Security weaknesses jeopardize DHS financial data

Continued weaknesses in IT controls at the Homeland Security Department are threatening efforts to maintain the integrity of financial data within the department, according to a new report released by the department's Inspector General Richard L. Skinner.

The 154-page Information Technology Management Letter for the fiscal 2006 DHS Financial Statement Audit is a redacted version of an audit of IT control systems in the financial processing environment at DHS. The audit was performed by KPMG LLP auditing firm of Washington.

The audit identified more than 200 findings in fiscal 2006 related to shortcomings in IT general and application controls. About 150 of the findings were new, and 50 were repeated from prior years, the audit states.

The weaknesses include "excessive access" to key DHS financial applications, incorrect configurations for security controls for key DHS financial applications and support systems and problems with processes in place for making changes to financial applications. Those change control processes were judged to be inappropriate, ineffective, not fully defined or not followed.

"Despite the improvements in a few DHS components, several significant general IT and application control weaknesses remain that collectively limit DHS' ability to ensure that critical financial and operational data is maintained in a manner to ensure confidentiality, integrity and availability," the audit states.

The audit also found numerous other problems, including instances of missing and weak passwords, background checks for contractors not being conducted at three DHS components and work stations configured without security patches.

Still other problems were a lack of IT system security certifications and accreditations, informal procedures and lack of documentation for changes made to financial systems and instances of incompatible functions that led to overrides of IT systems.

DHS Chief Information Officer Scott Charbo and Chief Financial Officer David Norquist agreed with the findings and recommendations, the report states.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.