Financial Management Service:
Significant Weaknesses in Computer Controls
AIMD-00-4: Published: Oct 4, 1999. Publicly Released: Oct 4, 1999.
Additional Materials:
- Full Report:
Contact:
(202) 512-8815
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a legislative requirement, GAO provided information on the general and application computer controls over key financial systems maintained and operated by the Financial Management Service (FMS), focusing on the results of GAO's fiscal year (FY) 1998 tests of the effectiveness of general and application controls that support key FMS automated financial systems and GAO's follow up on the status of FMS' corrective actions to address weaknesses identified in its FY 1997 audit.
GAO noted that: (1) the pervasive weaknesses GAO identified in FMS' computer controls at each of its data centers during GAO's FY 1998 audit renders FMS' overall security control environment ineffective in identifying, deterring, and responding to computer control weaknesses in a timely manner; (2) GAO's follow up on the status of FMS' corrective actions to address weaknesses identified in GAO's FY 1997 audit found that FMS had only corrected or mitigated the risks associated with 24 of 72 computer control weaknesses discussed in GAO's "Limited Official Use" report issued on July 31, 1998; (3) during the FY 1998 audit, GAO found new general computer control weaknesses in entitywide security planning and management, access controls, system software, and application software development and change controls; (4) GAO also identified weaknesses in the authorization controls over all six of the key FMS financial applications GAO reviewed; (5) in addition, GAO identified an accuracy control weakness over one of the six key FMS financial applications and a completeness control weakness over another one of the six key FMS financial applications; (6) because of the weaknesses in computer controls that GAO identified, including the lack of an effective entitywide security planning and management program, billions of dollars of payments and collections are at significant risk of loss or fraud, vast amounts of sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions; and (7) accordingly, as reported for FY 1997, GAO continues to consider FMS' computer control problems a material weakness.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: During the fiscal year 1999 testing of the effectiveness of FMS general and application controls, GAO followed up on the status of the FMS corrective actions to address vulnerabilities identified in its audits for fiscal years 1998 and 1997. GAO found that, at September 30, 1999, FMS had corrected or mitigated the risks associated with 52 of the 94 weaknesses that were identified in this report. FMS officials have informed us that it has taken further actions to correct or mitigate the risks associated with another 23 weaknesses and that it will continue to take actions to correct the remaining weaknesses. GAO is closing this recommendation because the remaining outstanding actions to correct weaknesses identified in this report have been included in GAO's report on fiscal year 1999 testing results issued in September 2000.
Recommendation: The Secretary of the Treasury should direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to correct each individual weakness that GAO identified and address each of the specific recommendations that were summarized in the "Limited Official Use" report.
Agency Affected: Department of the Treasury
Status: Closed - Implemented
Comments: FRB officials have informed FMS that it has corrected or plans to correct the computer control vulnerabilities that were identified at the FRB related to FMS systems. Based on the FRBs proactive approach in addressing vulnerabilities identified in prior years, GAO considers this recommendation closed. GAO will follow up on these matters during its ongoing audit of the federal government's fiscal year 2000 financial statements.
Recommendation: The Secretary of the Treasury should direct the Commissioner of the Financial Management Service, along with the Assistant Commissioner for Information Resources, to work with the Federal Reserve Banks (FRB) to implement corrective actions to resolve the computer control vulnerabilities related to FMS systems supported by the FRBs that GAO identified and communicated to the FRBs.
Agency Affected: Department of the Treasury
Explore the full database of GAO's Open Recommendations
»
Explore the full database of GAO's Open Recommendations
Jul 18, 2018
Civil Penalties:
Certain Federal Agencies Need to Improve Inflation Adjustment ReportingGAO-18-519: Published: Jul 18, 2018. Publicly Released: Jul 18, 2018.
Jul 17, 2018
-
Government Auditing Standards 2018 Revision (Supersedes GAO-12-331G)GAO-18-568G: Published: Jul 17, 2018. Publicly Released: Jul 17, 2018.
Jul 16, 2018
-
Management Report:
Continued Improvements Needed in Controls over the Processes Used to Prepare the U.S. Consolidated Financial StatementsGAO-18-540: Published: Jul 16, 2018. Publicly Released: Jul 16, 2018.
Jun 28, 2018
-
Capitol Preservation Fund:
Audit of Fiscal Years 2015, 2016, and 2017 TransactionsGAO-18-524R: Published: Jun 28, 2018. Publicly Released: Jun 28, 2018. -
Senate Preservation Fund:
Audit of Fiscal Years 2015, 2016, and 2017 TransactionsGAO-18-525R: Published: Jun 28, 2018. Publicly Released: Jun 28, 2018.
May 31, 2018
-
Improper Payments:
Actions and Guidance Could Help Address Issues and Inconsistencies in Estimation ProcessesGAO-18-377: Published: May 31, 2018. Publicly Released: May 31, 2018.
May 24, 2018
-
Congressional Award Foundation:
Review of the Audit of the Financial Statements for Fiscal Year 2017GAO-18-465R: Published: May 24, 2018. Publicly Released: May 24, 2018.
May 10, 2018
-
DOD Financial Management:
The Navy Needs to Improve Internal Control over Its BuildingsGAO-18-289: Published: May 10, 2018. Publicly Released: May 10, 2018.
Apr 17, 2018
-
Management Report:
Improvements Needed in the Bureau of the Fiscal Service's Information System ControlsGAO-18-332R: Published: Apr 17, 2018. Publicly Released: Apr 17, 2018.
Apr 5, 2018
-
Management Report:
Areas for Improvement in the Federal Reserve Banks' Information System ControlsGAO-18-334R: Published: Apr 5, 2018. Publicly Released: Apr 5, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on Auditing and Financial Management
- DHS Management - High Risk Issue
- DOD Business Systems Modernization - High Risk Issue
- DOD Financial Management - High Risk Issue
- Federal Financial Accountability
- Medicaid - High Risk Issue
- Medicare - High Risk Issue
- Reducing Government-wide Improper Payments
- U.S. Government's Environmental Liability - High Risk Issue
Explore our other Key Issues here
