U.S. Department of Health and Human Services Met the Requirements of the Digital Accountability and Transparency Act of 2014, With Areas That Require Improvement
Why OIG Did This Audit
The Digital Accountability and Transparency Act of 2014 (DATA Act) requires each agency's Inspector General to perform a biannual performance audit of the agency's compliance with the DATA Act reporting requirements, as stipulated in guidance from the Council of the Inspectors General on Integrity and Efficiency (CIGIE), the Office of Management and Budget (OMB), and the U.S. Department of Treasury (Treasury).
How OIG Did This Audit
The Office of Inspector General (OIG) engaged EY to conduct an independent performance audit to determine whether the Department of Health and Human Services (HHS) was in compliance with reporting requirements of the DATA Act for the second quarter of fiscal year 2020. The performance audit assessed the completeness, quality, accuracy, and timeliness of the data transmitted through the HHS submission. We reviewed a statistically valid sample of 191 items from the second quarter of fiscal year 2020's financial and award data submitted by HHS for publication on USASpending.gov.
What OIG Found
Our performance audit determined that HHS complied with the reporting requirements of the DATA Act as stipulated by OMB, CIGIE, and Treasury. While HHS met the reporting requirements, our performance audit determined that:
- Although improvements with respect to the controls within its information technology (IT) infrastructure and financial systems have been made, we observed deficiencies related to access controls, configuration management, segregation of duties, and interface controls.
- For the period of performance dates, we found discrepancies between File D2 and the supporting documents. HHS management indicated that a gap existed between the operating divisions' understanding of the standard interface file (SIF) creation process for these fields. Multiple date fields are collected through the SIF file process, and operating divisions misinterpreted the different definitions for these date fields including, specifically, the period of performance data element.
What OIG Recommends
We recommend that HHS continue to focus its efforts on resolving issues related to its IT system controls, fully implementing interface controls by updating the governance for different environments to be compliant. We also recommend that HHS continue to progress toward producing high-quality data; remediating deficiencies in financial, procurement and grant-related systems; and better automating DATA Act data collection and submission processes. Finally, we recommend that HHS focus on refreshing operating divisions' understanding of Departmental guidance and identifying any potential need for operating division training to prevent and detect future accuracy issues.
Filed under: General Departmental