Skip to main content

Federal Reserve Banks: Areas for Improvement in Information Systems Controls

GAO-12-615R Published: Apr 11, 2012. Publicly Released: Apr 11, 2012.
Jump To:
Skip to Highlights

Highlights

What GAO Found

During our fiscal year 2011 follow up on the status of FRBs’ corrective actions to address information systems control-related recommendations contained in our prior years’ reports and open as of September 30, 2010, we determined that corrective action was in progress for each of the three open recommendations related to security management and access controls. The potential effect of these continuing control deficiencies on financial reporting relevant to the Schedule of Federal Debt was mitigated by FRBs’ physical security measures and a program of monitoring user and system activity, and BPD’s compensating management and reconciliation controls designed to detect potential misstatements in the Schedule of Federal Debt.

The Director of Reserve Bank Operations and Payments Systems on behalf of the Board of Governors of the Federal Reserve System provided comments on the detailed information regarding the results of our follow up on the status of FRBs’ corrective actions in the separately issued Limited Official Use Only report. In those comments, the Director stated that the agency takes control deficiencies seriously and that FRB management continues to make progress towards addressing the three open recommendations. The Director further commented that one of the deficiencies has already been addressed, and that corrective actions for the two remaining open recommendations from our prior years’ reports are planned or in progress.

Why GAO Did This Study

In connection with fulfilling our requirement to audit the consolidated financial statements of the U.S. government, we audited and reported on the Schedules of Federal Debt Managed by the Bureau of the Public Debt (BPD) for the fiscal years ended September 30, 2011 and 2010. As part of these audits, we performed a review of information systems controls over key financial systems maintained and operated by the Federal Reserve Banks (FRB) on behalf of the Department of the Treasury’s (Treasury) BPD relevant to the Schedule of Federal Debt.

As we reported in connection with our audit of the Schedules of Federal Debt for the fiscal years ended September 30, 2011 and 2010, we concluded that BPD maintained, in all material respects, effective internal control over financial reporting relevant to the Schedule of Federal Debt as of September 30, 2011, that provided reasonable assurance that misstatements, losses, or noncompliance material in relation to the Schedule of Federal Debt would be prevented or detected and corrected on a timely basis. However, we identified information systems deficiencies affecting internal control over financial reporting, which, while we do not consider them to be collectively either a material weakness or significant deficiency, nevertheless warrant the attention and action of management.

With regard to key financial systems maintained and operated by the FRBs on behalf of BPD, we did not identify any new deficiencies in information systems controls that had a consequential effect on financial reporting relevant to the Schedule of Federal Debt during our fiscal year 2011 audit. In a separately issued Limited Official Use Only report, we communicated to FRB management detailed information regarding the results of our follow up on the status of FRBs’ corrective actions to address information systems control-related recommendations contained in our prior years’ reports and open as of September 30, 2010.

For more information, contact Gary T. Engel at (202) 512-3406 or engelg@gao.gov.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Federal reserve banksFederal reserve systemInformation systemsFinancial systemsFinancial reportingInternal controlsInformation securityPublic debtFederal debtMaterialityFinancial managementReconciliation process