GAO Find Weaknesses in SEC Information Systems Security Program
by AccountingWEB on
By AccountingWEB Staff
In a letter dated April 12 to SEC Chairwoman Mary Schapiro, James Dalkin, GAO director of financial management and assurance, and Gregory Wilshusen, GAO director of information security issues, stated that "improvements were needed in the SEC's internal controls and accounting procedures."
In its audit of the SEC's fiscal years 2011 and 2010 financial statements, GAO auditors "identified significant deficiencies in internal control," one of which was the SEC's information systems security program. Following is a brief summary.
The GAO report outlined five specific deficiencies:
- Controls were not consistently implemented for identifying and authenticating users.
- Weaknesses in authorization controls limited their effectiveness.
- Certain sensitive data were transmitted unencrypted.
- Certain systems were not configured to maintain audit trails of security-relevant events.
- Systems were not routinely and consistently patched.
GAO recommendations for executive action:
- Establish configuration baselines and related guidance for securing systems and monitoring system configuration baseline implementation.
- Enhance the EDGAR security plan to document security requirements for the EDGAR/Fee Momentum subsystem.
- Develop and implement a comprehensive vulnerability management strategy that includes routine scanning of SEC's systems and evaluation of such scanning to provide for any needed corrective actions.
To learn more, you can access the text file for GAO report number GAO-12-424R, "Management Report: Improvements Needed in SEC's Internal Controls and Accounting Procedures" that was released on April 13, 2012.
You may like these other stories...
Revenue accounting could hit loans, bonusesWith the new accounting guidelines for revenue recognition expected to be issued by the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board...
A new online pension implementation toolkit from the Governmental Accounting Standards Board (GASB) supplies preparers, auditors, and users of state and local governmental financial reports with numerous resources on pension...
State corporate income taxes edge higher, some states stand outEmily Chasan, senior editor for the Wall Street Journal’s CFO Journal, reported yesterday that state corporate income tax revenue rose 5.5 percent in the...
Upcoming CPE Webinars
BAR is an acronym for: Boundaries, Authority and Role. This simple tool will provide participants with a solid understanding of leadership essentials to improve their performance.
This material is designed to provide a start-to-finish overview of how to plan and complete high-quality small audits efficiently.
In this session Excel expert David H. Ringstrom, CPA shares numerous techniques that you can use to work with charts more efficiently.
Key Accounting and Reporting Issues for Nonprofits No. 1: Overview and Statement of Financial Position
This material focuses on non-profit organizations organization, accounting and reporting.