Bureau of the Public Debt:

Areas for Improvement in Computer Controls

AIMD-99-242: Published: Aug 6, 1999. Publicly Released: Aug 6, 1999.

Additional Materials:

Contact:

Gary T. Engel
(202) 512-8815
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a legislative requirement, GAO reviewed the general and application controls that support key automated financial systems maintained and operated by the Bureau of Public Debt (BPD). GAO also followed up on the corrective actions BPD took in response to GAO's previous recommendations on improving BPD's financial system controls.

GAO noted that: (1) GAO's followup on the status of BPD's corrective actions to address vulnerabilities identified in GAO's fiscal year (FY) 1997 audit found that BPD had corrected or mitigated the risks associated with 13 of the 21 general and application control vulnerabilities discussed in GAO's prior report; (2) GAO's FY 1998 audit procedures identified certain new general control vulnerabilities in access controls, system software controls, and application software development and change controls; (3) GAO also identified vulnerabilities in the controls for two key BPD financial applications maintained and operated at the BPD data center in Parkersburg, West Virginia, involving authorization, completeness, and accuracy controls; (4) overall, GAO found that BPD general and application controls combined with other management and manual reconciliation controls were effective in ensuring BPD's ability to report reliable financial information and data; (5) although various management and reconciliation controls help BPD detect potential irregularities or improprieties in its financial data or transactions, these types of compensating controls do not prevent certain threats to its computer resources and operating environment from unintentional errors or omissions or intentional modification, disclosure, or destruction of data and programs by disgruntled employees, intruders, or hackers; (6) thus, the vulnerabilities GAO noted increase the risks of inappropriate disclosure and modification of sensitive data and programs, misuse or damage of computer resources, or disruption of critical operations; and (7) BPD informed GAO that it agreed with GAO's findings and that in most cases, it had corrected or is in the process of correcting the vulnerabilities that GAO identified.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: During GAO's fiscal year 1999 testing of the effectiveness of BPD's general and application controls, GAO followed up on the status of the BPD's corrective actions to address vulnerabilities identified in GAO's audits for fiscal years 1998 and 1997. GAO found that BPD had corrected or mitigated the risks associated with 5 of the 17 vulnerabilities that were identified in this report. In commenting on a draft of the report for fiscal year 1999, BPD officials stated that it agreed with GAO's findings and that in most cases, it had subsequently corrected or was in the process of correcting vulnerabilities that GAO identified. GAO is closing this recommendation because the remaining outstanding corrective actions to correct vulnerabilities identified in this report will be included in its report on fiscal year 1999 testing results that will be issued in June 2000. GAO will follow up on these matters during its ongoing audit of the federal government's fiscal year 2000 financial statements.

    Recommendation: The Commissioner of the Bureau of the Public Debt should take specific actions to correct each of the individual vulnerabilities that were identified during GAO's testing and summarized in the "Limited Official Use" report.

    Agency Affected: Department of the Treasury: Bureau of the Public Debt

  2. Status: Closed - Implemented

    Comments: Please call202/512-6100 for additional information.

    Recommendation: The Commissioner of BPD should work with the Federal Reserve Banks (FRB) to implement corrective actions to resolve the computer control vulnerabilities related to BPD systems supported by FRBs that GAO identified and communicated to the FRBs during its testing.

    Agency Affected: Department of the Treasury: Bureau of the Public Debt

 

Explore the full database of GAO's Open Recommendations »

Sep 20, 2016

Sep 6, 2016

Aug 19, 2016

Aug 12, 2016

Jul 29, 2016

Jul 28, 2016

Jul 13, 2016

Jul 11, 2016

Jun 13, 2016

Looking for more? Browse all our products here