Better Controls Needed for Federal Debt Information Systems

Posted by Angie Petty on July 18, 2017

Acquisition Guidance in OMBs Revised Circular A 130

During GAO’s annual audit of key Fiscal Service financial systems, it found new deficiencies in the areas of access control, configuration management, and segregation of duties.

Each year GAO audits the consolidated financial statement of the U.S. government, which includes a review of the controls over financial systems of the Department of the Treasury's Bureau of the Fiscal Service (Fiscal Service).  The Fiscal Service is responsible for managing Schedules of the Federal Debt.

GAO identified nine new deficiencies in information systems general controls during its audit of fiscal years ending September 30, 2016, and 2015.  Information systems general controls consist of the structure, policies, and procedures that apply to an entity’s overall computer operations. These controls establish the environment in which the application systems and controls operate. General control areas include security management, access controls, configuration management, segregation of duties, and contingency planning. 

GAO did not release detailed information on the specific deficiencies identified, but it did indicated that three of deficiencies related to access controls, five related to configuration management, and one related to segregation of duties. Access controls limit access or detect inappropriate access to computer resources, such as data, programs, equipment, and facilities, thereby protecting them from unauthorized modification, loss, or disclosure. Configuration management involves the identification and management of security features for all hardware, software, and firmware components of an information system at a given point and systematically controls changes to that configuration during the system’s life cycle. Segregation of duties is achieved by splitting responsibilities between two or more organizational groups so that one group or individual does not control all critical stages of a process.

GAO communicated detailed information regarding the nine deficiencies and their 11 recommendations to Fiscal Service management.  In a response from the Fiscal Service, they stated that they have developed action plans to address the 11 new recommendations made in this year's GAO report. 

Categories