Audit: TSA financial reporting beset with problems

The Transportation Security Administration displays material weaknesses in its information technology used for financial reporting and internal controls, largely related to legacy systems inherited from the Transportation Department, according to an audit report released today by the Homeland Security Department Inspector General Richard Skinner. TSA is an agency of the Homeland Security Department.

KPMG LLP, an accounting firm in Washington, did the audit for the year ended Sept. 30, 2004. It is posted on the inspector general's Web site.

The evaluation found major deficiencies in TSA's IT access and "segregation-of-duties" controls related to primary financial applications owned and operated by the Transportation Department. TSA uses Transportation's core accounting system, known as Delphi, to process and record financial transactions.

The weaknesses include "excessive privileged access to the Delphi operating system, excessive numbers of users with the ability to override financial transactions, and lack of management review of Delphi audit trail reports for sensitive transactions," KMPG wrote in the audit report.

In addition, Delphi's technical support staff had considerable access to financial management functions at TSA, KMPG wrote.

"These weaknesses increased the risks related to the integrity of Delphi operations and financial transaction processing," the audit report said.

In fiscal 2004, TSA began correcting data for "thousands of personnel records that were erroneously entered into TSA's personnel system (managed and operated by the Department of Transportation). For example, erroneous information pertained to salary, start dates, and pension annuity calculation related data," the report said. TSA intended to complete the correction by December 2004.

TSA officials agreed with the findings, but said they would "continue our current process of manual controls, reconciliation and weekly meetings until assurance is available that financial system controls are completely effective," in an April 2005 letter from David Stone, TSA director, attached to the audit.

In a separate posting, the inspector general released a management letter for the fiscal 2004 DHS financial statement audit performed by KMPG. The wide-ranging management letter offers comments on financial management internal controls, including IT, for TSA, Customs & Border Protection, Emergency Preparedness & Response and other units of the Homeland Security Department.