Internal controls (61 - 70 of 127 items)
Information Security: Persistent Weaknesses Highlight Need for Further Improvement
GAO-07-751T: Published: Apr 19, 2007. Publicly Released: Apr 19, 2007.
For many years, GAO has reported that weaknesses in information security are a widespread problem with potentially devastating consequences--such as intrusions by malicious users, compromised networks, and the theft of personally identifiable information. In reports to Congress since 1997, GAO has identified information security as a governmentwide high-risk issue. Concerned by reports of signific...
Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission
GAO-07-256: Published: Mar 27, 2007. Publicly Released: Mar 27, 2007.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misu...
Information Security: Veterans Affairs Needs to Address Long-Standing Weaknesses
GAO-07-532T: Published: Feb 28, 2007. Publicly Released: Feb 28, 2007.
Security breaches at the Department of Veterans Affairs (VA) and other public and private organizations have highlighted the importance of well-designed and implemented information security programs. GAO was asked to testify on its past work on VA's information security program, as well as ongoing reviews that it is conducting at VA. In developing its testimony, GAO drew on over 15 of its previous...
Information Security: Federal Deposit Insurance Corporation Needs to Improve Its Program
GAO-06-620: Published: Aug 31, 2006. Publicly Released: Aug 31, 2006.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. The corporation relies extensively on computerized systems to support and carry out its financial and mission-related operations. As part of the audit of the calendar year 2005 financial statements, GAO assessed (1) the progress FDIC...
Information Security: Federal Reserve Needs to Address Treasury Auction Systems
GAO-06-659: Published: Aug 30, 2006. Publicly Released: Aug 30, 2006.
The Federal Reserve System's Federal Reserve Banks (FRB) serve as fiscal agents of the U.S. government when they are directed to do so by the Secretary of the Treasury. In this capacity, the FRBs operate and maintain several mainframe and distributed-based systems--including the systems that support the Department of the Treasury's auctions of marketable securities--on behalf of the department's B...
Information Security: Securities and Exchange Commission Needs to Continue to Improve Its Program
GAO-06-408: Published: Mar 31, 2006. Publicly Released: Mar 31, 2006.
The Securities and Exchange Commission (SEC) has a demanding responsibility enforcing securities laws, regulating the securities markets, and protecting investors. In enforcing these laws, SEC issues rules and regulations to provide protection for investors and to help ensure that the securities markets are fair and honest. It relies extensively on computerized systems to support its financial and...
Bureau of the Public Debt: Areas for Improvement in Information Security Controls
GAO-06-522R: Published: Mar 16, 2006. Publicly Released: Mar 16, 2006.
In connection with fulfilling our requirement to audit the financial statements of the U.S. government, we audited and reported on the Schedules of Federal Debt Managed by the Bureau of the Public Debt (BPD) for the fiscal years ended September 30, 2005 and 2004. As part of these audits, we performed a review of the general and application information security controls over key BPD financial syste...
Information Security: Progress Made, but Federal Aviation Administration Needs to Improve Controls over Air Traffic Control Systems
GAO-05-712: Published: Aug 26, 2005. Publicly Released: Sep 26, 2005.
The Federal Aviation Administration (FAA) performs critical functions that contribute to ensuring safe, orderly, and efficient air travel in the national airspace system. To that end, it operates and relies extensively on an array of interconnected automated information systems and networks that comprise the nation's air traffic control systems. These systems provide information to air traffic con...
Financial Market Organizations Have Taken Steps to Protect against Electronic Attacks, but Could Take Additional Actions
GAO-05-679R: Published: Jun 29, 2005. Publicly Released: Jul 29, 2005.
The September 11, 2001, terrorist attacks on the World Trade Center exposed the vulnerability of the financial markets to disruption by such events. As part of a series of reviews we have performed at the request of Members of Congress, we have examined and reported on the adequacy of the steps that financial market participants have taken to reduce their vulnerability to attacks and to be better...
Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program
GAO-05-700: Published: Jun 17, 2005. Publicly Released: Jul 8, 2005.
The Homeland Security Act of 2002 mandated the merging of 22 federal agencies and organizations to create the Department of Homeland Security (DHS), whose mission, in part, is to protect our homeland from threats and attacks. DHS relies on a variety of computerized information systems to support its operations. GAO was asked to review DHS's information security program. In response, GAO determined...