Coast Guard has IT internal control problems, audit says

Auditors find 20 IT control deficiencies, including 11 new ones

Weaknesses in the Coast Guard’s information technology system configurations and security contributed to a Homeland Security Department-level material weakness in IT controls, according to a new audit.

DHS Assistant Inspector General Frank Deffer released the IT Management Letter for the Coast Guard on April 30. The letter was authored by the accounting firm KPMG LLP as part of an audit of the guard's parent department, DHS, in fiscal 2009.

Despite the improvements to the Coast Guard’s finances and account management controls, and completion of certification and accreditation for its core financial systems, the audit identified 20 IT deficiencies, of which 11 were new findings and nine were repeat weaknesses.


Related story:

Auditors: Coast Guard, FEMA weak on controls


The deficiencies included gaps in security management, access controls and configuration management.

“These IT control deficiencies limited Coast Guard’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity, and availability,” KPMG wrote. “In addition, these deficiencies negatively impacted the internal controls over Coast Guard financial reporting and its operation and we consider them to contribute to a material weakness at the department level.”

The audit also noted that the Coast Guard does not fully comply with the requirements of Federal Financial Management Improvement Act.

The problems included inadequately designed procedures for changes to IT applications, unverified access controls, weaknesses in civilian and contractor background investigations, a lack of physical security and security awareness, and gaps in role-based training for managers.

“These deficiencies may increase the risk that the confidentiality, integrity, and availability of system controls and Coast Guard financial data could be exploited thereby compromising the integrity of financial data used by management and reported in the DHS consolidated financial statements,” the audit states.

Coast Guard officials agreed with the findings and recommendations.

The fiscal 2009 audit showed an improvement over the Coast Guard’s fiscal 2008 audit that revealed 22 IT-related deficiencies, of which 21 were new findings.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.