Resolved. I discovered the reason for the difference.

The $System.Encryption.TOTP() function accepts a "plain text" secret that is then internally converted to Base32 encoding for use in the algorithm. The other applications do NOT convert the secret, but expect the Base32 encoded value to be supplied. Consequently, when passing a Base32 encoded secret to $System.Encryption.TOTP(), that value was re-encoded causing the generated output to be different than the other applications.

If you wish to use the built-in $System.Encryption.TOTP() function in conjunction with an Authentication App,  you will need to have both the "plain text" secret and the Base32 encoded secret available. The ObjectScript call will need the "plain text" secret and the Authentication App will likely need the Base32 encoded secret.