Security weaknesses jeopardize DHS financial data

Continued weaknesses in IT controls at the Homeland Security Department are threatening efforts to maintain the integrity of financial data within the department, according to a new report released by the department's Inspector General Richard L. Skinner.

The 154-page Information Technology Management Letter for the fiscal 2006 DHS Financial Statement Audit is a redacted version of an audit of IT control systems in the financial processing environment at DHS. The audit was performed by KPMG LLP auditing firm of Washington.

The audit identified more than 200 findings in fiscal 2006 related to shortcomings in IT general and application controls. About 150 of the findings were new, and 50 were repeated from prior years, the audit states.

The weaknesses include "excessive access" to key DHS financial applications, incorrect configurations for security controls for key DHS financial applications and support systems and problems with processes in place for making changes to financial applications. Those change control processes were judged to be inappropriate, ineffective, not fully defined or not followed.

"Despite the improvements in a few DHS components, several significant general IT and application control weaknesses remain that collectively limit DHS' ability to ensure that critical financial and operational data is maintained in a manner to ensure confidentiality, integrity and availability," the audit states.

The audit also found numerous other problems, including instances of missing and weak passwords, background checks for contractors not being conducted at three DHS components and work stations configured without security patches.

Still other problems were a lack of IT system security certifications and accreditations, informal procedures and lack of documentation for changes made to financial systems and instances of incompatible functions that led to overrides of IT systems.

DHS Chief Information Officer Scott Charbo and Chief Financial Officer David Norquist agreed with the findings and recommendations, the report states.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.