Federal Reserve Banks:

Areas for Improvement in Computer Controls

GAO-02-266R: Published: Dec 10, 2001. Publicly Released: Dec 10, 2001.

Additional Materials:

Contact:

Gary T. Engel
(202) 512-8815
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

As part of its audit of the U.S. government's fiscal year 2000 financial statements, GAO reviewed computer controls over key financial systems maintained and operated by the Federal Reserve Banks (FRB) on behalf of the Department of the Treasury's Financial Management Service (FMS) and the Bureau of the Public Debt (BPD). GAO identified opportunities to improve general controls related to access at two data centers; access, system software, and service continuity at a third data center; and access and system software at a fourth data center. GAO also identified opportunities to improve authorization controls over four key applications and accuracy controls over one of these key applications. FRB had corrected or mitigated the risks associated with all vulnerabilities discussed in earlier GAO reports. Although the general and application controls identified do not pose significant risks to the FMS and BPD financial systems, they warrant action to decrease the risk of inappropriate disclosure and modification of sensitive data and programs, misuse of or damage to computer resources, and disruption of critical operations.

Recommendation for Executive Action

  1. Status: Closed - Implemented

    Comments: GAO's follow-up on the status of the FRBs' corrective actions to address the vulnerabilities identified in this report found that the FRB had corrected or mitigated the risks associated with 25 of the 29 general and application control vulnerabilities, and are in the process of addressing the remaining four. GAO will follow up on these matters during its audit of the U.S. government's fiscal year 2002 financial statements.

    Recommendation: The Director of the Federal Reserve System's Division of Federal Reserve Bank Operations should assign to cognizant FRB officials responsibility and accountability for correcting each vulnerability that GAO identified and for addressing each of the specific recommendations detailed in the enclosure to that letter.

    Agency Affected: Federal Reserve System: Board of Governors: Division of Reserve Bank Operations and Payment Systems

 

Explore the full database of GAO's Open Recommendations »

Nov 20, 2014

Oct 6, 2014

Sep 17, 2014

Aug 5, 2014

Jul 31, 2014

Jun 18, 2014

Apr 29, 2014

Apr 7, 2014

Jan 8, 2014

Looking for more? Browse all our products here