GAO Find Weaknesses in SEC Information Systems Security Program
by AccountingWEB on
By AccountingWEB Staff
In a letter dated April 12 to SEC Chairwoman Mary Schapiro, James Dalkin, GAO director of financial management and assurance, and Gregory Wilshusen, GAO director of information security issues, stated that "improvements were needed in the SEC's internal controls and accounting procedures."
In its audit of the SEC's fiscal years 2011 and 2010 financial statements, GAO auditors "identified significant deficiencies in internal control," one of which was the SEC's information systems security program. Following is a brief summary.
The GAO report outlined five specific deficiencies:
- Controls were not consistently implemented for identifying and authenticating users.
- Weaknesses in authorization controls limited their effectiveness.
- Certain sensitive data were transmitted unencrypted.
- Certain systems were not configured to maintain audit trails of security-relevant events.
- Systems were not routinely and consistently patched.
GAO recommendations for executive action:
- Establish configuration baselines and related guidance for securing systems and monitoring system configuration baseline implementation.
- Enhance the EDGAR security plan to document security requirements for the EDGAR/Fee Momentum subsystem.
- Develop and implement a comprehensive vulnerability management strategy that includes routine scanning of SEC's systems and evaluation of such scanning to provide for any needed corrective actions.
To learn more, you can access the text file for GAO report number GAO-12-424R, "Management Report: Improvements Needed in SEC's Internal Controls and Accounting Procedures" that was released on April 13, 2012.
You may like these other stories...
Cybersecurity is no longer the domain of an organization's IT staff. It's moved to the boardroom, and in a big way. Accountants and financial managers may have been thinking it's just the province of the tech...
Boehner addresses GOP priorities ahead of midterm electionsHouse Speaker John Boehner (R-OH) on Thursday delivered what amounted to closing arguments ahead of the November elections, laying out a list of Republican...
Former DOJ Tax Division head Kathryn Keneally joining DLA Piper in New YorkGlobal law firm DLA Piper announced on Thursday that Kathryn Keneally, the former head of the US Justice Department Tax Division, is joining the firm...
Upcoming CPE Webinars
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.