Summary: The Financial Management Service's (FMS) overall security control environment continues to be ineffective in identifying, deterring, and responding to computer control weaknesses promptly. Consequently, billions of dollars of payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions. During its fiscal year 2000 audit, GAO found new general computer control weaknesses in the entity-wide security management program, access controls, and system software. GAO also identified new weaknesses in the authorization and completeness controls over one key FMS financial application. GAO's follow-up on the status of FMS's corrective actions to address weaknesses discussed in its fiscal year 1999 report found that, as of September 30, 2000, FMS had corrected or mitigated the risks associated with 35 of the 61 computer control weaknesses discussed in that report. To assist FMS management in addressing its computer control weaknesses, GAO made four overall recommendations in this public report.
