s internal controls that the FDIC put in place to facilitate reporting financial and award data in accordance with the requirements of the DATA Act. To accomplish our objectives, we:

- Gained an understanding of DATA Act requirements by reviewing and analyzing government-wide statutes, policies, procedures, guidance, and reports to gain an understanding of applicable laws, legislation, directives, and other guidance, including, but not limited to: o The Digital Accountability and Transparency Act of 2014 o Federal Funding Accountability and Transparency Act of 2006 o Federal Management Improvement Act of 1996 o Federal Managers’ Financial Integrity Act of 1982 o OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget o OMB M-15-12, Increasing Transparency of Federal Spending by Making Federal Spending Data Accessible, Searchable, and Reliable o OMB 17-04, Additional Guidance for DATA Act Implementation: Further Requirements for Reporting and Assuring Data Reliability o OMB Management Procedures Memorandum No. 2016-03, Additional Guidance for DATA Act Implementation: Implementing a Data-Centric Approach for Reporting Federal Spending Information o DATA Act Schema Data Dictionary o OMB Circular A-123, Management’s Responsibility for Internal Control o GAO 12-331G, Government Auditing Standards o GAO 14-704G, Standards for Internal Control in the Federal Government

- Contacted officials at the OMB and Treasury to clarify DATA Act requirements.

- Interviewed officials in DOF, including members of the DATA Act and the Corporate Planning and Performance Management teams, who had responsibility for administering and implementing the DATA Act program.

- Participated in meetings with the Federal Audit Executive Council DATA Act Working Group to stay abreast of current challenges and issues surrounding the DATA Act required audits.

As permitted under the Inspectors General Guide, we relied on work performed by GAO as part of its financial statement audit of the FDIC to assess internal controls. It was not our intention to express an opinion on the FDIC’s internal controls. In this regard, we:

- Interviewed officials in GAO regarding the assessment of the FDIC’s internal controls over source systems.

- Reviewed DOF 2017 process memoranda to determine any significant changes to relevant control processes.

- Assessed the FDIC’s internal controls in place over the financial data reported to USASpending.gov.

- Assessed the FDIC’s systems, processes, and internal controls in place over data management under the DATA Act and assessed the general and application controls pertaining to the FDIC’s financial management systems from which the data elements are derived and linked.

The DATA Act requires the IG of each federal agency to review a statistically valid sample of the spending data submitted by its federal agency. As we stated earlier in the report, the FDIC only needed to submit appropriation summary-level data (File A) and obligations and outlay information at the program activity and object class level (File B) to the DATA Act Broker. Therefore, we reviewed all (eight data elements) contained in Files A and B submissions and supporting schedules as prescribed in the Inspectors General Guide. For Files C – F, which reflect award-level information, we reviewed these files to ensure there were no values reported or extracted from the various award systems.

We performed our work at the FDIC’s offices at Virginia Square in Arlington, Virginia.

[End of Appendix 1]

Appendix 2

Glossary of Terms

Accuracy The percent of transactions that is complete and agrees with system(s) of record or other authoritative sources.

Appropriations Account The basic unit of an appropriation generally reflecting each unnumbered paragraph in an appropriation act. An appropriation account typically encompasses a number of activities or projects and may be subject to restrictions or conditions applicable to only the account, the appropriation act, titles within an appropriation act, other appropriation acts, or the Government as a whole.

Budget Authority Appropriated A provision of law (not necessarily in an appropriation act) authorizing an account to incur obligations and to make outlays for a given purpose. Usually, but not always, an appropriation provides budget authority.

Completeness All transactions that should have been recorded are recorded in the proper reporting period and are measured as the percentage of transactions containing all data elements required by the DATA Act.

DATA Act Broker A system that collects and validates agency data.

DATA Act Information Model Schema On April 29, 2016, the Treasury released the DATA Act Information Model Schema v1.0, which provides an overall view of the hundreds of distinct data elements used to tell the story of how federal dollars are spent. The schema organizes these elements into a structure that further defines, groups, and relates them to each other. The schema also includes artifacts that provide technical guidance for federal agencies about which data to report to the Treasury, including the authoritative sources of the data elements and the submission format. In addition, the schema provides clarity on how the public can better understand the inherent complexity of the data.

Federal Audit Executive Council One of three subgroups established by the Council of the Inspectors General on Integrity and Efficiency to aid in the accomplishment of their mission. The purpose of the council is to discuss and coordinate issues affecting the Federal audit community with special emphasis on audit policy and operations of common interest to members.

Object Class Categories in a classification system that presents obligations by the items or services purchased by the federal government. Each specific Object Class is defined in OMB Circular A-11, Preparation, Submission, and Execution of the Budget.

Obligation A legally binding agreement that will result in outlays, immediately or in the future. When an order is placed, a contract is signed, a grant awarded, a service purchased, or other actions are taken that require the government to make payments to the public or from one government account to another, an obligation is incurred.

Other Budgetary Resources New borrowing authority, contract authority, and spending authority from offsetting collections provided by the Congress in an appropriation act or other legislation, or unobligated balances of budgetary resources made available in previous legislation, to incur obligations and to make outlays.

Outlay Payments made to liquidate an obligation (other than the repayment of debt principals or other disbursements that are “means of financing” transactions). Outlays are generally equal to cash disbursements but also are recorded for cash-equivalent transactions, such as the issuance of debentures to pay insurance claims, and in a few cases are recorded on an accrual basis such as interest on public issues of the public debt. Outlays are a measure of Government spending.

Program Activity A specific activity or project as listed in the program and financing schedules of the annual budget of the United States Government. Quality A combination of utility, objectivity, and integrity. Utility reflects the usefulness of the data to the intended users. Objectivity focuses on whether the disseminated data are presented in an accurate, clear, complete, and unbiased manner. Integrity is the protection of data from unauthorized access or revision.

Readiness Review As it relates to the DATA Act, a review that enabled IGs to gain an understanding of the processes, systems, and controls the agency has implemented or planned to implement, in accordance with the requirements of the DATA Act.

Timeliness Transactions were reported within 30 days after the quarter in which they occurred.

Unobligated Balances The cumulative amount of budget authority that remains available for obligations under law in unexpired accounts at a point in time.

[End of Appendix 2]

Appendix 3

Acronyms and Abbreviations

ASP Award Submissions Portal CIGIE Council of the Inspectors General on Integrity and Efficiency DATA Act The Digital Accountability and Transparency Act of 2014 DOF Division of Finance FDIC Federal Deposit Insurance Corporation FFATA Federal Funding Accountability and Transparency Act of 2006 FPDS Federal Procurement Data System FSRS FFATA Subaward Reporting System GAO Government Accountability Office IDD Interface Definition Document OIG Office of Inspector General OMB Office of Management and Budget RSS Reporting Submission Specification SAM System for Award Management SAO Senior Accountable Official

[End of Appendix 3]

Appendix 4

Corporation Comments

Waiting on Lisa Conner's input.

[End of Appendix 4]

Appendix 5 Summary of the Corporation’s Corrective Actions 20 This table presents corrective actions taken or planned by the Corporation in response to the recommendations in the report and the status of the recommendations as of the date of report issuance.

Row 1 Rec No.: 1 Corrective Action: Taken or Planned: DOF is currently expanding desk procedures to include a listing of all source documents, files, and reference materials; detailed descriptions of roles and responsibilities; and check and cross-check points to facilitate review and discrepancy resolution. Expected Completion Date: November 15, 2017 Monetary Benefits: No Resolved:a Yes or No: Yes Open or Closedb: Open

Row 2 Rec No.: 2 Corrective Action: Taken or Planned: DOF has mapped all the DATA Act elements to FDIC data sources. Expected Completion Date: October 25, 2017 Resolved:a Yes or No: Yes Open or Closedb: Open

Row 3 Rec No.: 3 Corrective Action: Taken or Planned: DOF has defined the preparer, reviewer, and certifier roles and these roles are in use for the fourth quarter fiscal year submission. The roles and permissions have also been established in the DATA Act Broker tool. Expected Completion Date: October 25, 2017 Resolved:a Yes or No: Yes Open or Closedb: Open

Row 4 Rec No.: 4 Corrective Action: Taken or Planned: DOF’s staff training is underway and will be enhanced by the availability of expanded procedures, data element mapping, and improved data worksheets. Expected Completion Date: November 15, 2017 Resolved:a Yes or No: Yes Open or Closedb: Open:

Row 5 Rec No.: 5 Corrective Action: Taken or Planned: DOF is developing reviewer checklists to better define and document review and quality assurance steps. Expected Completion Date: November 15, 2017 Resolved:a Yes or No: Yes Open or Closedb: Open

Row 6 Rec No.: 6 Corrective Action: Taken or Planned: DOF has made the recommended corrections and has sent corrected files to the Broker.USASpending helpdesk for review and final posting. DOF does not have the ability to upload prior period files. Expected Completion Date: November 15, 2017 Resolved:a Yes or No: Yes Open or Closedb: Open

a Resolved – (1) Management concurs with the recommendation, and the planned, ongoing, and completed corrective action is consistent with the recommendation. (2) Management does not concur with the recommendation, but alternative action meets the intent of the recommendation. (3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount. b Recommendations will be closed when the OIG confirms that corrective actions have been completed and are responsive.

[End of Appendix 5]

[End of Report]

Print Print
Close