Federal Reserve Banks:

Areas for Improvement in Computer Controls

AIMD-99-6: Published: Oct 14, 1998. Publicly Released: Oct 14, 1998.

Additional Materials:

Contact:

Gary T. Engel
(202) 512-8815
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a legislative requirement, GAO reviewed the general and application computer controls over key Financial Management Service (FMS) and Bureau of the Public Debt (BPD) financial systems maintained and operated by the 12 Federal Reserve Banks (FRB).

GAO noted that: (1) overall, GAO found that FRBs had implemented effective computer controls; (2) however, GAO identified vulnerabilities in computer controls involving: (a) access to systems, programs, and data, including unauthorized external access; (b) service continuity and contingency planning; and (c) access controls over certain financial applications; (3) while these vulnerabilities do not pose significant risks to the BPD and FMS financial systems, they warrant FRB management's attention and action to decrease the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations; (4) FRBs have corrected or are correcting the vulnerabilities that GAO identified; (5) GAO provided a general summary of the vulnerabilities that existed on September 30, 1997; (6) those that GAO verified had been fully resolved subsequent to September 30, 1997, GAO has so noted; and (6) GAO will review the status of FRBs' corrective actions during GAO's audit of the federal government's fiscal year 1998 consolidated financial statements.

Recommendation for Executive Action

  1. Status: Closed - Implemented

    Comments: FRB officials have taken actions to address the remaining 6 open vulnerabilities identified during GAO's fiscal year 1997 testing.

    Recommendation: To improve areas of vulnerability in general controls and application controls cited in GAO's limited official use version of this report, the Chairman of the Board of Governors of the Federal Reserve System should: (1) assign cognizant FRB officials responsibility and accountability for correcting each individual vulnerability that GAO identified and communicated to FRB management during GAO's testing; and (2) direct the Director of the Division Reserve Bank Operations and Payment Systems to monitor the status of all vulnerabilities, including actions taken to correct them.

    Agency Affected: Federal Reserve System: Board of Governors

 

Explore the full database of GAO's Open Recommendations »

Sep 17, 2014

Aug 5, 2014

Jul 31, 2014

Jun 18, 2014

Apr 29, 2014

Apr 7, 2014

Jan 8, 2014

Dec 11, 2013

Nov 14, 2013

Looking for more? Browse all our products here