Financial Management Service

Significant Weaknesses in Computer Controls Gao ID: AIMD-00-305 September 26, 2000

This report provides an overall assessment and summary of the Department of the Treasury's Financial Management Service (FMS) general and application computer controls over key financial systems it maintains and operates. It points out computer control weaknesses that, in GAO's view, place FMS' financial systems at significant risk of fraud, unauthorized disclosure and modifications of sensitive data and programs, misuse or damage to computer resources, or disruption of critical operations. GAO concludes that pervasive weaknesses in computer controls render FMS' overall security control environment ineffective in identifying, deterring, and responding to computer control weaknesses promptly. Consequently, billions of dollars of payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions. As of September 1999, FMS had corrected or mitigated the risks associated with 52 of the 94 computer control weaknesses cited by GAO in its fiscal year 1998 report.

GAO noted that: (1) the pervasive weaknesses GAO identified in FMS' computer controls at most of its data centers during GAO's FY 1999 audit render FMS' overall security control environment ineffective in identifying, deterring, and responding to computer control weaknesses promptly; (2) billions of dollars in payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions; (3) GAO reported FMS' computer control problems a material weakness; (4) FMS officials have also recognized the serious nature of these problems and have reported these matters as a material weakness in its Federal Managers' Financial Integrity Act report for fiscal years 1999 and 1998; (5) GAO's FY 1999 audit found new general computer control weaknesses in access controls, systems software, and segregation of duties; (6) GAO identified new weaknesses in the authorization controls over two key FMS financial applications; (7) GAO's follow-up on the status of FMS' corrective actions to address weaknesses discussed in GAO's FY 1998 report found that as of September 30, 1999, FMS had corrected or mitigated the risks associated with 52 of the 94 computer control weaknesses discussed in that report; and (8) to assist FMS management in addressing its general computer control weaknesses, the Limited Official Use version of this report contained 59 detailed recommendations.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.