System Integrity:

Stronger Controls Needed for Customs' Automated Commercial System

IMTEC-87-10: Published: Feb 10, 1987. Publicly Released: Feb 10, 1987.

Additional Materials:

Contact:

James R. Watts
(202) 275-3455
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO reviewed the U.S. Customs Service's Automated Commercial System (ACS) to determine if it had any weaknesses that could affect its integrity or reliability in helping Customs staff to identify and examine imports, collect duties, and supply the government with current import data.

GAO found no actual fraud, waste, or abuse involving ACS, but did identify several weaknesses in ACS internal controls and development procedures, including: (1) a lack of established controls to prevent employees from unwarranted access to ACS functions beyond those necessary to perform their assigned jobs; (2) inadequate documentation of the operational interrelationships among the 15 ACS modules, which could cause delays or errors during ACS maintenance or modification, especially if any of the key managers were unavailable; and (3) a lack of adequate test plans, increasing the risk that the ACS software will contain serious errors. GAO believes that, as ACS becomes more complex, the possibility will increase that fraud, delays, or errors resulting from these weaknesses could compromise Customs' enforcement and collection efforts.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Customs is reprogramming security administration functions in order to delegate to the district level where best control can be exercised. Reprogramming is complete. Security is now the responsibility of the district.

    Recommendation: The Commissioner of Customs should establish and implement procedures to ensure that employees' functional access to ACS is limited to only those functions to which they need access to perform their assigned duties.

    Agency Affected: Department of the Treasury: United States Customs Service

  2. Status: Closed - Not Implemented

    Comments: Customs reviewed the entire security program and decided that a reportable material weakness does not exist. Customs has taken action to eliminate the material control weaknesses. Reporting is no longer required under FIA.

    Recommendation: The Commissioner of Customs should, in accordance with the requirements of the Federal Managers' Financial Integrity Act (FIA), report the lack of system access controls, documentation, and test plans as material control weaknesses until appropriate controls are in place.

    Agency Affected: Department of the Treasury: United States Customs Service

  3. Status: Closed - Implemented

    Comments: The Director, Business Systems Division, plans to identify deficiencies and take action to close holes. According to the Coordinator, Treasury Audit Recommendation Monitoring System (TARMS), the Director, Business Systems Division, has completed a review of ACS intermodule documentation. The deficiencies in documentation have been corrected.

    Recommendation: The Commissioner of Customs should document how ACS various modules or functional areas interrelate.

    Agency Affected: Department of the Treasury: United States Customs Service

  4. Status: Closed - Implemented

    Comments: Customs installed a standardized test package called VERIFY and is training personnel in its use.

    Recommendation: The Commissioner of Customs should develop formal test plans and perform all testing of ACS application programs under these plans.

    Agency Affected: Department of the Treasury: United States Customs Service

 

Explore the full database of GAO's Open Recommendations »

Sep 21, 2016

Aug 3, 2016

Aug 1, 2016

Jul 14, 2016

Jul 5, 2016

Jun 30, 2016

Jun 28, 2016

Jun 23, 2016

Jun 22, 2016

Looking for more? Browse all our products here