GAO Find Weaknesses in SEC Information Systems Security Program
by AccountingWEB on
By AccountingWEB Staff
In a letter dated April 12 to SEC Chairwoman Mary Schapiro, James Dalkin, GAO director of financial management and assurance, and Gregory Wilshusen, GAO director of information security issues, stated that "improvements were needed in the SEC's internal controls and accounting procedures."
In its audit of the SEC's fiscal years 2011 and 2010 financial statements, GAO auditors "identified significant deficiencies in internal control," one of which was the SEC's information systems security program. Following is a brief summary.
The GAO report outlined five specific deficiencies:
- Controls were not consistently implemented for identifying and authenticating users.
- Weaknesses in authorization controls limited their effectiveness.
- Certain sensitive data were transmitted unencrypted.
- Certain systems were not configured to maintain audit trails of security-relevant events.
- Systems were not routinely and consistently patched.
GAO recommendations for executive action:
- Establish configuration baselines and related guidance for securing systems and monitoring system configuration baseline implementation.
- Enhance the EDGAR security plan to document security requirements for the EDGAR/Fee Momentum subsystem.
- Develop and implement a comprehensive vulnerability management strategy that includes routine scanning of SEC's systems and evaluation of such scanning to provide for any needed corrective actions.
To learn more, you can access the text file for GAO report number GAO-12-424R, "Management Report: Improvements Needed in SEC's Internal Controls and Accounting Procedures" that was released on April 13, 2012.
You may like these other stories...
Accounting’s Big Data problemReality is swiftly outpacing the ability of accountants to gauge Big Data. In an article for CFO, David M. Katz asked, “What needs to happen for them to start to catch up?”...
Outsourcing loses its luster for US tech companiesEmily Chasan, senior editor of the Wall Street Journal’s CFO Journal, reported today that technology companies in the United States are putting the brakes on plans to...
Read more from Larry Perry here and in the Today’s World of Audits archive.In my last article, I presented an overview of one of the first steps in the preplanning phase of an audit engagement: reviewing prior year...
Upcoming CPE Webinars
BAR is an acronym for: Boundaries, Authority and Role. This simple tool will provide participants with a solid understanding of leadership essentials to improve their performance.
This material is designed to provide a start-to-finish overview of how to plan and complete high-quality small audits efficiently.
In this session Excel expert David H. Ringstrom, CPA shares numerous techniques that you can use to work with charts more efficiently.
Key Accounting and Reporting Issues for Nonprofits No. 1: Overview and Statement of Financial Position
This material focuses on non-profit organizations organization, accounting and reporting.