Bureau of the Public Debt:

Areas for Improvement in Computer Controls

AIMD-00-269: Published: Aug 9, 2000. Publicly Released: Aug 9, 2000.

Additional Materials:

Contact:

Gary T. Engel
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a legislative requirement, GAO reviewed the Bureau of the Public Debt's (BPD) computer controls, focusing on: (1) the vulnerabilities identified; and (2) a follow-up on previously reported vulnerabilities.

GAO noted that: (1) BPD's general and application controls combined with other management and manual reconciliation controls were effective in ensuring BPD's ability to report reliable financial information and data; (2) although various management and reconciliation controls help BPD detect potential irregularities or improprieties in its financial data or transactions, these types of compensating controls do not prevent certain threats to its computer resources or operating environment from unintentional errors or omissions, or intentional modification, disclosure, or destruction of data and programs by disgruntled employees, intruders, or hackers; (3) thus, the vulnerabilities increase the risks of inappropriate disclosure and modification of sensitive data and programs, misuse or damage of computer resources, or disruption of critical operations; (4) BPD informed GAO that it agreed with GAO's findings and that in most cases, it had subsequently corrected or was in the process of correcting vulnerabilities that GAO identified; (5) GAO's fiscal year 1999 audit procedures identified certain general control vulnerabilities in BPD's entitywide security management program, access controls, application software development and change controls, and service continuity; (6) GAO also identified vulnerabilities in the application controls over four key BPD financial applications maintained and operated at the BPD data center; (7) specifically, GAO identified vulnerabilities in the authorization controls over two of the four key BPD financial applications; (8) in addition, GAO identified completeness and accuracy control vulnerabilities over a third key BPD financial application and authorization and accuracy control vulnerabilities over a fourth key BPD financial application; (9) GAO's follow-up on the status of BPD's corrective actions to address vulnerabilities identified in GAO's fiscal years 1998 and 1997 audits found that BPD had corrected or mitigated the risks associated with 5 of the 17 general and application control vulnerabilities discussed in GAO's prior reports; and (10) additionally, BPD is in the process of addressing the remaining 12 general and application control vulnerabilities discussed in GAO's prior years' reports.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: During GAO's fiscal year 2000 tests of the effectiveness of the Bureau of the Public Debt's (BPD) general and application controls, GAO followed up on the status of the BPD corrective actions to address vulnerabilities identified in our audit for fiscal year 1999. GAO found that, at September 30, 2000, BPD had corrected or mitigated the risks associated with 16 of the 17 vulnerabilities that were identified in this report. BPD officials have informed GAO that has taken further actions to correct the remaining vulnerability. GAO will follow up on these matters during the ongoing audit of the federal government's fiscal year 2000 financial statements.

    Recommendation: The Secretary of the Treasury should direct the Commissioner of the Bureau of the Public Debt (BPD) to take specific actions to correct each of the individual vulnerabilities that were identified during GAO's testing and summarized in the Limited Official Use report.

    Agency Affected: Department of the Treasury

  2. Status: Closed - Implemented

    Comments: BPD officials informed GAO that they work closely with the FRB staff and provide support, where appropriate, as the FRBs implement corrective actions to address vulnerabilities identified in the FRB report. GAO plans to follow up on these matters during its ongoing audit of the federal government's fiscal year 2001 financial statements.

    Recommendation: The Secretary of the Treasury should direct the Commissioner of the Bureau of the Public Debt to work with the Federal Reserve Banks (FRB) to implement corrective actions to resolve the computer control vulnerabilities related to BPD systems supported by FRBs that GAO identified and communicated to the FRBs during GAO's testing.

    Agency Affected: Department of the Treasury

 

Explore the full database of GAO's Open Recommendations »

Sep 20, 2016

Sep 6, 2016

Aug 19, 2016

Aug 12, 2016

Jul 29, 2016

Jul 28, 2016

Jul 13, 2016

Jul 11, 2016

Jun 13, 2016

Looking for more? Browse all our products here