Need for Internal Audit and Improved ADP Controls of the Export-Import Bank of the United States
ID-79-34: Published: Jun 1, 1979. Publicly Released: Jun 1, 1979.
- Full Report:
In a recent audit of the Export-Import Bank's (Eximbank) fiscal year 1978 financial statements, GAO noted several ways Eximbank could improve its internal accounting controls and operational efficiency.
These means include establishing an internal audit function and an automatic data processing (ADP) steering committee, strengthening the security controls for computerized systems, and improving ADP disaster recovery controls. Since 1975, GAO has recommended that Eximbank set up an internal audit system as an integral part of a sound management system. Eximbank has had an ADP steering committee but it was disbanded for ineffectiveness, concentration on minor details, and ignoring management oversight and evaluation. In regard to computer-generated data, Eximbank could improve controls over console and operations logs and the tape library. The disaster recovery controls which were lacking included remote storage of, and limited access to, program documentation; backup program procedures with duplicate data files; and periodic procedure tests at the backup data center.