Significant Weaknesses in Corps of Engineers' Computer Controls
GAO-01-89: Published: Oct 11, 2000. Publicly Released: Oct 11, 2000.
- Full Report:
GAO tested the effectiveness of general and application controls that support the Army Corps of Engineers' key financial system. This system processes military engineering, construction, and real estate projects and civil works projects involving the investigation, development, and maintenance of the nation's waters and related environmental resources. GAO found pervasive weaknesses in computer controls at the Corps' data processing centers. Other Corps sites revealed serious vulnerabilities that would allow both hackers and legitimate users with valid access privileges to improperly modify, inappropriately disclose, or destroy sensitive and financial data, including social security numbers and other personal information. These weaknesses undermine the Corps' ability to ensure the confidentiality and availability of data in the financial system.
Recommendation for Executive Action
Status: Closed - Implemented
Comments: GAO's September 2000 Limited Official Use (LOUO) report GAO/AIMD-00-235, entitled Financial Management: Computer Control Weaknesses Over Corps of Engineers Financial Management System, contained 6 recommendations that directed the Corps to take 93 actions to improve its general and application controls. GAO report 01-89, Financial Management: Significant Weaknesses in Corps of Engineer's Computer Controls dated October 2000 was the non-LOUO report containing one generic recommendation summarizing GAO/AIMD-00-235. During GAO's fiscal year 2004 report recommendation follow-up work, GAO learned that the Corps had taken action on the 6 recommendations in GAO-00-235 by completing 66 specific actions with an additional 22 actions in process or partially implemented. These efforts are intended to make information security controls over financial management better. This represents a significant commitment by the Corps to improve access controls, systems software, segregation of duties, and application controls over its financial management system. Consequently, GAO designated the recommendation in GAO-01-89 as "Closed Implemented."
Recommendation: In GAO's September 15, 2000, Limited Official Use report, the Army Corps of Engineers should direct and determine that the Deputy Chief of Staff for Resource Management, along with the Chief Information Officer, implement corrective actions to resolve the general and application computer control weaknesses that GAO identified in that report.
Agency Affected: Department of Defense: Department of the Army: Corps of Engineers