Financial Audit: Panama Canal Commission's Management Letter for FY 1994
Highlights
GAO reviewed the Panama Canal Commission's (PCC) general controls over its computer information systems and identified ways to strengthen PCC computer security. GAO noted that: (1) there are nonmaterial weaknesses in PCC computer information systems that warrant management's attention; (2) PCC needs to improve its implementation of access control software to better utilize available capabilities in the areas of user passwords, terminal access, and data protection; (3) PCC needs to strengthen control over its management information systems (MIS) by ensuring the segregation of duties and centralizing responsibility for MIS security; and (4) PCC needs to develop formal MIS security policies and procedures, document the MIS controls environment and personnel position descriptions, and develop better computer security training programs.