Financial Management Service:

Significant Weaknesses in Computer Controls Continue

GAO-02-317: Published: Jan 31, 2002. Publicly Released: Jan 31, 2002.

Additional Materials:

Contact:

Gary T. Engel
(202) 512-8815
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Financial Management Service's (FMS) overall security control environment continues to be ineffective in identifying, deterring, and responding to computer control weaknesses promptly. Consequently, billions of dollars of payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions. During its fiscal year 2000 audit, GAO found new general computer control weaknesses in the entity-wide security management program, access controls, and system software. GAO also identified new weaknesses in the authorization and completeness controls over one key FMS financial application. GAO's follow-up on the status of FMS's corrective actions to address weaknesses discussed in its fiscal year 1999 report found that, as of September 30, 2000, FMS had corrected or mitigated the risks associated with 35 of the 61 computer control weaknesses discussed in that report. To assist FMS management in addressing its computer control weaknesses, GAO made four overall recommendations in this public report.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: GAO's follow-up on the status of the FRB's corrective actions to address vulnerabilities identified in GAO's prior years' audits found that the FRBs had corrected or mitigated the risks associated with all the general and application control vulnerabilities.

    Recommendation: The Secretary of the Treasury should direct the commissioner of FMS, along with the assistant commissioner for information resources, to work with the Federal Reserve Banks (FRB) to monitor corrective actions taken to resolve the computer control vulnerabilities related to FMS systems supported by the FRBs that we identified and communicated to the FRBs.

    Agency Affected: Department of the Treasury

  2. Status: Closed - Implemented

    Comments: In connection with its ongoing requirement to audit the U.S. government's financial statements, GAO followed up on the status of the FMS corrective actions to address issues identified in this report. The Treasury Office of Inspector General's independent public accountant contractor concluded in its fiscal year 2004 audit that actions taken by FMS resolved this issue.

    Recommendation: The Secretary of the Treasury should direct the commissioner of FMS, along with the assistant commissioner for information resources, to correct each individual weakness that GAO identified and address each of the 85 specific recommendations detailed in the December 14, 2001 report.

    Agency Affected: Department of the Treasury

  3. Status: Closed - Implemented

    Comments: In connection with its ongoing requirement to audit the U.S. government's financial statements, GAO followed up on the status of the FMS corrective actions to address issues identified in this report. The Treasury Office of Inspector General's independent public accountant contractor concluded in its fiscal year 2004 audit that actions taken by FMS resolved this issue.

    Recommendation: The Secretary of the Treasury should direct the commissioner of FMS, along with the assistant commissioner for information resources, to fully implement an effective security program.

    Agency Affected: Department of the Treasury

  4. Status: Closed - Implemented

    Comments: In connection with its ongoing requirement to audit the U.S. government's financial statements, GAO followed up on the status of the FMS corrective actions to address issues identified in this report. The Treasury Office of Inspector General's independent public accountant contractor concluded in its fiscal year 2004 audit that actions taken by FMS resolved this issue.

    Recommendation: FMS should develop a detailed plan that describes the remedial actions, resources, target dates, and responsible agency officials to facilitate the implementation of its security program.

    Agency Affected: Department of the Treasury: Financial Management Service

 

Explore the full database of GAO's Open Recommendations »

Sep 20, 2016

Sep 6, 2016

Aug 19, 2016

Aug 12, 2016

Jul 29, 2016

Jul 28, 2016

Jul 13, 2016

Jul 11, 2016

Jun 13, 2016

Looking for more? Browse all our products here