Bureau of the Public Debt

Areas for Improvement in Computer Controls Gao ID: AIMD-99-2 October 14, 1998

The Bureau of the Public Debt processes investments and redemptions of U.S. Treasury securities, makes interest payments, accounts for the resulting debt, and provides financial reports to the public and the federal government. The Bureau has implemented effective computer controls overall. However, GAO found some weaknesses in general controls involving access to data and programs, physical access, contingency planning, and security management. GAO also found weaknesses in the controls for two key Bureau financial applications maintained and operated at the data center in Parkersburg, West Virginia. The Bureau needs to further restrict system access rights and improve security monitoring. It also needs to ensure that established procedures are followed to prevent unauthorized deletion of exception reports. In most cases, the Bureau has corrected or is correcting the vulnerabilities GAO cited.

GAO noted that: (1) overall, GAO found that BPD implemented effective computer controls; however, GAO identified certain vulnerabilities in general controls involving: (a) access to data and programs; (b) physical access; (c) contingency planning; and (d) security management; (2) GAO also identified vulnerabilities in the controls for two key BPD financial applications maintained and operated at the BPD data center in Parkersburg, West Virginia; (3) addressing these vulnerabilities requires: (a) strengthening access controls by further restricting system access rights and improving security monitoring; and (b) managing accuracy controls more effectively by ensuring that established procedures are followed to prevent unauthorized deletion of exception reports; (4) in most cases, BPD has corrected or is correcting the vulnerabilities that GAO identified; (5) GAO provided a general summary of the vulnerabilities that existed on September 30, 1997; (6) those that GAO verified had been fully resolved subsequent to September 30, 1997, GAO has so noted; and (7) GAO will review the status of BPD's other corrective actions as part of its fiscal year 1998 financial audits.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.