FedCFO Search Engine

@FedCFO Twitter Feed

Tuesday, August 14, 2007

DHS IG: Weak internal controls put financial data at risk

The integrity of the Homeland Security Department’s financial data is at increased risk because of weak information technology internal controls related to financial management systems, the DHS Office of Inspector General has said in a report.

The report covers the IT management controls that support the department’s financial statement for fiscal 2006. Internal controls reduce the risk of error or fraud in financial reporting.

The department has excessive access to and inadequate logical security controls for its key financial applications and support systems, in addition to incorrect or ineffective application change control processes, the IG said in the report.

Many of these weaknesses may result in material errors in DHS’ financial data that are not detected in a timely manner in the normal course of business.

The IG identified more than 200 separate findings covering all DHS agencies. DHS closed about 44 percent of the prior year’s IT findings, but the IG uncovered 150 new ones through testing this year.

The IG audited the financial systems of the U.S. Citizen and Immigration Services agency, which is owned and serviced by the Immigration and Customs Enforcement agency.

DHS inherited many of its component agencies’ weaknesses, including system development activities that did not incorporate strong security controls from the outset, which will take several years to fully address. Many of the larger agencies have decentralized IT and financial system support.

The fact that DHS does not have an integrated financial system with the embedded functionality required by the Office of Management and Budget is the major factor for the department’s financial management weaknesses, the IG said.

DHS outlined a plan to fix the internal control weaknesses in a response letter from Robert West, its chief information security officer. For example, the department will develop procedures by November for testing internal controls for its designated financial systems. Component agencies will perform monitoring of key controls by March 2008.

-Mary Mosquera, FCW.com


No comments: