Skip to main content

System Integrity: Stronger Controls Needed for Customs' Automated Commercial System

IMTEC-87-10 Published: Feb 10, 1987. Publicly Released: Feb 10, 1987.
Jump To:
Skip to Highlights

Highlights

GAO reviewed the U.S. Customs Service's Automated Commercial System (ACS) to determine if it had any weaknesses that could affect its integrity or reliability in helping Customs staff to identify and examine imports, collect duties, and supply the government with current import data.

Recommendations

Recommendations for Executive Action

Agency Affected Sort descending Recommendation Status
United States Customs Service The Commissioner of Customs should, in accordance with the requirements of the Federal Managers' Financial Integrity Act (FIA), report the lack of system access controls, documentation, and test plans as material control weaknesses until appropriate controls are in place.
Closed – Not Implemented
Customs reviewed the entire security program and decided that a reportable material weakness does not exist. Customs has taken action to eliminate the material control weaknesses. Reporting is no longer required under FIA.
United States Customs Service The Commissioner of Customs should document how ACS various modules or functional areas interrelate.
Closed – Implemented
The Director, Business Systems Division, plans to identify deficiencies and take action to close holes. According to the Coordinator, Treasury Audit Recommendation Monitoring System (TARMS), the Director, Business Systems Division, has completed a review of ACS intermodule documentation. The deficiencies in documentation have been corrected.
United States Customs Service The Commissioner of Customs should develop formal test plans and perform all testing of ACS application programs under these plans.
Closed – Implemented
Customs installed a standardized test package called VERIFY and is training personnel in its use.
United States Customs Service The Commissioner of Customs should establish and implement procedures to ensure that employees' functional access to ACS is limited to only those functions to which they need access to perform their assigned duties.
Closed – Implemented
Customs is reprogramming security administration functions in order to delegate to the district level where best control can be exercised. Reprogramming is complete. Security is now the responsibility of the district.

Full Report

Office of Public Affairs

Topics

Electronic data processingComputer securitySoftware documentationCustoms administrationGovernment collectionsImport regulationInformation systemsInternal controlsSystems evaluationTestingSystems integrity