|
Computer Equipment and Software Inventories (Audit Report No. 98-078, August 28, 1998) Summary The Office of Inspector General (OIG) completed an audit of computer equipment and software inventories in the Dallas office of the Federal Deposit Insurance Corporation's Division of Information Resources Management (DIRM). The objective of the audit was to determine whether Dallas DIRM's controls over computer equipment and software were adequate. We concluded that, generally, Dallas DIRM's controls over software inventories were adequate. However, its controls over computer equipment needed improvement. Specifically, we found that physical security controls related to removing computer equipment from FDIC buildings and ensuring that computer equipment is returned by departing employees, as well as controls over physical inventories, bar coding, equipment relocations, and segregating duties needed improvement. On October 21, 1997, the OIG issued a report entitled Audit Safeguards over EDP Equipment (audit report no. 97-103). This audit focused on safeguarding equipment in the Washington, DC area. In this report, we concluded that safeguards over EDP equipment needed improvement. RecommendationsThe OIG recommended that the Regional Manager, Dallas DIRM, take the following actions: (1) Develop and implement, in coordination with Washington DIRM and Dallas DOA, physical security controls over laptops. (2) Direct the DIRM security officer to verify with the CITS administrator that departing employees return all assigned computer equipment. (3) Segregate the duties of DIRM staffers so that they perform only one of the three functions of purchasing computer related property, taking physical inventories, and maintaining the database, or establish compensating controls sufficient to negate the need for segregation. (4) Establish a listing, through coordination with DIRM headquarters, of items that should be included in the Dallas DIRM inventory. Management Response On August 10, 1998, FDIC's Director of DIRM in headquarters provided a written response to a draft of this report. Generally, the Director agreed with the report's findings and recommendations. The response indicated that DIRM has initiated new procedures to improve security over laptops and to ensure that departing employees return all computer equipment. Further, the Director agreed to enact compensating controls to take the place of the total segregation of duties including (1) performing future inventories with two-person teams with at least one member without edit capability to the ITAMS database, (2) limiting Dallas DIRM's credit card purchases, and (3) performing tests scheduled in the Management Control Plan. Finally, DIRM headquarters issued a listing of items that should be included in the inventory. The Director's response contained the requisite elements of a management decision for the recommendations. |
| Last Updated 03/27/01 | contact the OIG |
| Search | | | Accessibility | | | Privacy | | | Information Quality | | | Contact Us | | | Site Map | | | Home |