Financial Management Service:
Significant Weaknesses in Computer Controls
AIMD-00-4: Published: Oct 4, 1999. Publicly Released: Oct 4, 1999.
Additional Materials:
- Full Report:
Contact:
(202) 512-8815
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a legislative requirement, GAO provided information on the general and application computer controls over key financial systems maintained and operated by the Financial Management Service (FMS), focusing on the results of GAO's fiscal year (FY) 1998 tests of the effectiveness of general and application controls that support key FMS automated financial systems and GAO's follow up on the status of FMS' corrective actions to address weaknesses identified in its FY 1997 audit.
GAO noted that: (1) the pervasive weaknesses GAO identified in FMS' computer controls at each of its data centers during GAO's FY 1998 audit renders FMS' overall security control environment ineffective in identifying, deterring, and responding to computer control weaknesses in a timely manner; (2) GAO's follow up on the status of FMS' corrective actions to address weaknesses identified in GAO's FY 1997 audit found that FMS had only corrected or mitigated the risks associated with 24 of 72 computer control weaknesses discussed in GAO's "Limited Official Use" report issued on July 31, 1998; (3) during the FY 1998 audit, GAO found new general computer control weaknesses in entitywide security planning and management, access controls, system software, and application software development and change controls; (4) GAO also identified weaknesses in the authorization controls over all six of the key FMS financial applications GAO reviewed; (5) in addition, GAO identified an accuracy control weakness over one of the six key FMS financial applications and a completeness control weakness over another one of the six key FMS financial applications; (6) because of the weaknesses in computer controls that GAO identified, including the lack of an effective entitywide security planning and management program, billions of dollars of payments and collections are at significant risk of loss or fraud, vast amounts of sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions; and (7) accordingly, as reported for FY 1997, GAO continues to consider FMS' computer control problems a material weakness.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: During the fiscal year 1999 testing of the effectiveness of FMS general and application controls, GAO followed up on the status of the FMS corrective actions to address vulnerabilities identified in its audits for fiscal years 1998 and 1997. GAO found that, at September 30, 1999, FMS had corrected or mitigated the risks associated with 52 of the 94 weaknesses that were identified in this report. FMS officials have informed us that it has taken further actions to correct or mitigate the risks associated with another 23 weaknesses and that it will continue to take actions to correct the remaining weaknesses. GAO is closing this recommendation because the remaining outstanding actions to correct weaknesses identified in this report have been included in GAO's report on fiscal year 1999 testing results issued in September 2000.
Recommendation: The Secretary of the Treasury should direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to correct each individual weakness that GAO identified and address each of the specific recommendations that were summarized in the "Limited Official Use" report.
Agency Affected: Department of the Treasury
Status: Closed - Implemented
Comments: FRB officials have informed FMS that it has corrected or plans to correct the computer control vulnerabilities that were identified at the FRB related to FMS systems. Based on the FRBs proactive approach in addressing vulnerabilities identified in prior years, GAO considers this recommendation closed. GAO will follow up on these matters during its ongoing audit of the federal government's fiscal year 2000 financial statements.
Recommendation: The Secretary of the Treasury should direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to work with the Federal Reserve Banks (FRB) to implement corrective actions to resolve the computer control vulnerabilities related to FMS systems supported by the FRBs that GAO identified and communicated to the FRBs.
Agency Affected: Department of the Treasury
Explore the full database of GAO's Open Recommendations
»
Explore the full database of GAO's Open Recommendations
Feb 11, 2021
Freedom of Information Act:
Update on Federal Agencies' Use of Exemption StatutesGAO-21-148: Published: Jan 12, 2021. Publicly Released: Feb 11, 2021.
Oct 8, 2020
-
Open Data:
Agencies Need Guidance to Establish Comprehensive Data Inventories; Information on Their Progress is LimitedGAO-21-29: Published: Oct 8, 2020. Publicly Released: Oct 8, 2020.
Jul 16, 2020
-
Coast Guard:
Actions Needed to Ensure Investments in Key Data System Meet Mission and User NeedsGAO-20-562: Published: Jul 16, 2020. Publicly Released: Jul 16, 2020.
Mar 30, 2020
-
Information Management:
Selected Agencies Need to Fully Address Federal Electronic Recordkeeping RequirementsGAO-20-59: Published: Feb 27, 2020. Publicly Released: Mar 30, 2020.
Mar 16, 2020
-
Freedom of Information Act:
Federal Agencies' Recent Implementation EffortsGAO-20-406R: Published: Mar 11, 2020. Publicly Released: Mar 16, 2020.
Dec 16, 2019
-
Assessing Data Reliability (Supersedes GAO-09-680G)GAO-20-283G: Published: Dec 16, 2019. Publicly Released: Dec 16, 2019.
Oct 17, 2019
-
Freedom of Information Act:
DHS Needs to Reduce Backlogged Requests and Eliminate Duplicate ProcessingGAO-20-209T: Published: Oct 17, 2019. Publicly Released: Oct 17, 2019.
Aug 10, 2018
-
Paperwork Reduction Act:
Agencies Could Better Leverage Review Processes and Public Outreach to Improve Burden EstimatesGAO-18-381: Published: Jul 11, 2018. Publicly Released: Aug 10, 2018.
Jun 25, 2018
-
Freedom of Information Act:
Agencies Are Implementing Requirements but Additional Actions Are NeededGAO-18-365: Published: Jun 25, 2018. Publicly Released: Jun 25, 2018.
Mar 13, 2018
-
Freedom of Information Act:
Agencies Are Implementing Requirements but Need to Take Additional ActionsGAO-18-452T: Published: Mar 13, 2018. Publicly Released: Mar 13, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on Information Management
Explore our other Key Issues here
