Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Điều kiện phải trình báo Là một phần của kiểm toán báo cáo tài chính, trang web xem xét lại Hệ thống thông tin của FDIC (IS) điều khiển chung. Các Mục tiêu chính của IS điều khiển nói chung là để bảo vệ các dữ liệu, máy tính hoặc nộp đơn Chương Trình Bảo vệ, phần mềm hệ thống NGĂN CHẶN những truy cập trái phép | B-283439 FDIC provided comments on a draft of this report. FDIC s comments are discussed and evaluated in a later section of this report and are reprinted in appendix I. Reportable Condition As part of the financial statement audits we reviewed FDIC s information systems IS general controls. The primary objectives of IS general controls are to safeguard data protect computer application programs prevent system software from unauthorized access and ensure continued computer operations in case of unexpected interruption. IS general controls include corporatewide security program planning and management access controls system software application software development and change controls segregation of duties and service continuity controls. The effectiveness of application controls2 is dependent on the effectiveness of general controls. Both IS general controls and application controls must be effective to help ensure the reliability appropriate confidentiality and availability of critical automated information. In performing our tests we found FDIC s IS general controls to be ineffective. We identified weaknesses in FDIC s corporatewide security program access controls segregation of duties and service continuity. The weaknesses in IS general controls significantly impair the effectiveness of FDIC s application controls including financial systems. We considered the effect of the information system control weaknesses and determined that other management controls mitigated their effect on the financial statements. FDIC recognizes the significance of the IS general control issues and has begun planning and initiating corrective actions. Because of their sensitive nature the details surrounding these weaknesses and vulnerabilities are being communicated to FDIC management along with our recommendations for corrective action through separate correspondence. In addition to these weaknesses we identified less significant matters involving FDIC s system of internal .
