oversight

OPM's Data Submission and Compliance with the Digital Accountability and Transparency Act (DATA Act)

Published by the Office of Personnel Management, Office of Inspector General on 2017-11-09.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

U.S. OFFICE OF PERSONNEL MANAGEMENT
   OFFICE OF THE INSPECTOR GENERAL
            OFFICE OF AUDITS




 Final Audit Report
   Audit of the U.S. Office of Personnel Management’s Data
Submission and Compliance with the Digital Accountability and
                       Transparency Act

               Report Number 4A-CF-00-17-033
                      November 9, 2017
            EXECUTIVE SUMMARY 

Audit of the U.S. Office of Personnel Management’s Data Submission and Compliance with the
                          Digital Accountability and Transparency Act
 Report No. 4A-CF-00-17-033                                                                          November 9, 2017

Why Did We Conduct the Audit?             What Did We Find?

The objectives of our audit were to       We determined that the FY 2017, second quarter, financial and
assess the (1) completeness,              award data submitted by OPM was complete, timely, accurate, of
timeliness, quality, and accuracy of      adequate quality, and we identified no internal deficiencies that
                                          would affect the data submission. In addition, we verified each
fiscal year (FY) 2017, second quarter,
                                          transaction to its source system data, and that the transactions were
financial and award data submitted for    reported within 30 days of the quarter’s end, as required by the
publication on USASpending.gov and        U.S. Office of Management and Budget’s Memorandum M-10-06,
(2) the U.S. Office of Personnel          Open Government Directive, dated April 6, 2010.
Management’s (OPM) implementation
and use of the Government-wide            While OPM met the objectives of the DATA Act, we noted the
financial data standards established by   following errors:
the U.S. Office of Management and
                                              x	 With respect to the data completeness, we estimated an
Budget and the U.S. Department of                error rate of 18.9 percent*, with a margin of error of 4.33
Treasury.                                        percent.
                                              x	 We estimated OPM’s data accuracy error rate to be 1.29
What Did We Audit?                               percent*, with a margin of error of 1.14 percent.

The Office of the Inspector General       In addition, we did identify the following three areas requiring
has completed a performance audit of      improvement:
OPM’s Digital Accountability and
                                              x	 Summary-Level Differences Between Data Submission
Transparency Act (DATA Act)                      Files A and B: OPM’s gross outlay and obligations
process and submission for FY 2017,              incurred amounts by program object class in File B did not
second quarter. Our audit fieldwork              agree to the gross outlay and obligations incurred amounts
was conducted from March 21 through              by Treasury Account Symbol in File A.
October 17, 2017, at OPM                      x	 Lack of Effective and Efficient Standard Operating
headquarters, located in Washington,             Procedures and Control Activities over the Data
                                                 Submission Process: The Office of the Chief Financial
D.C.
                                                 Officer did not provide proper guidance to all OPM offices
                                                 involved in the data submission process prior to the May 9,
                                                 2017, implementation of its DATA Act requirements.
                                              x	 Lack of Effective and Efficient Controls over Data
                                                 Submission Files A through F: We found 3 data accuracy
                                                 errors and 44 blank data fields displayed in File D1.
_______________________
Michael R. Esser                          * During our audit, we found errors that were attributable to agency supplied
                                          information, as well as issues with the DATA Act Broker where OPM does not
Assistant Inspector General for Audits
                                          have control. The Federal Audit Executive Council DATA Act Working Group
                                          provided standard language for reporting purposes to address this concern.
                                                       i
           ABBREVIATIONS


CBIS       Consolidated Business Information System
CIGIE      Council of the Inspectors General on Integrity and Efficiency
DAIW       The DATA Act Implementation Working Group
DATA Act   Digital Accountability and Transparency Act of 2014
FOM        Financial Operations Management
FY         Fiscal Year
GTAS       Government-wide Treasury Account Symbol
IDD        Interface Definition Document
NAIC       North American Industrial Classification System Code
OCFO       Office of the Chief Financial Officer
OIG        Office of the Inspector General
OMB        U.S. Office of Management and Budget
OPM        U.S. Office of Personnel Management
RSS        Reporting Submission Specification
SAM        System for Award Management
SAO        Senior Accountable Official
TAS        Treasury Account Symbol
Treasury   U.S. Department of Treasury

           U.S. Office of Management and Budget
           U.S. Office of Personnel Management
           Reporting Submission Specification
           System for Award Management
           Senior Accountable Official
           Treasury Account Symbol
           U.S. Department of Treasury




                         ii
                           TABLE OF CONTENTS

                                                                                                                                 Page


       EXECUTIVE SUMMARY ......................................................................................... i 


       ABBREVIATIONS ..................................................................................................... ii 


I.     BACKGROUND ..........................................................................................................1 


II.    OBJECTIVES, SCOPE, AND METHODOLOGY ..................................................7 


III.   AUDIT FINDINGS AND RECOMMENDATIONS...............................................11


       1.	 Summary-Level Differences between Data Submission Files A 

           and B ......................................................................................................................11 


       2.	 Lack of Effective and Efficient Standard Operating Procedures 

           and Control Activities over the Data Submission Process.....................................12 


       3.	 Lack of Effective and Efficient Controls over Data Submission 

           Files A through F ...................................................................................................14 


       APPENDIX	 The Chief Financial Officer’s response to the draft report,
                 dated October 26, 2017.

       REPORT FRAUD, WASTE, AND MISMANAGEMENT
                                I. BACKGROUND

This final audit report details the findings, conclusions, and recommendations resulting from our
performance audit of the U.S. Office of Personnel Management’s (OPM) Data Submission and
Compliance with the Digital Accountability and Transparency Act (DATA Act). The audit was
performed by OPM’s Office of the Inspector General, as authorized by the Inspector General Act
of 1978, as amended.

The DATA Act was enacted on May 9, 20141, to expand the reporting requirements pursuant to
the Federal Funding Accountability and Transparency Act of 20062. The DATA Act, in part,
requires Federal agencies to report financial and award data in accordance with the established
Government-wide financial data standards. In May 2015, the U.S. Office of Management and
Budget (OMB) and the U.S. Department of Treasury (Treasury) published 573 data definition
standards and required Federal agencies to report financial data in accordance with these
standards for DATA Act reporting, beginning in January 2017. Once submitted, the data must be
displayed on USASpending.gov for taxpayers and policy makers.

OMB issued the following guidance to Federal agencies to ensure reporting requirements are met:

OMB Memorandum M-10-06, Open Government Directive, dated December 8, 2009, directs
executive departments and agencies to take specific actions to implement the principles of
transparency, participation, and collaboration. Within 45 days of issuance of this memorandum,
agencies shall identify and publish online in an open format at least three high-value data sets and
register those data sets via Data.gov. Furthermore, agencies shall designate a high-level senior
official to be accountable for the quality and objectivity of, and internal controls over, the Federal
spending information in USASpending.gov. Within 60 days, each agency shall create an open
government webpage to function as the gateway for agency activities.

OMB guidance in Open Government Directive, Federal Spending Transparency, dated April 6,
2010, focuses on three areas:

    x	 Implementation of a policy to require the collection and reporting on sub-award data.
       Under this guidance, sub-award information will now be required to be collected and
       reported.

1
  Public Law 113-101 (May 9, 2014)

2
  Public Law 109-282 (September 26, 2006) 

3
  Under the Federal Funding Accountability and Transparency Act of 2006, Federal agencies report 259 data 

elements to USAspending.gov. However, Treasury and OMB identified 49 existing elements, deemed controversial 

in nature, and 8 new data elements requiring standardization.



                                                  1	                        Report No. 4A-CF-00-17-033
    x	 Improvement of the data quality for information on Federal awards. Agencies will be
       required to improve the timeliness, completeness, and accuracy of Federal spending
       information4. Quarterly metrics on the data quality of the Federal government’s spending
       website, USAspending.gov, will be displayed publicly.

    x	 Enhancement of the technological capabilities of USAspending.gov. OMB will launch
       new tools and capabilities that will be available to users to view and analyze Federal
       spending data.

OMB also required agencies to attest to the quality of data submitted to USAspending.gov by
reporting on three key metrics: timeliness, completeness, and accuracy.

OMB Management Procedures Memorandum 2016-03, Additional Guidance for DATA Act
Implementation: Data-Centric Approach for Reporting Federal Spending Information, dated
May 3, 2016, states the authoritative source for entity information of Financial Assistance
Awardees remains Agency Systems, validated against the System for Award Management (SAM)
for awardees required to register in SAM. The authoritative source for sub-award information
remains the Federal Funding Accountability and Transparency Act5 Sub-award Reporting System.
Data will continue to flow directly from the Federal Funding Accountability and Transparency
Act Sub-award Reporting System to USASpending.gov with no additional actions required of
agencies.

OMB Memorandum No. M-17-04, Additional Guidance for DATA Act Implementation: Further
Requirements for Reporting and Assuring Data Reliability, dated November 4, 2016, further
specifies:

    x	 responsibilities for reporting financial information for awards involving Intragovernmental
       Transfers,

    x	 guidance for reporting financial assistance award records containing Personally 

       Identifiable Information, and 





4
  In general, timeliness is the percentage of transactions reported within 30 days, completeness is the percentage of
transactions containing all data elements required by the Transparency Act, and accuracy is the percentage of
transactions that are complete and do not have inconsistencies with systems of record or other authoritative sources.
5
  Federal Funding Accountability and Transparency Act of 2006, Public Law No. 109-282, 31 U.S.C. § 610 l, see
footnote.

                                                      2	                           Report No. 4A-CF-00-17-033
   x	 guidance for agencies to provide the Senior Accountable Official (SAO) assurance over
      quarterly submissions to USASpending.gov. Agencies are required to comply with the
      record keeping and reporting requirements for the first DATA Act reporting (May 2017)
      and for every quarter thereafter.

For all allocation transfer related data included in DATA Act Files A through C, the awarding
agency must provide assurance of the accuracy and reliability of the data to the funding agency.
The funding agency, in turn, will be responsible for assuring the submission of the information in
Files A through C for display on USASpending.gov.

When a funding agency funds a service through an awarding agency, both the awarding and
funding agency are responsible for submitting appropriations data and program activity and object
class data (Files A and B). In addition, the awarding agency will submit the financial award data
(File C) and will continue to report award-level information (Files D1 and D2).

The agency's SAO assurance will be submitted quarterly through the DATA Act Broker process.
The quarterly process will require the SAO to assure that alignment among Files A through F is
valid and reliable and the data in each DATA Act file submitted for display on USASpending.gov
is valid and reliable.

The DATA Act requires that the Inspectors General of each Federal agency review a statistically
valid sample of the spending data submitted by its Federal agency and submit a publicly available
report to Congress assessing the completeness, timeliness, quality, and accuracy of the data
sampled, and the implementation and use of the Government-wide financial data standards by the
Federal agency. The DATA Act defines and measures completeness, timeliness, quality and
accuracy in the following ways:

   x	 Completeness - Measured in two ways: (1) all transactions that should have been recorded
      are recorded in the proper reporting period and (2) as the percentage of transactions
      containing all applicable data elements required by the DATA Act.

   x	 Timeliness - Measured as the percentage of transactions reported within 30 days of quarter
      end.

   x	 Accuracy - Measured as the percentage of transactions that are complete and agree with
      the systems of record or other authoritative sources.




                                             3	                     Report No. 4A-CF-00-17-033
   x   Quality - Defined as a combination of utility, objectivity, and integrity. Utility refers to
       the usefulness of the information to the intended users. Objectivity refers to whether the
       disseminated information is being presented in an accurate, clear, complete, and unbiased
       manner. Integrity refers to the protection of information from unauthorized access or
       revision.

To meet the needs of the Inspectors General community, the Council of the Inspectors General on
Integrity and Efficiency (CIGIE) Federal Audit Executive Council established the DATA Act
Working Group. In consultation with the U.S. Government Accountability Office, as required by
the DATA Act, the Federal Audit Executive Council DATA Act Working Group developed a
DATA Act compliance guide to set a baseline framework for the required reviews performed by
the Inspector General community and to foster a common methodology for performing these
mandates. Under the DATA Act, each Inspector General is required to issue three reports on its
agency’s data submission and compliance with the DATA Act. The first required reporting from
Inspectors General is due November 8, 2017, with two subsequent reports following on a two
year cycle.

SUBJECT MATTER EXPERTS

OPM has aligned knowledgeable personnel within its DATA Act Implementation Working Group
(DAIW) to provide a vision for a successful implementation of the DATA Act and its
requirements. The DAIW has an effective management structure with clearly defined roles and
responsibilities, which include, but are not limited to the:

Senior Accountable Official, who for the DATA Act implementation is also OPM’s Chief
Financial Officer, and who assumes responsibility for coordinating and collaborating OPM’s
efforts pursuant to the development and implementation of the DATA Act and data quality
framework for reporting OPM Federal spending information;

Chief Acquisition Officer, who leads policy development, establishment of acquisition goals,
evaluation and monitoring of bureau organizations, strategic sourcing, governance of Federal-
wide and Treasury procurement systems, and continuous improvement of the acquisition
environment; and

Chief Information Officer, who is responsible for endorsing and providing input on the DATA
Act implementation.




                                             4                       Report No. 4A-CF-00-17-033
INFORMATION TECHNOLOGY SYSTEMS UNDER THE DATA ACT

OPM uses two separate source systems, from which the DATA Act Broker retrieves financial
data, to comply with DATA Act reporting standards: (1) the Consolidated Business Information
System (CBIS), an Oracle application, for its Salaries & Expenses and Revolving Fund business
operations, and (2) the Federal Financial System, a long-running Consultants to Government and
Industries - American Management System mainframe solution of over 20 years, for its Trust
Funds processing.

The DATA Act Information Model Schema provides a standardized definition and conceptual
model for the information relevant to the domain and public reporting of U.S. Federal spending.
The DATA Act Information Model Schema is comprised of two components: (1) Reporting
Submission Specification6 (RSS) and (2) Interface Definition Document7 (IDD).

Files A through C represent OPM’s RSS submission:

    x	 File A – appropriation summary level data aligned to the SF133 reporting.

    x	 File B – obligation and outlay information at program activity and object class level.

    x	 File C – obligations at the award and object class level.

Files D through F represent the IDD extracts from existing systems:

    x	 Files D1 and D2 – award and awardee details that are linked to File C.

    x	 File E – additional prime awardee attribute which is extracted from SAM via the DATA
       Act Broker.

    x	 File F – sub-award information.

It is the prime awardee’s responsibility to report sub-award and executive compensation
information in SAM and the Federal Funding Accountability and Transparency Act Sub-award
Reporting System. Data reported from these two award-reporting systems is generated in the
DATA Act Broker for display on USASpending.gov. As outlined in OMB’s Management

6
 The RSS provides detail on specific data that is submitted from an agency’s financial system. 

7
 The IDD contains a listing of the elements, with supporting metadata, to understand which data will be pulled from

government-wide systems for procurement and from agency’s financial assistance systems.


                                                     5	                          Report No. 4A-CF-00-17-033
Procedures Memorandum 2016-03, the authoritative sources for the data reported in Files E and F
are SAM and the Federal Funding Accountability and Transparency Act Sub-award Reporting
System, respectively, with no additional action required of Federal agencies. As such, we did not
assess the completeness, accuracy, timeliness, and quality of the data extracted from SAM and the
Federal Funding Accountability and Transparency Act Sub-award Reporting System via the
DATA Act Broker.

POLICIES AND PROCEDURES

The Office of the Chief Financial Officer’s (OCFO) Financial Operations Management (FOM)
DATA Act reporting procedures are as follows:

    x	 The FOM division populates the RSS, Files A through C, by utilizing OPM’s Data
       Element Components, which consist of representatives from the offices of Procurement,
       Budget, Financial System, and Accounting.

    x	 The FOM division collects and reconciles data from the Data Element Components prior
       to the SAO certifying within the DATA Act Broker.

    x	 The FOM division utilizes the DATA Act Broker as a check and balance mechanism to
       ensure that the Files A through F are valid.

PREVIOUS OFFICE OF THE INSPECTOR GENERAL REPORTS

In FY 2017, the Office of the Inspector General (OIG) conducted a DATA Act Readiness
Review8. The final report was issued in February 2017, and we reported that OPM’s
implementation process was on track to meet the DATA Act requirements. There were no
recommendations in the report.




8
 OPM - Office of the Inspector General, Management Advisory Report – Digital Accountability and
Transparency Act Readiness Review, Audit Report Number 4A-CF-00-16-038, issued February 16, 2017.

                                                 6	                        Report No. 4A-CF-00-17-033
II. OBJECTIVES, SCOPE, AND METHODOLOGY

 OBJECTIVES

 The objectives of our audit were to assess (1) the completeness, timeliness, quality, and accuracy
 of FY 2017, second quarter, financial and award data submitted for publication on
 USASpending.gov, and (2) OPM’s implementation and use of the Government-wide financial
 data standards established by OMB and Treasury.

 The recommendations included in this final report address our audit objectives.

 SCOPE AND METHODOLOGY

 We conducted this performance audit in accordance with generally accepted government
 auditing standards as established by the Comptroller General of the United States. These
 standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to
 provide a reasonable basis for our findings and conclusions based on our audit objectives.

 The scope of our audit covered FY 2017, second quarter, financial and award data submitted for
 publication by OPM, on USASpending.gov, and applicable policies and procedures related to
 this process. A total population of 584 transactions were identified for File D1 in the second
 quarter of FY 2017. We performed our audit fieldwork from March 21 through October 17,
 2017, at OPM headquarters, located in Washington, D.C.

 To accomplish our audit objectives noted above, we:

     x	 Obtained an understanding of regulatory criteria related to agency’s responsibilities to
        report financial and award data under the DATA Act;

     x	 Interviewed OCFO and Office of Procurement Operations personnel;

     x	 Reviewed a statistically valid sample from FY 2017, second quarter, financial and award
        data submitted by OPM for publication on USASpending.gov;

     x   Assessed the completeness, timeliness, quality, and accuracy of the financial and award
         data sampled;



                                              7	                     Report No. 4A-CF-00-17-033
       x   Assessed OPM’s implementation and use of the 57 data definition standards as
           established by OMB and Treasury; and

       x   Utilized the Procurement Instrument Identifier Number9 as a unique identifier to link all
           transactions between Files A through F for file testing.

In addition, the OIG conducted three information technology audits in FY 2017 in support of our
DATA Act responsibilities. Specifically, we:

       x	 Assessed OPM’s financial and award systems, processes, and internal controls in place
          over data management under the DATA Act;

       x	 Assessed the general and application controls pertaining to financial management
          systems (e.g., grants, loans, procurement) from which the data elements were derived
          and linked; and

       x	 Assessed OPM’s internal controls in place over the financial and award data reported to
          USASpending.gov per OMB Circular A-123.

In planning our work and gaining an understanding of the internal controls over OPM’s financial
and award data reporting process, we considered, but did not rely on, OPM’s internal control
structure to the extent necessary to develop our audit procedures. These procedures were
analytical and substantive in nature. We gained an understanding of management procedures
and controls to the extent necessary to achieve our audit objectives. The purpose of this audit
was not to provide an opinion on internal controls but merely to evaluate controls over the data
submitted by OPM for publication on USASpending.gov.

Our audit included such tests and analysis of the data OPM’s DAIW submitted to ensure
compliance with the DATA Act and reporting processes, including documented policies and
procedures, numerical data and narratives reported in the DATA Act, and other applicable
information as we considered necessary under the circumstances. The results of our testing
indicate that with respect to the items tested, while the financial and award data submitted by
OPM in USAspending.gov for the second quarter of FY 2017 was complete, timely, accurate,
and of adequate quality, the agency needs to strengthen controls over its DATA Act submission
process.



9
    Procurement Instrument Identifier Number is a contract or agreement number.

                                                      8	                          Report No. 4A-CF-00-17-033
 In conducting the audit, we relied to varying degrees on computer-generated data. We
 performed tests to determine whether OPM’s management of IT systems, processes, and
 procedures are consistent with applicable standards. We did not verify the reliability of the data
 generated by the various information systems. However, nothing came to our attention during
 the audit to cause us to doubt its reliability, and we had no reason to believe the data was not
 sufficient to achieve our audit objectives. We reported the results of this work in the following
 reports, which will be made available on the OIG’s website:

     x	 Federal Information Security Modernization Act Audit – FY 2017 (Report No. 4A-CI-
        00-17-020, issued on October 27, 2017);

     x	 Audit of the Information Technology Security Controls of the U.S. Office of Personnel
        Management's Federal Financial System (Report No. 4A-CF-00-17-044, issued on
        September 29, 2017); and

     x	 Audit of the IT Security Controls of OPM’s Consolidated Business Information System
        (Report No. 4A-CF-00-17-043, issued on September 29, 2017).

In order to assess the completeness, timeliness, quality, and accuracy of OPM’s FY 2017, second
quarter, financial and award data submitted for publication on USASpending.gov, we used IDEA
Data Analysis software to select a statistically random sample from File D1 for review. File C was
not suitable for statistical sampling due to linkage problems between the Federal Procurement
Data System – Next Generation and CBIS, as well as an incomplete universe for the Federal
Financial System database. CIGIE Working Group guidance specified that the OIG should select
a sample size of 385; however, agencies with smaller transaction populations, such as OPM, where
the 385 represented 5 percent or more of the population, were guided to apply a finite correction
factor using the formula 385/[1+(385/N)], where "N" represents the transaction population size.
Using the finite correction for OPM, we statistically selected a random sample size of 232 out of
584 transactions for File D1 for the second quarter of FY 2017.

With respect to completeness, we noted that 44 instances of blank data fields displayed within File
D1, resulting in an error rate of 18.9 percent, with a margin of error of 4.33 percent, for
transactions in FY 2017, 2nd quarter. Furthermore, with respect to accuracy, we noted 3 instances
of inaccurate data displayed in File D1, resulting in an error rate of 1.29 percent, with a margin of
error of 1.14 percent, for transactions in FY 2017, 2nd quarter.




                                          9	                          Report No. 4A-CF-00-17-033
The results from the random statistical samples were not projected to the population, rather they
represent the error rate in the entire population of transactions tested in a statistically random
sample.




                                          10                          Report No. 4A-CF-00-17-033
III. AUDIT FINDINGS AND RECOMMENDATIONS

  While OPM met its DATA Act requirements in regards to data submission, we identified the
  following three areas requiring improvement.

  1. Summary-Level Differences between Data Submission Files A and B

     OPM’s gross outlay amount by program object class in File B did not agree to the gross
     outlay amount by Treasury Account Symbol (TAS) in File A, and the obligations incurred by
     program object class in File B did not agree to obligations incurred by total TAS. See Table
     1 for details.

                                 Table 1: Summary-Level Data Test
                  File A                              File B                             Variance
      Gross Outlay $ 77,061,828,796    Gross Outlay       $ 77,067,853,947          $ 6,025,151
      Amount By                        Amount By
          TAS                          Program Object
                                       Class
      Obligations $ 95,930,994,495     Obligations        $ 96,954,618,759          $ 1,023,624,264
        Incurred                       Incurred By
       Total By                        Program Object
          TAS                          Class

     The OCFO stated that “there are 'top-side' adjustments that are made to support the GTAS
     [Government-wide Treasury Account Symbol] reporting submission and to reflect correct
     General Ledger balances. These 'top-side' entries are not recorded in the financial system
     until the September GL [General Ledger] Period where the final system trial balances align
     with fiscal year end GTAS reporting.” Furthermore, the OCFO stated that, “CFO/Financial
     Systems [and] Operations (FSO) opened a ticket … with the CBIS Helpdesk to address
     calculation differences … .” and that a “copy of the resolved ticket, provided by CBIS
     Helpdesk, will be forwarded upon receipt.” As of November 2, 2017, the OIG has not
     received the CBIS Helpdesk resolved ticket mentioned above.

     The Inspectors General Guide to Compliance Under the DATA Act, dated February 27, 2017,
     states that “the gross outlay amount by program object class in File B should agree to the
     gross outlay amount by TAS in File A and the obligations incurred by program object class
     in File B should agree to obligations incurred by total TAS.”



                                             11                    Report No. 4A-CF-00-17-033
   OMB’s M-17-04, Memorandum for Agency Senior Accountable Officials, dated November 4,
   2016, states that “[s]ince a DATA Act submission contains a combination of many data sets,
   the SAO will be required to attest to the validity and reliability of the complete DATA Act
   submission, including the interconnectivity/linkages (e.g.[,] award ID linkage) across all the
   data in files A, B, C, D, E, and F. Where there are legitimate differences between files, the
   SAO should have categorical explanations for misalignments. To provide this assurance,
   agencies should have internal controls in place over all of the data reported for display [on]
   USASpending.gov per A-123.”

   If OPM cannot categorically attest to the misalignment of File A (Appropriation summary
   level data) to File B (Obligation and outlay information at program activity and object class
   level), they will not be fully compliant with OMB’s M-17-04, Memorandum for Agency
   Senior Accountable Officials, and more importantly, the data displayed on USASpending.gov
   may be misleading to the public.

   Recommendation 1

   We recommend that the OCFO continue to work with the CBIS Helpdesk to address
   calculation difference root cause(s) and provide categorical explanations for the
   misalignments between File A (appropriation summary level data) and File B (obligation and
   outlay information at program activity and object class level) prior to the FY 2019 DATA
   Act audit.

   OCFO’s Response

   The OCFO concurs with the recommendation and stated that they have “successfully
   identified the root cause of the summary level difference between data submission Files A
   and B. … The Migration Request [sent to CBIS Production] is currently being reviewed
   and tested by OCFO Financial Operations Management (FOM).”

2.	 Lack of Effective and Efficient Standard Operating Procedures and Control Activities
    over the Data Submission Process

   The OCFO has a policy and procedures in place documenting their data submission process;
   however, they were unable to provide documentation to support that the policy and
   procedures were approved by the OCFO’s Financial Operations Management division and
   communicated to the responsible Data Element Components, which consist of
   representatives from the offices of Procurement, Budget, Financial System, and Accounting.



                                            12 	                   Report No. 4A-CF-00-17-033
Financial Operations Management informed us that due to other high priority items and
limited staff, the standard operating procedures governing the systems, processes, and
internal controls in place over data management (under the DATA Act), were still in draft
form and that with any implementation, there is some documentation that will not be
properly available until implementation commences.

The U.S. Government Accountability Office, Standards for Internal Control in the Federal
Government, dated September 2014, states that control activities are “[t]he policies,
procedures, techniques, and mechanisms that enforce management’s directives to achieve the
entity’s objectives and address related risks … .” Furthermore, management should design
and communicate control activities to achieve objectives, respond to risk, and support the
internal control system.

Furthermore, the U.S. Government Accountability Office, Standards for Internal Control in
the Federal Government, Principle 14, state that “[m]anagement communicates quality
information down and across reporting lines to enable personnel to perform key roles in
achieving objectives, addressing risks, and supporting the internal control system. In these
communications, management assigns the internal control responsibilities for key roles.”

OMB’s Memorandum 10-06 states that in order “[t]o improve the quality of government
information available to the public, senior leaders should make certain that the information
conforms to OMB guidance on information quality and that adequate systems and processes
are in place within the agencies to promote such conformity.”

If the OCFO’s Data Element Components are not receiving new and revised guidance on
their key roles, there is an increased risk that OPM will not meet the intent of the DATA Act
objectives of financial transparency when reporting spending data on USASpending.gov.

Recommendation 2

We recommend that the OCFO establish controls to ensure that DATA Act standard
operating procedures are approved by management, documented, and communicated to the
appropriate staff members prior to implementation and/or revision of any new or existing
management directives.




                                         13                     Report No. 4A-CF-00-17-033
     OCFO’s Response

     The OCFO concurs with ensuring that DATA Act standard operating procedures are approved
     by management and communicated to the appropriate Data Element Components in a timely
     manner.

3. Lack of Effective and Efficient Controls over Data Submission Files A through F

     The OCFO submitted OPM’s DATA Act information by the end of the second quarter of FY
     2017, and validated the accuracy of the data populated in Files A through C. However, the
     OCFO’s internal controls did not include ensuring the interconnectivity/linkages across all
     data Files, A through F, to be displayed on USASpending.gov.

     We identified the following errors in the information reported by the DATA Broker:

         x   44 blank data fields*.
         x   2 instances where the NAIC10 code was displayed incorrectly in File D1*.
         x   Procurement Instrument Identifier Number, WO760, was displayed as ($101,282)
             when the correct amount was ($200,926).

     *These errors are attributable to OPM supplied information and issues with the DATA Act Broker where OPM
     does not have control. In some cases, we are not able to specifically determine the root cause, but there is
     evidence that it may be related to the DATA Act Broker.


     OMB M-17-04, Memorandum for Agency Senior Accountable Officials, dated November 4,
     2016, states that “[s]ince a DATA Act submission contains a combination of many data sets,
     the SAO will be required to attest to the validity and reliability of the complete DATA Act
     submission, including the interconnectivity/linkages (e.g.[,] award ID linkage) across all the
     data in files A, B, C, D, E, and F. Where there are legitimate differences between files, the
     SAO should have categorical explanations for misalignments. To provide this assurance,
     agencies should have internal controls in place over all of the data reported for display [on]
     USASpending.gov per A-123.” Furthermore, “[t]he data in each DATA Act file submitted
     for display on USASpending.gov are valid and reliable. To provide this assurance, the SAO
     will confirm that internal controls over data quality mechanisms are in place for the data
     submitted in DATA Act files.”



10
  NAIC - North American Industrial Classification System Code was adopted by OMB as a new standardized
system for classifying industries.

                                                     14                        Report No. 4A-CF-00-17-033
If the OCFO cannot confirm that data Files A through F are properly linked, prior to the data
being submitted in the DATA Act Broker, OPM will not be in compliance with OMB M-17-
04. Furthermore, the data displayed on USASpending.gov may be misleading to the public,
which increases the risk that OPM will not meet the intent of the DATA Act objectives of
financial transparency when reporting spending data on USASpending.gov.

Recommendation 3

We recommend that the OCFO establish controls to ensure that Files A through F are valid,
reliable, accurate, and complete as required by OMB M-17-04.

OCFO’s Response

The “OCFO concurs with the lack of effective and efficient controls over data submission
as it relates to the ‘Amount error’ detail of transaction attribute error for File D1.”

However, the “OCFO does not concur with the lack of effective and efficient controls over
data submission as it relates to ‘Wrong Code’ detail of transaction attribute error for File
D l. … In both of these instances, OCFO cannot provide an explanation for the [DATA
Act] Broker generating NAICS codes inconsistent with the FPDS-NG source data and we
do not have the ability to modify inaccurate data elements generated on the D1 file
extracted via the [DATA Act] Broker.

OCFO does not concur with the lack of effective and efficient controls over data
submission Files A through F finding as it relates to the ‘Incomplete data fields’ detail of
transaction attribute error for File D l. …

Also, OCFO does not concur with the lack of effective and efficient controls over data
submission for Files E and F.”

OIG Comment

While we understand that the DATA Act Broker is the responsibility of the U.S. Department
of Treasury, and not the OCFO, OPM has the responsibility to attest to the validity and
reliability of the complete DATA Act submission, including the interconnectivity/linkages of
Files A through F. Where there are legitimate differences between files, the OCFO should
have categorical explanations for misalignments. To provide this assurance, agencies should
have internal controls in place over all of the data reported for display on USASpending.gov,
including reaching out to the U.S. Department of Treasury.




                                         15                    Report No. 4A-CF-00-17-033
                                   APPENDIX




The U.S. Office of Personnel Management (OPM), Office of the Chief Financial Officer
(OCFO) acknowledges the opportunity to respond to the Office of the Inspector General
(OIG) draft report, Audit of the U S. Office Personnel Management's Data Submission
and Compliance with the Digital Accountability and Transparency Act, 4A-CF-00-17-
033.

Responses to the recommendations are provided below.

Recommendation 1: The OIG recommend that OCFO continues to work
 with the CBIS Helpdesk to address calculation difference root cause(s) and
provide categorical explanations for the misalignments between File A
(appropriation summary level data) and File B (obligation and outlay information
at program activity and object class level) prior to the FY 2019 DATA
Act audit.




                                                                 Report No. 4A-CF-00-17-033
Management Response:

We concur. OCFO has successfully identified the root cause of the summary level
difference between data submission Files A and B. The variance between these files
resulted from extract and calculation logic. The extract logic was programmed to
filter based on the expiration date which limited data to just unexpired funds. The
calculation logic used for the "ObligationUndeliveredOrdersUnpaidTotal_CPE
amount," "GrossOutlayAmountBy ProgramObjectClass_CPE amount," and
"GrossOutlaysDeliveredOrdersPaidTotal_CPE amount" generated Validation Rules
B3, B5, and B7 warnings respectively, via the DATA Act broker. (Details for
Validation Rules are included in the Standard Operating Procedure).

The extract logic was modified to filter based on Cancelling Year instead of Expiration
Date resulting in calculating all non-cancelled funds for DATA Act reporting, instead of
just unexpired funds. This change was deployed in Production in August 2017 to support
the FY17 Q3 data submission.

Per the CBIS Production Migration Request (INC000000814440), the calculation logic
will be modified for the "ObligationUndeliveredOrdersUnpaidTotal_CPE amount,"
"GrossOuflayAmountBy Program Object Class CPE amount," and
"GrossOutlaysDeliveredOrdersPaidTotal CPE amount" to address the warnings
associated with the specific rules.

The Migration Request is currently being reviewed and tested by OCFO Financial
Operations Management (FOM). The target date for implementing this change in
production is October 28, 2017. A copy of the Migration Request is included for OIG
review.

                            Deleted by OIG
                        Not Relevant to Final Report


Recommendation 2: The OIG recommend that the OCFO establishes controls to
ensure that DATA Act standard operating procedures (SOP) are approved by
 timely manner.

Management Response:

We partially concur. OCFO concurs with the need for ensuring DATA Act standard
operating procedures are approved by management and communicated to the appropriate
Data Element Components in timely manner. However, the finding was specifically
based on OCFO's inability to provide documentation supporting that policies and
procedures were communicated to the responsible Data Element Components prior to the

                                                                 Report No. 4A-CF-00-17-033
implementation of its DATA Act requirements on May 9, 2017. OCFO does not concur
with the OIG's expectation of delivering a finalized SOP prior to implementation. A best
practice for an SOP is to maintain a “living” document with up-to-date procedural
changes for an entire process. In developing an SOP for DATA Act, the entire process
was not complete until a successful implementation submission was made in May.

Additionally, at this point, a corrective action for submitting an SOP prior to the
implementation date cannot be achieved. As acknowledged by OIG, "OCFO has policies
and procedures in place documenting their data submission process." OCFO will
continue to update this information accordingly. The final version of the OPM DATA
Act Standard Operating Procedure for Files A, B, C is included for OIG review.

Recommendation 3: The OIG recommend that the Senior Accountability Officer (SAO)
establishes controls to ensure that Files A through F are valid, reliable, accurate, and
complete.

                            Deleted by OIG
                        Not Relevant to Final Report

We partially concur. OCFO concurs with the lack of effective and efficient controls over data
submission as it relates to "Amount error" detail of transaction attribute error for File Dl. This
error was caused by the initial Blanket Purchase Agreements (BPA) Call (W0760) not properly
interfacing from the Consolidated Business Information System (CBIS) to PRISM, as a result of
the requisition amount not matching the approve cost proposal. Future occurrences of this
scenario will be averted by communicating with the Program Office on creating the requisition
to reflect the Contract Line Item Number (CLIN) structure of the award; e.g., awards with
multiple CLINs requires a requisition that has Line Items that reflects same number of lines and
also by ensuring that the Project Management Officer (PMO) creates the requisition in the
amount of the approved cost proposal.

OCFO does not concur with the lack of effective and efficient controls over data
submission as it relates to "Wrong Code" detail of transaction attribute error for File D l .
The OIG determined that incorrect North American Industrial Classification System
Codes (NAICS) were associated with Procurement Instrument Identifier Numbers
OPM1416F0001 and OPM1812F005/M0009. The NAICS code generated on the D l file
is extracted from the Federal Procurement Data System - Next Generation (FPDS-NG)
via the Broker. In the instance of OPM1416F0001, OCFO has confirmed the PRISM
NAICS Code field as "null" and the FPDS-NG Principle NAICS Code as "511210." In
generating the D l file via the Broker, the NAICS code populated as "443120."
Additionally, for OPM1812F005/M0009, OCFO has confirmed that PRISM NAICS
Code field as "811212" and the FPDS-NG Principle NAICS Code as the same, "811212."
However, in generating the D l file via the Broker, the NAICS code populated as
"33293." Screen images of PRISM and FPDS-NG are included for OIG review. In both

                                                                     Report No. 4A-CF-00-17-033
of these instances, OCFO cannot provide an explanation for the Broker generating.
NAICS codes inconsistent with the FPDS-NG source data and we do not have the ability
to modify inaccurate data elements generated on the D l file extracted via the Broker.

OCFO does not concur with the lack of effective and efficient controls over data
submission Files A through F finding as it relates to the "Incomplete data fields" detail of
transaction attribute error for File D l . The 44 instances of blank fields on the D l files
were reported correctly, as they are related to Indefinite Delivery Contracts (IDC) and
BPA contract types. When these specific contract types are selected in FPDS-NG, the
"Place of Performance" field elements such as "The primary place of performance zip 4;
primary place of performance congressional district, primary place of performance state
code; primary of performance country code, and primary place of performance city
name" are not available to be populated.

Also, OCFO does not concur with the lack of effective and efficient controls over data
submission for Files E and F. File E of the DATA Act Information Model Schema (DAIMS)
contains additional awardee attribute information extracted from the System for Award
Management (SAM) via the DATA Act Broker (broker). File F contains sub-award attribute
information extracted from the FFATA Sub-award Reporting System (FSRS) via the broker.
It is the prime awardee's responsibility to report sub-award and executive compensation
information in SAM and FSRS. Data reported from these two award reporting systems are
generated in the broker for display on USASpending.gov. As outlined in OMB's
Management Procedures Memorandum 2016-03, the authoritative sources for the data
reported in Files E and F are SAM and FSRS respectively with no additional action required
of Federal agencies. As such, we did not assess the completeness, accuracy, timeliness, and
quality of the data extracted from SAM and FSRS via the DATA Act Broker.




                                                                    Report No. 4A-CF-00-17-033
                                                                      




         Report Fraud, Waste, and Mismanagement


                        Fraud, waste, and mismanagement in Government
                       concerns everyone: Office of the Inspector General
                      staff, agency employees, and the general public. We
                         actively solicit allegations of any inefficient and
                      wasteful practices, fraud, and mismanagement related
                        to OPM programs and operations. You can report
                                 allegations to us in several ways:



     By Internet: 	        http://www.opm.gov/our-inspector-general/hotline-to-report-fraud-waste-
                           or-abuse


       By Phone: 	         Toll Free Number:                (877) 499-7295 

                           Washington Metro Area:           (202) 606-2423 



        By Mail:           Office of the Inspector General
                           U.S. Office of Personnel Management
                           1900 E Street, NW
                           Room 6400
                           Washington, DC 20415-1100