GAO Find Weaknesses in SEC Information Systems Security Program

By AccountingWEB Staff
 
In a letter dated April 12 to SEC Chairwoman Mary Schapiro, James Dalkin, GAO director of financial management and assurance, and Gregory Wilshusen, GAO director of information security issues, stated that "improvements were needed in the SEC's internal controls and accounting procedures." 
 
In its audit of the SEC's fiscal years 2011 and 2010 financial statements, GAO auditors "identified significant deficiencies in internal control," one of which was the SEC's information systems security program. Following is a brief summary.
 
The GAO report outlined five specific deficiencies:
  1. Controls were not consistently implemented for identifying and authenticating users.
  2. Weaknesses in authorization controls limited their effectiveness. 
  3. Certain sensitive data were transmitted unencrypted. 
  4. Certain systems were not configured to maintain audit trails of security-relevant events.
  5. Systems were not routinely and consistently patched.
GAO recommendations for executive action: 
  1. Establish configuration baselines and related guidance for securing systems and monitoring system configuration baseline implementation. 
  2. Enhance the EDGAR security plan to document security requirements for the EDGAR/Fee Momentum subsystem. 
  3. Develop and implement a comprehensive vulnerability management strategy that includes routine scanning of SEC's systems and evaluation of such scanning to provide for any needed corrective actions. 
To learn more, you can access the text file for GAO report number GAO-12-424R, "Management Report: Improvements Needed in SEC's Internal Controls and Accounting Procedures" that was released on April 13, 2012. 
 
Related articles:
 

You may like these other stories...

The Financial Accounting Standards Board (FASB) had hoped to issue a final standard on revenue recognition during the first quarter of this year. However, the standard-setting organization confirmed today that the timetable...
IRS revokes group’s tax exemption over anti-Clinton statementsGregory Korte of the USA Today reported on Monday that the IRS has revoked the tax-exempt status of a conservative-aligned charity, the Patrick Henry Center...
CFOs are having a tough time filling vacancies quickly in their accounting and finance departments, according to a new survey from staffing services firm Robert Half.Open staff-level positions in accounting or finance take...

Upcoming CPE Webinars

Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.
May 1
This material focuses on the principles of accounting for non-profit organizations’ expenses. It will include discussions of functional expense categories, accounting for functional expenses and allocations of joint costs.