Bureau of Public Debt:
Areas for Improvement in Computer Controls
GAO-02-1082R: Published: Sep 18, 2002. Publicly Released: Sep 18, 2002.
The Department of the Treasury is authorized by Congress to borrow money on the credit of the United States to fund operations of the federal government. Within Treasury, the Bureau of the Public Debt (BPD) is responsible for prescribing the debt instruments, limiting and restricting the amount and composition of the debt, paying interest to investors, and accounting for the resulting debt. BPD is also responsible for issuing Treasury securities to trust funds for trust fund receipts not needed for current benefits and expenses. In connection with fulfilling its requirement to audit the U.S. government's fiscal year 2001 financial statements, GAO reviewed the general and application computer controls over key financial systems maintained and operated by BPD. BPD maintained, in all material respects, effective internal control relevant to the Schedule of Federal Debt related to financial reporting and compliance with applicable laws and regulations as of September 30, 2001. BPD's internal control, which includes the general and application controls over key BPD systems relevant to the Schedule of Federal Debt, provided reasonable assurance that misstatements, losses, or noncompliance material in relation to the Schedule of Federal Debt for fiscal year 2001 would be prevented or detected on a timely basis. A follow-up on the status of the BPD's corrective actions to address vulnerabilities identified in GAO's audit for fiscal year 2000 found that the BPD had corrected or mitigated the risks associated with 8 of the 13 general and application control vulnerabilities discussed in a prior report and is in the process of addressing the remaining four. None of GAO's findings pose significant risks to BPD financial systems. Nevertheless, they warrant BPD managers' action to further decrease the risk of inappropriate disclosure and modification of sensitive data and programs, misuse of or damage to computer resources, and disruption of critical operations.