Federal Reserve Banks

Areas for Improvement in Computer Controls Gao ID: GAO-02-266R December 10, 2001

As part of its audit of the U.S. government's fiscal year 2000 financial statements, GAO reviewed computer controls over key financial systems maintained and operated by the Federal Reserve Banks (FRB) on behalf of the Department of the Treasury's Financial Management Service (FMS) and the Bureau of the Public Debt (BPD). GAO identified opportunities to improve general controls related to access at two data centers; access, system software, and service continuity at a third data center; and access and system software at a fourth data center. GAO also identified opportunities to improve authorization controls over four key applications and accuracy controls over one of these key applications. FRB had corrected or mitigated the risks associated with all vulnerabilities discussed in earlier GAO reports. Although the general and application controls identified do not pose significant risks to the FMS and BPD financial systems, they warrant action to decrease the risk of inappropriate disclosure and modification of sensitive data and programs, misuse of or damage to computer resources, and disruption of critical operations.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.