Financial Management Service:

Significant Weaknesses in Computer Controls

AIMD-00-305: Published: Sep 26, 2000. Publicly Released: Sep 26, 2000.

Additional Materials:

Contact:

Gary T. Engel
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a legislative requirement, GAO provided information on the Financial Management Service's (FMS) computer controls in fiscal year (FY) 1999, focusing on: (1) the significant weaknesses GAO identified in its limited official use report and the recommendations that GAO had made; and (2) a follow-up on previously reported weaknesses.

GAO noted that: (1) the pervasive weaknesses GAO identified in FMS' computer controls at most of its data centers during GAO's FY 1999 audit render FMS' overall security control environment ineffective in identifying, deterring, and responding to computer control weaknesses promptly; (2) billions of dollars in payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions; (3) GAO reported FMS' computer control problems a material weakness; (4) FMS officials have also recognized the serious nature of these problems and have reported these matters as a material weakness in its Federal Managers' Financial Integrity Act report for fiscal years 1999 and 1998; (5) GAO's FY 1999 audit found new general computer control weaknesses in access controls, systems software, and segregation of duties; (6) GAO identified new weaknesses in the authorization controls over two key FMS financial applications; (7) GAO's follow-up on the status of FMS' corrective actions to address weaknesses discussed in GAO's FY 1998 report found that as of September 30, 1999, FMS had corrected or mitigated the risks associated with 52 of the 94 computer control weaknesses discussed in that report; and (8) to assist FMS management in addressing its general computer control weaknesses, the Limited Official Use version of this report contained 59 detailed recommendations.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: We are closing this recommendation because the remaining outstanding actions to correct weaknesses identified in this report have been included in our report on fiscal year 2000 testing results issued in January 2002 (GAO-02-317).

    Recommendation: In GAO's September 22, 2000, Limited Official Use version of this report, GAO reaffirmed its prior year recommendation that the Secretary of the Treasury direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to establish an effective entitywide security management program.

    Agency Affected: Department of the Treasury

  2. Status: Closed - Implemented

    Comments: We are closing this recommendation because the remaining outstanding actions to correct weaknesses identified in this report have been included in our report on fiscal year 2000 testing results issued in January 2002 (GAO-02-317).

    Recommendation: GAO recommended that the Secretary of the Treasury direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to correct each individual weakness that GAO identified and address each of the 59 specific recommendations detailed in that report.

    Agency Affected: Department of the Treasury

  3. Status: Closed - Implemented

    Comments: FRB officials have informed FMS and the results of GAO's fiscal year 2000 audit confirmed that the FRBs had corrected the vulnerabilities identified in GAO's fiscal year 1999 audit.

    Recommendation: GAO recommended that the Secretary of the Treasury direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to work with the Federal Reserve Banks (FRB) to monitor corrective actions taken to resolve the computer control vulnerabilities related to FMS systems supported by the FRBs that GAO identified and communicated to the FRBs.

    Agency Affected: Department of the Treasury

 

Explore the full database of GAO's Open Recommendations »

Sep 20, 2016

Sep 6, 2016

Aug 19, 2016

Aug 12, 2016

Jul 29, 2016

Jul 28, 2016

Jul 13, 2016

Jul 11, 2016

Jun 13, 2016

Looking for more? Browse all our products here