U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Audit of the U.S. Office of Personnel Management’s Data Submission and Compliance with the Digital Accountability and Transparency Act Report Number 4A-CF-00-17-033 November 9, 2017 EXECUTIVE SUMMARY Audit of the U.S. Office of Personnel Management’s Data Submission and Compliance with the Digital Accountability and Transparency Act Report No. 4A-CF-00-17-033 November 9, 2017 Why Did We Conduct the Audit? What Did We Find? The objectives of our audit were to We determined that the FY 2017, second quarter, financial and assess the (1) completeness, award data submitted by OPM was complete, timely, accurate, of timeliness, quality, and accuracy of adequate quality, and we identified no internal deficiencies that would affect the data submission. In addition, we verified each fiscal year (FY) 2017, second quarter, transaction to its source system data, and that the transactions were financial and award data submitted for reported within 30 days of the quarter’s end, as required by the publication on USASpending.gov and U.S. Office of Management and Budget’s Memorandum M-10-06, (2) the U.S. Office of Personnel Open Government Directive, dated April 6, 2010. Management’s (OPM) implementation and use of the Government-wide While OPM met the objectives of the DATA Act, we noted the financial data standards established by following errors: the U.S. Office of Management and x With respect to the data completeness, we estimated an Budget and the U.S. Department of error rate of 18.9 percent*, with a margin of error of 4.33 Treasury. percent. x We estimated OPM’s data accuracy error rate to be 1.29 What Did We Audit? percent*, with a margin of error of 1.14 percent. The Office of the Inspector General In addition, we did identify the following three areas requiring has completed a performance audit of improvement: OPM’s Digital Accountability and x Summary-Level Differences Between Data Submission Transparency Act (DATA Act) Files A and B: OPM’s gross outlay and obligations process and submission for FY 2017, incurred amounts by program object class in File B did not second quarter. Our audit fieldwork agree to the gross outlay and obligations incurred amounts was conducted from March 21 through by Treasury Account Symbol in File A. October 17, 2017, at OPM x Lack of Effective and Efficient Standard Operating headquarters, located in Washington, Procedures and Control Activities over the Data Submission Process: The Office of the Chief Financial D.C. Officer did not provide proper guidance to all OPM offices involved in the data submission process prior to the May 9, 2017, implementation of its DATA Act requirements. x Lack of Effective and Efficient Controls over Data Submission Files A through F: We found 3 data accuracy errors and 44 blank data fields displayed in File D1. _______________________ Michael R. Esser * During our audit, we found errors that were attributable to agency supplied information, as well as issues with the DATA Act Broker where OPM does not Assistant Inspector General for Audits have control. The Federal Audit Executive Council DATA Act Working Group provided standard language for reporting purposes to address this concern. i ABBREVIATIONS CBIS Consolidated Business Information System CIGIE Council of the Inspectors General on Integrity and Efficiency DAIW The DATA Act Implementation Working Group DATA Act Digital Accountability and Transparency Act of 2014 FOM Financial Operations Management FY Fiscal Year GTAS Government-wide Treasury Account Symbol IDD Interface Definition Document NAIC North American Industrial Classification System Code OCFO Office of the Chief Financial Officer OIG Office of the Inspector General OMB U.S. Office of Management and Budget OPM U.S. Office of Personnel Management RSS Reporting Submission Specification SAM System for Award Management SAO Senior Accountable Official TAS Treasury Account Symbol Treasury U.S. Department of Treasury U.S. Office of Management and Budget U.S. Office of Personnel Management Reporting Submission Specification System for Award Management Senior Accountable Official Treasury Account Symbol U.S. Department of Treasury ii TABLE OF CONTENTS Page EXECUTIVE SUMMARY ......................................................................................... i ABBREVIATIONS ..................................................................................................... ii I. BACKGROUND ..........................................................................................................1 II. OBJECTIVES, SCOPE, AND METHODOLOGY ..................................................7 III. AUDIT FINDINGS AND RECOMMENDATIONS...............................................11 1. Summary-Level Differences between Data Submission Files A and B ......................................................................................................................11 2. Lack of Effective and Efficient Standard Operating Procedures and Control Activities over the Data Submission Process.....................................12 3. Lack of Effective and Efficient Controls over Data Submission Files A through F ...................................................................................................14 APPENDIX The Chief Financial Officer’s response to the draft report, dated October 26, 2017. REPORT FRAUD, WASTE, AND MISMANAGEMENT I. BACKGROUND This final audit report details the findings, conclusions, and recommendations resulting from our performance audit of the U.S. Office of Personnel Management’s (OPM) Data Submission and Compliance with the Digital Accountability and Transparency Act (DATA Act). The audit was performed by OPM’s Office of the Inspector General, as authorized by the Inspector General Act of 1978, as amended. The DATA Act was enacted on May 9, 20141, to expand the reporting requirements pursuant to the Federal Funding Accountability and Transparency Act of 20062. The DATA Act, in part, requires Federal agencies to report financial and award data in accordance with the established Government-wide financial data standards. In May 2015, the U.S. Office of Management and Budget (OMB) and the U.S. Department of Treasury (Treasury) published 573 data definition standards and required Federal agencies to report financial data in accordance with these standards for DATA Act reporting, beginning in January 2017. Once submitted, the data must be displayed on USASpending.gov for taxpayers and policy makers. OMB issued the following guidance to Federal agencies to ensure reporting requirements are met: OMB Memorandum M-10-06, Open Government Directive, dated December 8, 2009, directs executive departments and agencies to take specific actions to implement the principles of transparency, participation, and collaboration. Within 45 days of issuance of this memorandum, agencies shall identify and publish online in an open format at least three high-value data sets and register those data sets via Data.gov. Furthermore, agencies shall designate a high-level senior official to be accountable for the quality and objectivity of, and internal controls over, the Federal spending information in USASpending.gov. Within 60 days, each agency shall create an open government webpage to function as the gateway for agency activities. OMB guidance in Open Government Directive, Federal Spending Transparency, dated April 6, 2010, focuses on three areas: x Implementation of a policy to require the collection and reporting on sub-award data. Under this guidance, sub-award information will now be required to be collected and reported. 1 Public Law 113-101 (May 9, 2014) 2 Public Law 109-282 (September 26, 2006) 3 Under the Federal Funding Accountability and Transparency Act of 2006, Federal agencies report 259 data elements to USAspending.gov. However, Treasury and OMB identified 49 existing elements, deemed controversial in nature, and 8 new data elements requiring standardization. 1 Report No. 4A-CF-00-17-033 x Improvement of the data quality for information on Federal awards. Agencies will be required to improve the timeliness, completeness, and accuracy of Federal spending information4. Quarterly metrics on the data quality of the Federal government’s spending website, USAspending.gov, will be displayed publicly. x Enhancement of the technological capabilities of USAspending.gov. OMB will launch new tools and capabilities that will be available to users to view and analyze Federal spending data. OMB also required agencies to attest to the quality of data submitted to USAspending.gov by reporting on three key metrics: timeliness, completeness, and accuracy. OMB Management Procedures Memorandum 2016-03, Additional Guidance for DATA Act Implementation: Data-Centric Approach for Reporting Federal Spending Information, dated May 3, 2016, states the authoritative source for entity information of Financial Assistance Awardees remains Agency Systems, validated against the System for Award Management (SAM) for awardees required to register in SAM. The authoritative source for sub-award information remains the Federal Funding Accountability and Transparency Act5 Sub-award Reporting System. Data will continue to flow directly from the Federal Funding Accountability and Transparency Act Sub-award Reporting System to USASpending.gov with no additional actions required of agencies. OMB Memorandum No. M-17-04, Additional Guidance for DATA Act Implementation: Further Requirements for Reporting and Assuring Data Reliability, dated November 4, 2016, further specifies: x responsibilities for reporting financial information for awards involving Intragovernmental Transfers, x guidance for reporting financial assistance award records containing Personally Identifiable Information, and 4 In general, timeliness is the percentage of transactions reported within 30 days, completeness is the percentage of transactions containing all data elements required by the Transparency Act, and accuracy is the percentage of transactions that are complete and do not have inconsistencies with systems of record or other authoritative sources. 5 Federal Funding Accountability and Transparency Act of 2006, Public Law No. 109-282, 31 U.S.C. § 610 l, see footnote. 2 Report No. 4A-CF-00-17-033 x guidance for agencies to provide the Senior Accountable Official (SAO) assurance over quarterly submissions to USASpending.gov. Agencies are required to comply with the record keeping and reporting requirements for the first DATA Act reporting (May 2017) and for every quarter thereafter. For all allocation transfer related data included in DATA Act Files A through C, the awarding agency must provide assurance of the accuracy and reliability of the data to the funding agency. The funding agency, in turn, will be responsible for assuring the submission of the information in Files A through C for display on USASpending.gov. When a funding agency funds a service through an awarding agency, both the awarding and funding agency are responsible for submitting appropriations data and program activity and object class data (Files A and B). In addition, the awarding agency will submit the financial award data (File C) and will continue to report award-level information (Files D1 and D2). The agency's SAO assurance will be submitted quarterly through the DATA Act Broker process. The quarterly process will require the SAO to assure that alignment among Files A through F is valid and reliable and the data in each DATA Act file submitted for display on USASpending.gov is valid and reliable. The DATA Act requires that the Inspectors General of each Federal agency review a statistically valid sample of the spending data submitted by its Federal agency and submit a publicly available report to Congress assessing the completeness, timeliness, quality, and accuracy of the data sampled, and the implementation and use of the Government-wide financial data standards by the Federal agency. The DATA Act defines and measures completeness, timeliness, quality and accuracy in the following ways: x Completeness - Measured in two ways: (1) all transactions that should have been recorded are recorded in the proper reporting period and (2) as the percentage of transactions containing all applicable data elements required by the DATA Act. x Timeliness - Measured as the percentage of transactions reported within 30 days of quarter end. x Accuracy - Measured as the percentage of transactions that are complete and agree with the systems of record or other authoritative sources. 3 Report No. 4A-CF-00-17-033 x Quality - Defined as a combination of utility, objectivity, and integrity. Utility refers to the usefulness of the information to the intended users. Objectivity refers to whether the disseminated information is being presented in an accurate, clear, complete, and unbiased manner. Integrity refers to the protection of information from unauthorized access or revision. To meet the needs of the Inspectors General community, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) Federal Audit Executive Council established the DATA Act Working Group. In consultation with the U.S. Government Accountability Office, as required by the DATA Act, the Federal Audit Executive Council DATA Act Working Group developed a DATA Act compliance guide to set a baseline framework for the required reviews performed by the Inspector General community and to foster a common methodology for performing these mandates. Under the DATA Act, each Inspector General is required to issue three reports on its agency’s data submission and compliance with the DATA Act. The first required reporting from Inspectors General is due November 8, 2017, with two subsequent reports following on a two year cycle. SUBJECT MATTER EXPERTS OPM has aligned knowledgeable personnel within its DATA Act Implementation Working Group (DAIW) to provide a vision for a successful implementation of the DATA Act and its requirements. The DAIW has an effective management structure with clearly defined roles and responsibilities, which include, but are not limited to the: Senior Accountable Official, who for the DATA Act implementation is also OPM’s Chief Financial Officer, and who assumes responsibility for coordinating and collaborating OPM’s efforts pursuant to the development and implementation of the DATA Act and data quality framework for reporting OPM Federal spending information; Chief Acquisition Officer, who leads policy development, establishment of acquisition goals, evaluation and monitoring of bureau organizations, strategic sourcing, governance of Federal- wide and Treasury procurement systems, and continuous improvement of the acquisition environment; and Chief Information Officer, who is responsible for endorsing and providing input on the DATA Act implementation. 4 Report No. 4A-CF-00-17-033 INFORMATION TECHNOLOGY SYSTEMS UNDER THE DATA ACT OPM uses two separate source systems, from which the DATA Act Broker retrieves financial data, to comply with DATA Act reporting standards: (1) the Consolidated Business Information System (CBIS), an Oracle application, for its Salaries & Expenses and Revolving Fund business operations, and (2) the Federal Financial System, a long-running Consultants to Government and Industries - American Management System mainframe solution of over 20 years, for its Trust Funds processing. The DATA Act Information Model Schema provides a standardized definition and conceptual model for the information relevant to the domain and public reporting of U.S. Federal spending. The DATA Act Information Model Schema is comprised of two components: (1) Reporting Submission Specification6 (RSS) and (2) Interface Definition Document7 (IDD). Files A through C represent OPM’s RSS submission: x File A – appropriation summary level data aligned to the SF133 reporting. x File B – obligation and outlay information at program activity and object class level. x File C – obligations at the award and object class level. Files D through F represent the IDD extracts from existing systems: x Files D1 and D2 – award and awardee details that are linked to File C. x File E – additional prime awardee attribute which is extracted from SAM via the DATA Act Broker. x File F – sub-award information. It is the prime awardee’s responsibility to report sub-award and executive compensation information in SAM and the Federal Funding Accountability and Transparency Act Sub-award Reporting System. Data reported from these two award-reporting systems is generated in the DATA Act Broker for display on USASpending.gov. As outlined in OMB’s Management 6 The RSS provides detail on specific data that is submitted from an agency’s financial system. 7 The IDD contains a listing of the elements, with supporting metadata, to understand which data will be pulled from government-wide systems for procurement and from agency’s financial assistance systems. 5 Report No. 4A-CF-00-17-033 Procedures Memorandum 2016-03, the authoritative sources for the data reported in Files E and F are SAM and the Federal Funding Accountability and Transparency Act Sub-award Reporting System, respectively, with no additional action required of Federal agencies. As such, we did not assess the completeness, accuracy, timeliness, and quality of the data extracted from SAM and the Federal Funding Accountability and Transparency Act Sub-award Reporting System via the DATA Act Broker. POLICIES AND PROCEDURES The Office of the Chief Financial Officer’s (OCFO) Financial Operations Management (FOM) DATA Act reporting procedures are as follows: x The FOM division populates the RSS, Files A through C, by utilizing OPM’s Data Element Components, which consist of representatives from the offices of Procurement, Budget, Financial System, and Accounting. x The FOM division collects and reconciles data from the Data Element Components prior to the SAO certifying within the DATA Act Broker. x The FOM division utilizes the DATA Act Broker as a check and balance mechanism to ensure that the Files A through F are valid. PREVIOUS OFFICE OF THE INSPECTOR GENERAL REPORTS In FY 2017, the Office of the Inspector General (OIG) conducted a DATA Act Readiness Review8. The final report was issued in February 2017, and we reported that OPM’s implementation process was on track to meet the DATA Act requirements. There were no recommendations in the report. 8 OPM - Office of the Inspector General, Management Advisory Report – Digital Accountability and Transparency Act Readiness Review, Audit Report Number 4A-CF-00-16-038, issued February 16, 2017. 6 Report No. 4A-CF-00-17-033 II. OBJECTIVES, SCOPE, AND METHODOLOGY OBJECTIVES The objectives of our audit were to assess (1) the completeness, timeliness, quality, and accuracy of FY 2017, second quarter, financial and award data submitted for publication on USASpending.gov, and (2) OPM’s implementation and use of the Government-wide financial data standards established by OMB and Treasury. The recommendations included in this final report address our audit objectives. SCOPE AND METHODOLOGY We conducted this performance audit in accordance with generally accepted government auditing standards as established by the Comptroller General of the United States. These standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. The scope of our audit covered FY 2017, second quarter, financial and award data submitted for publication by OPM, on USASpending.gov, and applicable policies and procedures related to this process. A total population of 584 transactions were identified for File D1 in the second quarter of FY 2017. We performed our audit fieldwork from March 21 through October 17, 2017, at OPM headquarters, located in Washington, D.C. To accomplish our audit objectives noted above, we: x Obtained an understanding of regulatory criteria related to agency’s responsibilities to report financial and award data under the DATA Act; x Interviewed OCFO and Office of Procurement Operations personnel; x Reviewed a statistically valid sample from FY 2017, second quarter, financial and award data submitted by OPM for publication on USASpending.gov; x Assessed the completeness, timeliness, quality, and accuracy of the financial and award data sampled; 7 Report No. 4A-CF-00-17-033 x Assessed OPM’s implementation and use of the 57 data definition standards as established by OMB and Treasury; and x Utilized the Procurement Instrument Identifier Number9 as a unique identifier to link all transactions between Files A through F for file testing. In addition, the OIG conducted three information technology audits in FY 2017 in support of our DATA Act responsibilities. Specifically, we: x Assessed OPM’s financial and award systems, processes, and internal controls in place over data management under the DATA Act; x Assessed the general and application controls pertaining to financial management systems (e.g., grants, loans, procurement) from which the data elements were derived and linked; and x Assessed OPM’s internal controls in place over the financial and award data reported to USASpending.gov per OMB Circular A-123. In planning our work and gaining an understanding of the internal controls over OPM’s financial and award data reporting process, we considered, but did not rely on, OPM’s internal control structure to the extent necessary to develop our audit procedures. These procedures were analytical and substantive in nature. We gained an understanding of management procedures and controls to the extent necessary to achieve our audit objectives. The purpose of this audit was not to provide an opinion on internal controls but merely to evaluate controls over the data submitted by OPM for publication on USASpending.gov. Our audit included such tests and analysis of the data OPM’s DAIW submitted to ensure compliance with the DATA Act and reporting processes, including documented policies and procedures, numerical data and narratives reported in the DATA Act, and other applicable information as we considered necessary under the circumstances. The results of our testing indicate that with respect to the items tested, while the financial and award data submitted by OPM in USAspending.gov for the second quarter of FY 2017 was complete, timely, accurate, and of adequate quality, the agency needs to strengthen controls over its DATA Act submission process. 9 Procurement Instrument Identifier Number is a contract or agreement number. 8 Report No. 4A-CF-00-17-033 In conducting the audit, we relied to varying degrees on computer-generated data. We performed tests to determine whether OPM’s management of IT systems, processes, and procedures are consistent with applicable standards. We did not verify the reliability of the data generated by the various information systems. However, nothing came to our attention during the audit to cause us to doubt its reliability, and we had no reason to believe the data was not sufficient to achieve our audit objectives. We reported the results of this work in the following reports, which will be made available on the OIG’s website: x Federal Information Security Modernization Act Audit – FY 2017 (Report No. 4A-CI- 00-17-020, issued on October 27, 2017); x Audit of the Information Technology Security Controls of the U.S. Office of Personnel Management's Federal Financial System (Report No. 4A-CF-00-17-044, issued on September 29, 2017); and x Audit of the IT Security Controls of OPM’s Consolidated Business Information System (Report No. 4A-CF-00-17-043, issued on September 29, 2017). In order to assess the completeness, timeliness, quality, and accuracy of OPM’s FY 2017, second quarter, financial and award data submitted for publication on USASpending.gov, we used IDEA Data Analysis software to select a statistically random sample from File D1 for review. File C was not suitable for statistical sampling due to linkage problems between the Federal Procurement Data System – Next Generation and CBIS, as well as an incomplete universe for the Federal Financial System database. CIGIE Working Group guidance specified that the OIG should select a sample size of 385; however, agencies with smaller transaction populations, such as OPM, where the 385 represented 5 percent or more of the population, were guided to apply a finite correction factor using the formula 385/[1+(385/N)], where "N" represents the transaction population size. Using the finite correction for OPM, we statistically selected a random sample size of 232 out of 584 transactions for File D1 for the second quarter of FY 2017. With respect to completeness, we noted that 44 instances of blank data fields displayed within File D1, resulting in an error rate of 18.9 percent, with a margin of error of 4.33 percent, for transactions in FY 2017, 2nd quarter. Furthermore, with respect to accuracy, we noted 3 instances of inaccurate data displayed in File D1, resulting in an error rate of 1.29 percent, with a margin of error of 1.14 percent, for transactions in FY 2017, 2nd quarter. 9 Report No. 4A-CF-00-17-033 The results from the random statistical samples were not projected to the population, rather they represent the error rate in the entire population of transactions tested in a statistically random sample. 10 Report No. 4A-CF-00-17-033 III. AUDIT FINDINGS AND RECOMMENDATIONS While OPM met its DATA Act requirements in regards to data submission, we identified the following three areas requiring improvement. 1. Summary-Level Differences between Data Submission Files A and B OPM’s gross outlay amount by program object class in File B did not agree to the gross outlay amount by Treasury Account Symbol (TAS) in File A, and the obligations incurred by program object class in File B did not agree to obligations incurred by total TAS. See Table 1 for details. Table 1: Summary-Level Data Test File A File B Variance Gross Outlay $ 77,061,828,796 Gross Outlay $ 77,067,853,947 $ 6,025,151 Amount By Amount By TAS Program Object Class Obligations $ 95,930,994,495 Obligations $ 96,954,618,759 $ 1,023,624,264 Incurred Incurred By Total By Program Object TAS Class The OCFO stated that “there are 'top-side' adjustments that are made to support the GTAS [Government-wide Treasury Account Symbol] reporting submission and to reflect correct General Ledger balances. These 'top-side' entries are not recorded in the financial system until the September GL [General Ledger] Period where the final system trial balances align with fiscal year end GTAS reporting.” Furthermore, the OCFO stated that, “CFO/Financial Systems [and] Operations (FSO) opened a ticket … with the CBIS Helpdesk to address calculation differences … .” and that a “copy of the resolved ticket, provided by CBIS Helpdesk, will be forwarded upon receipt.” As of November 2, 2017, the OIG has not received the CBIS Helpdesk resolved ticket mentioned above. The Inspectors General Guide to Compliance Under the DATA Act, dated February 27, 2017, states that “the gross outlay amount by program object class in File B should agree to the gross outlay amount by TAS in File A and the obligations incurred by program object class in File B should agree to obligations incurred by total TAS.” 11 Report No. 4A-CF-00-17-033 OMB’s M-17-04, Memorandum for Agency Senior Accountable Officials, dated November 4, 2016, states that “[s]ince a DATA Act submission contains a combination of many data sets, the SAO will be required to attest to the validity and reliability of the complete DATA Act submission, including the interconnectivity/linkages (e.g.[,] award ID linkage) across all the data in files A, B, C, D, E, and F. Where there are legitimate differences between files, the SAO should have categorical explanations for misalignments. To provide this assurance, agencies should have internal controls in place over all of the data reported for display [on] USASpending.gov per A-123.” If OPM cannot categorically attest to the misalignment of File A (Appropriation summary level data) to File B (Obligation and outlay information at program activity and object class level), they will not be fully compliant with OMB’s M-17-04, Memorandum for Agency Senior Accountable Officials, and more importantly, the data displayed on USASpending.gov may be misleading to the public. Recommendation 1 We recommend that the OCFO continue to work with the CBIS Helpdesk to address calculation difference root cause(s) and provide categorical explanations for the misalignments between File A (appropriation summary level data) and File B (obligation and outlay information at program activity and object class level) prior to the FY 2019 DATA Act audit. OCFO’s Response The OCFO concurs with the recommendation and stated that they have “successfully identified the root cause of the summary level difference between data submission Files A and B. … The Migration Request [sent to CBIS Production] is currently being reviewed and tested by OCFO Financial Operations Management (FOM).” 2. Lack of Effective and Efficient Standard Operating Procedures and Control Activities over the Data Submission Process The OCFO has a policy and procedures in place documenting their data submission process; however, they were unable to provide documentation to support that the policy and procedures were approved by the OCFO’s Financial Operations Management division and communicated to the responsible Data Element Components, which consist of representatives from the offices of Procurement, Budget, Financial System, and Accounting. 12 Report No. 4A-CF-00-17-033 Financial Operations Management informed us that due to other high priority items and limited staff, the standard operating procedures governing the systems, processes, and internal controls in place over data management (under the DATA Act), were still in draft form and that with any implementation, there is some documentation that will not be properly available until implementation commences. The U.S. Government Accountability Office, Standards for Internal Control in the Federal Government, dated September 2014, states that control activities are “[t]he policies, procedures, techniques, and mechanisms that enforce management’s directives to achieve the entity’s objectives and address related risks … .” Furthermore, management should design and communicate control activities to achieve objectives, respond to risk, and support the internal control system. Furthermore, the U.S. Government Accountability Office, Standards for Internal Control in the Federal Government, Principle 14, state that “[m]anagement communicates quality information down and across reporting lines to enable personnel to perform key roles in achieving objectives, addressing risks, and supporting the internal control system. In these communications, management assigns the internal control responsibilities for key roles.” OMB’s Memorandum 10-06 states that in order “[t]o improve the quality of government information available to the public, senior leaders should make certain that the information conforms to OMB guidance on information quality and that adequate systems and processes are in place within the agencies to promote such conformity.” If the OCFO’s Data Element Components are not receiving new and revised guidance on their key roles, there is an increased risk that OPM will not meet the intent of the DATA Act objectives of financial transparency when reporting spending data on USASpending.gov. Recommendation 2 We recommend that the OCFO establish controls to ensure that DATA Act standard operating procedures are approved by management, documented, and communicated to the appropriate staff members prior to implementation and/or revision of any new or existing management directives. 13 Report No. 4A-CF-00-17-033 OCFO’s Response The OCFO concurs with ensuring that DATA Act standard operating procedures are approved by management and communicated to the appropriate Data Element Components in a timely manner. 3. Lack of Effective and Efficient Controls over Data Submission Files A through F The OCFO submitted OPM’s DATA Act information by the end of the second quarter of FY 2017, and validated the accuracy of the data populated in Files A through C. However, the OCFO’s internal controls did not include ensuring the interconnectivity/linkages across all data Files, A through F, to be displayed on USASpending.gov. We identified the following errors in the information reported by the DATA Broker: x 44 blank data fields*. x 2 instances where the NAIC10 code was displayed incorrectly in File D1*. x Procurement Instrument Identifier Number, WO760, was displayed as ($101,282) when the correct amount was ($200,926). *These errors are attributable to OPM supplied information and issues with the DATA Act Broker where OPM does not have control. In some cases, we are not able to specifically determine the root cause, but there is evidence that it may be related to the DATA Act Broker. OMB M-17-04, Memorandum for Agency Senior Accountable Officials, dated November 4, 2016, states that “[s]ince a DATA Act submission contains a combination of many data sets, the SAO will be required to attest to the validity and reliability of the complete DATA Act submission, including the interconnectivity/linkages (e.g.[,] award ID linkage) across all the data in files A, B, C, D, E, and F. Where there are legitimate differences between files, the SAO should have categorical explanations for misalignments. To provide this assurance, agencies should have internal controls in place over all of the data reported for display [on] USASpending.gov per A-123.” Furthermore, “[t]he data in each DATA Act file submitted for display on USASpending.gov are valid and reliable. To provide this assurance, the SAO will confirm that internal controls over data quality mechanisms are in place for the data submitted in DATA Act files.” 10 NAIC - North American Industrial Classification System Code was adopted by OMB as a new standardized system for classifying industries. 14 Report No. 4A-CF-00-17-033 If the OCFO cannot confirm that data Files A through F are properly linked, prior to the data being submitted in the DATA Act Broker, OPM will not be in compliance with OMB M-17- 04. Furthermore, the data displayed on USASpending.gov may be misleading to the public, which increases the risk that OPM will not meet the intent of the DATA Act objectives of financial transparency when reporting spending data on USASpending.gov. Recommendation 3 We recommend that the OCFO establish controls to ensure that Files A through F are valid, reliable, accurate, and complete as required by OMB M-17-04. OCFO’s Response The “OCFO concurs with the lack of effective and efficient controls over data submission as it relates to the ‘Amount error’ detail of transaction attribute error for File D1.” However, the “OCFO does not concur with the lack of effective and efficient controls over data submission as it relates to ‘Wrong Code’ detail of transaction attribute error for File D l. … In both of these instances, OCFO cannot provide an explanation for the [DATA Act] Broker generating NAICS codes inconsistent with the FPDS-NG source data and we do not have the ability to modify inaccurate data elements generated on the D1 file extracted via the [DATA Act] Broker. OCFO does not concur with the lack of effective and efficient controls over data submission Files A through F finding as it relates to the ‘Incomplete data fields’ detail of transaction attribute error for File D l. … Also, OCFO does not concur with the lack of effective and efficient controls over data submission for Files E and F.” OIG Comment While we understand that the DATA Act Broker is the responsibility of the U.S. Department of Treasury, and not the OCFO, OPM has the responsibility to attest to the validity and reliability of the complete DATA Act submission, including the interconnectivity/linkages of Files A through F. Where there are legitimate differences between files, the OCFO should have categorical explanations for misalignments. To provide this assurance, agencies should have internal controls in place over all of the data reported for display on USASpending.gov, including reaching out to the U.S. Department of Treasury. 15 Report No. 4A-CF-00-17-033 APPENDIX The U.S. Office of Personnel Management (OPM), Office of the Chief Financial Officer (OCFO) acknowledges the opportunity to respond to the Office of the Inspector General (OIG) draft report, Audit of the U S. Office Personnel Management's Data Submission and Compliance with the Digital Accountability and Transparency Act, 4A-CF-00-17- 033. Responses to the recommendations are provided below. Recommendation 1: The OIG recommend that OCFO continues to work with the CBIS Helpdesk to address calculation difference root cause(s) and provide categorical explanations for the misalignments between File A (appropriation summary level data) and File B (obligation and outlay information at program activity and object class level) prior to the FY 2019 DATA Act audit. Report No. 4A-CF-00-17-033 Management Response: We concur. OCFO has successfully identified the root cause of the summary level difference between data submission Files A and B. The variance between these files resulted from extract and calculation logic. The extract logic was programmed to filter based on the expiration date which limited data to just unexpired funds. The calculation logic used for the "ObligationUndeliveredOrdersUnpaidTotal_CPE amount," "GrossOutlayAmountBy ProgramObjectClass_CPE amount," and "GrossOutlaysDeliveredOrdersPaidTotal_CPE amount" generated Validation Rules B3, B5, and B7 warnings respectively, via the DATA Act broker. (Details for Validation Rules are included in the Standard Operating Procedure). The extract logic was modified to filter based on Cancelling Year instead of Expiration Date resulting in calculating all non-cancelled funds for DATA Act reporting, instead of just unexpired funds. This change was deployed in Production in August 2017 to support the FY17 Q3 data submission. Per the CBIS Production Migration Request (INC000000814440), the calculation logic will be modified for the "ObligationUndeliveredOrdersUnpaidTotal_CPE amount," "GrossOuflayAmountBy Program Object Class CPE amount," and "GrossOutlaysDeliveredOrdersPaidTotal CPE amount" to address the warnings associated with the specific rules. The Migration Request is currently being reviewed and tested by OCFO Financial Operations Management (FOM). The target date for implementing this change in production is October 28, 2017. A copy of the Migration Request is included for OIG review. Deleted by OIG Not Relevant to Final Report Recommendation 2: The OIG recommend that the OCFO establishes controls to ensure that DATA Act standard operating procedures (SOP) are approved by timely manner. Management Response: We partially concur. OCFO concurs with the need for ensuring DATA Act standard operating procedures are approved by management and communicated to the appropriate Data Element Components in timely manner. However, the finding was specifically based on OCFO's inability to provide documentation supporting that policies and procedures were communicated to the responsible Data Element Components prior to the Report No. 4A-CF-00-17-033 implementation of its DATA Act requirements on May 9, 2017. OCFO does not concur with the OIG's expectation of delivering a finalized SOP prior to implementation. A best practice for an SOP is to maintain a “living” document with up-to-date procedural changes for an entire process. In developing an SOP for DATA Act, the entire process was not complete until a successful implementation submission was made in May. Additionally, at this point, a corrective action for submitting an SOP prior to the implementation date cannot be achieved. As acknowledged by OIG, "OCFO has policies and procedures in place documenting their data submission process." OCFO will continue to update this information accordingly. The final version of the OPM DATA Act Standard Operating Procedure for Files A, B, C is included for OIG review. Recommendation 3: The OIG recommend that the Senior Accountability Officer (SAO) establishes controls to ensure that Files A through F are valid, reliable, accurate, and complete. Deleted by OIG Not Relevant to Final Report We partially concur. OCFO concurs with the lack of effective and efficient controls over data submission as it relates to "Amount error" detail of transaction attribute error for File Dl. This error was caused by the initial Blanket Purchase Agreements (BPA) Call (W0760) not properly interfacing from the Consolidated Business Information System (CBIS) to PRISM, as a result of the requisition amount not matching the approve cost proposal. Future occurrences of this scenario will be averted by communicating with the Program Office on creating the requisition to reflect the Contract Line Item Number (CLIN) structure of the award; e.g., awards with multiple CLINs requires a requisition that has Line Items that reflects same number of lines and also by ensuring that the Project Management Officer (PMO) creates the requisition in the amount of the approved cost proposal. OCFO does not concur with the lack of effective and efficient controls over data submission as it relates to "Wrong Code" detail of transaction attribute error for File D l . The OIG determined that incorrect North American Industrial Classification System Codes (NAICS) were associated with Procurement Instrument Identifier Numbers OPM1416F0001 and OPM1812F005/M0009. The NAICS code generated on the D l file is extracted from the Federal Procurement Data System - Next Generation (FPDS-NG) via the Broker. In the instance of OPM1416F0001, OCFO has confirmed the PRISM NAICS Code field as "null" and the FPDS-NG Principle NAICS Code as "511210." In generating the D l file via the Broker, the NAICS code populated as "443120." Additionally, for OPM1812F005/M0009, OCFO has confirmed that PRISM NAICS Code field as "811212" and the FPDS-NG Principle NAICS Code as the same, "811212." However, in generating the D l file via the Broker, the NAICS code populated as "33293." Screen images of PRISM and FPDS-NG are included for OIG review. In both Report No. 4A-CF-00-17-033 of these instances, OCFO cannot provide an explanation for the Broker generating. NAICS codes inconsistent with the FPDS-NG source data and we do not have the ability to modify inaccurate data elements generated on the D l file extracted via the Broker. OCFO does not concur with the lack of effective and efficient controls over data submission Files A through F finding as it relates to the "Incomplete data fields" detail of transaction attribute error for File D l . The 44 instances of blank fields on the D l files were reported correctly, as they are related to Indefinite Delivery Contracts (IDC) and BPA contract types. When these specific contract types are selected in FPDS-NG, the "Place of Performance" field elements such as "The primary place of performance zip 4; primary place of performance congressional district, primary place of performance state code; primary of performance country code, and primary place of performance city name" are not available to be populated. Also, OCFO does not concur with the lack of effective and efficient controls over data submission for Files E and F. File E of the DATA Act Information Model Schema (DAIMS) contains additional awardee attribute information extracted from the System for Award Management (SAM) via the DATA Act Broker (broker). File F contains sub-award attribute information extracted from the FFATA Sub-award Reporting System (FSRS) via the broker. It is the prime awardee's responsibility to report sub-award and executive compensation information in SAM and FSRS. Data reported from these two award reporting systems are generated in the broker for display on USASpending.gov. As outlined in OMB's Management Procedures Memorandum 2016-03, the authoritative sources for the data reported in Files E and F are SAM and FSRS respectively with no additional action required of Federal agencies. As such, we did not assess the completeness, accuracy, timeliness, and quality of the data extracted from SAM and FSRS via the DATA Act Broker. Report No. 4A-CF-00-17-033 Report Fraud, Waste, and Mismanagement Fraud, waste, and mismanagement in Government concerns everyone: Office of the Inspector General staff, agency employees, and the general public. We actively solicit allegations of any inefficient and wasteful practices, fraud, and mismanagement related to OPM programs and operations. You can report allegations to us in several ways: By Internet: http://www.opm.gov/our-inspector-general/hotline-to-report-fraud-waste- or-abuse By Phone: Toll Free Number: (877) 499-7295 Washington Metro Area: (202) 606-2423 By Mail: Office of the Inspector General U.S. Office of Personnel Management 1900 E Street, NW Room 6400 Washington, DC 20415-1100
OPM's Data Submission and Compliance with the Digital Accountability and Transparency Act (DATA Act)
Published by the Office of Personnel Management, Office of Inspector General on 2017-11-09.
Below is a raw (and likely hideous) rendition of the original report. (PDF)