GAO Find Weaknesses in SEC Information Systems Security Program
by AccountingWEB on
By AccountingWEB Staff
In a letter dated April 12 to SEC Chairwoman Mary Schapiro, James Dalkin, GAO director of financial management and assurance, and Gregory Wilshusen, GAO director of information security issues, stated that "improvements were needed in the SEC's internal controls and accounting procedures."
In its audit of the SEC's fiscal years 2011 and 2010 financial statements, GAO auditors "identified significant deficiencies in internal control," one of which was the SEC's information systems security program. Following is a brief summary.
The GAO report outlined five specific deficiencies:
- Controls were not consistently implemented for identifying and authenticating users.
- Weaknesses in authorization controls limited their effectiveness.
- Certain sensitive data were transmitted unencrypted.
- Certain systems were not configured to maintain audit trails of security-relevant events.
- Systems were not routinely and consistently patched.
GAO recommendations for executive action:
- Establish configuration baselines and related guidance for securing systems and monitoring system configuration baseline implementation.
- Enhance the EDGAR security plan to document security requirements for the EDGAR/Fee Momentum subsystem.
- Develop and implement a comprehensive vulnerability management strategy that includes routine scanning of SEC's systems and evaluation of such scanning to provide for any needed corrective actions.
To learn more, you can access the text file for GAO report number GAO-12-424R, "Management Report: Improvements Needed in SEC's Internal Controls and Accounting Procedures" that was released on April 13, 2012.
You may like these other stories...
Credit Suisse says pension assets at risk unless court delays sentencingJohn Letzing of the Wall Street Journal reported on Wednesday that Credit Suisse Group AG says its management of billions of dollars in assets for...
The prospect of International Financial Reporting Standards (IFRS) being fully adopted in the United States in the near future are growing less likely, as the Financial Accounting Standards Board (FASB) and the International...
House proposes $10.5B, eight-month highway billThe House Ways and Means Committee proposed a transportation funding bill on Tuesday that calls for a temporary extension of current transportation funding levels until May 31,...
Upcoming CPE Webinars
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
FRF for SMEs Series--Statement of Cash Flows, Subsequent Events, Related Party Issues, Accounting for Investments including Consolidations, Part 4A
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.