Federal Reserve Banks:
Areas for Improvement in Computer Controls
AIMD-99-6: Published: Oct 14, 1998. Publicly Released: Oct 14, 1998.
- Full Report:
Pursuant to a legislative requirement, GAO reviewed the general and application computer controls over key Financial Management Service (FMS) and Bureau of the Public Debt (BPD) financial systems maintained and operated by the 12 Federal Reserve Banks (FRB).
GAO noted that: (1) overall, GAO found that FRBs had implemented effective computer controls; (2) however, GAO identified vulnerabilities in computer controls involving: (a) access to systems, programs, and data, including unauthorized external access; (b) service continuity and contingency planning; and (c) access controls over certain financial applications; (3) while these vulnerabilities do not pose significant risks to the BPD and FMS financial systems, they warrant FRB management's attention and action to decrease the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations; (4) FRBs have corrected or are correcting the vulnerabilities that GAO identified; (5) GAO provided a general summary of the vulnerabilities that existed on September 30, 1997; (6) those that GAO verified had been fully resolved subsequent to September 30, 1997, GAO has so noted; and (6) GAO will review the status of FRBs' corrective actions during GAO's audit of the federal government's fiscal year 1998 consolidated financial statements.
Recommendation for Executive Action
Status: Closed - Implemented
Comments: FRB officials have taken actions to address the remaining 6 open vulnerabilities identified during GAO's fiscal year 1997 testing.
Recommendation: To improve areas of vulnerability in general controls and application controls cited in GAO's limited official use version of this report, the Chairman of the Board of Governors of the Federal Reserve System should: (1) assign cognizant FRB officials responsibility and accountability for correcting each individual vulnerability that GAO identified and communicated to FRB management during GAO's testing; and (2) direct the Director of the Division Reserve Bank Operations and Payment Systems to monitor the status of all vulnerabilities, including actions taken to correct them.
Agency Affected: Federal Reserve System: Board of Governors