Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

U.S. Department of Health and Human Services Met the Requirements of the Digital Accountability and Transparency Act of 2014, With Areas That Require Improvement

Issued on  | Posted on  | Report number: A-17-19-54000

Report Materials

Why OIG Did This Audit

The Digital Accountability and Transparency Act of 2014 (DATA Act) requires each agency's Inspector General to perform a biannual performance audit of the agency's compliance with the DATA Act reporting requirements, as stipulated in guidance from the Council of the Inspectors General on Integrity and Efficiency (CIGIE), the Office of Management and Budget (OMB), and the U.S. Department of Treasury (Treasury).

How OIG Did This Audit

The Office of Inspector General (OIG) engaged EY to conduct an independent performance audit to determine whether the Department of Health and Human Services (HHS) was in compliance with reporting requirements of the DATA Act for the first quarter of fiscal year 2019. The performance audit assessed the completeness, quality, accuracy, and timeliness of the data transmitted through the HHS submission. We reviewed a statistically valid sample of 285 items from the first quarter of fiscal year 2019's financial and award data submitted by HHS for publication on .

What OIG Found

Our performance audit determined that HHS complied with the reporting requirements of the DATA Act as stipulated by OMB, CIGIE, and Treasury. While HHS met the reporting requirements, our performance audit determined that:

  • Although improvements with respect to the controls within its information technology (IT) infrastructure and financial systems have been made, we observed deficiencies related to access controls, configuration management, and segregation of duties.
  • HHS continues to pursue ongoing data cleanup as part of the its data standardization efforts. These efforts acknowledge that there is a need for HHS to consistently apply standardized object class codes in compliance with OMB guidance and standardized US Standard General Ledger account codes.
  • In the absence of Oracle patches to map data elements directly from feeder award systems to its financial systems, HHS continues to use an interim solution that heavily relies on manual processes to collect data from multiple owners and systems.

What OIG Recommends

We recommend that HHS continue to focus its efforts on resolving issues related to its IT system controls, completing data cleanup activities, and applying Oracle patches. We also recommend that HHS standardize object class codes to align with OMB guidance. Finally, we recommend that HHS continue to test Oracle patches in its IT systems and implement the patches to reduce reliance on manual processes.