Federal Reserve Banks:

Areas for Improvement in Computer Controls

AIMD-99-6: Published: Oct 14, 1998. Publicly Released: Oct 14, 1998.


Gary T. Engel
(202) 512-8815


Office of Public Affairs
(202) 512-4800

Pursuant to a legislative requirement, GAO reviewed the general and application computer controls over key Financial Management Service (FMS) and Bureau of the Public Debt (BPD) financial systems maintained and operated by the 12 Federal Reserve Banks (FRB).

GAO noted that: (1) overall, GAO found that FRBs had implemented effective computer controls; (2) however, GAO identified vulnerabilities in computer controls involving: (a) access to systems, programs, and data, including unauthorized external access; (b) service continuity and contingency planning; and (c) access controls over certain financial applications; (3) while these vulnerabilities do not pose significant risks to the BPD and FMS financial systems, they warrant FRB management's attention and action to decrease the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations; (4) FRBs have corrected or are correcting the vulnerabilities that GAO identified; (5) GAO provided a general summary of the vulnerabilities that existed on September 30, 1997; (6) those that GAO verified had been fully resolved subsequent to September 30, 1997, GAO has so noted; and (6) GAO will review the status of FRBs' corrective actions during GAO's audit of the federal government's fiscal year 1998 consolidated financial statements.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendation for Executive Action

    Recommendation: To improve areas of vulnerability in general controls and application controls cited in GAO's limited official use version of this report, the Chairman of the Board of Governors of the Federal Reserve System should: (1) assign cognizant FRB officials responsibility and accountability for correcting each individual vulnerability that GAO identified and communicated to FRB management during GAO's testing; and (2) direct the Director of the Division Reserve Bank Operations and Payment Systems to monitor the status of all vulnerabilities, including actions taken to correct them.

    Agency Affected: Federal Reserve System: Board of Governors

    Status: Closed - Implemented

    Comments: FRB officials have taken actions to address the remaining 6 open vulnerabilities identified during GAO's fiscal year 1997 testing.

    Aug 5, 2014

    Jul 31, 2014

    Jun 18, 2014

    Apr 29, 2014

    Apr 7, 2014

    Jan 8, 2014

    Dec 11, 2013

    Nov 14, 2013

    Oct 29, 2013

    Looking for more? Browse all our products here