Senate Restaurants Revolving Fund for Fiscal Years 2007 and 2006
GAO-08-463: Published: Mar 7, 2008. Publicly Released: Mar 7, 2008.
As requested, we provided for audits of the financial statements of the U.S. Senate Restaurants Revolving Fund (the Fund) for the fiscal years ended September 30, 2007, and 2006, by contracting with the independent public accounting firm of Clifton Gunderson LLP. The contract required that the audit be conducted in accordance with U.S. generally accepted government auditing standards and the joint GAO/President's Council on Integrity and Efficiency (PCIE) Financial Audit Manual.
In its audit of the Fund, Clifton Gunderson LLP reported that: (1) the financial statements were presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles. (2) Although internal controls should be improved, the Fund had effective internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations as of September 30, 2007. (3) There was no reportable noncompliance with selected provisions of laws and regulations it tested. Although Clifton Gunderson LLP reported that the Fund maintained effective internal control, it did identify certain deficiencies in internal control over financial reporting (including safeguarding assets) that it considers to be significant deficiencies which adversely affect the Fund's ability to meet internal control objectives described in U.S. Government Accountability Office (GAO) Standards for Internal Control in the Federal Government. Significant deficiencies Clifton Gunderson LLP noted are as follows: (1) the Fund has not maintained and fully implemented an effective entity-wide security program. Clifton Gunderson LLP found deficiencies in the areas of security program management, including policy administration, and certification and accreditation. Such conditions may lead to insufficient protection of sensitive or critical resources and disproportionately high expenditures for controls over low-risk resources. (2) The Fund has not effectively implemented consistent controls to restrict access to its information systems. Clifton Gunderson LLP's tests of logical access controls relating to the Fund's general support systems and major applications identified access control weaknesses. Without adequate access controls, unauthorized parties may gain access to the Fund's computer system and network resources that could result in damage, deletion, or theft of computerized data. Clifton Gunderson LLP reported that it did not consider the significant deficiencies noted above to be material weaknesses. However, Clifton Gunderson LLP reported that misstatements may nevertheless occur in other financial information reported by the Fund as a result of these internal control deficiencies.