Coast Guard has IT internal control problems, audit says

Auditors find 20 IT control deficiencies, including 11 new ones

Weaknesses in the Coast Guard’s information technology system configurations and security contributed to a Homeland Security Department-level material weakness in IT controls, according to a new audit.

DHS Assistant Inspector General Frank Deffer released the IT Management Letter for the Coast Guard on April 30. The letter was authored by the accounting firm KPMG LLP as part of an audit of the guard's parent department, DHS, in fiscal 2009.

Despite the improvements to the Coast Guard’s finances and account management controls, and completion of certification and accreditation for its core financial systems, the audit identified 20 IT deficiencies, of which 11 were new findings and nine were repeat weaknesses.


Related story:

Auditors: Coast Guard, FEMA weak on controls


The deficiencies included gaps in security management, access controls and configuration management.

“These IT control deficiencies limited Coast Guard’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity, and availability,” KPMG wrote. “In addition, these deficiencies negatively impacted the internal controls over Coast Guard financial reporting and its operation and we consider them to contribute to a material weakness at the department level.”

The audit also noted that the Coast Guard does not fully comply with the requirements of Federal Financial Management Improvement Act.

The problems included inadequately designed procedures for changes to IT applications, unverified access controls, weaknesses in civilian and contractor background investigations, a lack of physical security and security awareness, and gaps in role-based training for managers.

“These deficiencies may increase the risk that the confidentiality, integrity, and availability of system controls and Coast Guard financial data could be exploited thereby compromising the integrity of financial data used by management and reported in the DHS consolidated financial statements,” the audit states.

Coast Guard officials agreed with the findings and recommendations.

The fiscal 2009 audit showed an improvement over the Coast Guard’s fiscal 2008 audit that revealed 22 IT-related deficiencies, of which 21 were new findings.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group