DHS I.G.: 'DHS Has Made Progress in Meeting DATA Act Requirements, But Challenges Remain'

WASHINGTON, Aug. 21 -- The U.S. Department of Homeland Security's Office of the Inspector General issued the following report (No. OIG-20-62) entitled "DHS Has Made Progress in Meeting DATA Act Requirements, But Challenges Remain". Here are excerpts of the report issued on Aug. 13:

MEMORANDUM FOR: Troy Edgar, Chief Financial Officer, Department of Homeland Security

FROM: Joseph V. Cuffari, Ph.D., Inspector General

SUBJECT: DHS Has Made Progress in Meeting DATA Act Requirements, But Challenges Remain

For your action is our final report, DHS Has Made Progress in Meeting DATA Act Requirements, But Challenges Remain. We incorporated the formal comments provided by your office.

The report contains five recommendations aimed at improving the quality of the Department's spending data. Your office concurred with all five recommendations. Based on information provided in your response to the draft report, we consider recommendations 1, 2, 4, and 5 to be open and resolved. Once your office has fully implemented the recommendations, please submit a formal closeout letter to us within 30 days accompanied by evidence of completion of agreed-upon corrective actions so that we may close the recommendations.

Based on information provided in your response to the draft report, we consider recommendation 3 open and unresolved. As prescribed by the Department of Homeland Security Directive 077-01, Follow-Up and Resolutions for the Office of Inspector General Report Recommendations, within 90 days of the date of this memorandum, please provide our office with a written response that includes your (1) agreement or disagreement, (2) corrective action plan, and (3) target completion date for the third bullet of recommendation 3. Also, please include your responsible parties and other supporting documentation to inform us about the current status of the recommendation. Until your response is received and evaluated, the recommendation will be considered open and unresolved. Please send your response or closure request to [email protected].

Consistent with our responsibility under the Inspector General Act, we will provide copies of our report to congressional committees with oversight and appropriation responsibility over the Department of Homeland Security. We will post the report on our website for public dissemination.

Please call me with any questions, or your staff may contact Sondra McCauley, Assistant Inspector General for Audits, at (202) 981-6000.

* * *

Why We Did This Audit

The DATA Act required the Office of Inspector General to review a statistically valid sample of DHS' fiscal year 2019 first quarter (FY 2019/Q1) spending data posted on USAspending.gov, and submit to Congress a report assessing the data's completeness, accuracy, timeliness, and quality, as well as DHS' implementation and use of government-wide financial data standards.

* * *

What We Recommend

This report contains five recommendations aimed at strengthening DHS' controls to improve its spending data quality.

* * *

What We Found

Since our first audit in 2017, DHS has continued to make progress in meeting its Digital Accountability and Transparency Act of 2014 (DATA Act) reporting requirements. For example, DHS improvements included reducing misalignments in its procurement and financial assistance award data from nearly $1.9 billion (38 percent) in FY 2017/Q2 to $264 million (4 percent) in FY 2019/Q1. This occurred because DHS implemented a quarterly process that targeted such misalignments through spending data quality reviews. We nonetheless identified opportunities for DHS to strengthen its quarterly reviews and further reduce misalignments to enable more effective tracking of Federal spending.

Using the Inspectors General Guide to Compliance under the DATA Act, we found the quality of DHS' spending data was moderate for a statistically valid sample of 375 procurement and financial assistance awards. Specifically, the data was complete and accurate, but not timely. Due to system limitations, DHS did not report 67 percent of the sampled financial assistance award elements within 30 days of award date as required. Although DHS works to mitigate this risk through its quarterly review process, the timeliness of financial assistance reporting remains a recurring challenge.

DHS generally implemented and consistently uses government-wide data standards, but could improve reporting for certain data elements to fully achieve the DATA Act's objective of making Federal spending information more transparent to the public. DHS developed a data quality plan to manage risks to data quality as required.

* * *

DHS Response

DHS concurred with all five recommendations. Appendix B contains the Department's response in its entirety. All recommendations will remain open pending evidence to support completion of the corrective actions.

* * *

Table of Contents

Background ... 2

Results of Audit ... 7

-DHS Has Improved Alignment of Budgetary Data, But Challenges

Remain ... 8

-DHS Has Improved Alignment of Award Data, But Additional Improvement Can Be Made ... 10

-DHS' DATA Act Submission Was of Moderate Quality ... 12

DHS Implemented and Used Government-wide Data Standards But Could Improve Reporting on Certain Data Elements... 16

-DHS Developed a Plan to Manage Risks to Data Quality ... 17

Recommendations ... 19

Appendixes

-Appendix A: Objectives, Scope, and Methodology ... 25

-Appendix B: DHS Response to the Draft Report ... 27

-Appendix C: Report Distribution ... 32

* * *

Background

On May 9, 2014, the President signed the Digital Accountability and Transparency Act of 2014 (DATA Act) into law to make information on Federal spending more easily accessible and transparent to the public. The DATA Act requires agencies to report spending data quarterly to USAspending.gov/1 in accordance with government-wide financial data standards established by the Department of the Treasury (Treasury) and the Office of Management and Budget (OMB). These standards specify the data elements for reporting under the DATA Act and define what each element should include to ensure data is consistent and comparable. Agencies must disclose information linking spending activity to Federal programs in the President's budget to effectively track government spending.

Office of Inspector General Responsibilities under the DATA Act

The DATA Act requires the Office of Inspector General (OIG) of each Federal agency to review a statistically valid sample of the agency's spending data submissions to USAspending.gov in fiscal years 2017, 2019, and 2021. Also, the DATA Act requires each OIG to submit to Congress a report that assesses the completeness, accuracy, timeliness, and quality of the data sampled, and implementation and use of government-wide financial data standards in compiling the data. This is our second of three mandated reports on DHS' implementation of the DATA Act. This report assesses the quality of DHS' FY 2019, first quarter (FY 2019/Q1) spending data.

The Council of the Inspectors General on Integrity and Efficiency's (CIGIE) Federal Audit Executive Council released its Inspectors General Guide to Compliance under the DATA Act (CIGIE IG Guide) on February 14, 2019. The CIGIE IG Guide provides a common methodology and reporting approach for every OIG to use in performing work mandated by the DATA Act.

DATA Act Submission

Federal agencies submit their budgetary and award data to Treasury's DATA Act Broker (Broker), a system that facilitates the collection, validation, certification, and submission of agencies' quarterly spending data for publication on USAspending.gov. Agencies are required to upload to the Broker the files identified in table 1, containing data from their internal financial systems.

Table 1. Agency-Created DATA Act Files

[Table omitted]

View table at https://www.oig.dhs.gov/sites/default/files/assets/2020-08/OIG-20-62-Jul20.pdf

After agencies upload their files, the Broker extracts spending data from government-wide award reporting systems containing data on Federal contracts, grants, and award recipients. Those systems include the Federal Procurement Data System-Next Generation (FPDS-NG) and the Financial Assistance Broker Submission (FABS). Agencies submit information on procurement awards to FPDS-NG and on financial assistance awards (grants, loans, insurance, and other assistance) to FABS. Using the extracted data, the Broker generates the files identified in table 2.

Table 2. DATA Act Broker-Generated Files/2

[Table omitted]

View table on the link above.

The Broker applies a series of validation rules to test completeness and accuracy of the data elements and linkages between budgetary and award data. OMB guidance/3 requires agencies to link budgetary and award data across different files using unique award numbers./4 Through its validation process, the Broker generates data warnings and critical errors based on the application of Treasury-defined rules. An example of a warning is when a unique award number exists in File C but does not exist in Files D1/D2. Errors can occur when certain data elements do not meet formatting requirements such as field length or character type. If any data in the agency submission generates critical errors, USAspending.gov will not accept that data for publication. By contrast, less severe discrepancies result in Broker-generated warnings that do not prevent this data from continuing through the publication process. For example, warning messages alert agencies to possible issues worth further review that may or may not be inaccuracies in the data.

Once agency files successfully pass the Broker validations, OMB requires/5 each agency's senior accountable official (SAO) to certify the quarterly DATA Act submission. The SAO certification provides reasonable assurance that the agency's internal controls support the validity and reliability of the budgetary and award data submitted to Treasury for publication on USAspending.gov. After the SAO completes the certification in the Broker, Treasury will publish the spending data on USAspending.gov. (See figure 1 for a flowchart of the DATA Act Broker's Quarterly Submission Process.)

Starting in FY 2019, each agency must develop a data quality plan (DQP) that identifies risks to the quality of Federal spending data and implement a control structure to manage such risks./6 Quarterly certifications by the SAO should be based on considerations and internal controls documented in the agency's DQP.

Figure 1. DATA Act Broker's Quarterly Submission Process

[Figure omitted]

View figure on the link above.

DHS Governance for Quarterly DATA Act Submission

In FY 2015, DHS established a governance structure -- an institutionalized set of policies and procedures -- for the Department's implementation of the DATA Act. DHS' Deputy Chief Financial Officer serves as the Department's SAO. The SAO sets the strategic direction for DHS' approach to DATA Act implementation. DHS also created a Headquarters DATA Act Working Group with members from across its organizational units, including budget, accounting, procurement, and financial assistance.

achieve compliance with the DATA Act. DHS component DATA Act teams submit their spending data monthly to the Resource Management Transformation (RMT) Division within the Office of the Chief Financial Officer to comprise the Department's consolidated quarterly submissions to USAspending.gov. Components must document and implement internal control procedures to ensure their spending data is complete, accurate, and timely.

RMT developed an internal DATA Act Solution (DAS) system to collect and perform pre-check validations of DHS components' spending data to ensure it meets Broker submission requirements. On a monthly basis, as shown in figure 2, RMT pulls the components' budgetary data (Files A and B) from DHS' Treasury Information Executive Repository and uploads it to the DAS, while components submit their award data (File C) directly to the DAS. Additionally, RMT downloads components' procurement award data (File D1) and financial assistance award data (File D2) from the Broker and uploads it to the DAS.

Figure 2. DHS DATA Act Solution Process

[Figure omitted]

View figure on the link above.

The DAS process mirrors the Broker's validation of the alignment between the procurement and financial assistance award files and the budgetary files included in DHS' quarterly submission. The DAS process also includes additional tests for DHS to ensure transactions eventually align and to determine how long they take to align. Throughout the quarter, DHS stakeholders work together to research and resolve Broker and DAS validation issues, such as missing financial information. Also, RMT conducts monthly Headquarters DATA Act Working Group and Component Implementation Working Group meetings to discuss guidance, processes, best practices, and data quality management efforts.

Previous OIG DATA Act Review

In 2017, we reported7 that DHS' internal controls for its DATA Act processes were not sufficient to ensure the submission of complete, accurate, and timely spending data for FY 2017/Q2. We identified issues concerning data alignment, completeness, and accuracy that hindered the quality and usefulness of the information. We made six recommendations for DHS to strengthen its existing controls and apply additional controls for its DATA Act processes to ensure complete, accurate, and timely spending data. As of May 2019, all six recommendations were resolved and closed.

https://www.oig.dhs.gov/sites/default/files/assets/2020-08/OIG-20-62-Jul20.pdf

* * *

Conclusion

To enable more effective tracking of Federal spending, DHS must continue to take action to accurately align its budgetary data with the President's budget, reduce award misalignments across DATA Act files, improve the timeliness of financial assistance reporting, implement and use government-wide data standards, and update its DQP to address risks to data quality. Without these actions, DHS will continue to experience challenges in meeting its goal of achieving the highest possible data quality for submission to USAspending.gov.

* * *

Recommendations

Recommendation 1: We recommend the Chief Financial Officer improve the alignment of DHS' budgetary data with the authoritative sources that the Treasury Broker uses for DATA Act validation by:

* updating the Department's program activity data in the OMB's MAX Collect list to align $3.4 billion in award obligations from DHS' FY 2019/Q1 submission with the President's budget;

* issuing guidance clarifying that DHS components should only use program activity code "0000" and program activity name "Unknown/Other" when there are no obligations reported in the appropriation account; and

* developing a solution to ensure DHS components maintain awareness of and comply with any changes the Office of Management and Budget makes to the reporting deadline for the quarterly MAX Collect exercise.

Recommendation 2: We recommend the Chief Financial Officer strengthen the internal controls within DHS' quarterly corrective action plan process by:

* requiring DHS components to research and correct, as needed, matching award identification numbers with non-matching obligation amounts;

* requiring DHS components to identify root causes for misalignments so the specific reasons for timing issues and the corrective actions needed to address them are clearly understood;

* requiring DHS components to submit corrective action plans addressing misalignments on a monthly basis rather than once a quarter; and

* developing an effective solution to continuously track misalignments from month to month until corrective actions are completed.

Recommendation 3: We recommend the Chief Financial Officer improve the quality of the financial assistance award information reported in DHS' DATA Act submissions for publication on USAspending.gov by:

* implementing and testing the new system for managing and reporting National Flood Insurance Program (NFIP) awards until it addresses the limitations of the legacy system and becomes DATA Act compliant;

* developing standard operating procedures to document aggregation procedures for NFIP awards, including controls to ensure that awards to organizations are not aggregated with individuals, and data elements for aggregate awards are traceable to source documentation; and

* correcting the root cause associated with the systems integration issue that resulted in more than $500 million in grant award misalignments within the Department's FY 2019/Q1 DATA Act submission.

Recommendation 4: We recommend the Chief Financial Officer develop and apply effective solutions to improve the implementation and use of the government-wide financial data standards for data elements associated with the award description, place of performance, unique record identifier, legal entity information, program activity data, and financial assistance aggregate reporting.

Recommendation 5: We recommend the Chief Financial Officer strengthen the DHS Data Quality Plan to achieve the DATA Act reporting objective by:

* completing testing of high-risk elements identified by the Risk Management and Assurance Division, and updating the control structure in the Data Quality Plan as necessary based on the test results; and

* updating internal controls in the Data Quality Plan to address the audit findings and recommendations in this report.

* * *

DHS Response and OIG Analysis

DHS concurred with all five recommendations. Appendix B contains a copy of the Department's response in its entirety. We also received technical comments and incorporated changes to the report where appropriate. A summary of the Department's responses to the recommendations and our analysis follows.

DHS Response to Recommendation 1: Concur. According to DHS, the Department's data submitted in DATA Act File B (object class and program activity obligations and outlays) was complete and accurate for the first quarter of FY 2019. In addition, by July 31, 2019, the Department corrected the specific issues amounting to $3.4 billion we noted in the OMB MAX validation table. The DHS Office of the Chief Financial Officer's RMT Division will enhance instructions to components' budget units for verification and validation of the OMB MAX program activity table and crosswalk, which is used to derive OMB program activity data for the required DATA Act files.

However, the Department noted that circumstances not accounted for in the DAIMS guidance constrained DHS reporting related to: 1) accounts with less than $500,000 in obligations, 2) programs not reportable to the President's Budget, and 3) expired accounts. Specifically, none of these scenarios have an established government-wide program activity mapping definition of current program activity. Consequently, using program activity code "0000" and name "Unknown/Other" is the only way DHS or any other department or agency can complete its submission when these scenarios arise. Furthermore, for DATA Act reportable obligations that are not reportable to the President's Budget and other described scenarios, the DHS Office of the Chief Financial Officer staff will work with OMB examiners, as appropriate, to identify a satisfactory substitute code. The estimated completion date is September 30, 2020.

OIG Analysis: The Department's corrective action is responsive to the recommendation. The recommendation will remain open and resolved until the Department provides evidence to support that corrective actions are completed.

DHS Response to Recommendation 2: Concur. According to the Department, on January 31, 2020, the DHS Data Act Team implemented an enhanced Component Corrective Action Plan process, documented in the DHS DATA Act File C: Component Guidebook and DHS DATA Act Data Quality Report Production Guide, that: 1) addresses researching and correcting matching award identification numbers with non-matching obligation amounts, 2) identifies the root causes of timing issue misalignments, and 3) continuously tracks misalignments until corrective actions are completed. As part of this process, the DHS Office of the Chief Financial Officer's RMT personnel identify non-matching awards and monitor component progress in addressing the root causes of misalignments on a monthly basis. DHS stated that it will provide the OIG copies of corroborating documentation supporting completion of the aforementioned actions under separate cover. DHS requested that we consider this recommendation resolved and closed, as implemented.

OIG Analysis: The Department's corrective action is responsive to the recommendation. The recommendation will remain open and resolved until the Department provides evidence to support that corrective actions are completed.

DHS Response to Recommendation 3: Concur. The FEMA Headquarters' DATA Act team will test the new NFIP system's ability to: 1) provide files compliant with the DATA Act, and 2) review implementation of and update the existing FEMA DATA Act Validation Process and supplemental File C SOPs to ensure the procedures allow traceability to source documentation, as appropriate. The estimated completion date is December 31, 2020.

OIG Analysis: The Department's corrective action is partially responsive to the recommendation. Specifically, DHS' response did not address correcting the root cause associated with the systems integration issue, which resulted in more than $500 million in grant award misalignments within the Department's FY 2019/Q1 DATA Act submission. The recommendation will remain open and unresolved until the Department provides evidence to support that corrective actions are completed.

DHS Response to Recommendation 4: Concur. DHS reported it is committed to providing high quality and transparent data to the public to facilitate more effective tracking of its spending. According to the Department, the DHS Office of the Chief Financial Officer and others are already taking actions to enhance implementation and use of government-wide financial data standards we recommended for selected data elements as described below:

* Award Description. The award descriptions for both the base contract award and the modifications are complete and accurate and meet OMB and Treasury Department requirements for information posted publicly. For example, the award description data element on USAspending.gov clearly states the base award describes what is being purchased, and the modifications describe what is being altered. However, the DAIMS definition for award description should be clarified to include the requirements for base contract award and modifications. The DHS Office of the Chief Procurement Officer is working with the Government-wide Leveraging Data Strategic Asset-Policy Working Group to recommend a change to the DAIMS definition for this data element. This change is not for the general public or the agencies, but to clarify for the audit community what is required to be entered in this field for different contract actions. The estimated completion date is October 30, 2020.

* Place of Performance. The DAIMS definition of place of performance is not clear or complete, as discussed in the Government Accountability Office report, DATA ACT: Quality of Data Submissions Has Improved but Further Action Is Needed to Disclose Known Data Limitations (GAO-20-75, November 8, 2019). The Government Accountability Office recommended that OMB and Treasury provide a clear definition of this data element to help agencies improve their data quality. As a follow-up to the Government Accountability Office recommendation, the DHS Office of the Chief Procurement Officer and Office of the Chief Financial Officer's Financial Assistance and Policy Oversight Division will recommend that the Government-wide Leveraging Data Strategic Asset-Policy Working Group change the DAIMS definition for this data element. The estimated completion date is October 30, 2020.

* Unique Record Identifier. According to the DAIMS "Practices and Procedures" in FY 2019 first quarter, for each unique financial assistance transaction, the Federal award identification number, unique record identifier, or a combination of these two elements from File C should match the information in File D2 or the Broker will generate a warning. Although this is not a best practice, it is permitted by the Treasury "Practices and Procedures" description, validation rules, and specifications listing modification numbers as optional. Personnel from the DHS Office of the Chief Financial Officer's Financial Assistance and Policy Oversight Division are working with FEMA's Headquarters DATA Act team to provide modification numbers on File D2 (financial assistance data), in addition to the unique record identifier. The estimated completion date is December 31, 2020.

* Legal Entity Information. The DHS Office of the Chief Financial Officer's Financial Assistance and Policy Oversight Division is working with the FEMA Headquarters DATA Act team to identify the root cause of the abbreviation, truncations, and concatenation issues in legal entity fields. The Department stated that the Financial Assistance and Policy Oversight Division will provide interim milestones under separate cover. The estimated completion date is March 31, 2023.

* Program Activity Data. The DHS Office of the Chief Financial Officer's RMT Division and the components' budget divisions completed corrections on July 31, 2019, for specific issues identified in the draft report totaling $3.4 billion. Specifically, RMT addressed the major issues disclosed to the DATA Act Senior Accountable Official using procedures documented in the Department's DATA Act Data Quality Report Production Guide. An ongoing reconciliation process is being performed quarterly between the RMT Division and the components' budget divisions to fully align OMB's MAX program activity table with DATA Act File B (object class and program activity obligations and outlays). RMT will provide the OIG copies of corroborating documentation supporting completion of the aforementioned actions under separate cover.

* Financial Assistance Aggregate. FEMA's Headquarters DATA Act team will develop procedures to ensure the new NFIP system aggregates to individuals when it is determined that individuals are the prime awardees. The estimated completion date is December 31, 2020.

OIG Analysis: Although the Department's corrective action is responsive to the recommendation, a statement in the management response regarding the award description element is not consistent with our audit findings.

Specifically, DHS stated that the award descriptions for both the base contract award and the modifications are accurate and meet OMB and Treasury requirements for information posted publicly. However, we concluded the award description element for the sampled procurement records had an accuracy error rate greater than 20 percent. DHS used shorthand, acronyms, or terminology that could only be understood by officials who made the award. Also, DHS described reasons for award modifications (e.g., "deobligate excess funds and closeout") rather than the goods or services being procured. Our findings are consistent with the Government Accountability Office report, DATA ACT: Quality of Data Submissions Has Improved but Further Action Is Needed to Disclose Known Data Limitations (GAO-20-75, November 8, 2019). The recommendation will remain open and resolved until the Department provides evidence to support that corrective actions are completed.

DHS Response to Recommendation 5: Concur. According to the Department, on September 30, 2019, DHS components completed testing of high-risk elements identified by the DHS Office of the Chief Financial Officer's Risk Management and Assurance Division for FY 2019, and will continue this testing on an annual basis, as appropriate. Based on these test results, the DHS Headquarters DATA Act team will update the control structure of the Data Quality Plan to address the audit findings and recommendations in this draft report. The estimated completion date is March 31, 2021.

OIG Analysis: The Department's corrective actions are responsive to the recommendation. The recommendation will remain open and resolved until the Department provides evidence to support that the corrective actions are completed.

* * *

Full Report: https://www.oig.dhs.gov/sites/default/files/assets/2020-08/OIG-20-62-Jul20.pdf