Pursuant to a legislative requirement, GAO reviewed the general and application computer controls over key Financial Management Service (FMS) and Bureau of the Public Debt (BPD) financial systems maintained and operated by the 12 Federal Reserve Banks (FRB).

GAO noted that: (1) overall, GAO found that FRBs had implemented effective computer controls; (2) however, GAO identified vulnerabilities in computer controls involving: (a) access to systems, programs, and data, including unauthorized external access; (b) service continuity and contingency planning; and (c) access controls over certain financial applications; (3) while these vulnerabilities do not pose significant risks to the BPD and FMS financial systems, they warrant FRB management's attention and action to decrease the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations; (4) FRBs have corrected or are correcting the vulnerabilities that GAO identified; (5) GAO provided a general summary of the vulnerabilities that existed on September 30, 1997; (6) those that GAO verified had been fully resolved subsequent to September 30, 1997, GAO has so noted; and (6) GAO will review the status of FRBs' corrective actions during GAO's audit of the federal government's fiscal year 1998 consolidated financial statements.

Status Legend:

Review Pending-GAO has not yet assessed implementation status.

Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.

Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.

Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.

• Review Pending
• Open
• Closed - implemented
• Closed - not implemented

Recommendation for Executive Action

Recommendation: To improve areas of vulnerability in general controls and application controls cited in GAO's limited official use version of this report, the Chairman of the Board of Governors of the Federal Reserve System should: (1) assign cognizant FRB officials responsibility and accountability for correcting each individual vulnerability that GAO identified and communicated to FRB management during GAO's testing; and (2) direct the Director of the Division Reserve Bank Operations and Payment Systems to monitor the status of all vulnerabilities, including actions taken to correct them.

Agency Affected: Federal Reserve System: Board of Governors

Status: Closed - Implemented

Comments: FRB officials have taken actions to address the remaining 6 open vulnerabilities identified during GAO's fiscal year 1997 testing.