Federal Reserve Banks:

Areas for Improvement in Computer Controls

GAO-02-266R: Published: Dec 10, 2001. Publicly Released: Dec 10, 2001.


Gary T. Engel
(202) 512-8815


Office of Public Affairs
(202) 512-4800

As part of its audit of the U.S. government's fiscal year 2000 financial statements, GAO reviewed computer controls over key financial systems maintained and operated by the Federal Reserve Banks (FRB) on behalf of the Department of the Treasury's Financial Management Service (FMS) and the Bureau of the Public Debt (BPD). GAO identified opportunities to improve general controls related to access at two data centers; access, system software, and service continuity at a third data center; and access and system software at a fourth data center. GAO also identified opportunities to improve authorization controls over four key applications and accuracy controls over one of these key applications. FRB had corrected or mitigated the risks associated with all vulnerabilities discussed in earlier GAO reports. Although the general and application controls identified do not pose significant risks to the FMS and BPD financial systems, they warrant action to decrease the risk of inappropriate disclosure and modification of sensitive data and programs, misuse of or damage to computer resources, and disruption of critical operations.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendation for Executive Action

    Recommendation: The Director of the Federal Reserve System's Division of Federal Reserve Bank Operations should assign to cognizant FRB officials responsibility and accountability for correcting each vulnerability that GAO identified and for addressing each of the specific recommendations detailed in the enclosure to that letter.

    Agency Affected: Federal Reserve System: Board of Governors: Division of Reserve Bank Operations and Payment Systems

    Status: Closed - Implemented

    Comments: GAO's follow-up on the status of the FRBs' corrective actions to address the vulnerabilities identified in this report found that the FRB had corrected or mitigated the risks associated with 25 of the 29 general and application control vulnerabilities, and are in the process of addressing the remaining four. GAO will follow up on these matters during its audit of the U.S. government's fiscal year 2002 financial statements.

    Aug 5, 2014

    Jul 31, 2014

    Jun 18, 2014

    Apr 29, 2014

    Apr 7, 2014

    Jan 8, 2014

    Dec 11, 2013

    Nov 14, 2013

    Oct 29, 2013

    Looking for more? Browse all our products here