Financial Management Service: Significant Weaknesses in Computer Controls Continue
Highlights
The Financial Management Service's (FMS) overall security control environment continues to be ineffective in identifying, deterring, and responding to computer control weaknesses promptly. Consequently, billions of dollars of payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions. During its fiscal year 2000 audit, GAO found new general computer control weaknesses in the entity-wide security management program, access controls, and system software. GAO also identified new weaknesses in the authorization and completeness controls over one key FMS financial application. GAO's follow-up on the status of FMS's corrective actions to address weaknesses discussed in its fiscal year 1999 report found that, as of September 30, 2000, FMS had corrected or mitigated the risks associated with 35 of the 61 computer control weaknesses discussed in that report. To assist FMS management in addressing its computer control weaknesses, GAO made four overall recommendations in this public report.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of the Treasury | The Secretary of the Treasury should direct the commissioner of FMS, along with the assistant commissioner for information resources, to fully implement an effective security program. |
Closed – Implemented
In connection with its ongoing requirement to audit the U.S. government's financial statements, GAO followed up on the status of the FMS corrective actions to address issues identified in this report. The Treasury Office of Inspector General's independent public accountant contractor concluded in its fiscal year 2004 audit that actions taken by FMS resolved this issue.
|
| Department of the Treasury | The Secretary of the Treasury should direct the commissioner of FMS, along with the assistant commissioner for information resources, to correct each individual weakness that GAO identified and address each of the 85 specific recommendations detailed in the December 14, 2001 report. |
Closed – Implemented
In connection with its ongoing requirement to audit the U.S. government's financial statements, GAO followed up on the status of the FMS corrective actions to address issues identified in this report. The Treasury Office of Inspector General's independent public accountant contractor concluded in its fiscal year 2004 audit that actions taken by FMS resolved this issue.
|
| Department of the Treasury | The Secretary of the Treasury should direct the commissioner of FMS, along with the assistant commissioner for information resources, to work with the Federal Reserve Banks (FRB) to monitor corrective actions taken to resolve the computer control vulnerabilities related to FMS systems supported by the FRBs that we identified and communicated to the FRBs. |
Closed – Implemented
GAO's follow-up on the status of the FRB's corrective actions to address vulnerabilities identified in GAO's prior years' audits found that the FRBs had corrected or mitigated the risks associated with all the general and application control vulnerabilities.
|
| Financial Management Service | FMS should develop a detailed plan that describes the remedial actions, resources, target dates, and responsible agency officials to facilitate the implementation of its security program. |
Closed – Implemented
In connection with its ongoing requirement to audit the U.S. government's financial statements, GAO followed up on the status of the FMS corrective actions to address issues identified in this report. The Treasury Office of Inspector General's independent public accountant contractor concluded in its fiscal year 2004 audit that actions taken by FMS resolved this issue.
|