Internal controls (101 - 110 of 245 items)
Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission
GAO-07-256: Published: Mar 27, 2007. Publicly Released: Mar 27, 2007.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misu...
Information Security: Veterans Affairs Needs to Address Long-Standing Weaknesses
GAO-07-532T: Published: Feb 28, 2007. Publicly Released: Feb 28, 2007.
Security breaches at the Department of Veterans Affairs (VA) and other public and private organizations have highlighted the importance of well-designed and implemented information security programs. GAO was asked to testify on its past work on VA's information security program, as well as ongoing reviews that it is conducting at VA. In developing its testimony, GAO drew on over 15 of its previous...
Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing
GAO-07-65: Published: Oct 20, 2006. Publicly Released: Nov 20, 2006.
Agencies rely extensively on computerized information systems and electronic data to carry out their missions. To ensure the security of the information and information systems that support critical operations and infrastructure, federal law and policy require agencies to periodically test and evaluate the effectiveness of their information security controls at least annually. GAO was asked to eva...
Managing Sensitive Information: DOJ Needs a More Complete Staffing Strategy for Managing Classified Information and a Set of Internal Controls for Other Sensitive Information
GAO-07-83: Published: Oct 20, 2006. Publicly Released: Nov 20, 2006.
The September 11 attacks showed that agencies must balance the need to protect and share sensitive information to prevent future attacks. Agencies classify this information or designate it sensitive but unclassified to protect and limit access to it. The National Archives' Information Security Oversight Office (ISOO) assesses agencies' classification management programs, and in July 2004 and April...
Information Security: The Centers for Medicare & Medicaid Services Needs to Improve Controls over Key Communication Network
GAO-06-750: Published: Aug 30, 2006. Publicly Released: Oct 3, 2006.
The Centers for Medicare & Medicaid Services (CMS), a component within the Department of Health and Human Services (HHS), is responsible for overseeing the Medicare and Medicaid programs--the nation's largest health insurance programs--which benefit about one in every four Americans. CMS relies on a contractor-owned and operated network to facilitate communication and data transmission among CMS b...
Information Security: Federal Deposit Insurance Corporation Needs to Improve Its Program
GAO-06-620: Published: Aug 31, 2006. Publicly Released: Aug 31, 2006.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. The corporation relies extensively on computerized systems to support and carry out its financial and mission-related operations. As part of the audit of the calendar year 2005 financial statements, GAO assessed (1) the progress FDIC...
Information Security: Federal Reserve Needs to Address Treasury Auction Systems
GAO-06-659: Published: Aug 30, 2006. Publicly Released: Aug 30, 2006.
The Federal Reserve System's Federal Reserve Banks (FRB) serve as fiscal agents of the U.S. government when they are directed to do so by the Secretary of the Treasury. In this capacity, the FRBs operate and maintain several mainframe and distributed-based systems--including the systems that support the Department of the Treasury's auctions of marketable securities--on behalf of the department's B...
Managing Sensitive Information: Actions Needed to Ensure Recent Changes in DOE Oversight Do Not Weaken an Effective Classification System
GAO-06-785: Published: Jun 30, 2006. Publicly Released: Jun 30, 2006.
In recent years, the Congress has become increasingly concerned that federal agencies are misclassifying information. Classified information is material containing national defense or foreign policy information determined by the U.S. government to require protection for reasons of national security. GAO was asked to assess the extent to which (1) DOE's training, guidance, and oversight ensure that...
Managing Sensitive Information: DOD Can More Effectively Reduce the Risk of Classification Errors
GAO-06-706: Published: Jun 30, 2006. Publicly Released: Jun 30, 2006.
Misclassification of national security information impedes effective information sharing, can provide adversaries with information to harm the United States and its allies, and incurs millions of dollars in avoidable administrative costs. As requested, GAO examined (1) whether the implementation of the Department of Defense's (DOD) information security management program, effectively minimizes the...
Information Security: Leadership Needed to Address Weaknesses and Privacy Issues at Veterans Affairs
GAO-06-897T: Published: Jun 20, 2006. Publicly Released: Jun 20, 2006.
The recent information security breach at the Department of Veterans Affairs (VA), in which personal data on millions of veterans were compromised, has highlighted the importance of the department's security weaknesses, as well as the ability of federal agencies to protect personal information. Robust federal security programs are critically important to properly protect this information and the p...