Skip to Highlights
Highlights

Pursuant to a legislative requirement, GAO reviewed the general and application controls that support key automated financial systems maintained and operated by the Bureau of the Public Debt (BPD).

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of the Treasury 1. To improve areas of vulnerability in general controls and application controls over BPD's financial systems cited in GAO's July 31, 1998, limited official use version of this report, the Secretary of the Treasury should direct the Commissioner of the Bureau of the Public Debt to correct each individual vulnerability GAO identified and communicated to BPD during GAO's testing and summarized in the limited official use report, and assign responsibility and accountability for correcting each vulnerability to designated individuals. These individuals should report regularly to the Commissioner on the status of all vulnerabilities, including actions taken to correct them.
Closed - Implemented
During GAO's fiscal year 1998 testing of the effectiveness of BPD's general and application controls, GAO followed up on the status of the BPD's corrective actions to address vulnerabilities identified in GAO's audit for fiscal year 1997. GAO found that BPD had corrected or mitigated the risks associated with 15 of the 21 vulnerabilities that were identified in this report. GAO is closing this recommendation because the remaining outstanding corrective actions to correct vulnerabilities identified in this report have been included in the report on fiscal year 1998 testing results issued in August 1999 (GAO/AIMD-99-242).
Department of the Treasury 2. To improve areas of vulnerability in general controls and application controls over BPD's financial systems cited in GAO's July 31, 1998, limited official use version of this report, the Secretary of the Treasury should direct the Commissioner of the Bureau of the Public Debt to work with the Federal Reserve Banks (FRB) to implement corrective actions to improve the computer control vulnerabilities related to BPD systems supported by FRBs that GAO identified and communicated to FRBs during its testing.
Closed - Implemented
Many of the vulnerabilities that were identified at the FRB related to BPD systems have been corrected. Specifically, corrective action has been taken on all 6 of the application control vulnerabilities and 7 of the 13 general controls vulnerabilities identified at the FRBs GAO visited. FRB officials informed GAO that the FRBs had corrected or mitigated the risks associated with the remaining 11 general controls vulnerabilities at the sites GAO did not visit this year. Because these sites were not subject to testing during FY 1998 based on GAO's rotational audit approach, GAO plan to verify the corrective actions reportedly taken on these 11 general controls vulnerabilities by the FRBs during GAO's audit of the U.S. government's FY 1999 financial statements. None of the remaining 6 open general controls vulnerabilities are considered as having a significant adverse impact, either individually or collectively, on the BPD systems maintained and operated by the FRBs.

Full Report