Summary: As part of its audit of the U. S. government's fiscal year 1999 financial statements, GAO reviewed the general and application computer controls over key financial systems maintained and operated by the Federal Reserve Banks on behalf of the Department of the Treasury's Financial Management Service (FMS) and the Bureau of the Public Debt (BPD). Overall, GAO found that the Federal Reserve Banks had implemented effective general and application controls. Vulnerabilities identified involved general and application computer controls that were not considered as having a significant adverse impact on key FMS and BPD systems, but nonetheless warrant action. These vulnerabilities relate to the entitywide security management program; access controls; system software; application software development and change controls; and, in one data center, segregation of duties. Although these vulnerabilities do not pose significant risks, corrective action would decrease the risk of inappropriate disclosure and modification of sensitive data, misuse of computer resources, or disruption of critical operations. The Federal Reserve Banks agreed with 17 of GAO's 22 findings, have corrected or are in the process of correcting those findings, and are studying the remaining five findings before undertaking corrective measures.
