Summary: GAO reviewed information systems general controls in the calendar year 2001 financial statement audits of the Federal Deposit Insurance Corporation's (FDIC) Bank Insurance Fund, Savings Association Insurance Fund, and Federal Savings and Loan Insurance Corporation Resolution Fund. FDIC made progress in correcting information security weaknesses previously identified and has taken steps to improve security. Nevertheless, GAO identified new weaknesses in its information systems controls that affect the corporation's ability to safeguard electronic access to critical financial and other sensitive information. FDIC did not adequately limit access to data and programs by controlling mainframe access authority, providing sufficient network security, or establishing a comprehensive program to monitor access activities. Further, other information systems control weaknesses were identified that could hinder FDIC's ability to provide physical security for its computer facility, appropriate segregation of computer functions, effective control of system software changes, or continuity of operations.
