GSA and IG Clash Over State of Agency’s Internal Controls

(Image: The Wall Street Journal)

The Office of the Inspector General (OIG) for the General Services Administration (GSA) released its report on the agency’s biggest management challenges on Nov. 30, with the report highlighting OIG’s disagreement with GSA on the state of internal controls within the agency.

In the report, OIG notes that 13 of its 18 reports from June 2017 to June 2018 involved internal controls, including an instance where a lack of verification for GSA’s Computers for Learning program led to ineligible organizations receiving $2.5 million in Federally-owned computer equipment.

“GSA management’s challenge is to implement a more effective system of internal controls to ensure the Agency consistently complies with laws and regulations, produces accurate and reliable reports, and operates effectively,” the report says.

GSA acknowledged challenges with internal controls in some areas, but disputed that management of internal controls represents a larger organizational challenge. “GSA strongly disagrees that the agency has pervasive internal control weaknesses,” the agency said in its response to the initial report.

But the agency’s OIG refused to back down.

“Unless GSA recognizes that internal control is not one event, but a series of actions that occur throughout an entity’s operation and thereby proactively considers establishing a comprehensive system of internal control, these issues will likely continue to exist,” said Inspector General Carol Ochoa in a Nov. 30 letter to GSA Administrator Emily Murphy on the subject of GSA’s response.

Outside of the dispute on GSA’s internal controls, the OIG report also identifies prioritizing cybersecurity as a management challenge. OIG points to a Government Accountability Office report from January that calls out GSA’s challenges with buildings control systems and cybersecurity. OIG also cites past reports on threats to sensitive and personally identifiable information.

“In FY 2019, GSA IT remains challenged with strengthening its IT security controls in high-risk areas as identified in recent audits conducted by GAO, GSA’s independent auditor, and our office,” the report notes.

Throughout the report, OIG highlights other IT challenges that the agency’s faces, among those the challenge of 40 percent of its workforce in mission critical positions reaching retirement age within the next three years. In response, the agency has moved to hire from outside Washington, D.C., including seeking cybersecurity talent from Kansas City, Denver, and Dallas, according to the report.

The report also highlights technology challenges in the GSA Advantage online purchase portal, implementing e-commerce portals, transitioning to the Enterprise Infrastructure Solutions contract, and developing the System for Award Management to replace legacy systems.

The OIG’s complete list of GSA’s “most significant management and performance challenges” for FY 2019 are:

  1. Establishing and Maintaining an Effective Internal Control Environment Across GSA.
  2. Enhancing Government Procurement.
  3. Maximizing the Performance of GSA’s Real Property Inventory.
  4. Prioritizing Agency Cybersecurity.
  5. Managing Human Capital Efficiently to Accomplish GSA’s Mission.
  6. Safeguarding Federal Facilities and Providing a Secure Work Environment.
  7. Managing Revolving Funds Effectively.
  8. Implementing GSA’s Role Under the Comprehensive Plan for Reorganizing the Executive Branch.

Recent