In recent years, said a new Department of Homeland Security (DHS) Office of Inspector General (OIG) IT management report for the Fiscal Year 2013 DHS financial statement audit, “DHS’s financial system functionality may be inhibiting the agency’s ability to implement and maintain internal controls, notably IT applications controls supporting financial data processing and reporting at some components.”
“At most components,” OIG report, “the financial systems have not been substantially updated since being inherited from legacy agencies several years ago. Therefore, in FY 2013, we continued to evaluate and consider the impact of financial system functionality over financial reporting.”
In FY 2013, a total of 103 findings were issued, of which approximately 69 percent are repeated from last year.
According to the audit, approximately 35 percent of repeat findings were for IT deficiencies that management represented were corrected during FY 2013. The new findings in FY 2013 resulted both from additional IT systems and business processes within the scope of the audit this year and from control deficiencies identified in areas which were effective in previous years, and were noted at all DHS components.
Customs and Border Protection (CBP) and the Federal Law Enforcement Training Center (FLETC) had the greatest number of new findings.
OIG reported that “many key DHS financial systems are not compliant with the financial management systems requirements of the Federal Financial Management Improvement Act of 1996 and Office of Management and Budget (OMB) Circular Number A-127, Financial Management Systems, revised. DHS financial system functionality limitations add substantially to the department’s challenges of addressing systemic internal control weaknesses and limit the department’s ability to leverage IT systems to effectively and efficiently process and report financial data.”
With respect to DHS and its components’ financial systems’ IT controls, the audit “noted certain matters in the areas of security management, access controls, configuration management, segregation of duties and contingency planning.”
During the audit, “certain matters involving financial reporting internal controls (comments not related to IT) and other operational matters, including certain deficiencies in internal control” were discovered that are considered “to be significant deficiencies and material weaknesses,” and were communicated in writing to management and those charged with governance in KPMG’s Independent Auditors’ Report and in a separate letter to the Office of Inspector General and the DHS Chief Financial Officer.
-Anthony Kimery, HStoday.us