Federal Reserve Banks:

Areas for Improvement in Computer Controls

AIMD-99-6: Published: Oct 14, 1998. Publicly Released: Oct 14, 1998.

Additional Materials:


Gary T. Engel
(202) 512-8815


Office of Public Affairs
(202) 512-4800

Pursuant to a legislative requirement, GAO reviewed the general and application computer controls over key Financial Management Service (FMS) and Bureau of the Public Debt (BPD) financial systems maintained and operated by the 12 Federal Reserve Banks (FRB).

GAO noted that: (1) overall, GAO found that FRBs had implemented effective computer controls; (2) however, GAO identified vulnerabilities in computer controls involving: (a) access to systems, programs, and data, including unauthorized external access; (b) service continuity and contingency planning; and (c) access controls over certain financial applications; (3) while these vulnerabilities do not pose significant risks to the BPD and FMS financial systems, they warrant FRB management's attention and action to decrease the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations; (4) FRBs have corrected or are correcting the vulnerabilities that GAO identified; (5) GAO provided a general summary of the vulnerabilities that existed on September 30, 1997; (6) those that GAO verified had been fully resolved subsequent to September 30, 1997, GAO has so noted; and (6) GAO will review the status of FRBs' corrective actions during GAO's audit of the federal government's fiscal year 1998 consolidated financial statements.

Recommendation for Executive Action

  1. Status: Closed - Implemented

    Comments: FRB officials have taken actions to address the remaining 6 open vulnerabilities identified during GAO's fiscal year 1997 testing.

    Recommendation: To improve areas of vulnerability in general controls and application controls cited in GAO's limited official use version of this report, the Chairman of the Board of Governors of the Federal Reserve System should: (1) assign cognizant FRB officials responsibility and accountability for correcting each individual vulnerability that GAO identified and communicated to FRB management during GAO's testing; and (2) direct the Director of the Division Reserve Bank Operations and Payment Systems to monitor the status of all vulnerabilities, including actions taken to correct them.

    Agency Affected: Federal Reserve System: Board of Governors


Explore the full database of GAO's Open Recommendations »

Jul 6, 2020

Apr 30, 2020

  • finance icon, source: Comstock

    Priority Open Recommendations:

    Department of the Treasury
    GAO-20-549PR: Published: Apr 23, 2020. Publicly Released: Apr 30, 2020.

Apr 27, 2020

Apr 21, 2020

Apr 20, 2020

Jan 24, 2020

Dec 19, 2019

Looking for more? Browse all our products here