GAO Find Weaknesses in SEC Information Systems Security Program

Posted by AccountingWEB on 2300 printer friendly
By AccountingWEB Staff
 
In a letter dated April 12 to SEC Chairwoman Mary Schapiro, James Dalkin, GAO director of financial management and assurance, and Gregory Wilshusen, GAO director of information security issues, stated that "improvements were needed in the SEC's internal controls and accounting procedures." 
 
In its audit of the SEC's fiscal years 2011 and 2010 financial statements, GAO auditors "identified significant deficiencies in internal control," one of which was the SEC's information systems security program. Following is a brief summary.
 
The GAO report outlined five specific deficiencies:
  1. Controls were not consistently implemented for identifying and authenticating users.
  2. Weaknesses in authorization controls limited their effectiveness. 
  3. Certain sensitive data were transmitted unencrypted. 
  4. Certain systems were not configured to maintain audit trails of security-relevant events.
  5. Systems were not routinely and consistently patched.
GAO recommendations for executive action: 
  1. Establish configuration baselines and related guidance for securing systems and monitoring system configuration baseline implementation. 
  2. Enhance the EDGAR security plan to document security requirements for the EDGAR/Fee Momentum subsystem. 
  3. Develop and implement a comprehensive vulnerability management strategy that includes routine scanning of SEC's systems and evaluation of such scanning to provide for any needed corrective actions. 
To learn more, you can access the text file for GAO report number GAO-12-424R, "Management Report: Improvements Needed in SEC's Internal Controls and Accounting Procedures" that was released on April 13, 2012. 
 
Related articles:
 
Tags 
Government
GAO
Auditing
SEC

Voice of the Editor

What makes a company a great place to work? Experience, a ConnectEDU company, uses criteria that include benefits, career advancement opportunities, culture, and work/life balance to form its annual list of the Best Places to Work for Recent Grads. BDO USA and Ernst & Young both made the Top 25 list. Read what makes these firms stand out and find out what can be done at your firm to entice college grads.

Read more
Gail Perry, CPA
Publisher/Editor-in-Chief, AccountingWEB
editor@accountingweb.com
ADVERTISEMENT

This Week on AccountingWEB

Hang Bower of BDO USA and Dan Black of Ernst & Young share their perspectives on why their firms made the Best Places to Work for Recent Grads 2013 list.
Herbein + Company, Inc. firm members talked with AccountingWEB about their year-round employee wellness program.
Bill Walter of Gross, Mendelsohn & Associates and Harold Gaar of TravisWolff LLP weigh in on mobile technology use while employees are at work.
CPA Robert Raiola, who heads the Sports & Entertainment Group of Fazio, Mannuzza, Roche, Tankel, LaPilusa, LLC, talks NFL player income taxes with AccountingWEB.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT