U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

The FDIC’s Compliance under the Digital Accountability and Transparency Act of 2014

View Summary Announcement

Report Information

Publish Date
Report sub-type
Audit Report
Report Number
AUD-22-002
Questioned Costs
$0
Funds for Better Use
$0

Text Alternative

This is the accessible text file for FDIC OIG report number AUD-22-002 entitled 'The FDIC’s Compliance under the Digital Accountability and Transparency Act of 2014'. This text file was formatted by the FDIC OIG to be accessible to users with visual impairments.

We have maintained the structural and data integrity of the original printed product in this text file to the extent possible. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

[FDIC OIG logo]

The FDIC’s Compliance under the Digital Accountability and Transparency Act of 2014

November 2021

Report No. AUD-22-002 Audit Report

Audits, Evaluations, and Cyber

Integrity Independence Accuracy Objectivity Accountability

Executive Summary The FDIC’s Compliance under the Digital Accountability and Transparency Act of 2014

The Digital Accountability and Transparency Act of 2014 (DATA Act) expanded the reporting requirements of the Federal Funding Accountability and Transparency Act of 2006 to increase accountability and transparency in Federal Spending. The DATA Act directs Federal Inspectors General to review a statistically valid sample of spending data submitted by their agency and to report the results to Congress. Consistent with the Act, the objectives of our audit were to assess the (1) completeness, accuracy, timeliness, and quality of the financial and award data submitted for the first quarter of Fiscal Year 2021 and published on USASpending.gov and (2) Federal Deposit Insurance Corporation’s (FDIC) implementation and use of the Government-wide financial data standards established by the Office of Management and Budget (OMB) and the Department of the Treasury (Treasury).

Results

We found that the FDIC’s financial and award data submitted for the first quarter of Fiscal Year 2021 was timely, of higher quality, and accurate, but was not complete. We made our determination on the quality of the FDIC’s data based upon the results of the Council of the Inspectors General on Integrity and Efficiency’s required Quality Scorecard that described data quality in terms of “excellent,” “higher,” “moderate,” or “lower.” We found that the FDIC recorded all required transactions and events for the Deposit Insurance Fund (DIF) during the proper period. However, we found that the FDIC’s File A submission was incomplete. The File A submission contains appropriation summary-level data aligned with the Standard Form 133, Report on Budget Execution and Budgetary Resources, but the FDIC’s submission excluded Treasury Account Symbols (TAS) for the Federal Savings and Loan Insurance Corporation Resolution Fund (FRF) (TAS 4065) and the Resolution Trust Corporation (RTC) (TAS 4067). This occurred because the FDIC’s DATA Act procedures did not include reporting responsibilities for these accounts. As a result, obligation and outlay amounts for the FRF and RTC were not available for display on USASpending.gov and precluded taxpayers’ and policymakers’ ability to effectively track and understand how these FDIC-administered funds are spent.

In addition, we evaluated the FDIC’s use of the Government-wide financial data standards and determined that the Agency’s definitions of the data standards complied with OMB and Treasury guidance. We also found that the FDIC had established controls to promote complete, accurate, timely, and quality reporting of the DIF data under the DATA Act. Such controls included written procedures to comply with the DATA Act and the designation of a DATA Act Senior Accountable Official. Additionally, the FDIC utilized a quality assurance process that segregated data preparation and review duties, and documented each level of review. However, these procedures and processes will need to be revised to reflect the requirement to report on the other TASs. Other than the exclusion of the two TASs mentioned above, we concluded that the FDIC could reasonably rely on its source financial system for the DATA Act submission for the first quarter of Fiscal Year 2021. In April 2020, the OMB issued M-20-21, Implementation Guidance for Supplemental Funding Provided in Response to the Coronavirus Disease 2019 (COVID-19), requiring agencies that received COVID-19 supplemental relief funding to, among other things, submit summary financial data, obligation data, and summary award-level obligation data on a monthly basis starting in June 2020. The FDIC did not receive supplemental COVID-19 relief funding and therefore was not required to perform the associated supplemental reporting.

Recommendations

We recommended that the FDIC coordinate with the OMB and the Treasury to obtain a written determination on whether the FDIC must include TASs 4065 and 4067 in its future DATA Act submissions and the data elements that must be reported, if applicable. Until this recommendation was completed, we recommended that the FDIC (1) include TASs 4065 and 4067 in the FDIC’s future DATA Act submissions in accordance with DATA Act reporting requirements; and (2) update the FDIC’s DATA Act reporting procedures and quality assurance processes to include tasks and documents needed to produce and review the DATA Act submission for all TASs. The FDIC concurred with all three of the report’s recommendations and plans to complete corrective actions by November 30, 2021.

Contents

BACKGROUND

Applicability of FFATA and the DATA Act to the FDIC

Requirements for Inspectors General

AUDIT RESULTS

The FDIC’s DATA Act Submission was Timely, Accurate, and of Higher Quality, but was not Complete

The FDIC Correctly Implemented Data Standards

Recommendations

FDIC COMMENTS AND OIG EVALUATION

APPENDICES

1. Objectives, Scope, and Methodology

2. Glossary of Terms

3. Acronyms and Abbreviations

4. FDIC Comments

5. Summary of the FDIC’s Corrective Actions

[end of Contents]

[FDIC OIG letterhead, Federal Deposit Insurance Corporation, Office of Inspector General Audits, Evaluations, and Cyber]

November 3, 2021

Subject

The FDIC’s Compliance under the Digital Accountability and Transparency Act of 2014

This report presents the results of our audit of the FDIC’s compliance with the Digital Accountability and Transparency Act of 2014 (DATA Act), Public Law No. 113-101. Congress enacted the Federal Funding Accountability and Transparency Act of 2006 (FFATA), Public Law No. 109-282, to increase the transparency and accountability of Federal contracts and financial assistance awards. Among other things, FFATA required the Office of Management and Budget (OMB) to establish a website to provide information on grant and contract awards and sub-awards. The OMB launched the website, USASpending.gov, in December 2007.1

Footnote: 1 - As required by FFATA, Federal agencies must post Federal award (such as financial assistance and contract) data on USASpending.gov to give the American public access to information on how tax dollars are spent. Such data includes the name of the entity receiving the award, the amount of the award, the recipient’s location, the primary location of performance under the award, as well as other information. The FDIC is not subject to the reporting requirements of FFATA, according to the Agency’s Legal Division.

Enacted on May 9, 2014, the DATA Act expanded the reporting requirements of FFATA.2 The purpose of the DATA Act is to:

. Mandate disclosure of direct Federal agency expenditures and link Federal contract, loan, and grant spending information to Federal agency programs to enable taxpayers and policymakers to track Federal spending more effectively;

. Establish Government-wide data standards for financial data to provide consistent, reliable, and searchable Government-wide spending data that is displayed accurately for taxpayers and policymakers on USASpending.gov (or a successor system); and

. Improve the quality of data by holding Federal agencies accountable for the completeness and accuracy of the data submitted.

Footnote: 2 - According to the Agency’s Legal Division, the FDIC is subject to the reporting requirements of the DATA Act, which require agencies to report on data elements that are primarily related to budgeting and outlays or expenditures.

The DATA Act directs Federal Inspectors General (IG) to review a statistically valid sample of spending data submitted by their agency pursuant to the statute and report the results to Congress. Consistent with the Act, our audit objectives were to assess the (1) completeness, accuracy, timeliness, and quality of the financial and award data submitted for the first quarter of Fiscal Year 2021 and published on USASpending.gov; and (2) FDIC’s implementation and use of the Government-wide financial data standards established by the OMB and Department of the Treasury (Treasury).

To address the objective, we:

. Reviewed Federal statutes and regulations, and Government-wide policy and guidance;

. Assessed the FDIC’s internal controls over the DATA Act program;

. Reviewed and tested financial data elements reported to Treasury under the DATA Act; and

. Interviewed officials in the FDIC’s Division of Finance (DOF) who were responsible for administering and implementing the DATA Act for the FDIC.

We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards. These standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We conducted this performance audit from May through August 2021. We performed our work remotely as a result of the Coronavirus Disease 2019 (COVID-19) pandemic. Appendix 1 of this report includes additional details about our objectives, scope, and methodology; Appendix 2 contains a glossary of terms; Appendix 3 contains a list of acronyms and abbreviations; and Appendix 4 and Appendix 5, respectively, contain the FDIC’s comments on this report and a summary of the FDIC’s corrective actions.

BACKGROUND

The DATA Act expanded the reporting requirements of FFATA by requiring the disclosure of Federal agency expenditures and linking agency spending information to Federal program activities. This information facilitates tracking of Federal spending by policymakers and the public. The DATA Act requires Government-wide reporting on a variety of Federal funds, such as budget and financial information, as well as tracking funds at multiple points in the Federal spending lifecycle. The DATA Act requires that agency-reported award and financial information comply with data standards established by the OMB and Treasury. These standards specify the items to be reported under the DATA Act and define and describe what should be included in each element. The aim is to ensure that Government-wide information will be consistent and comparable.

The DATA Act identifies the OMB and Treasury as the two agencies responsible for leading Government-wide implementation of the Act. Toward that end, the OMB has taken a number of steps to help agencies meet their reporting requirements, including establishing 57 standardized data element definitions for reporting Federal spending information. OMB also issued implementation guidance on selected standards and further clarified agency reporting requirements.

Treasury also led efforts to develop technical guidance and reporting systems to facilitate agency reporting. In April 2016, Treasury released the DATA Act Information Model Schema (DAIMS),3 which provides information on how to standardize the collection and reporting of financial assistance awards, contracts, and other financial and non-financial data under the DATA Act. Treasury also developed the DATA Act Broker – a system for standardizing data formatting and assisting agencies in validating their data submissions. Agencies submit three files (Files A, B, and C)4 to the DATA Act Broker based on information in their existing financial management systems. The DATA Act Broker then extracts award and sub-award information from Government-wide reporting systems that contain award data, including grants and loans, as well as procurements (Files D1, D2, E, and F).5

Footnote: 3 - DAIMS reporting guidance includes (1) the Reporting Submission Specification, which contains information about the file format, content scope, and file organization agencies should use to extract information from their financial systems to complete required Files A, B, and C, and (2) the Interface Definition Document, which provides guidance for completing required Files D through F, including identifying the information the DATA Act Broker will extract from government-wide feeder systems for procurement and financial assistance awards. Treasury periodically updates and issues revised versions of DAIMS.

Footnote: 4 - File A, Appropriations Account, contains appropriation summary-level data aligned to the Agency’s quarterly SF-133 Report on Budget Execution and Budgetary Resources. File B, Object Class and Program Activity, includes obligation and outlay information at the program activity and object class level. File C, Award Financial, reports the obligations at the award and object class level. Files A, B, and C are linked through the Appropriations Account, Obligation Amount, Unobligated Balance, and Outlay data elements.

Footnote: 5 - Files D1 through F contain detailed information for record-level transactions reported in File C. File D1, Award and Awardee Attributes (Procurement), reports award and awardee attributes for procurement data extracted from the Federal Procurement Data System – Next Generation. File D2, Award and Awardee Attributes (Financial Assistance), reports award and awardee attributes for financial assistance data extracted from the Awards Submission Portal. File E, Additional Awardee Attributes, includes the additional prime awardee attributes extracted from the System for Award Management. File F, Sub-award Attributes, includes sub-award attributes extracted from the FFATA Sub-award Reporting System.

In April 2020, the OMB issued Implementation Guidance for Supplemental Funding Provided in Response to the Coronavirus Disease 2019 (COVID-19),6 which made changes to DATA Act reporting. Specifically, the OMB directed agencies that received COVID-19 supplemental relief funding to submit DATA Act Files A, B, and C on a monthly basis starting in June 2020. The monthly submissions must include a running total of outlays for each award in File C funded with COVID-19 supplemental relief funds, and Files B and C must track this spending data using a COVID-19-related Disaster Emergency Fund Code value. The FDIC did not receive supplemental COVID-19 relief funding and was not required to perform the associated supplemental reporting.

Footnote: 6- OMB M-20-21 (April 2020).

Applicability of FFATA and the DATA Act to the FDIC

The FFATA requires Federal agencies to report agency cost information for 49 data elements to the OMB. The DATA Act expanded the reporting requirements of FFATA to include the reporting of eight new data elements. As stated previously, the FDIC’s Legal Division concluded that the FDIC is not subject to the reporting requirements of FFATA. Specifically, the Legal Division noted that only Federal awards that involve the use of funds obtained by a Federal agency through the appropriations process are intended to be subject to FFATA’s reporting requirements. The FDIC does not obtain its funding through the annual appropriations process.7 Rather, the FDIC’s operating expenses are paid from the DIF, which is funded by deposit insurance assessments levied on FDIC-insured financial institutions.

Footnote: 7 - To protect the independence of the FDIC OIG, Congress has specified in annual appropriations a funding level for the OIG. However, the OIG’s operating expenses are also derived and allotted from the Deposit Insurance Fund (DIF). Therefore, the reporting requirements of FFATA also do not apply to contracts awarded by the OIG.

Nevertheless, the FDIC’s Legal Division determined that the FDIC is subject to the reporting requirements of the DATA Act. Specifically, the Legal Division noted that the DATA Act requires Federal agencies, including the FDIC, to report financial information relating to any Federal funds made available to, or expended by, Federal agencies and entities receiving Federal funds in accordance with Government-wide data standards. The FDIC Legal Division also noted, however, that the DATA Act did not explicitly make the existing contract and grant reporting requirements of FFATA applicable to agencies, including the FDIC, that: (1) are not funded by appropriations, (2) have independent contracting authority, and (3) have not been reporting to the OMB under FFATA.

Between June 2015 and June 2016, the FDIC had a number of communications with the OMB and Treasury officials aimed at seeking guidance and clarification on the application of the DATA Act to the FDIC. On December 7, 2015, the FDIC issued a DATA Act Implementation Plan informing the OMB that the FDIC planned to report only eight of 57 data elements required by the DATA Act.8 On June 21, 2016, the OMB informed the FDIC via email that it did not object to the FDIC’s plans for the limited reporting under the DATA Act.

Footnote: 8 - According to the DATA Act Implementation Plan, the remaining data elements originate from FFATA, under which the FDIC does not have reporting responsibilities.

The FDIC reports on the following eight standardized data elements. These elements are defined in Appendix 2.

. Obligation

. Appropriations Account

. Unobligated Balances

. Outlay

. Program Activity9

. Object Class10

. Budget Authority Appropriated

. Other Budgetary Resources

Footnote: 9 - Program activity is defined as a specific activity or project as listed in the program and financing schedules of the annual budget of the United States Government. 31 U.S.C. § 1115(h) (2011). FDIC Budget Management reports capture expenses by program, which are defined as Supervision, Insurance, Receivership Management, and General and Administrative.

Footnote: 10 - Object class is a category in the classification system that presents obligations by the items or services purchased by the Federal Government. Each specific object class is defined in OMB Circular A-11, Preparation, Submission, and Execution of the Budget.

The FDIC’s DOF has overall responsibility for implementing the requirements of the DATA Act. The FDIC has prepared procedures for DATA Act reporting to USASpending.gov that include processes for the quarterly production, review, and submission of DATA Act-required files. The FDIC prepares these files from general ledger data in its financial system. Submitting data for the DATA Act is a multi-step process, which includes activities related to:

1. Reviewing DAIMS documents to identify the data to be submitted and the format for submission;

2. Validating and uploading the extracted data to the DATA Act Broker;

3. Reviewing warnings and error reports generated by the DATA Act Broker and correcting and resubmitting data, if necessary; and

4. Certifying the data in the DATA Act Broker for publication on USASpending.gov.

The FDIC submits Files A and B to the DATA Act Broker quarterly in accordance with the schedule established by the Treasury DATA Act Project Management Office (PMO). Files C through F are not applicable to the FDIC because the FDIC does not make Federal awards that involve the use of funds obtained through the appropriations process. The Senior Accountable Official (SAO) is responsible for reviewing information contained in Files A through F for accuracy and completeness and certifying the submission.

Requirements for Inspectors General

The DATA Act requires agencies’ IGs and the Government Accountability Office (GAO) to assess and report on the completeness, timeliness, quality, and accuracy of spending data submitted by Federal agencies. The Council of the Inspectors General on Integrity and Efficiency (CIGIE) identified a timing anomaly with the oversight requirements contained in the DATA Act. That is, the first IG reports were due to Congress on November 2016; however, Federal agencies were not required to report spending data until May 2017. To address this reporting date anomaly, the IGs provided Congress with their first required reports by November 8, 2017, 1-year after the statutory due date, with two subsequent reports to be submitted following on a 2-year cycle. This is the third and final report required under the DATA Act.

Our OIG report entitled, The FDIC's Compliance with the Digital Accountability and Transparency Act of 2014, (FDIC OIG AUD-18-003) (November 2017) found that the FDIC could reasonably rely on its source financial system for the DATA Act submission but identified three reporting errors:

. The FDIC should have reported the Gross Outlays, Delivered Orders Paid element as $1.067 billion and, instead, reported it as zero;

. The FDIC incorrectly overstated the Obligations element by $10.9 million; and

. The FDIC misclassified benefits for former employees as benefits for current employees, which led to an understatement in one object class and an overstatement in another.

The FDIC implemented corrective actions in response to these findings.

Our OIG report entitled, The FDIC's Compliance with the Digital Accountability and Transparency Act of 2014, (FDIC OIG AUD-20-002) (October 2019) found that the FDIC could reasonably rely on its source financial system for the DATA Act submission.

CIGIE established the Federal Audit Executive Council (FAEC) DATA Act Working Group (Working Group) to assist the IG community in understanding and meeting its DATA Act oversight requirements. On December 4, 2020, the Working Group issued the CIGIE FAEC Inspectors General Guide to Compliance under the DATA Act, to create a common methodology for the IG community to use in performing its mandated work. We used this guide to conduct our audit.

AUDIT RESULTS

We found that the FDIC’s DATA Act submission for the first quarter of Fiscal Year 2021 was timely, of higher quality, and accurate, but not complete.11 Specifically, we found that FDIC’s File A submission excluded Treasury Account Symbols (TAS) for the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF) (TAS 4065) and the Resolution Trust Corporation (RTC)12 (TAS 4067) from which funds were obligated, as reflected in the FDIC’s Government-wide Treasury Account Symbol Adjusted Trial Balance (GTAS) SF-133. This occurred because the FDIC’s DATA Act procedures did not include reporting responsibilities for these accounts. As a result, obligation and outlay amounts for the FRF and RTC were not available for display on USASpending.gov and precluded taxpayers’ and policymakers’ ability to effectively track and understand how these FDIC-administered funds were spent.

Footnote: 11 - We made our determination on the quality of the FDIC’s data based upon the results of the CIGIE FAEC Inspectors General Guide to Compliance under the DATA Act required Quality Scorecard that described data quality in terms of “excellent,” “higher,” “moderate,” or “lower.”

Footnote: 12 - As administrator of the FRF, the FDIC is responsible for the sale of remaining assets and the satisfaction of liabilities associated with the former Federal Savings and Loan Insurance Corporation (FSLIC) and the former Resolution Trust Corporation (RTC). The FRF will continue operations until all of its assets are sold or otherwise liquidated and all of its liabilities are satisfied. Any funds remaining in the FRF-FSLIC will be paid to the U.S. Treasury. Any remaining funds of the FRF-RTC will be distributed to the Resolution Funding Corporation to pay interest on the Resolution Funding Corporation bonds.

Nevertheless, we determined that the FDIC’s DATA Act submission for the DIF was complete. We also found the FDIC implemented and used the data definition standards as defined by the OMB and Treasury. Additionally, we found that the FDIC had established controls, such as written procedures and processes to promote complete, accurate, timely, and quality reporting of the DIF data under the DATA Act. However, these procedures and processes will need to be revised to reflect the requirement to report on the other TASs. Other than the exclusion of the two TASs mentioned above, we concluded that the FDIC could reasonably rely on its source financial system for the DATA Act submission for the first quarter of Fiscal Year 2021.13

Footnote: 13 - The FDIC’s source financial system is subject to external annual audits by the GAO and internal assessments.

The FDIC’s DATA Act Submission was Timely, Accurate, and of Higher Quality, but was not Complete

We evaluated the FDIC’s Fiscal Year 2021 first quarter DATA Act submission to Treasury’s DATA Act Broker and determined that the submission was timely. To be considered timely, it had to be submitted and certified within 45 days of quarter end. Through our test work, we determined that DIF data presented in Files A and B were accurate and of higher quality and that totals from File B matched the amounts reported in File A for related data elements.

To determine the completeness of the FDIC’s submission, we evaluated Files A and B to determine whether all transactions and events that should have been recorded were recorded in the proper period.14 We determined that the DIF amounts the FDIC reported in Files A and B for all object class and program activity combinations across all data elements were complete and accurate. However, while comparing File A to the TASs from which funds are obligated per FDIC’s SF-133, we found that two TASs (4065 and 4067) were excluded from the FDIC’s submission. Specifically, we found that the FDIC excluded from its File A submission $5,556 in obligations incurred and $4,259 in outlays for TAS 4065, and $71,271 in obligations incurred and $62,892 in outlays for TAS 4067. The exclusion of the TASs was included as a DATA Act Broker warning in the Treasury Validation warning report.15 Notwithstanding the warning message, the FDIC submitted the incomplete File A. An FDIC official stated that the warning report was not ”fatal” and did not preclude data submission and that neither the PMO nor OMB had contacted the FDIC regarding the warning.

Footnote: 14 - As previously noted, the FDIC does not submit File C because the FDIC does not make Federal awards that involve the use of funds obtained through the appropriations process.

Footnote: 15 - According to DAIMS Practices and Procedures guidance, warning messages were created to alert the agency to possible issues worth further review but will not prevent final submission and verification or certification of files. In contrast, validation errors must be corrected and the corrected files must be re-uploaded until the file passes the Broker validations.

This occurred because the FDIC’s DATA Act procedures did not include reporting responsibilities for these accounts. According to an FDIC official, as part of its DATA Act pre-implementation efforts in 2015, the FDIC informed the OMB and Treasury that it planned to only report 8 of the 57 data elements for the DIF (TAS 4596). According to the FDIC official, OMB and Treasury staff verbally informed the FDIC that the proposed reporting would be adequate; however, the FDIC could not provide the OIG with any documentation supporting the decision from the OMB and Treasury.16 An FDIC official stated that the two excluded TASs are related to the FDIC-administered FRF, which are strictly segregated from the DIF. The FDIC official also stated that charges to the two excluded TASs are highly restricted due to the nature of the funds and that the exclusion of the TAS amounts from File A reporting was immaterial.

Footnote: 16 - During audit fieldwork, the OIG requested information from the OMB on this decision. However, as of September 1, 2021, the OMB had not provided OIG with any further information.

Although the total unreported obligations incurred and outlays for the two excluded TASs were minimal in that they represented .01 percent of the FDIC’s total obligations of $692.8 million and total outlays of $553.6 million for the first quarter of Fiscal Year 2021, the DATA Act does not establish materiality as a threshold for the mandatory reporting requirements. Not reporting all expenditure data, as required by the DATA Act, precludes taxpayers and policymakers from fully understanding and tracking how FDIC-administered funds are spent.

As a result of our audit fieldwork, the FDIC coordinated with Treasury and OMB to discuss the applicability of reporting TAS 4065 and TAS 4067 to the DATA Act Broker. Treasury informed the FDIC that it “. . . deferred to OMB and the Agency IG on determining which TAS are required to be reported under the DATA Act.” The FDIC Controller stated that in an August 2021 meeting, the OMB verbally concurred with the FDIC reporting the two TASs in Files A and B going forward.17 Accordingly, the FDIC Controller stated that the FDIC is preparing to report this data with its September 30, 2021, submission. The FDIC Controller also stated that OMB agreed with FDIC in that the nature of the TASs, which are not typical appropriations, requires additional disclosure footnotes on USASpending.gov because reporting the cash and investment funds of the FRF as unobligated and available would be misleading to the users of the information. The FDIC Controller stated that the FDIC is coordinating with Treasury for guidance on how to include a disclosure footnote to the FDIC’s future DATA Act submissions, explaining that the funds in the two TASs are not available for the operations of the FDIC, and upon the dissolution of the FSLIC, the funds will be returned to Treasury and the RTC.

Footnote: 17 - As of August 23, 2021, the FDIC had not received written documentation from OMB on this decision.

The FDIC Correctly Implemented Data Standards

We determined that the FDIC has fully implemented and is using the Government-wide financial data standards for spending information as developed by the OMB and Treasury. We found that the FDIC reviewed the definitions of the standardized data elements and determined which data elements it must report. The FDIC used Treasury’s DAIMS guidance and the OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget (December 2020) definitions of object classes to map the Agency’s financial system accounts to DAIMS and object classes.

Internal Control Assessment

OMB Management Procedures Memorandum No. 2016-03, Additional Guidance for DATA Act Implementation: Implementing Data-Centric Approach for Reporting Federal Spending Information (May 2016), contains agency certification requirements. According to this OMB Memorandum, agency DATA Act SAOs are to provide a quarterly assurance that their agency’s internal controls support the reliability and validity of the agency account-level and award-level data reported for publication on USASpending.gov. OMB Memorandum M-17-04, Additional Guidance for DATA Act Implementation: Further Requirements for Reporting and Assuring Data Reliability (November 2016), provides further specifications for the quarterly assurance process cited in Memorandum No. 2016-03. Specifically, Memorandum M-17-04 requires SAOs to assure that the alignment and interconnectivity among Files A-F is valid and reliable and to assure that the data submitted for display on USASpending.gov are valid and reliable. To provide this assurance, SAOs are to confirm that internal controls over data quality mechanisms are in place for the data submitted in the DATA Act files. Additionally, the GAO Standards for Internal Control in the Federal Government18 states that management should design control activities to achieve objectives and respond to risks and implement control activities through policies.

Footnote: 18 - GAO-14-705G (September 2014).

As permitted in the CIGIE FAEC Inspectors General Guide to Compliance under the DATA Act, we relied on the FDIC’s internally prepared Assurance Statement and external audit reports when assessing internal controls over the FDIC’s source financial system and financial reporting. The FDIC’s 2020 Assurance Statement stated that the FDIC’s management controls, as a whole, provided reasonable assurance that the Agency achieved its management control objectives during 2020 and identified no material weaknesses. Additionally, the GAO, the FDIC’s independent auditor, concluded in the FDIC’s Financial Statement audit report for Calendar Year 2020, that the FDIC maintained effective internal controls over financial reporting in all material respects. Our review of these documents provided us a reasonable level of assurance that the FDIC could rely on the source financial system as an authoritative source for data reported under the DATA Act.

We found that the FDIC had established controls to promote timely, complete, quality, and accurate reporting of the DIF data under the DATA Act. Such controls included written procedures to comply with the DATA Act and the designation of a DATA Act SAO. We found that the SAO certified the FDIC’s DATA Act submission for publication on USASpending.gov. Additionally, we found the FDIC implemented a quality assurance process in which DIF data preparation and review duties were segregated and each level of review was documented.19 However, we found these controls did not include procedures or processes related to the preparation, review, and reporting of TASs 4065 and 4067, which led to the File A completeness deficiencies we identified above. Accordingly, the FDIC should update its DATA Act processes and procedures to include requirements to produce and review the DATA Act submission for all TASs.

Footnote: 19 - The FDIC implemented these corrective actions as a result of our report entitled, The FDIC's Compliance with the Digital Accountability and Transparency Act of 2014, (FDIC OIG AUD-18-003) (November 2017). In this report, we recommended the FDIC, among other things, enhance its DATA Act reporting practices and procedures, strengthen segregation of duties, and document quality reviews of DATA Act submissions.

Although the FDIC’s DATA Act submission for the first quarter of FY 2021 was timely, of higher quality, and accurate, the data did not present complete financial data to those individuals accessing this information on the public platform.

Specifically, without addressing the weaknesses in its DATA Act policies and procedures, the FDIC is at greater risk of submitting inaccurate and incomplete data to USASpending.gov, which is contrary to the intent of the DATA Act to increase accountability and transparency in Federal spending for the American public. This risk increases due to the sunset of DATA Act requirements for agency IGs to assess and report to Congress on the completeness, timeliness, quality, and accuracy of the spending data submitted by Federal agencies.

Recommendations

We recommend that the Chief Financial Officer:

1. Coordinate with the Office of Management and Budget and the Department of the Treasury to obtain a written determination on whether the FDIC must include Treasury Account Symbols 4065 and 4067 in its future DATA Act submissions and the data elements that must be reported, if applicable.

2. Include Treasury Account Symbols 4065 and 4067 in the FDIC’s future DATA Act submissions in accordance with DATA Act reporting requirements until such time that the FDIC receives written guidance from the Office of Management and Budget and the Department of the Treasury on whether the FDIC must include the Treasury Account Symbols in its DATA Act submissions.

3. Update the FDIC’s DATA Act reporting procedures and quality assurance processes to include tasks and documents needed to produce and review the DATA Act submission for all Treasury Account Symbols reflected in the FDIC’s Government-wide Treasury Account Symbol Adjusted Trial Balance SF-133.

FDIC COMMENTS AND OIG EVALUATION

FDIC management provided a written response, dated October 15, 2021, to a draft of this report. This response appears in its entirety in Appendix 4. In the response, management concurred with all three of the report’s recommendations. We consider all three recommendations resolved and they will remain open until we confirm that corrective actions have been completed and are responsive. Appendix 5 contains a summary of the FDIC’s corrective actions.

Appendix 1: Objectives, Scope, and Methodology

Objectives

The objectives of our audit were to assess the (1) completeness, accuracy timeliness, and quality of the financial and award data submitted for the first quarter of Fiscal Year 2021 and published on USASpending.gov and (2) FDIC’s implementation and use of the Government-wide financial data standards established by the OMB and Treasury.

We conducted this performance audit from May through August 2021 in accordance with Generally Accepted Government Auditing Standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Scope and Methodology

The scope of our audit covered Fiscal Year 2021 first quarter financial data that the FDIC submitted for publication on USASpending.gov. We followed the CIGIE FAEC Inspectors General Guide to Compliance under the DATA Act in conducting our audit.

We considered several factors, including the audit’s subject matter, to determine whether internal control was significant to the audit objectives. We then considered the components of internal control and the underlying principles included in the Government Accountability Office’s Standards for Internal Control in the Federal Government20 to identify internal controls that were significant to the objectives. We concluded that 3 of the 5 internal control components—Control Activities, Information and Communication, and Monitoring—were significant to the audit objectives. The Control Activities component includes the actions management establishes through policies and procedures to achieve objectives and respond to risks in the internal control system. The Information and Communication component relates to the information that management and personnel communicate and use to support the internal control system. The Monitoring component relates to activities that management establishes to assess the quality of performance over time and to promptly resolve the findings of audits and other reviews. We also concluded that 5 of the 17 principles associated with the three components were significant to the audit objectives as described in Table 1.

Footnote: 20 - Standards for Internal Control in the Federal Government (GAO-14-740G, September 2014). The Standards for Internal Control in the Federal Government organizes internal control through a hierarchical structure of 5 components and 17 principles. The five components, which represent the highest level of the hierarchy, consist of the Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. The 17 principles support the effective design, implementation, and operation of the components, and represent the requirements that are necessary to establish an effective internal control system.

[table]

Table 1: Internal Control Components and Principles Identified as Significant

Table Header: Components; Principles

Row 1; Components: Control Activities; Principles: Management should design control activities to achieve objectives and respond to risks. Management should design the entity’s information system and related control activities to achieve objectives and respond to risks. Management should implement control activities through policies.

Row 2; Components: Information and Communication; Principles: Management should use quality information to achieve the entity’s objectives.

Row 3; Components: Monitoring; Principles: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results.

Source: OIG-generated based on an analysis of internal control components and principles from the Government Accountability Office, Standards for Internal Control in the Federal Government (GAO-14-704G, September 2014).

[End of table]

Internal control deficiencies identified during the audit that are significant within the context of the audit objectives are presented in the Audit Results section of this report. Because our review was limited to the principles presented above, it may not have disclosed all internal control deficiencies that may have existed at the time of the audit. The following section provides details regarding the procedures we performed to conduct our audit and assess internal controls relevant to the audit objectives.

To address the audit objectives, we:

• Gained an understanding of DATA Act requirements by reviewing and analyzing Government-wide statutes, policies, procedures, guidance, and reports to gain an understanding of applicable laws, legislation, directives, and other guidance, including, but not limited to:

o The Digital Accountability and Transparency Act of 2014 (May 2014);

o Federal Funding Accountability and Transparency Act of 2006 (September 2006);

o Federal Financial Management Improvement Act of 1996 (September 1996);

o Federal Managers’ Financial Integrity Act of 1982 (September 1982);

o OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget (December 2020);

o OMB M-17-04, Additional Guidance for DATA Act Implementation: Further Requirements for Reporting and Assuring Data Reliability (November 2016);

o OMB Management Procedures Memorandum No. 2016-03, Additional Guidance for DATA Act Implementation: Implementing Data-Centric Approach for Reporting Federal Spending Information (May 2016); o OMB M-20-21, Implementation Guidance for Supplemental Funding Provided in Response to the Coronavirus Disease 2019 (COVID-19) (April 2020);

o DAIMS Reporting Submission Specification v2.0 (May 2020);

o DAIMS Practices and Procedures for DATA Act Broker Submissions v2.0 (May 2020);

o OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control (July 2016);

o OMB M-18-16, Appendix A to OMB Circular No. A-123, Management of Reporting and Data Integrity Risk (June 2018); and

o GAO-14-704G, Standards for Internal Control in the Federal Government (September 2014).

• Interviewed FDIC DOF personnel who had responsibility for administering and implementing the DATA Act for the FDIC.

• Participated in meetings with the Federal Audit Executive Council DATA Act Working Group to stay abreast of current challenges and issues surrounding the DATA Act required audits.

As permitted under the CIGIE FAEC Inspectors General Guide to Compliance under the DATA Act, we relied on work performed by the GAO as part of its financial statement audit of the FDIC to assess internal controls. It was not our intention to express an opinion on the FDIC’s internal controls. In this regard, we:

• Reviewed the FDIC’s Financial Statement audit report for Calendar Year 2020;

• Interviewed GAO officials regarding the assessment of the FDIC’s internal controls over the source financial system;

• Reviewed DOF’s 2021 revisions to process memoranda to determine any significant changes to relevant control processes;

• Assessed the FDIC’s internal controls over the financial data reported to USASpending.gov;

• Reviewed the FDIC’s internally prepared 2020 Assurance Statement to assess internal controls over the FDIC’s source financial system and financial reporting;

• Assessed the FDIC’s systems, processes, and internal controls over data management under the DATA Act; and

• Assessed the controls pertaining to the FDIC’s financial management systems from which the data elements are derived and linked.

The DATA Act requires the IG of each Federal agency to review a statistically valid sample of the spending data submitted by its Federal agency. As stated earlier, the FDIC only needed to submit appropriation summary-level data (File A) and obligations and outlay information at the program activity and object class level (File B) to the DATA Act Broker. Therefore, we (1) did not perform non-statistical or statistical test work on Files C through F as prescribed by the CIGIE FAEC Inspectors General Guide to Compliance under the DATA Act and (2) could not use the accompanying Quality Scorecard as designed to make a determination on the quality of the FDIC’s data.21 Instead, we made our determination on the quality of the FDIC’s data based upon the results of the Quality Scorecard non-statistical tests for timeliness and completeness of summary-level data in Files A and B.

Footnote: 21 - The Quality Scorecard is designed to provide government-wide consistency in the measurement of data quality. This is accomplished by including and assigning quantifiable values to non-statistical testing and weighing those results with statistical testing results to derive a quality score of “excellent,” “higher,” “moderate,” or “lower.” The Quality Scorecard assigns values to the testing of Files C, D1, and D2, which the FDIC does not submit.

We reviewed all eight data elements contained in Files A and B submissions and supporting schedules as prescribed in the Inspectors General Guide. The eight data elements are: Obligation, Appropriations Account, Unobligated Balances, Outlay, Program Activity, Object Class, Budget Authority Appropriated, and Other Budgetary Resources. We downloaded Files C through F from the DATA Act Broker and reviewed these files to ensure there were no values reported or extracted from the various award systems since the FDIC is not required to report the award-level information that is required in these files. The FDIC did not receive any COVID-19 funds; therefore, we did not perform COVID-19 outlay testing.

We performed our work remotely as a result of the COVID-19 pandemic.

Appendix 2: Glossary of Terms

[table]

Row 1; Term: Appropriations Account; Definition: The basic unit of an appropriation generally reflecting each unnumbered paragraph in an appropriation act. An appropriation account typically encompasses a number of activities or projects and may be subject to restrictions or conditions applicable to only the account, the appropriation act, titles within an appropriation act, other appropriation acts, or the Government as a whole. (Federal Spending Transparency Data Standards published by OMB and Treasury)

Row 2; Term: Budget Authority Appropriated; Definition: A provision of law (not necessarily in an appropriation act) authorizing an account to incur obligations and to make outlays for a given purpose. Usually, but not always, an appropriation provides budget authority. (Federal Spending Transparency Data Standards published by OMB and Treasury)

Row 3; Term: Object Class; Definition: Categories in a classification system that presents obligations by the items or services purchased by the Federal Government. Each specific Object Class is defined in OMB Circular A-11, Preparation, Submission, and Execution of the Budget. (Federal Spending Transparency Data Standards published by OMB and Treasury)

Row 4; Term: Obligation; Definition: A legally binding agreement that will result in financial outlays, immediately or in the future. When an order is placed, a contract is signed, a grant awarded, a service purchased, or other actions are taken that require the Government to make payments to the public or from one Government account to another, an obligation is incurred. (Federal Spending Transparency Data Standards published by OMB and Treasury)

Row 5; Term: Other Budgetary Resources; Definition: New borrowing authority, contract authority, and spending authority from offsetting collections provided by the Congress in an appropriation act or other legislation, or unobligated balances of budgetary resources made available in previous legislation, to incur obligations and to make outlays. (Federal Spending Transparency Data Standards published by OMB and Treasury)

Row 6; Term: Outlay; Definition: Payments made to liquidate an obligation (other than the repayment of debt principals or other disbursements that are “means of financing” transactions). Outlays are generally equal to cash disbursements but also are recorded for cash-equivalent transactions, such as the issuance of debentures to pay insurance claims, and in a few cases are recorded on an accrual basis such as interest on public issues of the public debt. Outlays are a measure of Government spending. (Federal Spending Transparency Data Standards published by OMB and Treasury)

Row 7; Term: Program Activity; Definition: A specific activity or project as listed in the program and financing schedules of the annual budget of the United States Government. (Federal Spending Transparency Data Standards published by OMB and Treasury)

Row 8; Term: Unobligated Balances; The cumulative amount of budget authority that remains available for obligations under law in unexpired accounts at a point in time. (Federal Spending Transparency Data Standards published by OMB and Treasury) [end of table]

Appendix 3: Acronyms and Abbreviations

CIGIE - Council of the Inspectors General on Integrity and Efficiency

COVID-19 - Coronavirus Disease 2019

DAIMS - DATA Act Information Model Schema

DATA Act - Digital Accountability and Transparency Act of 2014

DIF - Deposit Insurance Fund

DOF - Division of Finance

FAEC - Federal Audit Executive Council

FDIC - Federal Deposit Insurance Corporation

FFAFTA - Federal Funding Accountability and Transparency Act of 2006

FRF - Federal Savings and Loan Insurance Corporation Resolution Fund

FSLIC - Federal Savings and Loan Insurance Corporation

GAO - Government Accountability Office

GTAS - Government-wide Treasury Account Symbol Adjusted Trial Balance System

IG - Inspector General

OIG - Office of Inspector General

OMB - Office of Management and Budget

PMO - Treasury DATA Act Project Management Office

RTC - Resolution Trust Corporation

SAO - Senior Accountable Official

TAS - Treasury Account Symbol

Treasury - Department of the Treasury

Working Group - Federal Audit Executive Council DATA Act Working Group

Appendix 4: FDIC Comments

[FDIC Letterhead, Deputy to the Chairman and Chief Financial Officer]

October 15, 2021

MEMORANDUM TO: Terry L. Gibson Assistant Inspector General for Audits, Evaluation, and Cyber

FROM: Bret D. Edwards Deputy to the Chairman and Chief Financial Officer

CC: Mary E. Peterman, Deputy Director & Controller Sam Forkkio, Branch Manager CARB Paul Covas, Manager FRAS E. Marshall Gentry, Director & Chief Risk Officer

Subject: Draft Audit Report – Audit of the FDIC’s Compliance under the Digital Accountability and Transparency Act of 2014 – No. 2021-014

Thank you for the opportunity to comment on the Office of the Inspector General’s (OIG) draft evaluation report titled, Audit of the FDIC’s Compliance under the Digital Accountability and Transparency Act of 2014 – No. 2021- 014, September 2021. We appreciate the feedback contained in this report; it will assist us in improving and refining this reporting process.

In this report, the OIG Audit team made three recommendations to improve FDIC’s DATA Act submission management and reporting. FDIC management concurs with these recommendations. Our detailed response below is organized by recommendation and contains management corrective actions already completed or in progress.

FDIC Planned Management Actions in Response to the three Report Recommendations

Recommendation # 1

Coordinate with the Office of Management and Budget and the Department of the Treasury to obtain a written determination on whether the FDIC must include Treasury Account Symbols 4065 and 4067 in its future DATA Act submissions and the data elements that must be reported, if applicable.

FDIC Response: Concur

Corrective Action:

On August 12, 2021, the Controller and three staff members met with two representatives from the Office of Management and Budget regarding reporting requirements of the two Treasury Account Symbols (TAS) in question, including TAS 4065 for the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF) and TAS 4067 for the Resolution Trust Corporation (RTC). The OMB staff verbally concurred with the FDIC’s OIG position that TAS 4065 and 4067 should be reported to the DATA Act broker going forward. While FDIC requested a written confirmation from OMB, we have not received one as of this date.

Completion Date: August 12, 2021

Recommendation # 2

Include Treasury Account Symbols 4065 and 4067 in the FDIC’s future DATA Act submissions in accordance with DATA Act reporting requirements until such time that the FDIC receives written guidance from the Office of Management and Budget and the Department of the Treasury on whether the FDIC must include the Treasury Account Symbols in its DATA Act submissions.

FDIC Response: Concur

Corrective Action:

The DOF staff will submit TAS 4065 and 4067 with the September 30, 2021, filing into the USASpending.gov broker. The data element values will agree with the SF-133 balances as derived from the quarterly upload of the Governmentwide Treasury Account Symbol (GTAS) trial balance numbers.

Estimated Completion Date: November 30, 2021

Recommendation # 3

Update FDIC’s DATA Act reporting procedures and quality assurance processes to include tasks and documents needed to produce and review the DATA Act submission for all Treasury Account Symbols reflected in the FDIC’s Governmentwide Treasury Account Symbol Adjusted Trial Balance SF-133.

FDIC Response: Concur

Corrective Action:

DOF staff will update the DATA Act Quality Assurance checklists to accommodate the review of the additional TAS values. DOF will make changes to the DATA Act procedures document to reflect the additional process steps. DOF will have the Corporate Planning and Performance Management (CPPM) systems programmers make changes to the applicable WebFocus report to query the NFE general ledger to extract expense data for the FRF and RTC funds.

Estimated Completion Date: November 30, 2021

If you have any questions regarding this response, please contact Paul Covas at (703) 562-6198.

Appendix 5: Summary of the FDIC's Corrective Actions

[Table]

This table presents management’s response to the recommendations in the report and the status of the recommendations as of the date of report issuance.

Row 1; Rec. No. 1; Corrective Action - Taken or Planned: On August 12, 2021, the Controller and three staff members met with two representatives from the OMB regarding reporting requirements of TAS 4065 for the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF) and TAS 4067 for the Resolution Trust Corporation (RTC). The OMB staff verbally concurred with the FDIC OIG’s position that the two TAS should be reported to the DATA Act broker going forward. The FDIC requested a written confirmation from the OMB, but has not received this as of October 15, 2021; Expected Completion Date: August 12, 2021; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

Row 2; Rec. No. 2; Corrective Action - Taken or Planned: DOF staff will submit TAS 4065 and 4067 with the September 30, 2021, filing into the USASpending.gov broker. The data element values will agree with the SF-133 balances as derived from the quarterly upload of the GTAS trial balance numbers; Expected Completion Date: November 30, 2021; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

Row 3; Rec. No. 3; Corrective Action - Taken or Planned: DOF staff will update the DATA Act Quality Assurance checklists to accommodate the review of the additional TAS values and make changes to the DATA Act procedures document to reflect the additional process steps. DOF will have the Corporate Planning and Performance Management (CPPM) systems programmers make changes to the applicable WebFocus report to query the NFE general ledger to extract expense data for the FRF and RTC funds; Expected Completion Date: November 30, 2021; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

a Recommendations are resolved when —

1. Management concurs with the recommendation, and the planned, ongoing, and completed corrective action is consistent with the recommendation.

2. Management does not concur with the recommendation, but alternative action meets the intent of the recommendation.

3. Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.

b Recommendations will be closed when the OIG confirms that corrective actions have been completed and are responsive.

[end of table]

[end of report]

[FDIC OIG Logo] Federal Deposit Insurance Corporation Office of Inspector General

3501 Fairfax Drive Room VS-E-9068 Arlington, VA 22226

(703) 562-2035

The OIG’s mission is to prevent, deter, and detect waste, fraud, abuse, and misconduct in FDIC programs and operations; and to promote economy, efficiency, and effectiveness at the agency.

To report allegations of waste, fraud, abuse, or misconduct regarding FDIC programs, employees, contractors, or contracts, please contact us via our Hotline or call 1-800-964-FDIC.

FDIC OIG website, www.fdicoig.gov

Twitter, @FDIC_OIG

Oversight.gov, www.oversight.gov/