Federal Reserve Banks

Areas for Improvement in Computer Controls Gao ID: AIMD-99-6 October 14, 1998

The 12 Federal Reserve Banks have introduced effective computer controls overall. However, GAO found weaknesses in computer controls involving (1) access to systems, programs, and data, including unauthorized external access; (2) service continuity and contingency planning; and (3) access controls over some financial applications. Although these weaknesses do not pose significant risks to the financial systems of the Bureau of the Public Debt and the Financial Management Service, they do warrant attention from the Federal Reserve Banks to decrease the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations. The Federal Reserve Banks have corrected or are correcting the vulnerabilities that GAO identified.

GAO noted that: (1) overall, GAO found that FRBs had implemented effective computer controls; (2) however, GAO identified vulnerabilities in computer controls involving: (a) access to systems, programs, and data, including unauthorized external access; (b) service continuity and contingency planning; and (c) access controls over certain financial applications; (3) while these vulnerabilities do not pose significant risks to the BPD and FMS financial systems, they warrant FRB management's attention and action to decrease the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations; (4) FRBs have corrected or are correcting the vulnerabilities that GAO identified; (5) GAO provided a general summary of the vulnerabilities that existed on September 30, 1997; (6) those that GAO verified had been fully resolved subsequent to September 30, 1997, GAO has so noted; and (6) GAO will review the status of FRBs' corrective actions during GAO's audit of the federal government's fiscal year 1998 consolidated financial statements.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.