Auditors criticize DHS' financial management IT

Information technology systems used to manage the Homeland Security Department’s finances have security weaknesses that could threaten the integrity of the department’s financial data, according to a report recently released by DHS’ inspector general.

According to the results of an investigation by the accounting firm KPMG, despite “significant steps” taken by DHS component agencies to improve the security of financial management systems during fiscal 2007, weaknesses  remain.

Hundreds of access control, change control, integration and continuity-of-operations issues that could affect DHS’ financial data were identified by the IT management letter released by the department's IG July 25. The annual report was done by KPMG and is dated Dec. 14, 2007. 

KPMG identified 200 outstanding issues for fiscal 2007 that were also mentioned in a similar report for fiscal 2006, as well as more than 60 new IT findings. The firm said more than 30 percent of the previous year’s findings had been resolved.

“The effect of these Information Technology General Controls (ITGC) weaknesses limits DHS’ ability to ensure that critical financial data is reliable and is maintained in a manner to ensure confidentiality, integrity, and availability,” the latest report said.

“Many of these weaknesses, especially those in the area of change control, may result in material errors in DHS’ financial data that are not detected, in a timely manner, in the normal course of business,” KPMG auditors also said.

To improve the financial management systems’ controls, continuity of operations, and departmentwide integration, the firm had a long list of recommendations that included:

  • Enforcing controls that meet DHS’ password requirements on all financial systems.

  • Requiring a review of operating system logs for suspicious activity and conduct audit log reviews.

  • Finalizing procedures regarding  Voice over Internet Protocol, wireless technologies and sharing data with external parties.

  • Removing excessive access on all DHS financial system software and support files.

  • Implementing an operational alternate processing site.

  • Finalizing an IT security awareness training program for all contractors and employees.

  • Implementing policies and procedures for the review of suspicious system software activity.

KPMG said many of the weaknesses listed came about from legacy systems inherited from DHS component agencies. Those systems did not always incorporate strong security controls, the report said.

The audit blamed DHS for not having a departmentwide method for tracking corrective actions at component agencies and an overall insufficient testing of corrective activities.

“The most prevalent reason as to why these weaknesses are present is the lack of prioritization in taking the necessary actions to improve the IT control environment around the department’s financial management systems,” the report said.

In a response letter, DHS’ chief information security and chief financial officers said they concurred with the recommendations, and had already completed several initiatives in fiscal 2008, including providing field support to components for remediation activities and updating DHS information assurance tools.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.