Financial Management Service:

Significant Weaknesses in Computer Controls

AIMD-00-4: Published: Oct 4, 1999. Publicly Released: Oct 4, 1999.

Additional Materials:

Contact:

Gary T. Engel
(202) 512-8815
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a legislative requirement, GAO provided information on the general and application computer controls over key financial systems maintained and operated by the Financial Management Service (FMS), focusing on the results of GAO's fiscal year (FY) 1998 tests of the effectiveness of general and application controls that support key FMS automated financial systems and GAO's follow up on the status of FMS' corrective actions to address weaknesses identified in its FY 1997 audit.

GAO noted that: (1) the pervasive weaknesses GAO identified in FMS' computer controls at each of its data centers during GAO's FY 1998 audit renders FMS' overall security control environment ineffective in identifying, deterring, and responding to computer control weaknesses in a timely manner; (2) GAO's follow up on the status of FMS' corrective actions to address weaknesses identified in GAO's FY 1997 audit found that FMS had only corrected or mitigated the risks associated with 24 of 72 computer control weaknesses discussed in GAO's "Limited Official Use" report issued on July 31, 1998; (3) during the FY 1998 audit, GAO found new general computer control weaknesses in entitywide security planning and management, access controls, system software, and application software development and change controls; (4) GAO also identified weaknesses in the authorization controls over all six of the key FMS financial applications GAO reviewed; (5) in addition, GAO identified an accuracy control weakness over one of the six key FMS financial applications and a completeness control weakness over another one of the six key FMS financial applications; (6) because of the weaknesses in computer controls that GAO identified, including the lack of an effective entitywide security planning and management program, billions of dollars of payments and collections are at significant risk of loss or fraud, vast amounts of sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions; and (7) accordingly, as reported for FY 1997, GAO continues to consider FMS' computer control problems a material weakness.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: During the fiscal year 1999 testing of the effectiveness of FMS general and application controls, GAO followed up on the status of the FMS corrective actions to address vulnerabilities identified in its audits for fiscal years 1998 and 1997. GAO found that, at September 30, 1999, FMS had corrected or mitigated the risks associated with 52 of the 94 weaknesses that were identified in this report. FMS officials have informed us that it has taken further actions to correct or mitigate the risks associated with another 23 weaknesses and that it will continue to take actions to correct the remaining weaknesses. GAO is closing this recommendation because the remaining outstanding actions to correct weaknesses identified in this report have been included in GAO's report on fiscal year 1999 testing results issued in September 2000.

    Recommendation: The Secretary of the Treasury should direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to correct each individual weakness that GAO identified and address each of the specific recommendations that were summarized in the "Limited Official Use" report.

    Agency Affected: Department of the Treasury

  2. Status: Closed - Implemented

    Comments: FRB officials have informed FMS that it has corrected or plans to correct the computer control vulnerabilities that were identified at the FRB related to FMS systems. Based on the FRBs proactive approach in addressing vulnerabilities identified in prior years, GAO considers this recommendation closed. GAO will follow up on these matters during its ongoing audit of the federal government's fiscal year 2000 financial statements.

    Recommendation: The Secretary of the Treasury should direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to work with the Federal Reserve Banks (FRB) to implement corrective actions to resolve the computer control vulnerabilities related to FMS systems supported by the FRBs that GAO identified and communicated to the FRBs.

    Agency Affected: Department of the Treasury

 

Explore the full database of GAO's Open Recommendations »

Sep 20, 2016

Sep 6, 2016

Aug 19, 2016

Aug 12, 2016

Jul 29, 2016

Jul 28, 2016

Jul 13, 2016

Jul 11, 2016

Jun 13, 2016

Looking for more? Browse all our products here